Privacy notice

Introduction

This notice provides you with information regarding the personal data about you which is held by the Standards in Public Office Commission in respect of its statutory functions under the Regulation of Lobbying Act 2015. 

The Standards in Public Office Commission fully respects your right to privacy.  Your personal data will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (jointly referred to as the “Data Protection legislation”). 

This Notice uses certain words or terms which have a particular meaning under the Data Protection legislation.  See the Definitions section of this Notice for an explanation or definition of the words.

Who We Are and Who Controls your Data

Your personal data is held by the Standards in Public Office Commission (or ‘the Commission’ in this notice) which is the data controller for the purposes of the Data Protection legislation. 

The secretariat to the Commission is provided by the Office of the Ombudsman, and the Office of the Ombudsman is a therefore a joint controller in so far as support services such as information and communications technology and corporate services (including finance) are a shared service.

We may be contacted at:

18 Lower Leeson Street, Dublin 2, DO2 HE97. 

Telephone: (01) 6395722.

Email:  info@lobbying.ie

Data Protection Officer

Our Data Protection Officer may be contacted at:

Email:  dataprotection@ombudsman.ie

Telephone: (01) 639 5760

Postal Address: 18 Lower Leeson Street, Dublin 2, DO2 HE97. 

The Data Protection Officer is designated for the Office of the Ombudsman, OIC, OCEI, SIPOC, CPSA and theReferendum Commission.

Your personal data and how we collect it

A very large amount of the personal data which we hold about you is provided by you in your online registration, phone calls, letters, emails or other communications with the Commission.  We may also hold personal data which has been provided by someone else or by someone on your behalf. 

Registrants (including administrators of the account) and potential registrants

We hold information (personal data) about people who contact us to make an enquiry as to whether they are required to register as carrying out a lobbying activity and/or how to register.  This personal data includes, for example, your name and contact details, details relating to your enquiry, your business or community activity, your registration details and your lobbying activity details.

If you are a registrant who has failed to comply with some aspect of your obligations under the Regulation of Lobbying Act then we may hold additional personal data about you such as financial information related to the payment of a Fixed Payment Notice. Sometimes you will send us additional personal data, including special categories of personal data, for the purposes of an application to delay publication or to hide information, or in order to explain something to us.  

Designated Public Officials

We maintain a list of Designated Public Officials which we harvest from the details publicly available on public bodies’ websites.

Appeals Officers

We hold contact information for persons appointed as Appeals Officers by the Department of Public Expenditure and Reform in order to contact them if an appeal is received under one of the relevant provisions.  We also hold financial information required for payment of invoices.

Persons making a complaint or a report under section 10

We hold personal data about people who make a report under section 10(5) of the Act or a complaint of unrecorded lobbying activity.  This personal data includes, for example, your name and contact details, details in relation to your enquiry or the purpose of your contact and any other personal data which you provide, which can include special category personal data.

Representatives

We hold personal data about representatives, including legal advisers, who act on behalf of people interacting with the Commission.  This data includes your name, contact details and details relating to the representative capacity or relationship with the person on whose behalf you are acting.  It also includes any other personal data which you provide.  

Investigations

The Commission has the power to carry out investigations into possible contraventions of the Act.  In conducting an investigation, we could get personal data about you which is contained in records or submissions received by us from third parties such as Designated Public Officials.  As part of an investigation we get personal data from publicly available sources (such as public registers or information available on line).

The Commission also has the power to compel you to provide information and to produce documentation for the purposes of an investigation and this may include personal data of Registrants, their employees and others.  This information is used only for the purposes of the investigation and any subsequent prosecution.

Visitors to our Website

When someone visits www.lobbying.ie  we collect standard internet log information and details of visitor behaviour patterns. Some of the information is used to create summary statistics, which allows us to assess the number of visitors to our site; identify what pages are visited most frequently and, ultimately, make the site more user friendly.

We do not attempt to find out the identities of those visiting our website.  We will not associate any data gathered from this site with any personally identifying information from any source

If we do intend to collect personal information we will make it clear and will explain what we intend to do with it

Certain pages on the website provide an option to request further information by email, or to make a complaint online. This information will only be recorded if you choose to send us a message and will only be used for the purpose for which you have provided it.

