Statement of Information Practices

Introduction

The Charities Regulatory Authority (‘Charities Regulator’) is Ireland's national statutory regulator for charitable organisations and is an independent authority established in accordance with the Charities Act 2009.  The key functions of the Charities Regulator are to establish and maintain a public register of charitable organisations operating in Ireland and to ensure their compliance with the Charities Acts, so information is a key resource for the Charities Regulator.

The Charities Regulator is subject to and complies with the EU General Data Protection Regulation, 2016/679 (GDPR) as given further effect in the Data Protection Act 2018.  It is subject to the Freedom of Information Act 2014 (‘FOI’) and processes all FOI requests in compliance with the legislation.  The Charities Regulator is registered as a Data Controller with the Office of the Data Protection Commissioner and has developed a set of fundamental information governance principles to ensure that it minimises the amount of information it collects, that it uses this information for the purpose for which it gathers it, and that it stores securely and disposes of it as soon as it no longer needs it.

Collection of Personal Information

The Charities Regulator collects personal data and special categories, otherwise known as, sensitive personal data about individuals directly from the individual and from persons acting on their behalf.  Such data may include, but is not limited to, a person’s name and address.  The Charities Regulator also collects personal data about charities and persons connected to charities such as charity trustees.  This information may include, but is not be limited to, data in relation to the religion/ethnicity of organisations, fundraisers’ details, a person’s role in a charity or records relating to a person’s employment relationship with a charity.

Occasionally, the Charities Regulator may collect personal data about individuals/charities/charity trustees from other sources.  The Charities Regulator has in place appropriate policies and procedures to ensure that the Charities Regulator’s staff only collects only information that is necessary and that the information collected is treated as highly confidential.

Use of Personal Information

The Charities Regulator collects this information in order to comply with its statutory functions as set out in the Charities Act 2009, to provide individuals/charities/charity trustees with its services and to improve its website.

The Charities Regulator will use this information:

  • to set your organisation up as a charity on its system;
  • to provide charity trustees/charities with information about its news and events, training and seminars, and e-learning services;
  • to liaise with you about projects that it is undertaking with you;
  • to administer and improve its website and for internal operations, including troubleshooting, data analysis, testing, research and statistical and survey purposes;
  • as part of its efforts to keep its website safe and secure;
  • in the event that you are not a charity/charity trustee, to provide you with news and information about upcoming events, where you have subscribed to receive same; and
  • to assist us in our inquiries regarding concerns raised with us about individual charities.

Legal Basis for Processing Data

The Charities Regulator will process data in accordance with its statutory functions such as the establishment and maintenance of a register of charitable organisations and in compliance with its legal obligations such as disclosing information to An Garda Síochána or the Revenue Commissioners, for example, where it suspects the commission of an offence.  Processing data is necessary for the performance of a task in the public interest i.e. compliance with its legal objections under the Charities Act 2009.

The Charities Regulator will not use your information to contact you by email for direct marketing purposes, unless you have specifically consented to receive marketing information, and it will not provide your information to third parties who may contact you for direct marketing purposes unless you have specifically furnished your consent.

Protection of the Privacy of Personal Information

In order to protect the privacy of personal information, the Charities Regulator:

  • takes all due care to protect personal information it holds from any loss, unauthorised access, modification, use, disclosure and disposal;
  • has secure on-site and off-site storage facilities;
  • carries out regular information governance compliance audits to monitor compliance with its policies in relation to data protection matters;
  • has in place a Data Protection Breach Policy which will be used to fully investigate potential data protection breaches;
  • has in place appropriate staff training to ensure that all staff involved in processes which handle personal information are aware of their responsibilities in relation to the safeguarding and handling of personal information.

Service Users / Data Subject Rights

Individuals have the right, subject to the restrictions set out in Article 23 of the GDPR and Chapter 2 of the Data Protection Act 2018:

  • to access the information the Charities Regulator holds about them;
  • to require the Charities Regulator to rectify any inaccurate information held about them, without undue delay;
  • to have the Charities Regulator erase any information it holds about them in circumstances where it is no longer necessary for it to hold the information for their use of its services, or where they have withdrawn their consent for the processing;
  • to object to the Charities Regulator processing information about them, such as processing for profiling or direct marketing, or to have their data processed in accordance with the Data Protection Acts;
  • to have their personal information obtained and processed fairly, to be kept securely and not illegitimately disclosed to others;
  • to ask the Charities Regulator to provide their information to them in a portable format or, where technically feasible, for the Charities Regulator to port that information to another provider, provided it does not result in a disclosure of information relating to other people;
  • to request a restriction of the processing of their information, and;
  • where the Charities Regulator’s processing of their information is based on their consent to that processing, the right to withdraw that consent at any time – but any processing of their information undertaken by the Charities Regulator prior to consent being withdrawn remains lawful.

Information about the Charities Regulator’s Practices

Click here if you wish to view a PDF version of the Charities Regulator's 'Statement of Information Practices'.

For more information about the Charities Regulator’s data protection practices or to make a data access request, please refer to the 'Data Protection' page on this website.

Procedure for making a Complaint on the Charities Regulator's Data Protection Practices

For more information about raising a concern or making a complaint about the Charities Regulator’s data protection practices, please contact:

Data Protection Officer
Charities Regulator
3 Georges Dock
IFSC
Dublin 1
D01 X5X0

Phone: 01-633 1500
Email:  dpa@charitiesregulator.ie