Privacy Policy

2.1. Personal Data: General

The data we collect depends on why we collect it (see the ‘Why We Collect Your Data' section). Where you register  with us as a teacher, you will be required to provide your name, address, phone number, PPSN, gender, date of birth, email address, academic and professional history and qualifications, and other data of this nature. Once registered, further data may be required in the following scenarios:

a) where a fitness to teach complaint exists, we may need to share the entire complaint file with our solicitors and counsel, and with stenographers and case management and other software system providers;

b) for electoral purposes, electoral category (including geographical constituency) and, where applicable, the school roll number of every eligible teacher;

c) for the National Vetting Bureau, the details of a bona fide concern of harm to a child or vulnerable person, and any associated finding and sanction;

d) for the purpose of confirmation of completion of probation and induction, data for teachers registered with conditions is collated and provided to the National Induction Programme for Teachers (NIPT); and,

e) in relation to Council employees and contractors -for payroll services, the Revenue and the Council’s pension and superannuation advisors your bank account details, salary and other financial details, the date you joined the Council, service details, and PRSI class.

For lay-people, the data we collect will almost invariably consist of routine personal information relating to your contact details, except where you are lodging a complaint against a teacher; in which case, we will require full details of the matter and circumstances giving rise to the complaint.

2.2. Qualifications Data

2.2.1. The Council has a remit to record the qualifications of each teacher on the register. For pre-establishment (28/03/2006) teachers who were admitted to the register under sections 31(2) and (3) of the TCA, their qualifications were declared to the Council by many teachers on a data verification form. The Council has not viewed the original transcripts of these qualifications and therefore cannot confirm their accuracy.

2.2.2. For teachers who are registered under section 31(5) of the TCA (post-establishment), the Council relies on original transcripts or on the details that are transferred from colleges and universities providing teacher education qualifications in Ireland and abroad. The Council makes every effort to ensure that qualification grades are accurately recorded. (e.g., First Class Honours, Distinction, 2.1 Honours, Pass, etc.).

2.2.3. The Council may share some of your personal data including registration details and qualifications with your Paymaster (see paragraph 3.6 of this policy). However, the remit of the Council is to ensure that the qualifications satisfy the requirements for registration and it cannot be held responsible for ensuring that a teacher receives the correct remuneration from an employer or paymaster where the Council’s processing of qualifications data is relied upon by a school employer or paymaster.

2.2.4. In cases where the grade of a qualification is not available, the Council has a policy of entering an awarded result. In other cases where a grade is not interpretable from a qualification transcript, the Council will endeavour to record the result as it is provided on the transcript, e.g., grade point average (GPA). In such cases, the Council will not adjudicate as to whether the result provided constitutes a pass or honours result. The Council will not become involved in discussions with teachers over the interpretation of their results and their appropriate qualification allowance. Similarly, the Council will not classify a qualification (e.g., as a master’s degree or its equivalent) or attempt to place the qualification on the National Framework of Qualifications.

2.3. Special Categories of Personal Data

2.3.1. As set out in the GDPR, there is a general prohibition on the processing of genetic and biometric data or data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or that concerns a person's sex life or his or her health. However, there are exceptions: for example, Garda vetting procedures may result in the disclosure of data relating to previous criminal convictions or prosecutions pending, or members of the public may report issues concerning a teacher’s health, well-being or conduct to the Council.

2.3.2. In accordance with Articles 9 and 10 of GDPR, the Council will process such personal data only when the data subject has given explicit consent, or where processing is necessary for reasons of substantial public interest, or where the processing is authorised by law or otherwise permitted under Data Protection Legislation. These additional circumstances include responding to requests from the Ombudsman and where the processing is required for the purpose of obtaining legal advice or in connection with legal proceedings, or prospective legal proceedings, and where the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Article 9).