Staff of Public Bodies

We hold personal data about staff of public bodies in relation to their dealings with the Commission in the handling of Commission enquiries or in conjunction with the Commission’s outreach activities or as part of consultations with other public bodies.  The personal data includes the name, contact details, grade/role and information relating to the performance of their functions.  This personal data comes from the public body or from the individual. 

The Commission maintains a list of contacts within public bodies responsible for notifying the Commission of appointments to senior office. This includes the name, role and contact details of the liaison/contact person.

Emailing our Office 

We are part of the Government Services network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used.

Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Statutory Requests to this Office

We hold personal data about people who make statutory requests to the Commission, including for example people who make an FOI request or Data Protection access request looking for records or information from this Office.  The personal data includes your name and contact details and information relating to the statutory request. 

These statutory requests made to the Commission could also include personal data about someone other than the person making the request.  Whether they contain personal data and, if so, the type of personal data will depend on the request.  This information comes from the person making the request.

People on our Mailing List

We have a list of people we communicate with to inform them of publications, current developments and other matters of interest.  This contains your name, email address and/or contact details.

Suppliers / Service Providers / Other People in Contact with the Commission

We hold personal data about you where there has been contact between the Commission and yourself in relation to various matters including, for example, contact regarding the supply of goods or services or invitations to the Commission to make presentations to seminars, attend conferences etc. Suppliers or service providers includes, for example, legal advisers, auditors etc.  Other people in contact with the Commission includes, for example, journalists.  This personal data includes your name, contact details and information relating to the goods or services, the seminar, conference etc.  It comes from your interactions with us.

Others

We have described above all the main categories of people whose personal data we hold.  We can hold data about people who do not fall within these categories.  For example, from time to time we hold personal data about people attending meetings or events with the Commission.  We confirm that all personal data is treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and Data Protection legislation.

What we use your data for and the legal basis

Functions under the Regulation of Lobbying Act

We use your personal data in the course of carrying out the Commission’s functions under the Regulation of Lobbying Act 2015, related primarily to maintaining the Register of lobbying activity.

In legal terms, our use of personal data is:

  • necessary for the performance by the Commissioner of a task carried out in the public interest or in the exercise of official authority vested in the Commission
  • necessary for reasons of substantial public interest, on the basis of the Data Protection legislation which is proportionate, respects the essence of the right to data protection and provides suitable and specific measures to safeguard your fundamental rights and interests.

General Administration & Compliance with Legal Obligations

We also hold information about you for the purpose of responding to statutory requests made to the Office (such as access requests under the FOI Act 2014, the Data Protection Act and the Access to Information on the Environment Regulations).  Doing this is necessary for compliance with the Office’s legal obligations. 

We use the mailing list of people we communicate with in order to inform them of publications, current developments and other matters of interest.  We will send you such communications if you consent to us doing so.  If you wish to be removed from this list, please let us know and we will remove you from the list without delay.

We also compile and publish statistics showing information like the number of reviews we receive, but not in a form which identifies anyone.

Who we share your information with

As a registrant your information is available on the public Register. 

We share personal data with: Designated Public Officials; Appeals Officers; previous and potential employers of Designated Public Officials; legal representatives of the Office.

We share information with service providers who maintain technical aspects of the Register; payment service providers, who provide the SMS service; who manage the Fixed Payment Notification facility and who provide translation services.   

In processing payment of Fixed Payment Notices to this Office, your personal data in relation to such payments is shared with a service provider whose Headquarters is outside of the European Union.

How long we keep your personal data

The length of time we hold your personal data for will depend on the type of document or record which contains the data.  Our Records Retention Policy sets out the time periods for different types of record.  See the table below for further details:

Record Group

Record Description

Retention Period

Legislation/Rationale

Final Disposition

Owner of Record

Stakeholder Engagement

Records relating to engagement with stakeholders including public bodies, stakeholder groups, media.

Current year plus 4 years

GDPR: Article 6.1 (e) - Processing is necessary for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in SIPO.

Data Protection Bill: section 34(1) 

SIPO may also issue guidance about the operation of the Act under section 17 of the Regulation of Lobbying Act 2015.

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Registrations and Returns

Record of Lobbyists and lobbying on Lobbying.ie

Correspondence with Registrants/potential Registrants and administrators

Designated Public Officials (including former DPOs)

Returns will be kept on public register for a 7 year period after which they will be archived for historical purposes. Registrants may apply to have their registration and/or returns deleted. Applications will be assessed against established criteria and a decision made.

GDPR: Article 6.1 (e) - Processing is necessary for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in SIPO.

Data Protection Bill: section 34(1) - Processing  is necessary for the performance of a function of SIPO conferred by or under the Regulation of Lobbying Act 2015.

 

Section 10(3) of the Lobbying Act states that the Register shall be made available for inspection free of charge on a website maintained or used by the Commission.

 

Section 8 of the Act sets out the requirement to Register while Section 9 requires the Commission to establish and maintain a Register and Section 10(1) provides for the content of the Register.

 

Section 10(5) states that the Commission may remove information from the Register that it views as inaccurate, out of date or misleading. The Commission therefore has discretion to determine how long to retain information on the Register. Moreover, Section 11(4) of the Act provides that if a person has permanently ceased lobbying, they may notify the Commission, which “shall mark the person’s entry on the Register with such a statement”. The Act provides for retention of information regarding persons who have ceased lobbying.

Given the fact that lobbying matters, including the development of legislation, policies and programs, often take significant amounts of time to progress, and the matters may remain active for some time, and given the other provisions in the Act allowing for the retention of information on the Register, and given the limitation periods in the Act and in other legislation that govern the prosecution of offences under the Act, the Commission has determined that 7 years is an appropriate amount of time to retain information on the public register.

 

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Operations

Records documenting the examination of standard decisions

Decisions under Section 10 (5), Section 14 and Section 22 of the Act
Correspondence with applicants for decisions

Final decision to be retained indefinitely. Supporting documents to be destroyed once final decision issued and any appeals exhausted

The Act provides for maintenance of information after persons have ceased lobbying. Act further provides that Commission may remove information it considers to be “out of date”.

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

 

Record Group

Record Description

Retention Period

Legislation/Rationale

Final Disposition

Owner of Record

Investigations, reports  and enforcement

Records relating to non-standard cases including investigations, fixed payment notices and prosecutions

Final Internal report retained

Supporting docs destroyed when case concluded

Sections 18, 19, 20 and 21 of the Regulation of Lobbying Act give SIPO the power to carry out investigations and issue Fixed Payment notices.

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Legal Advisers

Records relating to legal advice/services obtained internally or externally and legal proceedings

Advice kept indefinitely, supporting correspondence destroyed after 3 years

Of no foreseeable value after this period

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Legislation

Records relating to legislation affecting the office’s remit, including correspondence with public bodies

Superseded plus 5 years

Of no foreseeable value after this period

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Statutory Requests

Records relating to FOI, DP, PSI AIE requests received by the unit

All requests retained for 5 years, decisions plus requester details retained indefinitely

GDPR: Article 6.1 (e) - Processing is necessary for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in SIPO.

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Reports and Publications

Records relating to the drafting and production of the annual report, including correspondence with public bodies and service providers

Publication indefinitely

Supporting docs 1 year post publication

Of no foreseeable value after this period

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Appeals

Contact information for appeals officers

 

 

Information on appeal

-          Correspondence

-          Decisions

 

Appeals to High Court

 

 

 

Service Level Agreements

 

Contact information kept for duration of Service Level Agreement.

 

Decisions kept indefinitely.

Supporting documentation destroyed after final appeals periods exhausted

 

Decisions kept indefinitely.

Supporting documentation destroyed after final appeals periods exhausted

 

Active SLAs kept for duration of agreement plus one year. Template SLAs kept in anonymised format for 5 years.

