Privacy Policy

Committed to Protecting Your Personal Data

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. The GDPR is legislation which the European Union has enacted and it increases the obligations on all organisations as to the standards they must meet when handling and storing personal data.

As a statutory State body, operating within the remit of the Teaching Council Acts 2001-2015 and the Education Act 1998 the Teaching Council is obliged to comply with this legislation. As the professional standards body for the teaching profession, we welcome the new standards, which the GDPR is putting in place and continue to take our responsibilities very seriously.

The Teaching Council remains committed to being professional, open and transparent in how we process personal data through the delivery of all of our work. One of the requirements under this new legislation is for organisations to publish how we meet the standards required in how we collect, use and protect data.

This Policy has been developed in keeping with this approach and sets out the basis on which any personal data provided by to the Council will be processed. This applies to all personal data, irrespective of the medium or method by which it has been collected.

This Policy may be updated from time to time as new Data Protection legislation is introduced.

1. Introduction And Legal Basis For Collection Of Your Personal Data

1.1 The Teaching Council (the “Council” or "we") is the statutory body that regulates the teaching profession in Ireland. It promotes professional standards in teaching and acts in the interests of the public good, while upholding and enhancing the reputation and status of the teaching profession through fair and transparent regulation.

1.2 In order to fulfil its mandate, the Council is required to collect and process your personal data (processing is extremely broadly defined and includes collection, access, use, storage and deletion of data), and the legal basis upon which we do so is the Teaching Council Acts 2001 to 2015. This is in accordance with article 6.1(c) of GDPR, which states that such processing must be "necessary for compliance with a legal obligation to which the controller is subject". The rare occasions on which we collect your data for reasons other than in connection with a legal obligation are also detailed in this policy (the “Policy”). We only process your data where we are legally entitled to do so.

1.3“Data Protection Legislation” is used throughout to refer to the Data Protection Acts 1988 and 2003 and Directive 95/46/EC, and any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive), as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR)).

1.4 “Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, our possession. Article 4 of GDPR defines it as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

1.5 This Policy is intended to disclose in a transparent way how the Council obtains and processes personal data, so that all those who provide personal data (including data processed through the Teaching Council website) will clearly understand the practices and procedures. Please note that this Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and applies to all of your personal data irrespective of the medium or method by which we obtained/received your personal data. You should also be aware that the Council only seeks personal data that is relevant to the performance of its statutory duties. It does not seek, nor does it wish to receive, excessive levels of data that are not relevant to these duties.

2. What Personal Data We Collect

2.1 Personal Data: General

The data we collect depends on why we collect it (see the ‘Why We Collect Your Data' section). Where you register with us as a teacher, you will be required to provide your name, address, phone number, PPSN, gender, date of birth, email address, academic and professional history and qualifications, and other data of this nature. Once registered, further data may be required in the following scenarios:

  1. where legal issues arise, we may need to share the entire complaint file with our solicitors and counsel, and with stenographers and case management and other software system providers;
  2. for electoral purposes, electoral category (including geographical constituency) and, where applicable, the school roll number of every eligible teacher;
  3. for the National Vetting Bureau, the details of the complaint, the finding and the sanction;
  4. for payroll services, the Revenue and the Council’s pension and superannuation advisors your bank account details, salary and other financial details, the date you joined the Council, service details, and PRSI class; and,
  5. For the purpose of confirmation of completion of probation and induction, data is collated and provided by Limerick Education Centre (probation) and Donegal Education Centre (induction).

For lay-people, the data we collect will almost invariably consist of routine personal information relating to your contact details, except where you are lodging a complaint against a teacher; in which case, we will require full details of the matter and circumstances giving rise to the complaint. .

2.2 Qualifications Data

2.2.1 The Council has a remit to record the qualifications of each teacher on the register. For pre-establishment teachers (join date 28/03/2006) who were admitted to the register under sections 31(2) and (3) of the Teaching Council Act, 2001, the qualifications were declared by many teachers on a data verification form. The Council has not viewed the original transcripts of these qualifications and therefore cannot confirm their accuracy.

2.2.2 For teachers who are registered under section 31(5) (post-establishment), the Council relies on original transcripts or on the details that are transferred from colleges and universities providing teacher education qualifications in Ireland and abroad. The Council makes every effort to ensure that qualification grades are accurately recorded. (e.g., First Class Honours, Distinction, 2.1 Honours, Pass, etc.). However, the remit of the Council is to ensure that the qualifications satisfy the requirements for registration and it cannot be held responsible for ensuring that a teacher receives the correct remuneration from an employer or paymaster.