3.1. Registration and Renewal of Registration: Part 3 of the TCA relates to the Teaching Council’s registration and renewal functions*. Application for registration and renewal can be made on-line via the Council website. The information provided on those forms is held, processed and disclosed by the Council for the purpose of performing its statutory obligations as the professional regulator and standards body for teaching in Ireland.The Teaching Council is empowered to carry out a fit and proper person assessment in the course of processing an application for registration or renewal. The Council may collect data from third parties or from publicly accessible sources. S.30 of the TCA imposes a legal requirement on school employers to ensure that only registered teachers are paid out of State funds. *Further details on legislation are provided in Appendix I

3.2. Garda Vetting of Teachers and Applicants to Register as a Teacher:

The National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 places obligations on employers to vet employees who are in contact with children or vulnerable adults. In addition, the TCA requires that all registered teachers are vetted for the purposes of registration. The Teaching Council is the central body that co-ordinates and administers the vetting of teachers and applicant teachers for (1) registration and renewal purposes, and for (2) employment purposes. Accordingly, the Council processes and shares information with the National Vetting Bureau for these purposes. The Council shares information with the National Vetting Bureau as part of the ‘Fit and Proper person to be a registered teacher’ requirements for initial registration as a teacher and for renewal of registration under s.31 and s.33 of the TCA, respectively. Vetting disclosures (outcomes) are notified to the applicant via a confidential on-line portal called ‘Digitary’. It is a matter for the applicant/teacher to share the vetting disclosure with other parties including schools.The Council does not share vetting outcomes with any party except in accordance with the terms of s.33B of the TCA where the Council may inform a school of a vetting outcome if the Council forms the view that information provided through the vetting process raises serious concerns for the safety and well-being of a child or vulnerable person. Details of the Council’s vetting procedures and the related legislation are set out on the Council’s website. Further details on legislation are provided in Appendix I.

3.3. Complaints, notifications and Inquiries:

Part 5 of the TCA relates to the Teaching Council’s fitness to teach function. The Council is empowered to receive and process data (registered teachers and relevant third parties) in order to make enquiries and carry out investigations into the professional conduct of teachers under its processes. This data may be collected by way of formal complaint, informal notification to the Teaching Council or from publicly accessible sources, such as media articles. Any personal data that is received, processed or disclosed in the context of a specific investigation or inquiry will be retained and used for that purpose in line with the Teaching Council’s fitness to teach policies and procedures.

3.4. Sharing of outcomes from Teaching Council Disciplinary Processes and Receipt of Information from overseas bodies:

The Council may share details of any sanction, court order, undertakings or other relevant information with other regulators performing functions that correspond to the Council in other jurisdictions (including countries outside of the EEA) in circumstances where the Council has a reason to believe that you are registered/licensed/authorised in another jurisdiction orotherwise where it is permitted to do so by law. Likewise, the Council may receive information from other regulators relating to overseas teaching activities. The Council has entered into data sharing agreements with a number of regulators in this regard including the Education Workforce Council (Wales) and the General Teaching Council for Scotland and may enter into further arrangements in the future such as the Teacher Regulation Agency in England. In accordance with EU Directive 2005/36/EC*, the Council may share and receive details as noted above with EU/EEA member states via the Internal Market Information System (IMI). *Further details on legislation are provided in Appendix 1.

3.5. Department of Education and the Education and Training Boards:

The Education (Amendment) Act, 2012 (s.24(7)*, requires the Council to share information it holds on registered teachers with the Department of Education (“the Department”) or Education and Training Boards (“ETBs”) in the context of s.30 of the TCA. The Department provides payroll services for a large number of school employers and the ETBs employ and pay teachers directly. This data is used to confirm if a teacher is registered or not in order to comply with s.30 of the TCA. The Council is not responsible for the data practices of the Department and ETBs as they are subject to their own policies and procedures. *Further details on legislation are provided in Appendix I.

3.6. Teacher Paymasters:

The Council operates a paymaster interface to the Register of Teachers. This enables paymasters (i.e. the Department and ETBs, who operate teacher payrolls for teachers employed in Recognised Schools) to identify registered teachers for payroll purposes and assists paymasters with the verification of qualifications and the calculation of qualification allowance. The sharing of this data provides a ‘one-stop shop’ for the collection and processing of teacher professional data which facilitates the teacher (data subject) and the payroll/employer organisations.

