Information Compliance Office

• Student Data Protection Privacy Notice
• HEA 2023-2024 Student Data Collection Notice
• Direct Student Application Privacy Notice
• Employment Candidate Privacy Notice

To request certain information about you that MIC has on record, please complete the Subject Access Request form available here.

If you are unhappy with the decision you have the right to complain to the Data Protection Commissioner who will investigate the matter for you. The Commissioner has legal powers to ensure that your rights are upheld.

Further details on your rights under the Data Protection Acts are available at the Data Protection Commissioners website.

Address:
Office of the Data Protection Commissioner
3rd Floor, Block 6
Irish Life Centre
Lower Abbey Street
Dublin 1

T: + 353 1 8748544
F: + 353 1 8745405
E: info@dataprotection.ie

The Act will not impose changes in the College's objectives or functions. It will, however, mean:

• The processing of requests for access to information within strict time limits
• The publication of information about the College's functions, structure, the services it provides, the records it holds and of all procedures, practices and guidelines used in decision-making
• Some changes in the way in which records are created, maintained and used and the way in which decision-making processes and their outcomes are formulated and recorded

Frequently Asked Questions on FOI

Section 8 of the Freedom of Information Act 2014 requires FOI bodies to prepare and publish as much information as possible in an open and accessible manner on a routine basis outside of FOI, having regard to the principles of openness, transparency and accountability as set out in Sections 8(5) and 11(3) of the Act. This allows for the publication or giving of records outside of FOI provided that such publication or giving of access is not prohibited by law. The scheme commits FOI bodies to make information available as part of their normal business activities in accordance with this scheme.

Please find MIC's FOI Publication Scheme below. If the information you require cannot be found here, you may wish to conduct a search on the MIC website, or contact the Freedom of Information Office email: FOI@mic.ul.ie

MIC Publication Scheme

The College will assist people with special needs in making a request under the Act. 

Contacts

Information Compliance Office

Email: FOI@mic.ul.ie 

The Freedom of Information Act 2014 requires Freedom of Information (FOI) bodies such as Mary Immaculate College to publish a disclosure log, which contains details of the types of requests received under FOI since January 2015 and the decisions made by the body in response to those requests. The link to this disclosure log can be found below:

MIC's FOI Disclosure Log

Disclosures are listed in order of the date the request was received by MIC. Please note that, for privacy reasons, identifying information such as the name of the requester is not included in the disclosure log.

The College fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the College. The College will not collect any personal information about you on this website without your permission, except as may be required or permitted by law. Any personal information which you volunteer to the College will be treated with the highest standards of security and confidentiality, in accordance with the Data Protection Act 1988, The Data Protection (Amendment) Act 2003 and the General Data Protection Regulation.

Any information which you provide in this way is not made available to any third parties, and is used by the College only in accordance with the purpose for which you provided the information and will only be retained for as long as required for the purpose. This is normally stated on the webpage where the information is requested and should be self-explanatory. However, if you have any specific queries about the purpose for which your information is to be used, you should contact our Data Protection Officer before submitting the information.

Pursuant to the General Data Protection Regulation, you have certain rights to obtain a copy of the data held about you. Any such requests should be made in writing to the Data Protection Officer at the address set out below. For further details on your data privacy rights, please refer to www.dataprotection.ie.

This statement should not be construed as a contractual undertaking. The College reserves the right to review and amend this statement at any time without notice and you should therefore re-visit this webpage from time to time.

Queries and Concerns

Any queries or concerns you may have about the processing of personal information on this website should be addressed to:

Elaine Mulqueen

Freedom of Information Officer / Data Protection Officer
T: +353 61 204511 
E: Elaine.Mulqueen@mic.ul.ie   

© Copyright Mary Immaculate College

The information contained in these web pages is, to the best of our knowledge, true and accurate at the time of publication, and is solely for informational purposes.

Mary Immaculate College accepts no liability for any loss or damage howsoever arising as a result of use of or reliance on this information, whether authorised or not.

The College (in conjunction with the University of Limerick) reserves the right to suspend, alter or initiate programmes, exams and regulations at any time by giving such notice as may be determined by the College in relation to any such changes.