2.2.3 In cases where the grade of a qualification is not available, the Council has a policy of entering an awarded result. In other cases where a grade is not interpretable from a qualification transcript, the Council will endeavour to record the result as it is provided on the transcript, e.g., grade point average (GPA) in the notes section relating to that qualification. In such cases, the Council will not adjudicate as to whether the result provided constitutes a pass or honours result. The Council will not become involved in discussions with teachers over the interpretation of their results and their appropriate qualification allowance. Similarly, the Council will not classify a qualification (e.g., as a master’s degree or its equivalent) or attempt to place the qualification on the National Framework of Qualifications.

2.3 Special Categories of Personal Data

2.3.1 As set out in the GDPR, there is a general prohibition on the processing of genetic and biometric data or data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or that concerns a person's sex life or his or her health. However, there are exceptions: for example, Garda vetting procedures may result in the disclosure of data relating to previous criminal convictions or prosecutions pending, or members of the public may report issues concerning a teacher’s health, well-being or conduct to the Council.

2.3.2 In accordance with Articles 9 and 10 of GDPR, the Council will process such personal data only when the data subject has given explicit consent, or where the processing is authorised by law or otherwise permitted under Data Protection Legislation. These additional circumstances include responding to requests from the Ombudsman and where the processing is required for the purpose of obtaining legal advice or in connection with legal proceedings, or prospective legal proceedings, and where the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Article 9).

3. Why We Collect Your Personal Data

3.1 Registration: Section 30 of the Teaching Council Acts 2001-2015 imposes a legal requirement on teachers to register with the Council in order to be paid a salary by the State. Application forms for registration are provided on the Council website. The information provided on those forms is held, processed and disclosed by the Council for the purpose of performing its statutory obligations as further explained in this Policy.

3.2 Garda Vetting: The National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 places obligations on employers to vet employees who are in contact with children or vulnerable adults. In relation to teachers, the Council shares information with the National Vetting Bureau for purposes of initial registration as a teacher and renewal of registration under Sections 31 and 33 of the Teaching Council Acts 2001-2015. The Council is also the body that will co-ordinate the vetting of teachers for school employers and, accordingly, the Council shares information with the National Vetting Bureau for this purpose. Details of the Council’s vetting procedures and the related legislation are set out on the Council’s website.

3.3 Complaints, Notifications and Inquiries:  Part 5 of the Teaching Council Acts relates to the Teaching Council’s fitness to teach function. The Council is empowered to receive and process data (relating to registered teachers and relevant third parties) in order to make enquiries and carry out investigations into the professional conduct of teachers under its processes. This data may be collected by way of formal complaint, informal notification to the Teaching Council or from publicly accessible sources, such as media articles. Any personal data that is received, processed or disclosed in the context of a specific complaint, investigation or inquiry will be retained and used for that purpose in line with the Teaching Council’s fitness to teach policies and procedures.

3.4 Department of Education and Skills and the Education and Training Boards: The Education (Amendment) Act, 2012 requires the Council to share information it holds on registered teachers with the Department of Education and Skills (“DES”) or Education and Training Boards (“ETBs”) on a regular basis. This data is used to confirm if a teacher is registered or not. The Council has a data transfer agreement in place with the DES and ETBs to govern these data transfers, but the Council is not responsible for the data practices of the DES and ETBs as they are subject to their own policies and procedures.

3.5 Teachers Paymasters: The Council operates a paymaster interface to the Register of Teachers. This enables paymasters (e.g., the DES/ETBs, who operate teacher payrolls) to identify registered teachers for payroll purposes and assists paymasters with the verification of qualifications and the calculation of qualification allowance.

3.6 Mutual Recognition Obligations: European Directive 2005/36/EC relates to the mutual recognition of qualifications between EU Member States, and provides for the freedom of movement and recognition of fully qualified professionals within EU Member States. The Council processes and shares personal data in accordance with the requirements of the Directive and as required under s.46A of the Teaching Council Acts.

3.7 Elections: The Council also processes personal data for the purpose of performing its obligations under the Teaching Council (Election of Members) Regulations 2015. Under these Regulations, an electoral roll is prepared by the Council detailing the name, gender, teacher registration number, electoral category (including geographical constituency) and, where applicable, the school roll number of every eligible teacher. As there is a statutory obligation to make the electoral roll available to eligible teachers, the Returning Officer has determined, in line with regulation 7(1)(a) of the Regulations, that the electoral roll is published on the Council’s website for a limited period.