3.7. Mutual Recognition Obligations:

European Directive 2005/36/EC (transposed into Irish law in Statutory Instrument 8/2017) relates to the mutual recognition of qualifications between EU Member States, and provides for the freedom of movement and recognition of fully qualified professionals within EU Member States. The Council is the competent authority in Ireland for the profession of teaching under the Directive and processes and shares personal data in accordance with the requirements of the Directive and as required under s.46A of the TCA. The Council applies a similar approach in the case of data processing for applicant teachers from jurisdictions outside of the EU/EEA.

3.8. Review and Accreditation of Programmes of Initial Teacher Education

Section 38 of the TCA relates to the Teaching Council’s role in reviewing and accrediting programmes of initial teacher education (ITE) and the maintenance of standards in relation to same. ITE providers are required to submit a proforma document with associated toolkits and appendices as part of their application for programme accreditation. Through this application process, the Council collects personal data in relation to academic qualifications, employment status and registration status of programme personnel for the purpose of verifying specific requirements in relation to the programme accreditation standards. Any personal data that is received, may be reviewed and shared with independent Review Panels, in the context of review and accreditation.

3.9. Elections:

The Council also processes personal data for the purpose of performing its obligations under the Teaching Council (Election of Members) Regulations 2019. Under these Regulations, an electoral roll is prepared by the Council detailing the name, gender, teacher registration number, electoral category (including geographical constituency) and, where applicable, the school roll number of every eligible teacher. As there is a statutory obligation to make the electoral roll available to eligible teachers, the Returning Officer determines, in line with regulation 7(1)(a) of the Regulations, that the electoral roll is published on the Council’s website for a limited period.

3.9.1. The electoral roll lists all those persons registered with the Council on the relevant date who will be eligible to vote and/or be nominated to stand for election. The publication of the electoral roll allows registered teachers to confirm that the electoral voting category and constituency assigned to them is correct, and if errors or omissions exist they can apply to the Council for amendment on or before the applicable deadline for the election.

3.9.2. The Council will process personal data in connection with the Regulations. For example, where the Council has received a mobile phone number from a teacher, the Council or a contracted organisation on its behalf may send an SMS message to that teacher to remind him or her to vote.

3.10. The Use of Your Data for Statistical Purposes:

The Council processes the teacher data held on the register for the purposes of statistical analysis and reporting. The sharing of personal data for such purposes is done so in accordance with legislation (s.7(l) of the TCA).

3.11. Freedom of Information:

The Council complies with the rules and practices of the Freedom of Information Act, which is available on the Council website. The Council processes personal data in the context of meeting its freedom of information obligations.

3.12. Our Website:

We collect different types of information about our users via our website for the following reasons:

a) to personalise the way our content is presented in the most effective manner for users and for computers/devices;

b) to help us to monitor and improve the services we offer, including on our website. As part of this, we may use and disclose information in aggregate (so that no individuals are identified);

c) to carry out any legal obligations arising from your interaction with the website; and

d) to allow you to participate in interactive features of our service, when you choose to do so.

4.1. Registration and Pre-Registration Process: Most personal data obtained by the Council is provided directly by teachers (applicants or registered) or by colleges or universities providing accredited teacher education programmes pursuant to the TCA. Colleges and universities provide the Council with personal data in respect of students who will be seeking to register with the Council on successful completion of final examinations. This sharing of personal data allows the Council expedite considerably the registration process for students when they become Newly Qualified Teachers.

4.2. CCTV: Your image may be recorded via closed circuit television (CCTV), which has been installed in the Council’s building. The system comprises a number of cameras installed at reception and at each lift lobby, and the third floor recording video images without sound. Our basis for collecting personal data in this way is our legitimate interest (Article 6.1(f) of GDPR) in the security of our people and premises; to provide evidential material for criminal court proceedings. There is signage in place to inform people that CCTV is in operation.