Sections 23 and 24 of the Regulation of Lobbying Act provide for appeals against Commission decisions

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Codes of Conduct

Consultations
Submissions

Superseded plus 5 years

Section 16 of the Regulation of Lobbying Act provides for the publication of a Code of Conduct by the Standards Commission

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

Correspondence

Queries from persons within scope

Queries from persons outside scope

Current plus 6 years

 

Current year only

Of no foreseeable value after this period

Destroy by confidential shredding

Electronic data deleted from computer storage

Head of Ethics and Lobbying Regulation

NOTE: In accordance with Records Management Policy, the Records Retention Schedule applies to both paper and electronic records

 

 

Your Data Protection Rights

Under the Data Protection legislation you have certain rights.  These rights arise in certain circumstances and are subject to certain exemptions or restrictions.   The Office is required by the Regulation of Lobbying Acts to keep certain information obtained in the course of carrying out its functions confidential and this restricts your rights.  In particular, these rights are restricted in relation to the prevention, detection, investigation and prosecution of offences.

Your rights are:

  • right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
  • right to rectification – you have the right to request that inaccurate personal data be corrected and that incomplete personal data be completed
  • right to erasure (or right to be forgotten) – you have the right to request that personal data be deleted
  • right to restriction of processing or objection to processing – you have the right to request that our use or processing of your data be restricted or to object to our processing of your data
  • right to data portability – you have the right to request that personal data be given to you or another person in a transferable or machine readable form.

If any of your personal data is held by us on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of your rights, please contact:

The Data Protection Officer

Email:  dataprotection@ombudsman.ie

Your right to complain

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

You also have the right to lodge a complaint with the Data Protection Commission.  The Data Protection Commission may be contacted at:

Website: www.dataprotection.ie

Email:  info@dataprotection.ie

Telephone:  (0761) 104 800; Lo-Call 1890 25 22 31. 

Postal Address: Canal House, Station Road, Portarlington, Co Laois, R32 AP23. 

Requirements to Provide Personal Data and Possible Consequences of Failure to Provide

It is a statutory requirement for persons subject to the Acts the Commission administers to provide personal data. Failure to comply with the statutory obligations set out in the Acts may be an offence and liable to prosecution.

The Commission has power in certain circumstances to direct the provision of information under the Regulation of Lobbying Act. Where this power is exercised and a person fails to comply with the direction then that person may be guilty of an offence and liable to prosecution.

The Commission also has the power in certain circumstances to direct discovery of documents in accordance with the Rules of the High Court.

Further Information

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Office of the Information Commissioner’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Please feel free to contact us.

Use of Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Purpose: Online Registration System Cookie

Cookie Name: Asp.NetApplicationCookie

This cookie is essential for logging in and filling in forms, and is set only for those people who log in.

Purpose: AddThis

Cookie Names: _atuvc, _atuvs

The cookie is used to make sure the user sees the correct updated count if they share a page using Add This. Opt-out of AddThis cookies.

You can find the AddThis.com privacy policy here: http://www.addthis.com/privacy/privacy-policy

You can opt out of AddThis here: http://www.addthis.com/privacy/opt-out

Purpose: GoogleAnalytics

Cookie Names:

_utma

_utmb

_utmc

_utmz

These cookies are used to collect information about how visitors use our site.  The cookies collect information in an anonymous form that does not identify a visitor. They provide information regarding the number of visitors to the site, where visitors have come to the site from and the pages they visited.  We use this information to compile reports and to help us improve the way our website works, for example by making sure users are finding what they need easily.

You can find the Google Analytics Privacy Policy here: https://support.google.com/analytics/answer/6004245

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Definitions

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Protection Act 2018 Amongst other things, this Act gives further effect to the GDPR (see below) in areas where Member State flexibility is permitted. 

Data Protection Officer  The GDPR requires some organisations to designate a Data Protection Officer (DPO).  Article 39 of the GDPR states that the data protection officer “shall have at least the following tasks:

  1. to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
  2. to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
  3. to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
  4. to cooperate with the supervisory authority;
  5. to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.”

Data Subject means the identified or identifiable natural person to whom the personal data relates – see also the definition of personal data below.

The General Data Protection Regulations (GDPR) is an EU Regulation relating to data protection which came into force on 25 May 2018. 

Joint Controller.  Where two or more controllers (see above) joint determine the purposes and means of processing, they are joint controllers.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject ’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.