Data Ireland Access Request Policy

Introduction

At Data Ireland your privacy and data protection rights are very important to us.

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the "Data Protection Acts") lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.

Inquiries about this access request policy ("Access Request Policy") should be made to: Data Protection Co-Ordinator, Data Ireland, 1st Floor, 19-24 St. Andrew Street, Dublin 2.

Access Request Policy and Procedures

Purpose of this policy

This document outlines Data Ireland's Access Request Policy to help ensure that we comply with requests made under the provisions of the Data Protection Acts.

Procedures

Individuals may make a request from Data Ireland as follows:

  • Right to establish existence of personal data (section 3 Data Protection Acts).

    Under section 3 of the Data Protection Acts an individual may write to us asking whether we keep any personal data on him or her. Where we hold such personal data on you, we shall respond within 21 days of receipt of the request, giving you a description of the data we hold on you and the purposes for which it is kept.

    You do not have to pay a fee for making a request of this type under section 3 of the Data Protection Acts. Please make your request in writing to us at: Data Protection Co-ordinator, Data Ireland, 1st Floor, 19-24 St. Andrew Street, Dublin 2 stating that you are making your request under section 3 of the Data Protection Acts. Please note that before we respond to your request we may require that you provide us with satisfactory evidence of your identity and address.

    We do not accept section 3 requests via telephone, email or text message.

  • Making an Access Request (section 4 of the Data Protection Acts).

    Under section 4 of the Data Protection Acts, you may receive a copy of your personal data held by Data Ireland upon written request, subject to payment of a fee of €6.35.

In order to respond to your section 4 request we ask you to:

  • Download the Access Request Form.
  • Please complete, sign and date the form and be specific as possible about the information you wish to access.
  • Attach a photocopy of your proof of identity and address to the Access Request Form.
  • Enclose a cheque or postal money order payable to Data Ireland in the amount of €6.35 and:
  • Post the Access Request Form to: Data Protection Co-Ordinator, Data Ireland, 1st Floor, 19-24 St. Andrew Street, Dublin 2
  • If you cannot download the Access Request Form from the internet please write to us requesting a form from: Data Protection Co-Ordinator, Data Ireland, 1st Floor, 19-24 St. Andrew Street, Dublin 2 and we shall send you a copy by return post. Use of the Access Request Form is not mandatory. Completing the Access Request Form should enable us to process your section 4 request more efficiently. However, please note that we may not provide you with the data requested if you do not meet the requirements at points 3)-5) above.

Please note that we reserve the right not to process and release data requested where you have not complied with the requirements of section 4 of the Data Protection Acts including where:

  • You have not paid the prescribed fee of €6.35. All payments should be made by cheque or postal money order made payable to 'Data Ireland';
  • Your request is not made in writing. We do not accept access requests via telephone, email or text message.

Responding to your Access Request under section 4

Once we have received your fully completed Access Request Form, your proof of identity and address and the prescribed fee, we shall respond to you within the statutory period of forty (40) days.

If you are not satisfied with the outcome of your access request you are entitled to make a complaint to the Data Protection Commissioner who may investigate the matter for you.

Responsibility

Overall responsibility for ensuring compliance with the requests made under the Data Protection Acts rests with Data Ireland. However, our responsibility varies depending upon whether we are acting as either a Data Controller or a Data Processor.

All employees and contractors of Data Ireland who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-Ordinator is Data Ireland's Data Protection Officer, and co-ordinates the provision of support, assistance, advice, and training throughout the company to ensure we are in a position to comply with the legislation.

Review

This Access Request Policy will be reviewed regularly in light of any legislative or other relevant developments.