This Notice provides you with information regarding the personal data about you which is held by the Office of the Ombudsman.
The Office of the Ombudsman fully respects your right to privacy. Your personal data will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (“Data Protection legislation”).
This Notice uses certain words or terms which have a particular meaning under GDPR and Data Protection legislation. See the Definitions section of this Notice for an explanation or definition of the words.
The Office of the Ombudsman examines complaints from people who feel they have been unfairly treated by certain public bodies, for example, government departments, local authorities, the HSE and publicly funded third level education bodies.
The Ombudsman also examines complaints about failures by public bodies to provide accessible buildings, services and information, as required under Part 3 of the Disability Act 2005.
Your personal data is held by the Office of the Ombudsman (or ‘the Office’ in this notice) which is the data controller for the purposes of GDPR and Data Protection legislation purposes.
We may be contacted at:
Office of the Ombudsman, 18 Lower Leeson Street, Dublin 2, DO2 HE97.
Telephone: (01) 639 5600.
Our Data Protection Officer may be contacted at:
Telephone: (01) 639 5760
Postal Address: 18 Lower Leeson Street, Dublin 2, DO2 HE97.
The Data Protection Officer is designated for the Office of the Ombudsman, OIC, OCEI, SIPOC, CPSA and Referendum Commission.
A large amount of the personal data which we hold about you is provided by you in your phone calls, letters, emails or other communications with this Office.
We also hold personal data which has been provided by someone else or by someone on your behalf. Where this occurs, further details are provided below.
The personal data we hold and where it comes from will depend on the type of interaction you have with our Office.
We hold information (personal data) about people who contact this Office to make an enquiry. This personal data includes, for example, your name and contact details, details relating to your enquiry or the purpose of your contact and any other personal data which you provide.
We hold personal data about people who make a complaint to this Office about a public service provider. This personal data includes, for example, your name, contact details, details relating to your complaint, and any other personal data which you provide.
In examining your complaint we also collect personal data about you from public bodies or other persons. For example, the provider of the public service will be asked to provide us with records relevant to the decision or action which is the subject of your complaint and this may contain personal data, including special category personal data.
We hold personal data about representatives who make enquiries or who make complaints on behalf of someone else. This data includes your name, contact details and details relating to the representative capacity or relationship with the person on whose behalf you are making the complaint. It also includes any other personal data which you provide. Such personal data may also be included in information received from the public service provider or other person involved in a complaint.
Where personal data is about a person who did not make the complaint, we call that person a ‘third party’.
Personal data about you can be contained in the records provided by the public service provider in relation to a complaint. Personal data about you could also be contained in other documents which the Office receives, such as submissions, letters or emails, and includes special category personal data.
The Ombudsman has the power to carry out an investigations of a broader nature either on his own initiative or arising out of complaints received. In the course of such an investigation records of the public body, containing personal data will accessed by this Office and may also be contained in submissions received by us from public service providers. This personal data could be wide ranging and include special category personal data depending on the investigation.
When someone visits www.ombudsman.ie we collect standard internet log information and details of visitor behaviour patterns. We do this for statistical purposes to find out things such as the number of visitors to the various parts of the site.
We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information through our website and will explain what we intend to do with it.
We are part of the Government Services network. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used.
Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We hold personal data about people who make statutory requests to this Office, including for example people who make an FOI request or Data Protection access request looking for records or information from this Office. The personal data includes your name and contact details and information relating to the statutory request.
These statutory requests made to this Office could also include personal data about someone other than the person making the request. Whether they contain personal data and, if so, the type of personal data will depend on the request. This information comes from the person making the request.
We hold personal data about staff of public service providers in relation to their handling of complaints. The personal data includes the name, contact details, grade/role and information relating to the performance of their functions. This personal data comes from the public service provider or the complainant and includes personal data in the records sought in communications with this Office.
We also hold data about Ombudsman Liaison Officers or other officials in public service providers. This includes the name, contact details and grade/role within the organisation of each official. This data has been provided by the official, his/her organisation or has been obtained from publicly available sources (such as the organisation’s website).
We have a list of people we communicate with to inform them of publications, current developments and other matters of interest. This contains your name, description and contact details.
We hold personal data about you where there has been contact between this Office and yourself in relation to various matters, including e.g. contact regarding the provision of goods or services or invitations to this Office to make presentations to seminars, attend conferences etc. This personal data includes your name, contact details and information relating to the goods or services, the seminar, conference etc. It comes from your interactions with us.
We have described above all the main categories of people whose personal data we hold. We can hold data about people who do not fall within these categories. For example, from time to time we hold personal data about people attending meetings or events with the Office. We confirm that all personal data is treated with the highest standards of security and confidentiality, in accordance with the Data Protection legislation.