3.7.1 The electoral roll lists all those persons registered with the Council on the relevant date who will be eligible to vote and/or be nominated to stand for election. The publication of the electoral roll allows registered teachers to confirm that the electoral voting category and constituency assigned to them is correct, and if errors or omissions exist they can apply to the Council for amendment on or before the applicable deadline for the election.

3.7.2 The Council will process personal data in connection with the Regulations. For example, where the Council has received a mobile phone number from a teacher, the Council may send an SMS message to that teacher to remind him or her to vote. The Council applies a similar approach in the case of data processing for applicant teachers from jurisdictions outside of the EU/EEA.

3.8 Freedom of Information: The Council complies with the rules and practices of the Freedom of Information Act, which is available on the Council website. The Council processes personal data in the context of meeting its freedom of information obligations.

3.9 Our Website: We collect different types of information about our users via our website for the following reasons:

  1. to personalise the way our content is presented in the most effective manner for users and for computers/devices;
  2. to help us to monitor and improve the services we offer, including on our website. As part of this, we may use and disclose information in aggregate (so that no individuals are identified);
  3. to carry out any legal obligations arising from your interaction with the website; and
  4. to allow you to participate in interactive features of our service, when you choose to do so.

4. How We Collect Your Data

4.1 Registration/DES: Most personal data obtained by the Council is provided directly by teachers or by the DES pursuant to the Teaching Council Acts.

4.2 CCTV: Your image may be recorded via closed circuit television (CCTV), which has been installed in the Council’s building. The system comprises a number of cameras installed at reception and at each lift lobby, and the third floor recording video images without sound. Our basis for collecting personal data in this way is our legitimate interest (Article 6.1(f) of GDPR) in the security of our people and premises; to provide evidential material for criminal court proceedings. There is signage in place to inform people that CCTV is in operation.

4.3 Telephone Calls: The Council has installed a telephone call recording system at its offices in Maynooth. The system is capable of recording incoming and outgoing calls from all telephones at the Council offices. The rationale behind the installation of the telephone call recording system is to allow the Council to improve the quality and efficiency of its phone service by using recorded calls for the purposes of staff training and verification. Call recordings are only used for these purposes and to validate instructions/information provided and received, and will not be used for any other purpose. 

4.3.1 Access to the recordings by Teaching Council staff is only permitted to satisfy a clearly defined business need and reasons for requesting access must be formally authorised by the relevant section manager. All requests for call recordings should include the following: (a) the reason for the request; (b) date and time of the call; (c) telephone extension used to make/receive the call; (d) external number involved if known; and (e) where possible, the names of all parties to the telephone call.

4.3.2 The IT Systems Administrator, on receiving an approved request for a call recording, will email a copy of the recording to the relevant staff member. Copies of the recordings should be deleted after use. Browsing of recordings without a specific purpose is not permitted.

4.4 IP Addresses: We collect IP addresses from visitors to our website (an IP address is a number that can uniquely identify a specific computer or other network device on the internet). This allows us to identify the location of users, to block disruptive use and to establish the number of visits from different countries. We analyse this data for trend and statistics reasons, such as which parts of our website users are visiting and how long they spend there.

4.5 Cookies: A cookie is a small text file that is placed on your hard disk by a web server which enables a website and/or mobile app to recognise repeat users, facilitate the user's ongoing access to and use of a website and/or the mobile app and allows the website and/or mobile app to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising.

4.5.1 We collate information on all the website traffic that is represented in aggregate format through cookies. We use third parties such as Google Analytics to collect user information, including through the use of cookies (flash and non-flash) and web beacons. They help us to improve the website and to deliver many of the functions that make your browser experience more user-friendly.

4.5.2 You should also be aware that there are cookies which are found in other companies' internet tools which we are using to enhance the website. You will see ‘social buttons’ on the website, including but not limited to Twitter, YouTube, and Facebook which enable you to share or bookmark certain web pages. These websites have their own cookies, which are controlled by them.

4.5.3 By using the website you are agreeing to the use of cookies as described in this Policy (i.e. you are agreeing to the placement of cookies on your device unless you specifically choose not to receive cookies, where such cookies are generally of a type that could reasonably be expected to be present on a website such as ours). Please note, however, that a cookie will not provide us with personal data; so if you have not supplied us with any personal data, you can still browse the website anonymously.

