CPSMA respects your right to privacy and its policy is to comply with data protection legislation at all times.
This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by CPSMA.
CPSMA is the data controller for the purposes of the Data Protection Acts 1988-2018, the General Data Protection Regulation (“GDPR”) and any amendments to the foregoing (collectively referred to as “Data Protection Legislation”). Processing is the legal term used to describe various acts including the collection, recording, organisation, structuring, storage, alteration, use of, retrieval, disclosure or transmission of information.
For your information this Statement outlines:
- Who we are and how to contact us;
- What information we collect, process and retain;
- How information is collected and processed together with the purpose and legal basis for so doing;
- Sharing information with third parties;
- Individual legal rights.
- WHO WE ARE AND HOW TO CONTACT US
CPSMA is a member-based school management organisation, as recognised in the Education Act 1998, as amended, that mainly caters for Catholic primary schools. We have a key role in shaping national policy regarding the development of primary education and the implementation of educational strategies and policies.
If you have any questions about this Privacy Statement, including any request to exercise your legal rights under Data Protection Legislation, please contact us by e-mail to this dedicated email address: [email protected]
- TYPES OF INFORMATION COLLECTED BY CPSMA
Personal Data
CPSMA collects and processes personal data that identifies you or can be used to identify or contact you which may include your name, address, email address, user IP addresses (where not deleted, clipped or anonymised) and/or telephone number. This information is only collected from you where you voluntarily submit it for use in and around the delivery of CPSMA services and provision of information to you.
CPSMA collects and further processes the following types of personal data:-
- Member schools’ information
CPSMA member schools are asked to nominate and provide contact details for named contacts in their schools with whom CPSMA may communicate with to provide CPSMA services.
Member schools may provide CPSMA with Board of Management and/or employee details, including names and contact details, in connection with the delivery of CPSMA services, training and provision of resources.
Patrons, Trustees and Diocesan Offices may also provide CPSMA with individual names and contact details in connection with accessing CPSMA services, training and resources.
- Management bodies/Stakeholders
Individual names and contact details of relevant personnel.
- Members of CPSMA’s Board of Directors
Individual names and contact details.
- Suppliers of business services to CPSMA
Containing individual names and contact details.
- Personal data of employees
- Other personal data
- HOW INFORMATION IS COLLECTED & THE PURPOSE & LEGAL BASIS FOR COLLECTING & PROCESSING INFORMATION
CPSMA collects personal information provided to it on an individual school basis through its member application process and/or through expressions of interest in CPSMA training, resources and events. We collect additional personal information through general interaction during the course of membership and/or further involvement/dealings with CPSMA by or on behalf of member schools.
CPSMA collects and processes personal data for a variety of purposes and relies on a number of legal grounds to do so. CPSMA requires this information to fulfil its agreements with member schools, to perform contracts with business providers, to pursue the legitimate interests of CPSMA and to comply with our legal and statutory obligations. The legitimate interests upon which we rely are the effective operation and management of CPSMA as a member-based management representative organisation that represents its members and provides information on a range of policy issues and initiatives.
Member schools
CPSMA will process personal data provided to us for the following purposes:-
- To respond to communications from a member school/individual
- To confirm the individual’s identity
- To process applications for membership, bookings for events,
- To provide access to training and resource materials
- To review and update membership contact details
- To notify you of upcoming events and material developments
- To notify you of changes and updates to CPSMA’s services and websites
Named contacts, and their details, are collected on an individual school basis. The legal basis for processing this personal data is to facilitate the provision of membership services to member schools and other connected persons by way of performance of the membership agreements and/or on the basis of consent. A core part of CPSMA’s services is to communicate with member schools to keep them informed as to policy developments and to seek their views and input on national issues of relevance.
CPSMA provides access to information, training and events to non-members but connected persons within the primary education sector. CPSMA relies on consent and/or requirement for performance of a contract as the basis for processing personal data of such persons.
Management bodies/stakeholders
CPSMA will process personal data of named contacts for collaboration, communication and representation purposes as part of CPSMA’s role as a school management organisation involved in shaping national policy in the education sector. CPSMA relies on its legitimate interests as a school management organisation and interested stakeholder in the education sector to process the aforementioned personal data.
Members of CPSMA’s Board of Directors
CPSMA will process personal data of named contacts and their contact details for communication purposes relying on consent and/or legal obligations for the processing of same.
Suppliers of business services to CPSMA
Individual names and contact details are processed to ensure delivery and completion of the relevant service. The basis for this processing is that the performance of the contract requires it.
- INFORMATION AND THIRD PARTIES
CPSMA may receive from, share and/or transfer information to a range of third parties such as the following:
- Department of Education
- An Garda Síochána
- Third Party Service Providers: We may share personal information with third party service providers that perform services and functions at our direction and on our behalf such as our accountants, IT service providers including, printers, lawyers and other advisors, and providers of security and administrative services, including data processing/cloud storage service providers.
- SECURITY
Your Personal Data is held on secure servers hosted by Bytek IT Solutions in accordance with CPSMA’s data retention schedule.
We use appropriate technical and organisational measures against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
CPSMA, through our third-party payment provider Global Pay, uses SSL protocol and 3D Secure to ensure transaction security. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read over the internet.
- DATA RETENTION
We will only retain personal information for as long as it is necessary to fulfil the purposes the information was collected for, including any legal, accounting or reporting requirements. Retention of data is in accordance with CPSMA’s Data Retention and Destruction Policy.
- INDIVIDUAL RIGHTS
Individuals have several rights under GDPR, which in certain circumstances are limited and/or constrained. These individual rights include the right – subject to any limitations as may apply – to:
- Withdraw consent where the basis for processing of personal data is that of consent;
- Be informed about CPSMA’s use of personal data and data subject rights – which this Privacy Statement does;
- Request a copy of the personal information held about the individual;
- Rectify any inaccurate personal data held about the individual;
- Erase personal information held about the individual;
- Restrict the processing of individual personal information;
- Object to the processing of individual personal information for the purposes of CPSMA’S legitimate interests;
- Receive individual personal information in a structured commonly used and machine-readable format and to have that data transmitted to another data controller.
If you wish to exercise any of these rights please contact us by email to: [email protected]
CPSMA will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further two months and we will explain why.
You also have the right to lodge a complaint to the Office of the Data Protection Commission.
- UPDATES
We will update this Privacy Statement from time to time. Any updates will be made available and, where appropriate, notified to you.