4.3. Telephone Calls: The Council has installed a telephone call recording system at its offices in Maynooth. The system is capable of recording incoming and outgoing calls from all telephones at the Council offices. The rationale behind the installation of the telephone call recording system is to allow the Council to improve the quality and efficiency of its phone service by using recorded calls for the purposes of staff training and verification. Call recordings are only used for these purposes and to validate instructions/information provided and received, and will not be used for any other purpose.

4.3.1. Access to the recordings by Teaching Council staff is only permitted to satisfy a clearly defined business need and reasons for requesting access must be formally authorised by the relevant section manager. All requests for call recordings should include the following: a) the reason for the request; b) date and time of the call; c) telephone extension used to make/receive the call; d) external number involved if known; and e) where possible, the names of all parties to the telephone call.

4.3.2. The IT Systems Administrator, on receiving an approved request for a call recording, will email a copy of the recording to the relevant staff member. Copies of the recordings should be deleted after use. Browsing of recordings without a specific purpose is not permitted.

4.4. IP Addresses: We collect IP addresses from visitors to our website (an IP address is a number that can uniquely identify a specific computer or other network device on the internet). This allows us to identify the location of users, to block disruptive use and to establish the number of visits from different countries. We analyse this data for trend and statistics reasons, such as which parts of our website users are visiting and how long they spend there.

4.5. Cookies: A cookie is a small text file that is placed on your hard disk by a web server which enables a website and/or mobile app to recognise repeat users, facilitate the user's on-going access to and use of a website and/or the mobile app and allows the website and/or mobile app to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising.

4.5.1. We collate information on all the website traffic that is represented in aggregate format through cookies. We use third parties such as Google Analytics to collect user information, including through the use of cookies (flash and non-flash) and web beacons. They help us to improve the website and to deliver many of the functions that make your browser experience more user-friendly.

4.5.2. You should also be aware that there are cookies which are found in other companies' internet tools which we are using to enhance the website. You will see ‘social buttons’ on the website, including but not limited to Twitter, YouTube, and Facebook which enable you to share or bookmark certain web pages. These websites have their own cookies, which are controlled by them.

4.5.3. By using the website you are agreeing to the use of cookies as described in this Policy (i.e. you are agreeing to the placement of cookies on your device unless you specifically choose not to receive cookies, where such cookies are generally of a type that could reasonably be expected to be present on a website such as ours). Please note, however, that a cookie will not provide us with personal data; so if you have not supplied us with any personal data, you can still browse the website anonymously.

4.5.4. The ‘Help Menu’ on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-on's settings or visiting the website of its manufacturer

4.5.5. For more information about cookies and managing them including how to turn them off, please visit www.cookiecentral.com. However, because cookies allow you to take advantage of some of the website's essential features, we recommend you leave them turned on as otherwise you may not be able to fully experience the interactive features of the Website or other websites which you visit.

5.1. Pursuant to s.29 of the Teaching Council Acts, the Council publishes the register, and any member of the public can search for a registered teacher by entering a value in one of the following fields:

• Forename;
• Surname;
• Registration Number;
• School Sector; and
• School Roll Number. 

When a search returns results, the list of results is shown on screen. A result can be expanded on by clicking on the surname field. For each registered teacher, the following fields of information are shown:

• Forename;
• Surname;
• Registered under Regulation;
• School Name; and
• School Address.

The physical register is also available for inspection at the offices of the Council under section 29(6) of the Teaching Council Acts. If a teacher is not currently registered or in good standing with the Council, his/her record will not be found.

5.2. The Council shares personal data relating to its staff with third parties such as pension administrators or payroll providers who require such information in order to administer staff payroll. Staff are informed of the disclosures in their contracts of employment and through regular staff updates.

5.3. Where a registered teacher is the subject of a complaint, the complaint file (or specific documents) may be shared with committees of the Council and the relevant legal advisors and other relevant third parties including but not limited to complainants, other witnesses, other registered teachers, experts and/or employers.

