Clare County Council is responsible for the provision of an extensive range of public services, such as, housing, planning, roads, libraries. This council seeks to promote the economic, social and cultural development of Clare and in doing so contribute significantly to improving the quality of life of the people of the county. As part of the delivery of these services we are committed to protecting and respecting your privacy.
This privacy statement will let you know how we look after your personal data. It also informs you as to our obligations and your rights under data protection law.
Please note that this privacy statement (updated 19/05/2023) is a general council document about how we approach data protection as an organisation. It is subject to change from time to time and any changes will be posted on our website. Each section of the council maintains specific privacy notices which detail the purposes of processing the data they collect, the legal basis etc. Links to these specific privacy statements can be found at the end of this document.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed of any changes to your personal data during the term of your relationship with us.
Please carefully review the privacy statement before giving your consent to our processing of your personal data (where consent is the applicable legal basis).
The council has a data protection officer (DPO). Their contact details are as follows:
Telephone: (065) 6846405
Data Protection Officer,
Clare County Council,
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. If you do use one of these third-party links, we would recommend that you carefully read the privacy statement on the third-party website.
For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the "GDPR"), Clare County Council may act as a data processor and/or a data controller regarding the personal data described in this privacy statement and in section specific privacy statements listed below.
"Data Controllers" determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.
For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), Clare County Council may act as a data processor and/or a data controller regarding the personal data described in this privacy statement and in the section specific privacy statements listed below.
“Data controllers” determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.
“Data processors” process personal data on behalf of the data controller.
- “Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour. Personal data does not include anonymous data.
- “Special Categories Data” We may collect special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) and where this happens you will always be informed and a higher standard of protective measures will apply.
Detail in relation to data processing by us is contained in the section specific privacy statements listed at section 15 of this document. Here are examples of the personal data we may collect, use, store and transfer which we have grouped together as follows:
- Identity Data includes, for example, first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes, for example, billing address, delivery address, email address and telephone numbers.
- Financial Data includes, for example, bank account and payment card details.
- Transaction Data includes, for example, details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes, for example, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes, for example, your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes, for example, information about how you use our website, products and services.
- Marketing and Communications Data includes, for example, your preferences in receiving marketing from us and our third parties and your communication preferences.
- Statistical or Demographic data; We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We have listed below examples of how we collect personal data relating to you:
- Direct interactions. You may give us your Identity, contact and financial data, medical data and other personal data by filling in forms or by corresponding with us by post, phone, email, internet, by interacting with our staff or otherwise.
- CCTV: CCTV and other surveillance systems are installed in the offices, properties, depots, plant, and other locations in the ownership of Clare County Council or in the public spaces such as streets and community CCTV systems. Information on our CCTV policies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services based [inside OR outside] the EU.
- Identity and contact data from publicly availably sources such as Companies Registration Office based inside the EU.
The legal basis for the processing of personal data by Clare County Council will depend on the legislative framework that applies and the purpose for which the processing is being carried out. We will only process your personal data where we have a valid legal basis for doing so under GDPR or the Law Enforcement Directive, which are set out as follows:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- processing is necessary for compliance with a legal obligation to which the controller is subject.
- processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The legal basis for the processing of special category data will depend on the purpose for which the processing is being done, and will be based on Article 9 of the GDPR.
Law Enforcement Directive (‘LED’)
The LED deals with the processing of personal data for ‘law enforcement purposes’ by data controllers which fall within the definition of being a ‘competent authority’ for the purposes of the LED, as transposed into Irish law by Part 5 of the 2018 Act. For certain processing activities which it carries out, Clare County Council is a ‘competent authority’ for the purposes of Part 5 of the 2018 Act. In this regard, data may be processed “for the purposes of (i) the prevention, investigation, detection or prosecution of criminal offences, including the safeguarding against, and the prevention of threats to public security, or (ii) the execution of criminal penalties.”
We will only use your personal data for the purposes for which we collected it. We are permitted to use it for another purpose where we reasonably consider that the other purpose is compatible with the original purpose. If we intend to use your personal data for an unrelated purpose, we will first notify you and either seek your consent to such further processing or inform you of the valid legal basis upon which we process your data for this new purpose. There may be circumstances where we are required to further process your personal data, without informing you of this fact, in compliance with EU or Irish law.
We may share your personal data with third parties in connection with our processing of your personal data. More information on this can be found in the section specific privacy statements listed below at section 15 below. We require third-party processors to enter into a data processing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law.
We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to personal data to those employees, agents and third parties who are required to have access to it and where they have agreed they are subject to a duty of confidentiality.
We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.
There may be circumstances in which we will have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you. Where the need for such a transfer arises, we will always ensure that there are appropriate safeguards in place to protect your personal data such as:
- The European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects' rights and freedoms.
- Appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO.
- The European Commission and the United States announce that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which will address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020. The agreement in principle will now be translated into legal documents. The U.S. commitments will be included in an executive order that will form the basis of a draft adequacy decision by the Commission to put in place the new Trans-Atlantic Data Privacy Framework.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it and for as long as we are legally required to under EU or Irish law.
We subscribe to the national local authority records retention policy and any updated national records retention schedules for local authority records. We may also maintain a data retention policy which supplements the National Retention Policy. Where you ask to be unsubscribed from marketing communications, we will keep a record of your email address and the fact that you have unsubscribed to ensure that you are not sent any further emails.
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal data about you, and, if so, what that data is and why we are holding/using it.
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, which is not to be the subject of any automated decision-making by us using your personal data or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically usable format.
- Withdrawal of consent: Where we rely on consent as our legal basis for processing you have the right to withdraw consent at any time by contacting us.
- Obtain details of any transfer of data to a third country (outside the European Economic Area) and safeguards in place .
- Complain to the data protection supervisory authority, the Data Protection Commission (DPC).
Data Protection Commission:
Data Protection Commission,
If you have any questions about this policy or about our data protection compliance, please contact us. Data subjects must make a formal request for personal data we hold about them or otherwise to exercise their data protection rights by contacting us. We have provided sample letters which you can use to make any such requests.
Please note that to help protect your privacy, the Council take steps to verify your identity before granting access to personal data.
You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, we are entitled to charge a reasonable fee in circumstances where your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.We will endeavour to respond to your requests without undue delay and within one month. If your request is particularly complex, it may take us longer to respond. If we anticipate that it will take us longer than one month to respond to your request, we will notify you of the delay and reasons for such delay within one month of your request.
If you are not satisfied with the outcome of the response you receive from the Council in relation to a data protection request/issue, you have the right to make a complaint to the DPC and who may investigate the matter for you.
Details on our sectional privacy notices/statements. Note that additional sectional statements will be added as they are developed.
Page last reviewed: 02/06/23Back to top