Data Access Request Policy

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.

Individuals have the right to obtain the following:

    • confirmation that Setanta College is processing their personal data;
    • a copy of their personal data; and
    • other supplementary information Supplementary

    Information is the following information:

    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient Setanta College discloses the personal data to;
    • the retention period for storing the personal data or, where this is not possible, the criteria for determining how long Setanta College will retain it;
    • the existence of their right to request rectification, erasure or restriction or to object to such processing;
    • the right to lodge a complaint with the Data Protection Commissioner;
    • information about the source of the data, where it was not obtained directly from the individual;
    • the existence of any automated decision-making (including profiling); and the safeguards Setanta College provide if transferring personal data to a third country or international organisation.

    An individual is only entitled to their own personal data, and not to information relating to other people (unless the information is also about them or they are acting on behalf of someone). For this reason, Setanta College will take reasonable steps to verify that the information requested falls within the definition of personal data. Individuals can make a subject access request verbally or in writing to any member of Setanta College staff. Setanta College encourages the submission of requests in writing, to the Data Protection Contact – admin@setantacollege.com, to ensure it is wholly understood what is being requested at what specific time and date.

    A record of all subject access requests received will be retained. GDPR places a responsibility on Data Processors to respond to a subject access request within one month, in most circumstances. For implementation of this policy Setanta College interprets that to be 30 calendar days. An extension of the response time by a further two months is acceptable if the request is complex or Setanta College have received several requests from the individual. In such cases Setanta College will notify the individual within one month of receiving their request and explain why the extension is necessary.

    There may be circumstances when Setanta College needs to verify the identity of the individual making the access request. In such case, proof of identity will be sought as soon as possible, before responding to the request. The period for responding to the request will commence once the proof of identity has been received. In certain case an access request may be made by a third party such a solicitor or representative. This is permissible where the third party can provide verifiable evidence which confirms their authority to do so. Subject access requests are to be processed free of charge in most circumstances. Where the request is manifestly unfounded or excessive Setanta College may charge a reasonable fee for the administrative costs of complying with the request. A reasonable fee may also be charged if an individual requests further copies of their data following a request. This fee will be based on the administrative costs of providing further copies. Unless specifically requested otherwise, Setanta College will normally respond to a subject access request through a commonly used electronic format. In certain circumstances a data subject may be invited to view their data on Setanta College premises where it is not feasible or practicable to provide another means of access. Responding to a subject access request should not adversely affect the rights and freedoms of others – including the right to privacy, trade secrets or intellectual property.

    Where the information sought includes the personal data of others, Setanta College is not obliged to comply with the request except if:

    • the other individual has consented to the disclosure; or
    • it is reasonable to comply with the request without that individual’s consent.

    In determining whether it is reasonable to disclose the information, Setanta College will consider all relevant circumstances, including:

    • the type of information that would be disclosed;
    • any duty of confidentiality to the other individual;
    • any steps taken to seek consent from the other individual;
    • whether the other individual can give consent; and
    • any express refusal of consent by the other individual.

    A subject access request will also include the provision of personal data held by any processor operating on behalf of Setanta College. It does not include data held by a joint controller. In such circumstances a separate access request should be made to the joint controller. Setanta College views an access request as relating to the data held at the time the request was received. However, in some instances, routine use of the data may result in it being amended or deleted while the access request is being processed. In such cases Setanta College will supply information it holds at the time of responding to the request. This does not permit Setanta College to delete or amend data specifically because of an access request.

    Setanta College will seek to provide information to data subjects in a concise, transparent, intelligible and easily accessible form, using clear and plain language. It is noted that there is no obligation to interpret, type or re-write poorly handwritten notes or translate information into a language other than English. Setanta College reserves the right to process an access request where it is manifestly unfounded or excessive, considering whether the request is repetitive in nature. In such cases justification for the decision will be provided in writing, within one month.

    The data subject will be advised of their right to make a complaint or to seek judicial remedy. Further details on the rights of the Data Subject are available on the Data Protection Commissioner’s website www.dataprotection.ie or through contacting the Data Protection Commissioner

    By post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.

