Data Protection (GDPR)

Louth and Meath Education and Training Board (LMETB) as a Data Controller is committed to taking all necessary steps to ensure that the Personal and Special Category (sensitive) data collected and retained by LMETB Administration Offices, Schools, Colleges and Further Education and Training Centres/Courses/Programmes, is protected by and complies with Data Protection Legislation, the Articles of the EU General Data Protection Regulations (GDPR), and the sound legal basis identified for collection and use.

LMETB will take all necessary steps to uphold the privacy rights of data subjects as outlined by Data Protection Legislation.  For this purpose, LMETB’s Data Protection Policies and Privacy Notices sets out, in writing, the manner in which Personal Data and Special Category Data relating to staff, students and other individuals (e.g. Parents/Guardians, LMETB Board members, Boards of management etc.) is used, shared and retained.

LMETB Data Protection Policies, CCTV Policy and Privacy Notices are now updated in light of GDPR and apply to all individuals of whom we collect personal or special category data e.g. Staff, Students, Board members, Parents/Guardians, and others insofar as they handle or process personal or special category data in the provision of services to LMETB.

For noting the following definitions apply:

Personal Data:  is data relating to a living individual who is, or can be, identified either from the data or from the data in conjunction with other information that is in, or likely to come into, the possession of the data controller (LMETB). e.g. Name, Address, PPSN, or a number than can make a person identifiable such as a registration plate.  CCTV images are also considered personal data.

Special Category (Sensitive) Data: can be categorised as items such as: Religious or Philosophical beliefs, Political opinions, Sexual orientation, Medical/Health Data, Trade Union Membership, Biometric Data, and Genetic Data etc.

Data Subject: is the person to whom the personal or special category relates

Data Controller: is an Individual or Organisation who alone or jointly with others collects and has responsibility for the means of processing of personal or special category data.

For further definitions or for any additional information please refer to LMETB’s Data Protection Policy and Privacy Notices, or visit the website of the Data Protection Commissioner at www.dataprotection.ie

LMETB Privacy Notices and Policies

Please click on the links below to access the following documents:

The Rights of a Data Subject under Data Protection Legislation

A Data Subject has the following rights under Data Protection Legislation which can be exercised at any time:

  • Right of access
  • Right to Rectification
  • Right to be forgotten
  • Right to restrict processing
  • Right to data portability
  • Right to object and to object to automated decision making /profiling
  • Right to complain to the Supervisory Authority

For further information on how LMETB will comply with the rights of a Data Subject, please visit Section 7 of the LMETB Data Protection Policy.  Please note that should a data subject exercise their rights, they will be asked for verification of identification as mentioned below in the section ‘Making a Data Access Request’.

Making a Data Access Request

Requests for copies of data held LMETB in any Administration Office, School, College or Further Education Centre.

A data subject can exercise the right of access at any time by contacting LMETB’s Data Protection Office in writing.  This can be done via email to dataprotection@lmetb.ie, or via post to Louth and Meath Education and Training Board, Abbey Road, Navan, Co. Meath C15N67E.  A Data Access Form is also available on request (if preferred) from dataprotection@lmetb.ie.

The data access request should include identification as mentioned below, and information on the nature of association with LMETB i.e. Student – please give the name of School/Centre, Staff Member – please give department etc.  For CCTV images, please state the exact location, date and approx. time within 28 days of an incident (we do not hold footage after this time).  This will allow LMETB to perform an efficient search and retrieval for the records/images requested.  In certain circumstances, and in accordance with the Data Protection Legislation, a request may be refused.  If this happens, LMETB will provide the Data Subject with a full legal basis for refusal.

Important notice – Identification

To protect the data requested, and so the ETB can satisfy itself of the identity of the requester, the data access is required to be accompanied by one of following identity verification methods:

  • a copy of State Identification (Passport or Drivers Licence) officially verified with the station stamp and signature of a member of An Garda Síochána. or
  •  The requestor can present themselves with their identification to the Administration Offices in Abbey Road, Navan or Chapel Street, Dundalk or
  •  The requestor can include a declaration from a Commissioner of Oaths verifying their identity.

Upon receipt of all relevant documentation, LMETB will process the Data Access Request within 30 calendar days.

Please note that in accordance with Data Protection Legislation, LMETB can only release the data belonging to the requester.  The data of all other individuals other than the requester will be redacted where necessary.  CCTV footage will be pixilated to protect the identifiable data/images of all other parties.  More information on privacy in relation to CCTV can be found in our CCTV Policy and Privacy Notices.

Important notice to Parents/Guardians

Parents/Guardians making a Data Access Request for copies of data held about their child (student under 18 years) should read and familiarise themselves with the Data Protection laws surrounding these requests.  Section 3, (3.1 (a), (b) and (c)) of LMETB’s Data Protection Policy details more information on this process within LMETB Schools and Centres.

Access requests regardless of LMETB School or Centre should be sent to the Data Protection Office of LMETB.

Contact details for queries in relation to Data Protection in LMETB:

Via email: dataprotection@lmetb.ie

Post:
Data Protection Office
Louth and Meath ETB
Abbey Road
Navan
Co. Meath
C15 N67E

Telephone:      046 901 0031

Data Breaches

LMETB has a Data Breach Protocol in place and staff are aware of their obligations to report any suspected breach to the Data Protection Office and relevant Director for further investigation and follow up.  LMETB’s Data Protection Office must be contacted upon becoming aware of any suspected breach.  As per Data Protection Legislation and LMETB’s Data Breach Protocol, the Data Protection Commissioner (Supervisory Authority) will be duly notified within 72 hours.

Any suspected breach of personal or special category (sensitive) data should be notified to the Data Protection Office via dataprotection@lmetb.ie or via telephone to 046 901 0031.

Supervisory Authority

 A data subject has the right to complain to the Supervisory Authority (Office of the Data Protection Commissioner).  This is outlined in Section 7 of LMETB’s Data Protection Policy.  Please visit www.dataprotection.ie for more information on the role of the Office of the Data Protection Commissioner, and the contact details.

Mailing lists, emails, text messaging

If at any time prior to 25th May 2018 you had given your consent to LMETB to use your personal data (name, email, phone no, address) to allow us to contact you in relation to any upcoming events such as: recruitment/programmes/courses etc., and you no longer wish to receive this correspondence from LMETB (Administration Offices, Schools or Further Education and Training Programmes/Courses Colleges), please let us know.  You can opt out of this correspondence at any time by expressing your wish to be removed in reply to any message you have received (if possible), or by contacting dataprotection@lmetb.ie .

Share