Data Privacy Notice
Information applicable to all Department of Foreign Affairs customers.
The current legislation for Data Protection in Ireland is the Data Protection Acts 1988 - 2018 and the General Data Protection Regulation 2016/679 (GDPR). In accordance with the GDPR as given further effect in Part 3 of the Data Protection Act 2018, the Department is a ‘Data Controller’ and, as such, has significant responsibilities for ensuring the rights of data subjects and the protection of personal data processed. GDPR defines personal data as ‘any information relating to an identified or identifiable natural person (data subject)’.
What is Personal Data?
“Personal Data” is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a user IP addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes Special Categories of Personal Data;
"Special Categories of Personal Data" is any Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
Sources of Personal Data Collected and Processed
The Department necessarily collects, processes, and stores significant volumes of personal data from our customers, staff, other public bodies and service providers. In particular, the effective delivery of passport and consular services for Irish citizens at home and abroad is a central component of the Department's work and necessitates the processing of personal data.
Purposes for which we hold and retain your personal data
Transparency and openness in the use of personal data held is important to the Department and therefore we aim to fully inform all our customers about the purpose(s) for which their data will be used and why, where it may be shared and why, and how long the Department may hold their data.
Given the differing services that the Department provides, and that the lawful basis for processing your data may differ depending on the service you are availing of, we have created a number of service specific privacy notices. These can be found to the left of this notice.
Disclosure of Your Personal Data to Third Parties
The Department of Foreign Affairs may share information with other public bodies and service providers for the purposes of carrying out its functions. Where necessary, the appropriate data sharing agreements have been put in place.
Transfers of your data outside the EU
In as far as is practicable the Department of Foreign Affairs endeavours to hold all personal data within the EEA. We will endeavour not transfer your Personal Data outside the EEA, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for Personal Data as is provided for in the European Union.
In the case that we are required to transfer data outside the EEA the Department will ensure that appropriate measures are in place to comply with our obligations under applicable laws governing such transfers.
Keeping your Personal Data secure
The Department of Foreign Affairs is fully committed to keeping all personal data submitted by its customers, safe and secure during administrative processes. All necessary technical measures have been put in place to ensure the safety and security of the systems, which hold this data.
Rights of the individual in relation to personal data held by the Department:
When you, as a customer, provide personal data to the Department you have certain rights available to you in relation to that data. These rights are outlined below and can be exercised by contacting the Data Protection Officer, indicating which right(s) you wish to exercise:
- right to be informed and the right of access;
- right to rectification;
- right to erasure;
- right to restrict processing;
- right to data portability;
- right to object to processing;
- rights in relation to automated decision making and profiling.
Please not that some of the specific rights above granted to data subjects under the GDPR will not apply to all the categories of personal data the Department processes. For example, the right to erasure generally does not apply to data held by the Passport Service for the issuance of passports.
The easiest way to get further information or to make a request to this Department in relation to your personal data, including a Data Subject Access Request, is by emailing firstname.lastname@example.org.
More detailed information on your rights under the GDPR is available from the Data Protection Commission.
We will not hold your Personal Data for longer than is necessary. We retain your Personal Data for as long as we need it for the purposes described in this Privacy Notice or to comply with any applicable law or regulation, a summons, a search warrant, a court or regulatory order, or other statutory requirement including the Department’s obligations under the National Archives Act 1988 (as amended).
We also have a number of service specific privacy notices, including for our Passport Service, which provide more information in relation to processing of data for those particular services. These notices can be found in the links to the left of this notice.
Queries and Complaints
The Data Protection Officer for the Department is Kieran Houlihan. If you have a query, concern or complaint regarding a data protection matter, the most effective and efficient way to contact the Department's Data Protection Team is by emailing email@example.com.
Alternatively, if you are not in a position to engage with this office via email, the Data Protection Team can be contacted as follows:Data Protection Officer,
Department of Foreign Affairs,
76-78 Harcourt Street,
You also have the right to make a complaint to the Data Protection Commission if you consider that processing of your personal data is contrary to the GDPR.
Complaints to the Commission should be made in writing and addressed to:
orThe Data Protection Commission,21 Fitzwilliam Square South,Dublin 2,D02 RD28,Ireland.
The Data Protection Commission also operates a helpdesk function, which is contactable at 0761 104 800 or LoCall 1890 252231.
Last updated, March 2023.