MSU Privacy Policy

Beartas Príobháideachais

Tugann Aontas na Mac Léinn Má Nuad (MSU) aire do phríobháideachas na mac léinn agus déanann sé iarracht a gcearta príobháideachais a urramú. Ba mhaith linn freisin a bheith in ann forálacha seirbhíse agus taithí úsáideora a sholáthar atá sábháilte agus slán.

Is mian linn a mhíniú go trédhearcach conas agus cén fáth a mbailímid, a stórálann, a roinnimid agus a n-úsáideann do shonraí pearsanta - chomh maith le cur síos a dhéanamh ar na rialuithe agus na roghanna atá agat maidir le cathain agus conas a roghnaíonn tú do shonraí pearsanta a roinnt. Míneoidh ár mBeartas Príobháideachais go díreach cad is brí linn go mion.

Maynooth Students’ Union (MSU) cares about the privacy of students and endeavours to respect their privacy rights. We also want to be able to provide students with service provisions and a user experience that is safe and secure.
 
This privacy notice explains how MSU collects, processes and shares student personal data, and your rights in relation to the personal data held. MSU is the data controller of your personal data and is subject to the Data Protection Acts 1988 to 2018 ("DPA") and the General Data Protection Regulation (the "GDPR").
 
The General Data Protection Regulation (the "GDPR") and the Data Protection Acts 1988 to 2018 (together “Data Protection Law”) confer rights on individuals regarding their personal data as well as responsibilities on persons processing personal data, in this case MSU.
 
We want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data. That is our objective, and this Privacy Policy (“Policy”) will explain exactly what we mean in further detail below.
MSU (The Union) will comply with its responsibilities under the legislation in accordance with the data protection principles outlined in the Acts as follows:
  • Personal data shall be processed lawfully and fairly;
  • Personal data shall be collected for one or more specified, explicit and legitimate purposes and shall not be processed in a manner that is incompatible with such purposes;
  • Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed;
  • Personal data shall be accurate, and, where necessary, kept up to date, and every reasonable step shall be taken to ensure that data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Personal data shall be kept in a form that permits the identification of a data subject for no longer than is necessary for the purposes for which the data are processed;
  • Personal data shall be processed in a manner that ensures appropriate security of the data, including, by the implementation of appropriate technical or organisational measures, protection against (i) Unauthorised or unlawful processing, and (ii) Accidental loss, destruction or damage.
The Union has procedures in place to ensure that data subjects can exercise their rights under the Data Protection legislation.
GDPR gives certain rights to individuals in relation to their personal data. Accordingly, we have implemented transparency and access mechanisms to help users take advantage of those rights. As available and except as limited under applicable law, the rights afforded to individuals are:
  • Right of Access - the right to be informed of and request access to the personal data we process about you;
  • Right to Rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
  • Right to Erasure - the right to request that we delete your personal data;
  • Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data;
  • Right to Object -the right, at any time, to object to us processing your personal data on grounds relating to your particular situation; the right to object to your personal data being processed for direct marketing purposes;
  • Right to Data Portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
  • Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
MSU collects student personal data in a number of ways:
  • Directly from you – such as information you provide when you apply to join a Club or Society and complete registration forms via MU Life, register for online Union services, information provided by you when you submit a nomination for any elected position via online or hard copy applications, information provided when you communicate with the Union by telephone, email or via our website to make enquiries or raise concerns and in various other ways as you interact with the Union during your time as a student;
  • From third parties - We may receive data from third parties such as Maynooth University itself or the Higher Educational Authority;
  • Other ways – such as through the use of CCTV or promotional photography/videography in our shop, bar, venue or building.
  • Electronically – by the use of cookies.
Student personal data collected includes:
Student number; Name; Date of birth; Gender; Address; Emergency Contact Name; Emergency Contact Number; Email address; Student Course Details; Student Course Code; Curricula Vitae (SU Operations Staff only); PPS No. (SU Operations Staff only); Details of Disabilities (Optional); CCTV images & digital images (Photography/Videography). 
 
Sensitive Personal Data is only collected/maintained in limited circumstances and is not shared with any third party. These details are disclosed either in line with the legal requirements on MSU (e.g. Garda Vetting forms are sent to the Garda Vetting office to facilitate vetting of students) or upon the furnishing by the student of their written consent to a disclosure.
MSU processes personal data relating to students for purposes associated with the administration of the student/Union relationship and to fulfil contractual and educational obligations. The purposes for which student personal data processed during a student’s association with The Union include:
  • Administrative purposes including the facilitating of student representative elections.
  • Maintenance of student representative records.
  • Maintenance of MU Clubs & Societies membership database.
  • Administering finance (e.g. student childcare fund).
  • Providing support services.
  • Providing operational information.
  • Promoting our services, events and other operational reasons.
  • Safeguarding and promoting the welfare of students.
  • Ensuring the safety and security of students.
In addition, MSU needs to communicate with students from time to time in relation to administrative, democratic and other matters. The Union strives to use the most effective and efficient communication methods when communicating with students. The Union utilises a variety of methods/technologies to communicate with students based on any the following data:
  • Student’s University email address.
  • Student’s mobile phone number.
  • Student’s address.
  • Student’s personal email address.
In exceptional circumstances, where urgent communication with a student through direct contact details is not possible or has, following repeated attempts, been unsuccessful, contact may be made via a student’s next of kin using the details furnished by the student. Relevant exceptional circumstances in this regard may include accidents/emergencies and matters of security.
The legal bases on which MSU processes student personal data are:
  • The data subject has given consent to the processing of his/her personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
MSU may make personal data publicly available in connection with the above purposes, including:
  • Names and contact details of MSU staff.
  • Names and contact details of MSU elected officers.
  • Names and contact details of MSU student representatives.
MSU may privately disclose your personal data to other organisations in connection with the above purposes, including:
  • To third party service providers.
  • To internal and external auditors.
  • To the Gardaí or other law enforcement authorities where necessary for the purposes of the prevention, investigation or detection of crime.
MSU will not hold your personal data for longer than is necessary. The Union retains your personal data for as long as necessary for the purposes described in this notice and to comply with our obligations under applicable law.
We are committed to protecting your personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, retention and deletion policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
 
Should you register for online Union services then your password protects your user account. We encourage you to use a unique and strong password, limit access to your computer and browser, and log out after having accessed online Union systems.
 
All employees and students who collect and/or control the contents and use of personal data on behalf of The Union are also responsible for compliance with the Data Protection legislation.
MSU may occasionally update this policy. We encourage you to periodically review this policy for the latest information on our privacy practices. We also encourage you to advise us of any changes to your personal data which we hold so that we can ensure that your personal data is accurate and up to date.
Thank you for reading our Privacy Policy. If you have any questions about this Policy, wish to make an access request, or exercise your rights as outlined under data protection law, please contact our Communications Office by emailing communications[at]msu.ie or by writing to us at the following address:
 
Maynooth Students’ Union, Attn: Communications, Maynooth University North Campus, Maynooth, Co. Kildare, Ireland.
 
If you are dissatisfied with the response from the MSU Communications Office, you have the right to make a complaint to the Data Protection Commissioner. Everything you need to know about following this process can be found at www.dataprotection.ie

Download: MSU Privacy Policy v1.1 (Dec. 2018)

Download: MSU Job Applicant Privacy Notice