4.5.4 The ‘Help Menu’ on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-on's settings or visiting the website of its manufacturer

4.5.5 For more information about cookies and managing them including how to turn them off, please visit www.cookiecentral.com. However, because cookies allow you to take advantage of some of the website's essential features, we recommend you leave them turned on as otherwise you may not be able to fully experience the interactive features of the Website or other websites which you visit.

5. Third Party Websites

5.1 This Policy does not apply to any links on our website to third-parties’ websites and/or services, such as third-party applications, that you may encounter when you use our website. You should be aware that the service that we provide may enable or assist you to access the website content of, correspond with, and pay for services via third-party websites and that you do so solely at your own risk. A specific example is that of credit card payments to the Council.

5.2 The Council has no liability or obligation in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by you, with any such third party and the use by any such third-party of your personal data. We do not endorse or approve any third-party website nor the content of any of the third-party website made available via our website. We encourage you to carefully familiarize yourself with terms of use and privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

6. How We Protect Your Data

6.1 The Council operates an extensive, secure IT system to store data. Access to particular parts of the system is granted in line with the Council’s roles and responsibilities: we restrict access to personal data to employees, contractors and agents who need to know such personal data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. The Council also operates an Information Security Policy and Acceptable Usage Policy, which applies to all Council staff, Council members and any other users who connect to the Council network. All documentation and records are stored securely on site. The Council contracts with an external provider for long-term, secure off-site storage.

6.2 We will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of your personal data. In particular, we will consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

6.3 Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our website and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our website may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorised disclosure, loss or destruction of your personal data arising from such risks. Please also note that our website contains hyperlinks to websites owned and operated by third parties, and use of these is at your own risk (see ‘Third Party Websites’).

6.4 Where the Council engages third parties to process personal data on its behalf, it will ensure that such third parties are subject to a legal contract, which provides at least the level of data protection security set out in Data Protection Legislation..

7. Who We Share Your Data With

7.1 Pursuant to s.29 of the Teaching Council Acts, the Council publishes the register, and any member of the public can search for a registered teacher by entering a value in one of the following fields:

  • Forename;
  • Surname;
  • Registration Number;
  • School Sector; and
  • School Roll Number.

When a search returns results, the list of results is shown on screen. A result can be expanded on by clicking on the surname field. For each registered teacher, the following fields of information are shown:

  • Forename;
  • Surname;
  • Registered under Regulation;
  • School Name;and
  • School Address.

The physical register is also available for inspection at the offices of the Council under section 29(6) of the Teaching Council Acts. If a teacher is not currently registered or in good standing with the Council, his/her record will not be found.

7.2 The Council shares personal data relating to its staff with third parties such as pension administrators or payroll providers who require such information in order to administer staff payroll. Staff are informed of the disclosures in their contracts of employment and through regular staff updates.

7.3 Where the teacher is the subject of a complaint, the entire complaint file may be shared with the relevant investigating body and the relevant legal advisors; for more detail on why data is shared with third parties such as the Gardai, the National Vetting Bureau and the Revenue, please see the section 'What Personal Data We Collect'. We reserve the right to access and disclose personal data in compliance with Data Protection Legislation. As a general rule, any third parties who access your data in the course of providing services on our behalf are subject to strict contractual restrictions to ensure that your data is protected, in compliance with Data Protection Legislation.

8. Your Rights

8.1 Data Subject Requests:

8.1.1 Under Articles 13 and 15 of GDPR, on your request we will confirm if we are keeping your personal data and provide it to you in a transparent and easily accessible form (please see our ‘How to contact us' section). Where the data will be used for a purpose other than that initially communicated, we will inform you of this other purpose in advance.

8.1.2 Access requests under Article 15 of GDPR apply to personal data held by the Council in both a computerised and manual form (where it is requested by electronical means, it will be provided in a commonly used electronic form). However, where a document exists in duplicate, e.g., where correspondence is scanned into the Council’s case management system, it is not necessary to provide two copies of the same document in response to a request. Usually, a photocopy or printout of the personal data will be provided. However, where the individual agrees, information can be provided in electronic format, e.g., by email or on a memory stick.