For more detail on why data is shared with third parties such as An Garda Síochána, the National Vetting Bureau and the Revenue, other regulators, paymasters please see the section 'What Personal Data We Collect'. We reserve the right to access and disclose personal data in compliance with Data Protection Legislation. As a general rule, any third parties who access your data in the course of providing services on our behalf are subject to strict contractual restrictions to ensure that your data is protected, in compliance with Data Protection Legislation.

5.4. The Teaching Council shares personal data with authorised agents and third parties as data processors or sub-processors acting on behalf of the Council for the purposes of registration administration and for communication with applicants and/or registered teachers. Personal data that is shared in this manner is done so securely and in accordance with the Council’s instructions and in accordance with contractual agreements or data sharing agreements. The Teaching Council continues to be the data controller of this data.

5.5. Electronic access may be provided to third parties, such as teacher educational and professional bodies, to certain data fields on the Register for the purposes of verifying that a teacher is registered and/or where access to qualifications data is required. Data may include the school in which they are employed (where declared by the teacher) and ‘the route to registration’ (e.g. primary) under which the teacher is registered. The data fields concerned are searchable on the on-line register by members of the public (see paragraph 5.1 of this policy).

5.6. From time to time bodies in other countries including the UK equivalent to the Teaching Council in Ireland may seek Letters of Professional Standing, for instance in cases where a teacher is seeking to register in that country. Such letters, which are only provided with the teacher’s consent, contain a teacher’s personal and professional details and their current standing with the Teaching Council.

6.1. This Policy does not apply to any links on our website to third-parties’ websites and/or services, such as third-party applications, that you may encounter when you use our website. You should be aware that the service that we provide may enable or assist you to access the website content of, correspond with, and pay for services via third[1]party websites and that you do so solely at your own risk. A specific example is that of credit card payments to the Council.

6.2. The Council has no liability or obligation in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by you, with any such third party and the use by any such third-party of your personal data. We do not endorse or approve any third-party website nor the content of any of the third-party website made available via our website. We encourage you to carefully familiarize yourself with terms of use and privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

7.1. The Council operates an extensive, secure IT system to store data. Access to particular parts of the system is granted in line with the Council’s roles and responsibilities: we restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. The Council also operates an Information Security Policy and Acceptable Usage Policy, which applies to all Council staff, Council members and any other users who connect to the Council network. All documentation and records are stored securely on site. The Council contracts with an external provider for long-term, secure off-site storage.

7.2. We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of your personal data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

7.3. Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your personal data arising from such risks. Please also note that our website contains hyperlinks to websites owned and operated by third parties, and use of these is at your own risk (see ‘Third Party Websites’).

7.4. Where the Council engages third parties to process personal data on its behalf, it will ensure that such third parties are subject to a legal contract, which provides at least the level of data protection security set out in Data Protection Legislation.

8.1. Data Subject Requests

8.1.1. Under Articles 13 and 15 of GDPR, on your request we will confirm if we are keeping your personal data and provide it to you in a transparent and easily accessible form (please see our ‘How to contact us' section). Where the data will be used for a purpose other than that initially communicated, we will inform you of this other purpose in advance.

8.1.2. Access requests under Article 15 of GDPR apply to personal data held by the Council in both a computerised and manual form (where it is requested by electronic means, it will be provided in a commonly used electronic form). However, where a document exists in duplicate, e.g., where correspondence is scanned into the Council’s case management system, it is not necessary to provide two copies of the same document in response to a request. Usually, a photocopy or printout of the personal data will be provided. However, where the individual agrees, information can be provided in electronic format, e.g., by email or on a memory stick.

8.1.3. The Council will process data subject access requests that meet certain criteria:

a) they must be in writing;

b) the Council is entitled to make reasonable enquiries to satisfy itself about the identity of the person making the request to ensure that we are not disclosing personal data to a party who is not entitled to it under GDPR;

c) the requester must supply a reasonable level of appropriate information to help us to locate the information required (where it concerns a recorded image, they should also provide a passport-sized photo of themselves); however, no reason for the request needs to be provided; and

d) the Council will deal with a data subject access request free of charge, save where requests are either manifestly unfounded or excessive, in which case the Council may either charge a reasonable fee to take into account the administrative costs, or refuse the request.