The information found on personal pages/staff profiles should not be considered official material from Mary Immaculate College and the College does not accept any responsibility for its accuracy or otherwise.

All researchers using personal data for their research must be aware and comply with the Data Protection Acts 1988 to 2018 and General Data Protection Regulation (EU) 2016/679.

Personal data means any information about a living individual (data subject), where that individual is either identified or identifiable. Personal data can cover various types of information such as name, date of birth, email address, phone number, IP address, residential address, physical characteristics and location data. Personal data does not have to be in written form. It can also be information about what a data subject looks or sounds like e.g., photos or audio/ video recordings. For more about personal data, visit the Data Protection Commission website here.

Certain types of sensitive personal data, called ‘special categories’ are subject to additional protection under the General Data Protection Regulation (GDPR), and their processing is generally prohibited, except for where specific requirements are met, such as having explicit consent, as set out in Article 9 of the GDPR. Special categories of personal date include racial or ethnic origin, political opinions, religious beliefs, genetic data, medical data, biometric data and sexual orientation.

Any data that is fully anonymised is not considered to be personal data and therefore data protection rules and principles need not apply. However, any data that is pseudo-anonymised and could be reversed, therefore meaning the data subject could possibly be identified, is still deemed to be personal data and all of the relevant data protection rules and principles apply.

If personal data is to be collected, obtained, stored and processed as part of a research project, there must be an appropriate legal basis for processing the data and then it must be done so fairly and lawfully in keeping with the rules and principles of data protection as set out in the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (EU) 2016/679.

Responsibility

The primary responsibility for ensuring that the proposed research is conducted in a manner keeping with the principles of data protection and best practice lies with the researcher/ research team. ICO will provide advice and guidance, but it is not responsible for its practical implementation, nor does it sign off or approve research proposals.

Training

All MIC postgraduate researchers should complete the MIC GDPR online training and can contact DataProtection@mic.ul.ie to arrange training.

Data Protection Principles

There are seven principles of data protection to be complied with where personal data is obtained or processed. Guidance on the seven principles can be found at the Data Protection Commission website. 

From a research perspective three of the more important principles are:

1. Data Minimisation

Only request the minimum amount, and categories, of personal data needed to perform the research. Each category of personal data shall be adequate, relevant and limited from a research perspective. If you cannot justify the personal data collected, then do not request, collect or process it.

2. Lawfulness, fairness and transparency

Any personal data used for research must be obtained and processed lawfully, fairly and transparently. There should be no surprise to research participants in relation to the use of their personal data. In advance of any data collection, researchers must provide research participants with a Research Privacy Notice which informs research participants of the following:

• The purpose of the research
• The legal basis under GDPR
• Who is collecting the personal data
• With whom that personal data may be shared (and whether it will be transferred outside EEA)
• The methods being used
• How long data will be retained (or criteria to establish the retention period if this is not possible)
• Rights of individuals in terms of their personal data, including the right to lodge a complaint with the Data Protection Commission
• Contact information of the MIC Data Protection Officer (DPO) and Principal Investigator
• The existence of automated decision making, including profiling (if applicable)

Contact DataProtection@mic.ul.ie to request a Template Research Privacy Notice and the MIC guidance document on how to complete a Research Privacy Notice.

3. Integrity and confidentiality

It is the responsibility of the researcher/ research team to process personal data that ensures appropriate security, protection against unauthorised disclosure or accidental loss. It is important that access rights to personal data are strictly confined to those who have been granted access. The type of security applied to the personal data will depend on the context, with special categories of personal data requiring a more robust level of security.