    By phone +353 (0761) 104800, or

    By email: email info@dataprotection.ie

    Procedure

    To exercise your right to access personal data, a data subject should submit their request in writing to the Setanta College Data Protection Contact, by email to admin@setantacollege.com where it will be recorded, and the date of receipt noted. Where a request is received through other means or through an alternative member of Setanta staff, the date of first receipt will also be recorded. Staff members receiving a request to access personal data must forward it to the Data Protection Contact as an urgent priority. In the case of absence of the Data Protection Contact, the matter should be forwarded to the College Registrar. To assist in providing a full response, the data subject is requested to be as specific as possible about the information they wish to see and provide as much information as possible to assist in locating it.

    Setanta College may hold a substantial amount of data across different departments, but an individual may only want access to a small portion of that data. Setanta College therefore requests individuals to be as specific as possible about the information they wish to see. An individual seeking amendment to their personal data processed by Setanta College, must specify what data is incorrect and provide the correct version of same. Evidence to support the required change of personal information may be required in some cases, e.g. change of name. We will advise you if this arises.

    Upon receipt of an access request, the Data Protection Contact will determine whether further information, including proof of identity or authority, is required. Once the Data Protection Contact is satisfied all information required is available the data access request will be processed. Where this requires assistance from other individuals they will be notified of the information request and the timeframe in which they must provide it. The Data Protection Contact will compile the response to the data access request, including the provision of supplementary information. The response will be issued to the data subject, normally in electronic format, except where specified otherwise or where this is not feasible and practicable. A copy of the response will be retained by the College for a period of 12 months. The data subject will be notified of their right to correction, right to erasure, right to withdraw consent and right to complain to the supervisory authority (Data Protection Commissioner).

    Setanta College (Data Protection Policy)

    The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of Setanta College. This includes obligations in dealing with personal data, to ensure that the organisation complies with the requirements of the EU General Data Protection Regulation (GDPR).

    Setanta College is committed to complying with the Data Protection principles set out in the GDPR. This Policy applies to all Personal Data collected, processed and stored by Setanta College in relation to its staff, students, and service providers. Setanta College makes no distinction between the rights of Data Subjects who are employees, and those who are not. All are treated equally under this Policy.

    The policy covers both personal and special categories of personal data (sensitive data) processed in relation to data subjects by Setanta College. The policy applies equally to personal data held in manual and automated form. All Personal and Special Categories of Personal Data will be treated with equal care by Setanta College. Both categories will be equally referred-to as Personal Data in this policy, unless specifically stated otherwise. This policy should be read in conjunction with the associated Subject Access Request procedure, the Records Retention and Destruction Policy and procedure, the CCTV Policy and Procedure, the Privacy Statement of Setanta College, and the Data Breach Notification policy and procedure.

    Setanta College as a Data Controller

    During its daily organisational activities, Setanta College acquires, processes and stores personal data in relation to:

    • Employees
    • Former employees
    • Students
    • Applicants (to programmes and employment vacancies)
    • Graduates
    • Third party service providers engaged by the College

    In accordance with the GDPR, this data must be acquired and managed fairly. Not all staff members will be expected to be experts in Data Protection legislation. However, Setanta College is committed to ensuring that its staff have enough awareness of the GDPR in order to be able to anticipate and identify a Data Protection issue, should one arise. In such circumstances, staff must ensure that the Data Protection Contact is informed, without delay, in order that appropriate corrective action is taken.

    As a higher education provider, there is regular and active exchange of personal data between Setanta College and its Data Subjects. In addition, Setanta College may exchange personal data with Data Processors and or Joint Data Controllers on the Data Subjects’ behalf. This is consistent with Setanta College’s obligations under the terms of its contract with its Data Processors, Joint Data Controllers and its Data Subjects. This policy provides the guidelines for this exchange of information, as well as the procedure to follow if a Setanta College staff member is unsure whether such data can be disclosed. In general terms, the staff member should consult with the College Registrar, as the Data Protection Contact, to seek clarification.

