Data Privacy Notice


The document provides a policy statement regarding the data protection obligations of our Parish, thus ensuring that we comply to Data Protection Regulations within Irish Legislation. This policy applies to all personal data collected and stored in the course of its’ activities.


What is Personal Data?

Personal Data relates to a living individual and from this data an individual can be identified. This policy covers both personal and sensitive personal data held in relation to data subjects of the Parish. This policy applies to personal data held in manual and automated form. The processing of personal data is governed by the General Data Protection Regulations (GDPR).


Who we are and How we Process your Personal Data?

Ballymurn Parish is the Data Controller. The Parish complies with its obligations under GDPR by;

·         Obtaining and processing the information fairly

·         Keeping it for one or more specified, explicit and lawful purpose

·         Using and disclosing the information only in ways that are compatible with these purposes

·         Keeping the information safe and secure

·         Keeping the information accurate, complete and up-to-date

·         Ensuring that the information is adequate, relevant and not excessive

·         Retaining the information for no longer than is necessary

·         Give a copy of the personal information to an individual following the Data Subject Access Request Procedure


What do we use your Personal Data for?

Data is collected from parishioners, employees, volunteers and contractors. 


What is your Personal Data Used for?

·         To administer records held by us on members of the congregation e.g. Baptismal, Confirmation and Marriage Records.

·         To fundraise and promote the interests of the parish

·         To manage our employees and volunteers

·         To manage rotas for altar servers, ministers of the Eucharist etc.

·         To maintain our accounts and records including the processing of donations and tax rebates

·         To inform you of any news, events and activities that are running in the Parish


What is the Legal Basis for Processing your Personal Data

·         Explicit consent of the data subject so that you can be informed about news, events, activities and services, for processing your donations and keep you informed about events in the Diocese.

·         Processing of personal data is necessary for carrying out obligations under employment law, financial laws and other legal requirements.

·         Processing is carried out by a not-for-profit body with a religious aim provided that the processing relates to congregation members or former members (or those who have regular contact with the Parish in connection with those purposes) and

·         There is no disclosure to a third party without consent.


Sharing your Personal Data

Your personal data will be treated as strictly confidential and will only be shared with other clergy or staff of the parish for the purposes connected to the Parish. We will only share your data with third parties outside the parish with your consent.


How long do we keep your Personal Data?

We retain data in accordance with the guidance set out within Irish Data Protection Legislation. Specifically, records of donations and associated paperwork are retained for 6 years after the calendar year to which they relate. Parish registers such as Baptisms, Marriages, Confirmations are kept permanently.


Your Rights and Your Personal Data

Under the Data Protection Regulations, you have the right to request access to the personal information held about you. Any requests should be addressed to the Parish Priest (contact details below). Requests should be dealt with, within 30 days of receipt, unless there is a reason for the delay, which is justifiable.

You have the following rights;

·     Right of Access – You have the right to access information we hold about you.

·     Right of Correction – You have the right to correct information that is inaccurate or incomplete.

·     Right of Erasure – In certain circumstances you can ask for data that we hold about you to be erased i.e. the right to be forgotten.

·     Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data

·     Right of Portability – Subject to certain circumstances, you have the right to have any data that we hold about you transferred to another organisation where we hold it in electronic form.

·     Right to Object – You have the right to object to certain types of processing of data.

·     The Right to lodge a complaint with the Data Protection Commissioner’s Office.

Further Processing

To exercise any relevant rights, queries or complaints please contact:  

Parish Priest:  Fr Jim Finn

Phone 087 2119151  E-mail 

You may also contact the Data Protection Commissioner Office on 00-353-57-8684800 or Lo-call 1890-252-231 or by e-mail or by Post to; Data Protection Commissioner, Canal House, Station Road, Portarlington R32 AP23 Co. Laois or their Dublin Office, 21 Fitzwilliam Square, Dublin 2 D02 RD28.




Parish Subject Access Request Policy

Purpose of the Policy

The purpose of this document is to outline the Parish’s policy in relation to the management of subject access requests which are submitted by individuals (data subjects) in relation to their personal data. A subject access request enables a data subject to exercise their right to gain access to personal data held about them by the Parish. Personal information may be held in electronic or hard copy form by the Parish, as the data controller.

Scope of the Policy

The policy outlines how the Parish will meet its legal obligations under the General Data Protection Regulations (GDPR) upon receipt of a subject access request.

What is Personal Information?

Personal information is any data, in both physical and electronic form, relating to an identified or identifiable person. It includes anything that can be used to identify a person, directly or indirectly, by means of his or her physical, mental, economic, cultural or social identity.

What is a Subject Access Request?

A subject access request is a written request for personal data or information held by the Parish. Article 15 of the GDPR states that as a data subject, you have the right to see if the Parish is processing your personal data and you also have the right to receive a copy of the data. You also have the following rights;

1.      The right to the personal data being held by the Parish.

2.      The purposes of the processing and what the Parish is using the data for?

3.      The categories of personal data being held (e.g. name, address, date of birth).

4.      Who are the recipients of your personal data (if any)?

5.      The envisaged retention period for your personal data.

6.      The right to request erasure (under certain circumstances), rectification or restriction of processing of personal information concerning the data subject.

7.      The right to lodge a complaint with the Irish Data Protection Commissioner.

8.      The right to any information as to the source of your personal data if the Parish did not collect the information directly from you.

How to make a Subject Access Request to the Parish?

To respond to any subject access request,

1.      Please fill in Subject Access Request Form F004-1 (available from the Parish Office) and be as specific as possible about the information that you want to access.

2.       Attach a photocopy of your proof of identity and proof of address to the subject access request form.

3.      Send the completed request form, along with proofs of identity to the Parish Office by post or e-mail to;

(Insert name of parish priest, address, e-mail address here.

Use of the subject access request form is not mandatory. However, completing the form would allow your subject access request to be processed more efficiently.


What happens next?

1.      The information that you submit as proof of identity will be checked to be sure of your identity. In rare cases we may request additional information to confirm your identity. This is to ensure that we only disclose information about personal data to the data subject.

2.      A check will be carried out to ensure that the parish priest (data controller) has enough information to find the record you requested. If more information is required, you will be asked for this.

3.      A full search of all electronic and hard copy filing systems will be carried out to collect all the personal data relevant to the subject access request,

4.      Provided none of the restrictions specified under Article 23 of the GDPR regulations apply, the personal information will be provided to you.

5.      The information provided under a subject access request will be provided free of charge for the first copy. Any subsequent copies may incur a reasonable fee based on administration costs.

6.      All valid subject access requests, accompanied by a valid proof of identity and proof of address received by the Parish, will be dealt with, within 30 days of receipt of a valid request.

7.       The response to a subject access request may be extended depending on the complexity of your request and the number of requests that are currently being processed.






To read the the up-date from Fr. Fintan McDonald just click Kitale Project 1 and Kitale Project 2