Who we are
We are the Irish Human Rights and Equality Commission (‘the Commission’), an independent statutory body established by the Irish Human Rights and Equality Act 2014 (‘the Act’). The Commission is Ireland’s national human rights and national equality institution. Our purpose is to protect and promote human rights and equality in Ireland and to build a culture of respect for human rights, equality and intercultural understanding in the State. The Commission was created through the merger of the Irish Human Rights Commission and the Equality Authority.
What we do
The overall statutory functions of the Commission are provided for in section 10 of the Act and they are:
- to protect and promote human rights and equality,
- to encourage the development of a culture of respect for human rights, equality, and intercultural understanding in the State,
- to promote understanding and awareness of the importance of human rightsand equality in the State,
- to encourage good practice in intercultural relations, to promote tolerance and acceptance of diversity in the State and respect for the freedom and dignity of each person, and
- to work towards the elimination of human rights abuses, discrimination and prohibited conduct.
The work of the Commission ranges from working at the policy level to reviewing the effectiveness of human rights and equality law, policy and practice in the State and within public bodies, to working with communities and civil society to monitor and report on people’s real-life experiences of human rights and equality on the ground. Our legal powers include giving practical help, including legal assistance to help people defend their rights, and contributing to legal cases (amicus curiae) that deal with someone’s equality or human rights, and enforcement and compliance work.
Further detail on our specific functions can be found in section 10(2) of the Act Irish Human Rights and Equality Commission Act 2014 (irishstatutebook.ie)
- Why we process personal data
The Commission will only process information that is absolutely necessary for the purpose for which it is required. This is a fundamental principle of Data Protection.
The type of Personal data which the Commission’s processes depends on the circumstances of, and reasons for your interaction with the Commission. In general, the Commission will process:
- Name
- Address
- Contact details including work email address, personal email address, work mobile or landline number, personal mobile or landline number
And depending of the circumstances of our interaction with you, the Commission may also process:
- Date of Birth
- Identification number
- Education details
- Special categories of personal data eg race, ethnicity, religion, health information – if relevant to the reason for the interaction
- Image in a photograph, video or on CCTV
- Your opinion on or experience of human rights issues
- Results of your assessment following the public sector duty on line training course
- Technical details of the device/computer used to visit our website (see our Cookie Policy for more details)
- Location data
- IP address
Where we get this information from
The Commission may receive Personal Data from you directly in one of the following non- exhaustive list of circumstances:
- You seek information from us through our ‘Your Rights’ information service.
- You request legal or other assistance under Section 40 of the Act.
- You engage in legal casework with us or are involved in a legal case that the Commission is given liberty by the Superior Courts to join (as an ‘amicus curiae’ or ‘friend of the court’).
- You are involved in an equality or human rights review or inquiry under Part 3 of the Act.
- You are involved in activity with us to support your implementation of the Public Sector Equality and Human Rights Duty set out in Section 42 of the Act.
- You engage with the Commission in relation to our development of policy and /or legislative observations including consultation on domestic and international legislation and policy, and the monitoring of the Irish State’s
human rights and equality commitments e.g. through the United Nations, EU, or Council of Europe.
- You report human rights abuses, discrimination or discriminatory advertising to us.
- You attend one of our events or meetings either in person or online.
- You apply for a bursary or a grant that we are funding.
- You undertake research for or on behalf of us.
- You participate in one of our research programmes.
- You register and take our on line course and subsequent assessment on the Public Sector Equality and Human Rights duty.
- You are appointed by us to an advisory committee.
- You provide a service to us.
- You send us a message on a social media platform.
- You take part in one of our media campaigns.
- You subscribe to our newsletter.
- You report on our activities.
- You visit our website.
- You visit or contact our offices.
In some cases, we may receive information about you indirectly. Your Personal data may have been provided by the organisation you work for and who engages with the Commission in one of the circumstances listed above. If the Commission provides legal assistance to you, additional information may be provided by medical or legal or expert advisors or other public bodies or other private organisations who are involved in your case.
The Commission’s legal basis for processing Personal data
We process your Personal data because it is necessary to enable us to perform one of our statutory functions as referred to in the What we do section above. The purpose depends again on the reason for our interaction e.g.
- We are providing you with legal advice or information or our newsletter, as requested by you;
- We are inviting you and registering your attendance at one of our events;
- We are inviting you to participate in a study or survey;
- We offer on line training on the Public Sector Equality & Human Rights duty;
- We are recording or taking photographs at an event;
- We are considering your application for a bursary or a grant or for a research project;
- We are responding to a question or comment you raised on one of our social media platforms;
- We are conducting an inquiry or a review of equality or human rights practice;
- We analyse visits to our website to improve the service we offer;
⁃ You are visiting our premises;
- We are engaging with you when you provide a service to us.
In some circumstances we rely on your consent for the processing of your Personal data. For example, if we invite you to participate in a promotional campaign.
Who the Commission shares Personal data with
Again, it depends on the circumstances of our interaction and the specific statutory function we are discharging.
- If the Commission is assessing a legal assistance application, Personal data may be shared with barristers and other legal advisors.