8.1.3 The Council will process data subject access requests that meet certain formalities:

  1. they must be in writing;
  2. the Council is entitled to make reasonable enquiries to satisfy itself about the identity of the person making the request to ensure that we are not disclosing personal data to a party who is not entitled to it under GDPR;
  3. the requester must supply a reasonable level of appropriate information to help us to locate the information required (where it concerns a recorded image, they should also provide a passport-sized photo of themselves); however, no reason for the request needs to be provided; and
  4. the Council will deal with a data subject access request free of charge, save where requests are either manifestly unfounded or excessive, in which case the Council may either charge a reasonable fee to take into account the administrative costs, or refuse the request.

8.1.4 Valid and (where required) paid-up data subject access requests will be complied with within one month of receipt of the request, although this period may be extended by two further months where necessary, taking into account the complexity and number of requests (Article 12 GDPR).

8.1.5 All data subject access requests should be directed to the Council’s Data Protection Officer, who will assess them in light of the provisions in GDPR. The Council will not normally disclose the following types of information in response to a data subject access request:

  1. data that is not personal data;
  2. personal data that includes information about other people, unless we gain the consent of that other person (as may be necessary). If we cannot gain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
  3. opinions given in confidence;
  4. open-ended requests;
  5. nuisance/repeat requests; and
  6. privileged documents.

8.1.6 Where the Council refuses a data subject access request, it will be in writing and will set out the reasons for our refusal.

8.1.7 Article 23 of GDPR provides that individuals may not have a right to see information relating to them where proportionate restrictions are taken for the following reasons (while most of these circumstances would not ordinarily apply to the Council, they are set out below for the sake of completeness):

  1. national security;
  2. defence;
  3. public security;
  4. the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
  5. other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
  6. the protection of judicial independence and judicial proceedings;
  7. the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
  8. a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
  9. the protection of the data subject or the rights and freedoms of others; and
  10. the enforcement of civil law claims.

8.1.8 Some documents may need to be “redacted” so as to remove data that is not required to be disclosed.

8.2 Right to Rectification

8.2.1 If a person who has made a data subject access request subsequently seeks to have any of his or her personal data rectified, this will be done within 40 days of the request being made, provided there is reasonable evidence in support of the need for rectification or erasure. You need to tell us what information is incorrect and what should replace it. We will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.

8.2.2 It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible. Section 36(3) of the Teaching Council Acts requires registered teachers to inform the Council in writing, of: (a) any errors in the register of which he or she is aware in relation to his or her registration; and, (b) any change in the information entered in the register in relation to him or her. The Council will update the Register on receipt of valid s.36 notifications.

8.3 Right to restrict or prevent processing of personal data

8.3.1 In accordance with Data Processing Legislation, you may request that we stop processing your personal data temporarily if:

  1. you do not think that your data is accurate (but we will start processing again once we have checked and confirmed that it is accurate);
  2. the processing is unlawful but you do not want us to erase your data;
  3. we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  4. you have objected to processing because you believe that your interests should override the basis upon which we process your personal data.

8.3.2 If you exercise your right to restrict us from processing your personal data, we will continue to process the data if:

  1. you consent to such processing;
  2. a legal basis exists for such processing;
  3. the processing is necessary for the exercise or defence of legal claims;
  4. the processing is necessary for the protection of the rights of other individuals or legal persons; or
  5. the processing is necessary for public interest reasons.

8.4 Right to erasure

8.4.1 In accordance with Data Protection Legislation, you can ask us to erase your personal data where:

  1. you do not believe that we need your personal data in order to process it for the purposes set out in this Policy;
  2. if you had given us consent to process your personal data, you withdraw that consent and we cannot otherwise legally process your personal data;
  3. you object to our processing and we do not have any legal basis for continuing to process your personal data;
  4. your data has been processed unlawfully or have not been erased when it should have been; or
  5. the personal data has to be erased to comply with law.

8.4.2 We may continue to process your personal data in certain circumstances in accordance with Data Protection Legislation.

8.4.3 Where you have requested the erasure of your personal data, we will inform recipients to whom that personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.

8.4.4 Your request for erasure of your data will be carried out within 40 days.

8.5 Rights in relation to automated decision-taking

8.5.1 If we are evaluating you, you may request that we do not base any decisions solely on an automated process and that we ensure any decision is reviewed by a member of staff.

8.5.2 These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law, (ii) necessary for the performance of a contract between you and us, or (iii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard your interests.