    Data Protection Contact

    All personal data enquiries, or requests to exercise your rights as a data subject, can be directed by email to admin@setantacollege.com. If you are dissatisfied with the information provided or believe your request to exercise your rights has not been addressed, you can make a complaint to the supervisory authority. As Setanta College operates primarily in Ireland, the supervisory authority is the Data Protection Commissioner who can be contacted through the following means:

    By post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
    By phone: +353 (0761) 104800, or
    By email: email info@dataprotection.ie

    Data Subjects’ Rights

    Under GDRP data subjects have increased rights and data controllers are required to notify data subjects of their rights.

    Individuals have the right to:

    • Be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
    • Withdraw consent, where consent is the legal basis for data processing
    • Access their personal data (a data subject access request).
    • Have inaccurate personal data rectified or completed if incomplete.
    • Have personal data erased (the right to be forgotten) in certain circumstances
    • Request the restriction or suppression of their personal data, in certain circumstances
    • Data portability, allowing individuals to reuse their data across different services, where feasible
    • Object to personal data processing, in certain circumstances

    To exercise any of these rights, please use the data protection contact details provided in this Policy. Where we require additional information from you to verify your identity and the legitimacy of the request or to establish the specific reasons for the request to enable Setanta College to respond appropriately we will do so in a timely manner. There is normally no fee applied in respect of any rights.

    Third-Party processors

    During its role as Data Controller, Setanta College may engage several Data Processors to process Personal Data on its behalf. In each case, a formal, written contract is in place with the Processor, outlining their obligations in relation to the Personal Data, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with the GDPR.

    Setanta College recognises that it remains the Data Controller and thus responsible for how the data is used.

    Joint Data Controllers

    In certain circumstances, in its role as Data Controller, Setanta College may be the joint controller for personal data of data subjects. In each case, each party recognises the full extent of the Data Controller obligations in relation to the Personal Data, the specific purpose or purposes for which it is collected, processed, retained and transmitted and the requirement to process the data in compliance with the GDPR.

    Irrespective of whether Setanta College acts as sole data controller or as joint data controller, data subjects may exercise their rights under GDPR in respect of Setanta College’s data controller obligations. Any joint controller must extend the same rights to the data subjects. In such cases, neither Controller is responsible for the data processing determining by the joint controller. Joint Data Controllers include:

    • Quality and Qualifications Ireland
    • Department of Social Protection
    • Office of the Revenue Commissioners

    Data Protection Principles

    The following key principles are enshrined in the GDPR and are fundamental to the Setanta College Data Protection policy.

    In its capacity as Data Controller, Setanta College ensures that all data shall be:

    a) processed lawfully, fairly and in a transparent manner in relation to individuals;

    Setanta College will meet this obligation in the following way:

    • Setanta College will ensure that collection of the data is justified under one of the lawful processing conditions – legal obligation, contractual necessity, etc.;
    • Where required and no alternative appropriate legal basis for processing is identified, the informed consent of the Data Subject will be sought before their data is processed. The data subject will be fully informed about the consent requested and the right to withdraw consent;
    • Where Setanta College intends to record activity on CCTV or video, this will be brought to the attention of data subjects and an appropriate policy will be made publicly available;
    • Processing of the personal data will be carried out only as part of Setanta College’s lawful activities, and Setanta College will safeguard the rights and freedoms of the Data Subject;
    • The Data Subject’s data will not be disclosed to a third party other than to a party contracted to Setanta College and operating on its behalf, or in cases where there is a legal obligation, or it is in the vital interests of the data subject (or other parties), or in the national interest.

    b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

    Setanta College will fulfil its obligation in this regard by:

    • Only obtaining data for purposes which are specific, lawful and clearly stated.
    • Affording the Data Subject the right to question the purpose(s) for which Setanta College holds their data,
    • Ensuring Setanta College can clearly state the purpose or purposes for data processing.

    c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

    Setanta College will fulfil its obligation in this regard by ensuring use of the data by Setanta College will be compatible with the purposes for which the data was acquired.