We use the information about you so that the Ombudsman can carry out his functions under the Ombudsman Act 1980, as amended and the Disability Act, 2005.
In other words, in order to look at a complaint about a public service provider, we will have to process your personal data.
We also hold information about you for the purpose of responding to statutory requests made to the Office (such as access requests under the FOI Act 2014, Data Protection legislation, and the Access to Information on the Environment Regulations). Doing this is necessary for compliance with the Office’s legal obligations.
We use the mailing list of people we communicate with in order to inform them of publications, current developments and other matters of interest. We will send you such communications if you consent to us doing so. If you wish to be removed from this list, please let us know and we will remove you from the list without delay.
We also compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
In investigating a complaint about a public service provider body or in carrying out any of the other functions of the Ombudsman, we share personal data. For example, when looking at the actions of a public service provider, we will need to share information with that body and possibly with other relevant bodies. We share it with your representative, if you have nominated one and have given your consent.
We share your personal data with: the relevant public service provider or providers; your representative; any affected third parties; original complainants; legal representatives of the Office and the courts.
On occasion, we share your information with service providers, including, for example, translators.
We may publish the details of cases handled by our Office in our Annual Report, The Ombudsman’s Casebook, an Investigation Report, or elsewhere. We do not identify any applicants, unless the details have already been made public, or the applicant explicitly consents to being identified.
The length of time we hold your personal data for will depend on the type of document or record which contains the data. Our Records Retention Policy sets out the time periods for different types of record. See the Records Retention Policy Schedule below.
Office of the Ombudsman
|Categories of Data Subjects||Retention Period|
|People who make enquiries to this Office.
Complainants (people who make complaints)
Family members of complainants
Records of examination: Standard cases: Retain for 3 years post closure of the complaint. Cases which are discontinued, premature or outside the remit of the Ombudsman: retained for 1 year post closure of the case
Supplied by the public body: returned following the conclusion of the case.
|Third Parties involved in a complaint (including Staff members of public services providers) involved in the complaint||
Original documentation supplied by the complainant or their representative: returned following the conclusion of the case, if requested.
Supplied by the public body: returned following the conclusion of the case
Note: We hold historical records containing personal data. A plan is in place to deal with these records and to ensure that they are held in accordance with the retention schedule. These records are stored electronically and securely.
Under the GDPR and Data Protection legislation you have certain rights. These rights arise in certain circumstances and are subject to certain exemptions. In particular, the Office is required by statute to keep information obtained from public service providers and others confidential and this restricts on your rights. The rights are:
If you would like to exercise any of your rights, please contact:
Our Data Protection Officer may be contacted at:
Telephone: (01) 639 5760
Postal Address: 18 Lower Leeson Street, Dublin 2, DO2 HE97.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
You also have the right to lodge a complaint with the Data Protection Commission. The Data Protection Commission may be contacted at:
Telephone: (0761) 104 800; Lo-Call 1890 25 22 31.
Postal Address: Canal House, Station Road, Portarlington, Co Laois, R32 AP23.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
|Our Cookies||Name||Purpose||More information|
|These cookies are used to collect information about how visitors use our site. The cookies collect information in an anonymous form that does not identify a visitor. They provide information regarding the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to compile reports and to help us improve the way our website works, for example by making sure users are finding what they need easily.||Click here for an overview of privacy at Google
To opt out of being tracked by Google Analytics across all websites visit the Google site
|YouTube cookies||We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.||To find out more please visit YouTube’s embedding videos information page.|
|Search Engine||The search engine on our website is designed to be as powerful and easy to use as the popular search engine Google. The search is made possible by a piece of hardware (a search 'appliance') supplied by Google that is plugged into our server and continuously indexes the content on our site. All search requests are handled by the appliance and the information is not passed on to any third party, including Google.||Click here for an overview ofprivacy at Google|
|Online notification form cookie||ASP.NET_SessionId||This cookie is essential for the online form, and is set only for those people using the form. This cookie is deleted when you close your browser.||Visit the Microsoft website|
This privacy statement does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Protection Act 2018 Amongst other things, this Act gives further effect to the GDPR (see below) in areas where Member State flexibility is permitted.
Data Protection Officer The GDPR requires some organisations to designate a Data Protection Officer (DPO). Article 39 of the GDPR states that the data protection officer “shall have at least the following tasks:
Data Subject means the identified or identifiable natural person to whom the personal data relates – see also the definition of personal data below.
The General Data Protection Regulations (GDPR) is an EU Regulation relating to data protection which came into force on 25 May 2018.
Joint Controller. Where two or more controllers (see above) joint determine the purposes and means of processing, they are joint controllers.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject ’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.