Privacy Notice for Staff, Students, Volunteers and Associates (E.G. Trainers)

Your Personal Data: What the Service Needs

St. Catherine’s is what is known as the ‘Controller’ of the personal data you provide to us. We take your privacy seriously, and will only use your personal information to process your application for employment and manage your ongoing contract of employment with the Service if you are successful.

The Service collects a range of personal data about staff, applicants for job roles, students, and volunteers.

This is in order to establish that you are competent and appropriately qualified to work or have work experience in the relevant area. This includes your name, date of birth, address, details of your next of kin, official photo identification, your PPS number, and information necessary for Garda vetting and police check purposes. In addition, with your consent, we will collect further medical and health details and other information relevant to the type of work you will be involved in.

Job applicants will provide the above data except for Date of Birth, Details of Next of Kin, PPS number official ID, Health Details, and Garda vetting. This information is only sought for successful applicants.

Students, trainers and volunteers will provide the above data except for Date of Birth and PPS number.

Why the Service Needs Data/Purpose of the Processing

We need your personal data to ensure that you are qualified and able to work with our service users and for us to be able to employ you in this capacity. The Service will not collect any personal data from you it does not need to provide and oversee your ongoing employment.

What the Service Does with Data/Disclosure

All the personal data is processed by authorised persons (Management or those designated by Management). To run our business and deliver a service, we may need to share your details with:

  • Relevant funding bodies such as DCYA, Tusla, HSE, Pobal, KCETB etc
  • Regulators such as TUSLA, the Revenue Commissioners and the WRC
  • Inspectors (TUSLA, Department of Education and Science and Health & Safety Authority etc)
  • External personnel such as payroll and HR contractors, accountants and professional advisors

No other third parties have access to your personal data unless the law allows them to do so.

The Service has a Data Protection regime in place to oversee the effective and secure processing of your personal data.

How Long the Service Keeps Data/Retention Period and Criteria Used

The Service will keep your basic personal data for as long as you remain an employee, and where necessary will continue to hold information on former employees for legal and administrative purposes. More information on the Service’s retention policies can be found by contacting the Data Protection Officer directly at the addresses given below.

Completed application forms for unsuccessful candidates are disposed of after six months.


What are your rights?

If you wish to see what information we hold on you, simply contact the Director of Services either by post or and we will endeavour to respond to you within 30 days of receipt of your request.

If at any point you believe the information the service processes on you is incorrect, you may request to have it corrected. You can contact the Manager at the address shown below. If you wish to raise a complaint on how the Service has handled your personal data, you can also contact the Director of Services.

Data Controller:      St. Catherine’s Community Services Centre,

Contact Points:      Director of Services

St. Catherine’s Community Services Centre,

St. Joseph’s Road,

Carlow, R93 T4C6

Tel.  059 9138700


If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain directly to the Office of the Data Protection Commissioner at:

Postal Address: Data Protection Commissioner

Canal House

Station Road


R32 AP23 Co. Laois

Some Key Definitions within GDPR:

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Child Care and EYE Services are controllers of the data concerning parents, guardians and children that they use to provide Child Care and EYE Services.

Note: if the EYE Service is a legal entity, then the Service itself is the data controller. Otherwise one or all of the principals of the service should be identified as the data controller, or joint data controllers.

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.