    d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

    Setanta College will fulfil its obligations in this regard by:

    • ensuring that appropriate mechanisms (audits, administrative and IT validation processes) are in place to conduct regular assessments of data accuracy;
    • Conducting periodic reviews and audits to ensure that relevant data is kept accurate and up-to-date.
    • Providing means for data subjects to verify the accuracy, currency and completeness of their personal data and opportunity for correction or completion to be implemented, as required.

    e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

    Setanta College will fulfil its obligations in this regard by:

    • Developing, publishing and implementing a records retention policy which clearly outlines the retention periods for personal data based upon the purpose for which the data was collected and the legal basis upon which retention is determined.
    • Implementing regular audits to ensure the full and proper adherence to the records retention policy
    • Training staff in their responsibilities and obligations regarding retention of personal data
    • Implementing appropriate measures for the secure destruction, deletion or archiving of personal data at the end of the retention period.

    f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

    Setanta College will fulfil its obligations in this regard by:

    • employing appropriate standards of security in order to protect the personal data under its care.
    • Implementing security measures to protect against unauthorised access to, or alteration, destruction or disclosure of any personal data held by Setanta College in its capacity as Data Controller.
    • Limiting access to and management of staff and student / graduate records to those staff members who have appropriate authorisation and password access.
    • Providing appropriate training for staff to know their obligations and responsibilities in respect of personal data.
    • Implementing appropriate measures to determine security of data transfers to other countries and only transferring outside of the EU where the transfer is:
      • made with the individual’s informed consent;
      • necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual’s request;
      • necessary for the performance of a contract made in the interests of the individual between the controller and another person;
      • necessary for important reasons of public interest;
      • necessary for the establishment, exercise or defence of legal claims;
      • necessary to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving consent; or
      • made from a register which under Irish or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).

    In addition, the College commits to facilitating access to personal data of a data subject, within the legal specified timeframe, where a valid subject access request is received.

    Data Subject Access Requests

    As part of the day-to-day operation of the organisation, Setanta College staff engage in active and regular exchanges of information with Data Subjects. Where a formal request is submitted by a Data Subject in relation to the data held by Setanta College, such a request gives rise to access rights in favour of the Data Subject.

    Setanta College staff will ensure that, where received, such requests are forwarded to the Data Protection Contact in a timely manner, and they are processed as quickly and efficiently as possible, but within not more than one month (30 days) from receipt of the request, except in those circumstances where an extension of the response time is legitimate. Subject access requests will not normally be subject to a fee.

    Implementation

    As a Data Controller, Setanta College ensures that any entity which processes Personal Data on its behalf (a Data Processor) does so in a manner compliant with the Data Protection legislation.
    Failure of a Data Processor to manage Setanta College’s data in a compliant manner will be viewed as a breach of contract and may be pursued through the courts.
    Failure of Setanta College to process Personal Data in compliance with this policy may result in disciplinary proceedings.

    Definitions

    For the avoidance of doubt, and for consistency in terminology, the following definitions will apply within this Policy.

    Personal Data

    Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific

    Data Subject

    A living individual who is the subject of the Personal Data, i.e. to whom the data relates either directly or indirectly.

    Data Processor

    A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

    Data Protection Contact

    A person appointed by Setanta College to monitor compliance with the appropriate Data Protection legislation, to deal with Subject Access Requests, and to respond to Data Protection queries from staff members, students, and all data subjects or potential data subjects.

    Relevant Filing System

    Any set of information in relation to living individuals which is not processed by means of equipment operating automatically (computers), and that is structured, either by reference to individuals, or by reference to criteria relating to individuals, in such a manner that specific information relating to an individual is readily retrievable.

    Personal Data Breach

    A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

    Supervisory Authority

    An independent public authority which is established by a Member State pursuant to Article 51; In Ireland, the supervisory authority is the Data Protection Commissioner.