• Check the data is accurate
• Collect no more data than is necessary for the purpose of the research project
• Pseudonymise or anonymise personal data (unless it would impair your research)
• Keep the data only for as long as necessary (as short as possible)
• Erase or rectify data without delay if requested by a research participant
• Keep data safe and secure in line with ICT Security Policy
• Keep records of all data collected
• If engaging with any Data Processors, please contact DataProtection@mic.ul.ie to put a DPA in place (Article 28 GDPR)
• If your research involves engaging with a joint data controller e.g., if another university is sharing in the control of the data, please contact DataProtection@mic.ul.ie to put a Data Sharing Agreement (DSA) in place (Article 26 GDPR)
• Do not transfer data outside EEA without consulting the MIC DPO
• Contact DataProtection@mic.ul.ie to complete a pre-screening Data Protection Impact Assessment (DPIA) checklist questionnaire
• Conduct a DPIA if the research is considered high risk
• Notify any data breaches to the DPO without undue delay by emailing DataProtection@mic.ul.ie

For further guidance see the European Commission Checklist here.

For information on anonymisation and pseudonymisation see the DPC Guidance Note

The definition of "environmental information" in the Directive and in the Regulations is broad. It covers information "in written, visual, aural, electronic or any other material form" and identifies six separate categories of information dealing with:

• The state of the elements of the environment (e.g., air, water, soil, land, landscape, biological diversity);
• Factors affecting, or likely to affect, the elements of the environment (e.g., energy, noise, radiation, waste, other releases into the environment);
• Measures designed to protect the elements of the environment (e.g., policies, legislation, plans, programmes, environmental agreements);
• Reports on the implementation of environmental legislation;
• Analyses and assumptions used within the framework of measures designed to protect the environment; and
• The state of human health and safety, the food chain, cultural sites and built structures inasmuch as they may be affected by the elements of the environment.

AIE Regulations operate in parallel with the Freedom of Information Act 2014. While both legislations are broadly similar (with respect to environmental information), the AIE Regulations and the FOI Act differ in that a wider range of public bodies are covered by AIE Regulations than by FOI legislation. There are also material differences between both legislation codes in terms of the grounds under which access to information can be refused.

Applications for Access to Information on the Environment should be sent to:

Information Compliance Office

Email: FOI@mic.ul.ie

When making a request for information under the AIE Regulations you are required to:

• State that the application is being made under the AIE Regulations and submit it in writing to FOI@mic.ul.ie
• Provide your contact details
• State, in terms that are as specific as possible, the environmental information required, and specify the form and manner of access desired (e.g., Do you wish to seek photocopies? Do you wish to view the original documents? etc.).

 Normally you will be notified of the decision on your request within one month of its receipt.

Under the AIE Regulations we may refuse to give you access to environmental information on certain grounds:

• International relations, national defence or public security
• The course of justice (including criminal inquiries and disciplinary inquiries)
• Commercial or industrial confidentiality
• Intellectual property rights
• Material in the course of completion
• Internal communications of public authorities
• The request is considered to be unreasonable, due to the volume or range of information sought
• The request is too general
• The material is not yet completed

We must refuse to give you access to environmental information on other grounds listed below (subject to the provisions of Article 10):

• Personal information
• Information supplied by a third party on a voluntary basis
• Protection of the environment to which information relates
• Confidentiality of the proceedings of public authorities

If your original request for environmental information was refused wholly or partially, or if you consider that your request was not properly dealt with in accordance with the provisions of the AIE Regulations, you may, not later than one month following the receipt of the decision of the College, request the College carry out an internal review the decision in part or in whole. No fee will be charged for the internal review process.

A written outcome of the review informing you of the decision, the reason for the decision and advice on your right of appeal to the Commissioner for Environmental Information will be issued to you within one month of the date of receipt of the request.

A written appeal should be submitted to the Commissioner for Environmental Information at the following address:

Office of the Commissioner for Environmental Information
6 Earlsfort Terrace
Dublin 2
D02 W773

Telephone: 01 6395689                 

Email: info@ocei.ie

Further contact details and information on the Commissioner's Office are contained on the Office of the Commissioner for Environmental Information website at www.ocei.gov.ie. As of December 2014, the AIE Regulations provide that a fee of €50 must be charged for an appeal to the Commissioner for Environmental Information. However, provision is also made for a reduced appeal fee of €15 for medical card holders and their dependents and also for people, not party to the original request for access to information, who are appealing a decision to release information which they believe will affect them.

If you have any queries on the above or require assistance in making a request, please contact the College Information Compliance Office, by email at FOI@mic.ul.ie.