8.1.4. Valid and (where required) paid-up data subject access requests will be complied with within one month of receipt of the request, although this period may be extended by two further months where necessary, taking into account the complexity and number of requests (Article 12 GDPR).

8.1.5. All data subject access requests should be directed to the Council’s Data Protection Officer, who will assess them in light of the provisionsin GDPR. The Council will not normally disclose the following types of information in response to a data subject access request: a) data that is not personal data; b) personal data that includes information about other people, unless we gain the consent of that other person (as may be necessary). If we cannot gain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible. o opinions given in confidence; o open-ended requests; o nuisance/repeat requests; and o privileged documents.

8.1.6. Where the Council refuses a data subject access request, it will be in writing and will set out the reasons for our refusal.

8.1.7. Article 23 of GDPR provides that individuals may not have a right to see information relating to them where proportionate restrictions are taken for the following reasons (while most of these circumstances would not ordinarily apply to the Council, they are set out below for the sake of completeness):

a) national security;

b) defence;

c) public security;

d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;

e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;

f) the protection of judicial independence and judicial proceedings; g) the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;

h) a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);

i) the protection of the data subject or the rights and freedoms of others; and

j) the enforcement of civil law claims.

8.1.8. Some documents may need to be “redacted” so as to remove data that is not required to be disclosed.

8.2. Right to Rectification

8.2.1. If a person who has made a data subject access request subsequently seeks to have any of his or her personal data rectified, this will be done within 40 days of the request being made, provided there is reasonable evidence in support of the need for rectification or erasure. You need to tell us what information is incorrect and what should replace it. We will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.

8.2.2. It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible. Section 36(3) of the Teaching Council Acts requires registered teachers to inform the Council in writing, of:

(a) any errors in the register of which he or she is aware in relation to his or her registration; and,

(b) any change in the information entered in the register in relation to him or her.

The Council will update the Register on receipt of valid s.36 notifications.

8.3. Right to Restrict or Prevent Processing of Personal Data

8.3.1. In accordance with Data Processing Legislation, you may request that we stop processing your personal data temporarily if:

a) you do not think that your data is accurate (but we will start processing again once we have checked and confirmed that it is accurate);

b) the processing is unlawful but you do not want us to erase your data;

c) we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or

d) you have objected to processing because you believe that your interests should override the basis upon which we process your personal data.

8.3.2. If you exercise your right to restrict us from processing your personal data, we will continue to process the data if:

a) you consent to such processing;

b) a legal basis exists for such processing;

c) the processing is necessary for the exercise or defence of legal claims;

d) the processing is necessary for the protection of the rights of other individuals or legal persons; or

e) the processing is necessary for public interest reasons.

8.4. Right to Erasure

8.4.1. In accordance with Data Protection Legislation, you can ask us to erase your personal data where:

a) you do not believe that we need your personal data in order to process it for the purposes set out in this Policy;

b) if you had given us consent to process your personal data, you withdraw that consent and we cannot otherwise legally process your personal data;

c) you object to our processing and we do not have any legal basis for continuing to process your personal data;

d) your data has been processed unlawfully or have not been erased when it should have been; or

e) the personal data has to be erased to comply with law.

8.4.2. We may continue to process your personal data in certain circumstances in accordance with Data Protection Legislation.

8.4.3. Where you have requested the erasure of your personal data, we will inform recipients to whom that personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.

8.4.4. Your request for erasure of your data will be carried out within 40 days.

8.5. Rights in Relation to Automated Decision-Taking

8.5.1. If we are evaluating you, you may request that we do not base any decisions solely on an automated process and that we ensure any decision is reviewed by a member of staff.

8.5.2. These rights will not apply in all circumstances, for example where the decision is: i. authorised or required by law, ii. necessary for the performance of a contract between you and us, or iii. is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.

8.6. Right to Data Portability

In accordance with Data Protection Legislation, you may ask for an electronic copy of your personal data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal data that you have provided to us – it does not extend to data generated by us. The right to data portability also only applies where:

a) the processing is based on your consent or for the performance of a contract; and

b) the processing is carried out by automated means.

