Data Protection Commissioner
Data Protection Commissioner

Privacy Statement


How we use your information

This privacy notice provides information about the ways in which the office of the Data Protection Commissioner (the DPC) collects, stores, shares or keeps personal information provided by our customers.

Using our website:

 Our website ( has introduced cookies with effect from the 31st March 2017. The purpose of the cookies is solely to assist this Office in redesigning our website to ensure we provide relevant information in an easily accessible format.  Please see below for our Cookie Policy. 

Search engine:

 The search facility on our website is an internal search function and only returns information that appears on the website. 

Online registration:

 Some businesses are required by law to register with the ODPC. To facilitate this, the ODPC offers an online registration system. Customer usage is tracked to ensure that customers supplying payment information can do so in a safe and secure manner.
When a customer uses our Online Registration function, a session cookie is created. This creates a unique identifier, ensuring that your payment details can only be attached to your application, guarding against fraudulent activity. The session cookies have a short lifespan and ‘time-out’ after a short period of time. The cookies are not logged by the ODPC and we do not retain a record.

Calling our Helpdesk:

 The ODPC does not collect Calling Landline Identification (CIL) or any other information on the origins of a call. We do not record or retain phone conversations.

Emailing us:

 Any emails sent to us are recorded and forwarded to the relevant section. The sender’s email address will remain visible to all staff tasked with dealing with the query. Please be aware that it is the sender’s responsibility to ensure that the content of their emails is within the bounds of the law. Unsolicited material of a criminal nature will be reported to the relevant authorities and blocked.

Making a complaint to us:

When we take on a complaint, a file is generated. This will usually contain personal information about the complainant and any other individuals involved in the complaint.
We will only collect personal information that is necessary to investigate the complaint. We do gather and publish case studies and statistical information on the number and type of cases we process, but all information is annonymised and does not identify any individual.
We will usually have to disclose the complainant’s identity to whomever the case is against. We will try to facilitate a complainant who wishes to remain anonymous, but if a case proceeds it is generally inevitable that the identities of both parties are revealed. This is to ensure fairness in the legal process.
If sensitive personal data is collected for the purposes of a complaint, appropriate measures will be taken to ensure that it is safely processed.    
The information contained in complaint files will be kept in line with our retention policy. This means that information will be held for six years from the last date of action on the file. It will be kept in a secure environment and available only to those who need to access it.
When we take enforcement action, we may publish the identity of the defendant in our Annual Report or elsewhere. We will not identify the complainant, unless the information is already in the public domain.

Registering as a Data Controller or Data Processor:

When a business or individual is required to register with the Data Protection Commissioner, an online record of their registration is created. We do not retain manual registration records. Except in the case of sole traders, registration files do not generally contain personal data, as they relate to commercial bodies.
The Register is a live document, and is viewable online by the public. When the DPC records a registration, only commercial information is made visible to the public.
Reporting a Breach of Data Protection:
We take Breach Notifications from organisations who are self-reporting a lapse in Data Protection, or from individuals whose own personal data has been disclosed without their consent. We only gather such information as is necessary to investigate and take action in a case.
Breach report material is stored in electronic format for six years from the last date of action on the file. It will be securely stored and available only to those who need to access it.

Access to personal information:

 The ODPC will respond to Section 3 requests (confirmation of the existence of data) made under the Data Protection Acts, but we are not required to comply with Section 4 requests (release of data). This is to ensure fairness and privacy in the investigation process.


 As far as possible, we will not disclose personal data without consent. However, when we investigate a complaint we may need to share personal information with the other parties concerned. We will consider any request for anonymity in respect of a case, but we cannot guarantee that it will be possible to enforce it. We will not disclose your personal data to third parties except in instances where an individual has consented to the disclosure, or we are obliged by law to disclose the data. Third parties to whom we may disclose information include organisations such as An Garda Síochána.

Cookie Policy

Updated 31st March, 2017.

What is a cookie

A cookie is a small piece of data that may be stored on your computer or mobile device. It allows a website “remember” your actions or preferences over a length of time.
Further information on cookies can be found at

How are they used on this site


This site uses 2 different types of cookie,

o    Session Cookies
o    Persistent Cookies
Session Cookies are temporary cookies that are not stored on your computer or mobile device. They are used as part of the registration process for financial security purposes. A session cookie is also used to remember your language preference when viewing the site. These session cookies are erased when you close your browser, or after 20 minutes of inactivity.
Persistent cookies are those placed on your computer or mobile device for a pre-determined length of time when you visit this site. This site only places cookies that are specific to this site.
Cookies used on
The Office of the Data Protection Commissioner has introduced Google Analytics to assist us in redeveloping our website to ensure we provide relevant information in a easily accessible format.
Google Analytics Cookies used on this site
Cookie Name
Expiration Time
12 months from last visit
Used to distinguish visitors to site
10 minutes
Used to throttle request rate

10 minutes


Used to throttle request rate
_ _utma
12 months from last visit
Used to distinguish visitors and pages visited. Records a unique ID, the date and time of first visit, time of current visit nd total number of visits made
_ _utmb
30 minutes from last visit
Used to determine new sessions or visits. Stores the number of page views in current visit and start time of visit
_ _ utmc
Session cookie
Used to note that the visit has ended when browser is closed
_ _utmz
6 months
Records the site you may have linked to our page from. Only records data if you clicked on a link to our site from a different website

Specific Cookies

 The following cookies are used specifically on this site
Cookie Name
Expiration Time
6 Months
Records if you have clicked in the Cookie Notifaction and therefore does not display notification for 6 months.

Managing Cookies

Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you and so we provide links below to popular manufacturers' instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use ("third party cookies"), or those from specific websites.



Changes to our Privacy Statement:

 This is a live document, under regular review. This policy was last updated in March 2017

How to contact us:

 If you require further information regarding our Privacy Statement, you can contact us at or write to us at: The Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois.