Privacy Notice for Service Users

Your Personal Data: What the Service Needs

St. Catherine’s Community Services Centre is what is known as the ‘Controller’ of the personal data you provide to it. We take your privacy seriously and will only use personal information about you and your child to provide the services you have requested from us and administer your account.
We collect a variety of personal data to be able to deliver the service requested by you. Most of this data is captured on a Registration/Application form or on the forms required to obtain government funding for the service/programme.

The Registration/Application form includes your name, address and date of birth plus further details on any specific medical and other relevant health-care details, and your work and educational history. Because of the sensitive nature of much this information, you will be asked to confirm your consent for us to collect and hold the information before we do so.
The Registration/Application form may also collect the contact details and phone numbers of your next of kin. You are required to ensure these persons agree to their information being stored and you will be asked to confirm this on the form.

The Registration/Application Forms may collect personal data including your PPS number and your social welfare status. This is only collected to allow us process funding applications to our funders.

Why the Service Needs Data/Purpose of the Processing

The Service needs your basic personal data to provide you with its services in line with this overall contract. The Service will not collect any personal data from you it does not need to provide and oversee this service to you.
What the Service Does with Data/Disclosure

All the personal data is processed by management or by staff designated by Management. To deliver our services effectively, we may need to exchange your details with:

  • The relevant funding bodies such as DCYA, HSE, Tusla, Pobal, KCETB, DEASP, Department of Justice and Equality, etc
  • Regulators such as TUSLA or the Revenue Commissioners,
  • Inspectors (TUSLA, Department of Education and Science and Health & Safety Authority), or
  • External personnel such as HR contractors, accountants and professional advisors.

The Service has a Data Protection Policy in place to oversee the effective and secure processing of your personal data.

How Long the Service Keeps Data/Retention Period and Criteria Used

The Service will keep your personal data for as long as you remain within the Service, and for the period afterwards required by the relevant statutory and legislative guidelines that apply.  More information on the Service’s retention policies can be found by contacting the Manager directly at the addresses given below.

What are your rights?

If you wish to see what information we hold on you, simply contact the Director of Services either by post or and we will endeavour to respond to you within 30 days of receipt of your request.

If at any point you believe the information the service processes on you is incorrect, you may request to have it corrected. You can contact the Manager at the address shown below. If you wish to raise a complaint on how the Service has handled your personal data, you can also contact the Director of Services.

Data Controller:      St. Catherine’s Community Services Centre,

Contact Points:      Director of Services

St. Catherine’s Community Services Centre,

St. Joseph’s Road,

Carlow, R93 T4C6

Tel.  059 9138700


If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain directly to the Office of the Data Protection Commissioner at:

Postal Address: Data Protection Commissioner

Canal House

Station Road


R32 AP23 Co. Laois

Some Key Definitions within GDPR:

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Child Care and EYE Services are controllers of the data concerning parents, guardians and children that they use to provide Child Care and EYE Services.

Note: if the EYE Service is a legal entity, then the Service itself is the data controller. Otherwise one or all of the principals of the service should be identified as the data controller, or joint data controllers.

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.