- If the Commission is providing legal assistance, Personal data may be shared with barristers, other legal advisors, the Courts Service, the WRC, mediators, medical advisors, cost accountants and other relevant subject matter experts or quality control auditors.
- Bursary/grant applications are shared with other co-funding organisations and the institution offering the course.
- The Commission publishes surveys, studies, an annual report which may, in certain circumstances, contain Personal data.
- The Commission organises events either online or in a location and uses third parties to help organise invitations and registrations.
- Other organisations via cookies on our website for analystics, tracking or advertising purposes - if you have consented to these.
The Commission uses the services of third parties for IT management and support, for building security, for translation services, for legal case management services, for audit services, for accounting services, for legal services, for document storage, for document shredding, for survey or application submission, for online document sharing, for online collaboration and conferencing, for webinars and online events, for event/ticket management, for online training courses, for website hosting and management of newsletter subscriptions.
These third parties are undertaking a specific task for us which may, in limited circumstances, require them to have some controlled access to Personal data. If this is the case, they are our Data Processors and they have contractual and legal obligations to keep Personal data safe, secure and confidential.
The Commission may also be required to share Personal data it processes, with the Courts or other government agencies such as the Revenue Commissioners, Garda Síochána, or other agencies for the detection, investigation or prosecution of offences, to enable them to perform their functions.
Transfers of Personal data to third countries
A third country is a country outside the European Economic Area (‘EEA’) and now includes the UK and Northern Ireland. Transfers to organisations in third countries are only permitted under Data Protection Legislation if a safeguard measure is in place which protects the Personal data transferred.
There are circumstances when the Commission or one of its Data Processors will transfer Personal data to an organisation in a third country. If this is the case , the Commission will ensure a safeguard measure, permitted under GDPR, is in place which ensures a similar level of protection is afforded to your Personal data.
How long the Personal data will be stored
The Commission will not retain Personal data for any longer than is necessary for the purpose for which it was processed. This may be determined by the length of time required to discharge our particular statutory function. Or it may be determined by other obligations that the Commission is subject to such as Law Society guidelines when providing legal assistance, or financial obligations for the preparation of audited accounts.
Certain records which may contain Personal data may also be stored for longer periods for historical archive purposes, the Commission will seek the advice of the National Archives in this regard.
The Commission holds the archive of the Irish Human Rights Commission and the Equality Authority, who were merged to form the Commission.
Your rights under Data Protection legislation
You have the following rights under Data Protection Legislation:
- The right to request confirmation of, and access to, the information we hold on you.
- The right to request us to rectify any inaccurate information about you without undue delay.
- The right to request us erase/delete any information we hold about you in circumstances such as where it is no longer necessary for us to hold the information for your use of our services or if you have withdrawn your consent to the processing.
- The right to object to us processing information about you such as processing for profiling or direct marketing.
- The right to request us provide your information to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- The right to request a restriction of the processing of your information.
Not all of these rights are absolute and may be restricted in certain specified circumstances. Further information on your rights, the circumstances when they apply and the circumstances when they may be restricted can be obtained from our DPO or from the Data Protection Commission.
- Who to contact regarding data protection matters
TO CONTACT THE IRISH HUMAN RIGHTS AND EQUALITY COMMISSION
Data Protection Officer
Irish Human Right & Equality Commission , 16–22 Green Street,
Dublin D07 CR20, Ireland Tel: + 353 1 858 9601
Email: dpo@ihrec.ie
TO CONTACT THE DATA PROTECTION COMMISSION
You also have the right to make a complaint to the Data Protection Commission (DPC) at any time in relation to any issues related to our processing of your Personal data. The Data Protection Commission can be contacted as follows:
Website: www.dataprotection.ie
Phone: +353 1 765 0100 or 1800 437 737
Address: Data Protection Commission
21 Fitzwilliam Square South Dublin 2, D02 RD28, Ireland.
Changes to this Information Notice
This Notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on the date that appears at the bottom of each page of this document.
Last updated: June 2023
12. Data Protection Legislation and Definitions
Irish and EU laws on data protection including the General Data Protection Regulation (‘GDPR’) and the Data Protection Acts 1988 to 2018 (‘Data Protection Legislation’) govern our collection, storage, handling, disclosure and other uses of personal data.
Compliance with Data Protection Legislation is a legal obligation. In addition, our compliance helps individuals to have confidence in dealing with us and helps us to maintain a positive reputation in relation to how we handle your Personal data.
Our obligations and responsibilities under Data Protection Legislation, are based around a number of important definitions. These include:
‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, mental, economic, cultural or social identity of that person;
‘Special categories of personal data’ means personal data revealing racial or ethnic origins, political opinion, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
‘Data controllers’ are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data. The Commission is the Data Controller of the Personal data it processes.
‘Data processors’ are the people who or organisations which process personal data on behalf of, and on the instructions of, a data controller.
The Commission has certain statutory powers to prosecute offences, which it currently does not invoke. Any processing of personal data as a result of any future execution of these powers will be subject to the Law Enforcement Directive, implemented in Ireland through Chapter 5 of the Data Protection Act 2018 (‘Chapter 5’). The Commission has additional obligations under Chapter 5 and further informatio on this processing activity will be outlined in this document in advance of the invoking of such powers.