8.7. Right to Complain to the DPC

If you do not think that we have processed your personal data in accordance with this Policy, please contact us in the first instance (see Section 15). If you are not satisfied, you can complain to the DPC or exercise any of your other rights pursuant to Data Protection Legislation. Information about how to do this is available on the DPC website at www.dataprotection.ie

9.1. The Council will retain personal data on the Register as long as a person is registered. Thereafter, the Council will typically retain personal data for up to 12 years to enable the Council to re-register teachers, for example after a sabbatical period. A longer retention period may be required to retain evidence for any inquiries, claims or proceedings relating to the Register of Teachers or relating to specific persons who were included in, or excluded from, the Register. The Council will retain statistical factual information indefinitely.

9.2. Personal data relating to Council staff will normally be retained for the period of the employment relationship plus seven years. The facts of a person’s employment with the Council will be retained indefinitely for pension/benefits purposes and to verify subsequent referee requests.

9.3. Where your data is captured by CCTV on premises, the images are kept for no longer than a 30-day cycle. A log of access to the CCTV records is maintained by the Council except where the data is required for specified verification and evidential purposes.

9.4. The retention period applying to recorded phone calls are kept for no longer than a 30-day cycle, except where the call is required for specified verification and evidential purposes.

10.1. Please note that if you post or send content which may reasonably be deemed to be offensive, inappropriate or objectionable anywhere on the Website or otherwise engage in any disruptive behaviour on any Teaching Council 10 | Page service, we may remove such content.

10.2. Where we reasonably believe that you are or may be in breach of any applicable laws, for example on hate speech, we may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet provider. We would only do so in circumstances where such disclosure is permitted under applicable laws, including Data Protection Legislation.

11.1. Article 33 of GDPR requires us to notify the Data Protection Commissioner regarding serious data breaches without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

11.2. A personal data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

11.3. We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your personal data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:

a) we have implemented appropriate technical and organisational measures that render the personal data unintelligible to anyone not authorised to access it, such as encryption; or

b) we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or,

c) it would involve disproportionate effort, in which case we may make a public communication instead.

12.1. The Council will not ordinarily transfer personal data to countries outside the European Economic Area (EEA) (unless, for example, we are corresponding with a teacher who resides overseas or where we are dealing with a s.46A issue relating to overseas teaching activities). In the event that this position changes, the Council will comply with its obligations under Article 46 of GDPR by adopting one of the appropriate measures approved by the Data Protection Commissioner and the European Commission to ensure that such transfers are lawful. These arrangements will also apply to disclosures of personal data arising under s.7(2)(o) of the Teaching Council Acts.

13.1. The Council will not ordinarily undertake direct marketing activities, but if this was to change, it would do so in accordance with its obligations under Data Protection Legislation, specifically Articles 6, 7 and 21 of GDPR, the E-Privacy Directive and related e-privacy regulations.

13.2. The Council may, however, process contact data for non-marketing purposes in the ordinary course, for example by sending renewal notices by SMS or e-zines by email.

14.1. This Policy may be updated from time to time, so you may wish to check it each time you submit personal information to us. Any material changes to this Policy will be posted on the Teaching Council website.

15.1. As data controller (as defined in Data Protection Legislation) for your personal data collected as set out in this Policy, the Teaching Council is located at Block A, Maynooth Business Campus, Maynooth, Co Kildare, W23 Y7X0.

15.2. If you need to contact us with regard to any of your rights as set out in this Policy, all such requests should be made in writing to: The Teaching Council, Block A, Maynooth Business Campus, Maynooth, Co Kildare W23 Y7X0, E: customerrelations@teachingcouncil.ie.

15.3. We will appoint and maintain a Data Protection Officer in accordance with Data Protection Legislation. The contact details of our current Data Protection Officer are as follows:

Ms Ruth Flynn,

Ph: 01-6517900.

E: dpo@teachingcouncil.ie