Data Protection Statement
The Pensions Council (the “Council”) is committed to protecting the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR). GDPR confers rights on individuals in relation to the privacy of their personal data. GDPR also imposes responsibilities on those persons holding and processing such data. The Pensions Council collect, stores and processes certain personal data in order to carry out its functions. Personal data means any information relating to an identified or identifiable living individual.
Details of the personal data that the Council processes and how individuals can exercise their rights under GDPR can be found in the Council’s Privacy Statement.
Data protection principles
The Pensions Council is committed to adhering to, and demonstrating compliance with, the following principles relating to the processing of personal data as set out in GDPR.
Personal data shall be:
- processed lawfully, fairly and transparently
- collected for specific, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and, where necessary, kept up to date
- kept in a form such that the data subject can be identified only as long as is necessary
- processed in a manner that ensures appropriate security
Rights of individuals whose data is collected
The Council is committed to designing and maintaining appropriate policies and procedures to protect the rights of individuals as set out in GDPR to:
- access their personal data
- correct their personal data
- erase their personal data
- restrict processing of their personal data
- transfer their personal data
- object to the processing of their personal data
- withdraw consent (where we are relying on consent to process data)
In circumstances where the above rights are not available to an individual due to legal reasons, they will be notified of the reason.
Responsibilities of the Council
The Council’s responsibilities under GDPR include:
- implementing appropriate technical and organisational measures to secure personal data
- implementing appropriate agreements with third parties who access the personal data we hold or we transfer personal data to
- implementing data protection measures by default when we design systems and processes
- conducting data protection impact assessments when designing new types of data processing and using new technologies
- maintaining procedures for data subjects to exercise their rights under GDPR
- maintaining personal data breach procedures
- ensuring that adequate governance of our data protection policies and procedures are in place, including the appointment of a Data Protection Officer.
Contact details for further information
Data Protection Officer
The Council’s data protection officer (DPO) has responsibility for ensuring compliance with GDPR. Individuals who have questions on the Council’s compliance with GDPR can contact the DPO.
The Pensions Council
28/30 Lower Mount Street
Dublin 2, D02 KX27
Phone: (01) 676 6179
The Data Protection Commission
The Data Protection Commission is responsible for upholding the rights of individuals under GDPR. Individuals who feel their rights are being infringed can complain to the Data Protection Commission, who will investigate the matter, and take whatever steps may be necessary to resolve it.
The Data Protection Commission
Co. Laois, R32 AP23
Phone: 1890 252231