    Setanta College Student Data Protection Notice

    Introduction

    At Setanta College, we treat your privacy seriously. Any personal data (i.e. information that can be used to identify you as an individual) which you provide to the College will be treated with the highest standards of security and confidentiality, in accordance with Irish and European Data Protection legislation and the College’s Data Protection Policy. This notice explains how the College collects, uses and shares personal data relating to prospective, current and former students of Setanta College (“you”). It also explains your rights under data protection law in relation to our processing of your data.

    Who We Are

    Throughout this Notice, “we”, “us”, “our” and “the College” refers to Setanta College.

    How We Collect Your Personal Data

    The personal data that the College holds about you is generally collected directly from you but some information may also be received from third parties including:

    • Other third level institutions (e.g. where you are transferring from those bodies to Setanta College, where you are a visiting student, where you are applying for a postgraduate course or where you are participating in a joint programme (e.g. with Irish American College));
    • Health and other professional bodies;
    • Linked education providers;
    • Agents and recruiters.

    How We Use Your Personal Data

    The College processes personal data relating to its students for administrative and other purposes necessary for the management and functioning of the College. Primarily, the College processes your personal data during the course of your application, admission and registration, for assessment/examinations, fee collection, IT administration and library administration, on your graduation and at the end of your studies for archival and alumni relations purposes (upon graduation, the Student Records & Examinations department will automatically transfer your student record to the College’s Development and Alumni department). This data may, in some cases, include “special categories of data” (as defined in the Data Protection Acts) where it is necessary for the College to collect and process such data.

    The College also processes your personal data for the following purposes:

    • SMS text messaging system: The College operates an SMS text messaging system which gives certain College departments the option to communicate with students quickly and comprehensively. As a registered student, you will be automatically added to the list to receive texts regarding College related information. This may include, for example, notification of cancelled workshops, reminders relating to you logging into the online learning portal, details regarding your parchment fees, reminders about outstanding fees. If you do not wish to receive text alerts from us, you can opt out of this. Regardless of the foregoing, the College will send a text message in the event of an emergency.
    • Publication and acknowledgement of awards: Unless you ask us not to, students and graduates’ names and awards are publicly acknowledged at College ceremonies and published in conferring booklets and other College publications.
    • To administer the awarding of scholarships and prizes.
    • To support discounted course fees.
    • Photographs/video recordings of College events: The College may take photographs and video recordings of College events such as conferring ceremonies. Such images/recordings may include individual or group shots which may be published or included in video/broadcasts on the College’s website. The College will seek to give advance notice of this whenever possible by, for example, making announcements, placing visible notices in the relevant area or advertising on College notice boards so that those who do not want to participate can avoid being recorded and avoid the area(s) if they wish. In addition, where the College wishes to process images featuring students for promotional purposes, the consent of the students involved will be sought in advance.
    • Workshop capture system: The College operates a workshop capture system which enables tutors/videographers to record video, audio and presentation material from their workshops as well as audio of questions from students/attendees. The College will seek to give workshop attendees advance notice of any such recording by placing visible notices in the relevant areas and making oral announcements at the start of the lecture.
    • To manage insurance/personal accident claims;
    • To ensure that the digital services provided by the College are performant, reliable, secure and to support appropriate IT incident resolution;
    • The administration of examination appeals and the mitigation process;
    • To administer appeals, complaints, grievances, disciplinary matters and matters relating to conduct and suspected breach of examination regulations/plagiarism;
    • To communicate with you where necessary and to provide communications about College news and events;
    • To provide wellbeing and support services, including disability support services (where you choose to access disability services, your consent will be sought before we process personal data relating to your disability);
    • To meet health and safety obligations.

    Our Legal Basis for Using Your Personal Data

    Under data protection law, we are required to ensure that there is an appropriate legal basis for the processing of your personal data, and to let you know what that basis is.

    We process your personal data for the purposes outlined in this notice in pursuit of our legitimate interests in managing the College and providing you with the education and support services required during the course of your studies.

    Whilst we rely on legitimate interest as the legal basis for processing where this is not overridden by the interests and rights or freedoms of the data subjects concerned, we recognise that it is not the only lawful ground for processing data. As such, where appropriate, we will sometimes process your data on an alternative legal basis – for example, because you have given us consent to do so.