8.6 Right to data portability

In accordance with Data Protection Legislation, you may ask for an electronic copy of your personal data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal data that you have provided to us – it does not extend to data generated by us. The right to data portability also only applies where:

  1. the processing is based on your consent or for the performance of a contract; and
  2. the processing is carried out by automated means.

8.7 Right to complain to the DPC

If you do not think that we have processed your personal data in accordance with this Policy, please contact us in the first instance (see Section 15). If you are not satisfied, you can complain to the DPC or exercise any of your other rights pursuant to Data Protection Legislation. Information about how to do this is available on the DPC website at https://www.dataprotection.ie.

9. How Long We Store Your Personal Data

9.1 The Council will retain personal data on the Register as long as a person is registered. Thereafter, the Council will typically retain personal data for up to 12 years to enable the Council to re-register teachers, for example after a sabbatical period. A longer retention period may be required to retain evidence for any inquiries, claims or proceedings relating to the Register of Teachers or relating to specific persons who were included in, or excluded from, the Register. The Council will retain statistical factual information indefinitely.

9.2 Personal data relating to Council staff will normally be retained for the period of the employment relationship plus seven years. The facts of a person’s employment with the Council will be retained indefinitely for pension/benefits purposes and to verify subsequent referee requests.

9.3 Where your data is captured by CCTV on premises, the images are kept for no longer than a 30-day cycle. A log of access to the CCTV records is maintained by the Council except where the data is required for specified verification and evidential purposes.

9.3 The retention period applying to recorded phone calls are kept for no longer than a 30-day cycle, except where the call is required for specified verification and evidential purposes.

10. Offensive Content

10.1 Please note that if you post or send content which may reasonably be deemed to be offensive, inappropriate or objectionable anywhere on the Website or otherwise engage in any disruptive behaviour on any Teaching Council service, we may remove such content.

10.1.1 Where we reasonably believe that you are or may be in breach of any applicable laws, for example on hate speech, we may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet provider. We would only do so in circumstances where such disclosure is permitted under applicable laws, including Data Protection Legislation.

11. Breach Reporting

11.1 Article 33 of GDPR requires us to notify the Data Protection Commissioner regarding serious data breaches without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

11.2 A personal data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

11.3 We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting your personal data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:

  1. we have implemented appropriate technical and organisational measures that render the personal data unintelligible to anyone not authorised to access it, such as encryption; or
  2. we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
  3. it would involve disproportionate effort, in which case we may make a public communication instead.

12. Disclosures Of Personal Data Outside Of The EEA

12.1 The Council will not ordinarily transfer personal data to countries outside the European Economic Area (EEA) (unless, for example, we are corresponding with a teacher who resides overseas or where we are dealing with a s.46A issue relating to overseas teaching activities). In the event that this position changes, the Council will comply with its obligations under Article 46 of GDPR by adopting one of the appropriate measures approved by the Data Protection Commissioner and the European Commission to ensure that such transfers are lawful. These arrangements will also apply to disclosures of personal data arising under s.7(2)(o) of the Teaching Council Acts.

13. Direct Marketing

13.1 The Council will not ordinarily undertake direct marketing activities, but if this was to change, it would do so in accordance with its obligations under Data Protection Legislation, specifically Articles 6, 7 and 21 of GDPR, the E-Privacy Directive and related e-privacy regulations.

13.2 The Council may, however, process contact data for non-marketing purposes in the ordinary course, for example by sending renewal notices by SMS or e-zines by email.

14. Changes To This Policy

14.1 This Policy may be updated from time to time, so you may wish to check it each time you submit personal information to us. Any material changes to this Policy will be posted on the Teaching Council website.

15. Legal Information And How To Contact Us

15.1 As data controller (as defined in Data Protection Legislation) for your personal data collected as set out in this Policy, the Teaching Council is located at Block A, Maynooth Business Campus, Maynooth, Co Kildare.

15.2 If you need to contact us with regard to any of your rights as set out in this Policy, all such requests should be made in writing to The Teaching Council, Block A, Maynooth Business Campus, Maynooth, Co Kildare W23 Y7X0, or by email to customerrelations@teachingcouncil.ie.

15.3 We will appoint and maintain a Data Protection Officer in accordance with Data Protection Legislation. The contact details of our current Data Protection Officer are as follows:

Keith Ashmore,
Data Protection Officer
Block A, Maynooth Business Campus,
Maynooth, Co. Kildare,
W23 Y7X0
Phone: 01-6517900
Email: DPO@teachingcouncil.ie