    Personal Data Provided to You About Others

    You may provide us with personal data about other individuals, for example, next of kin/emergency contact details and information about your family circumstances and dependents. You should notify the relevant person that you are providing their contact details to us.

    Who We Share Personal Data With

    In addition to cases where the College is required or permitted by law to disclose your personal data to others, the College may disclose your personal data in connection with the purposes referred to above. These include, but are not limited to:

    • Quality Qualifications Ireland
    • Higher Education Colleges Association
    • Funding bodies, research sponsors, industry funders and other agencies that support, sponsor or otherwise have a valid interest in your education
    • The Higher Education Authority (HEA) (see the HEA’s Student Data Collection Notice http://hea.ie/about-us/data_protection/)
    • Distance Education Accrediting Commission(DEAC)
    • National Forum for teaching and learning
    • Providers of academic and other services to the College(who are obliged to keep your data safe and secure), which may also include, but is not limited to, wholly/majority owned subsidiaries of the College
    • Examination Boards and External Examiners
    • Government departments where required (e.g. Department of Education and Skills, Department of Employment Affairs and Social Protection, Revenue)
    • Potential employers (where you have requested us to provide a reference)
    • The College’s insurance brokers and providers where required for administering claims
    • Professional and regulatory bodies where programmes are accredited by such bodies
    • External auditors
    • Other higher education institutions, partners or research organisations to or from which a student transfers or pursues an exchange programme or where a student’s programme is being run collaboratively

    Where we use third parties to process personal data on our behalf (acting as data processors), a written contract will be put in place to ensure that any personal data shared will be held in accordance with the requirements of data protection law and that such data processors have appropriate security measures in place in relation to your personal data.

    The College sometimes needs to communicate and share personal data worldwide in the course of its business and transfers personal data to countries outside the European Economic area. The College will only do so on the understanding that we rely on legally approved mechanisms to lawfully transfer data across borders, including the Standard Contractual Clauses approved by the European Commission.

    The College may share your personal data between different internal departments for operational reasons where necessary and proportionate for the purposes intended. Some of the personal data that the College holds, such as health details, is known as ‘special category data’ or ‘sensitive personal data’. In addition to the normal standards of confidentiality, we carefully control access to sensitive personal data within the College so that it is only available to those staff who require it to perform their duties.

    How Long We Will Keep Data

    In keeping with the data protection principles we will only store your data for as long as is necessary. For the purposes described here we will store your data in accordance with the College’s Record Retention Schedules.

    Keeping Your Data Up to Date

    The Data Protection Acts require that personal data about individuals is accurate and kept up-to-date. It is important therefore that you update your personal details regularly (e.g. your postal address, mobile phone number). You can update your details by contacting the Student Records and Examinations Office by emailing admin@setantacollege.com

    Your Rights

    You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data, including the right:

    • To find out if we use your personal data, to access your personal data and to receive copiesof your personal data;
    • To have inaccurate/incomplete information corrected and updated;
    • In certain circumstances, to have your details deleted from systems that we use to process your personal data or have the use of your personal data restricted in certain ways;
    • To object to certain processing of your data by Setanta College;
    • To exercise your right to data portability where applicable (i.e. obtain a copy of your personal data in a commonly used electronic form);
    • Where we have relied upon consent as a lawful basis for processing, to withdraw your consent to the processing at any time;
    • To not be subject to solely automated decision;
    • To request that we stop sending you direct marketing communications.

    If you wish to avail of any of these rights, please email admin@setantacollege.com.

    Questions or Complaints

    If you have any queries or complaints in connection with our processing of your personal data, you can email admin@setantacollege.com.

    You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found on the Data Protection Commission’s website (www.dataprotection.ie), or by telephoning 1890 252 231.

    Revisions to This Notice

    Please note the College may revise this data protection notice from time to time. Any changes will be posted on the main college website https://www.setantacollege.com/so you should periodically check this website to review the most recent notice.