Skip to content

Privacy Policy

1. Purpose and Scope

This document serves as the Privacy Notice for South Dublin County Public Participation Network for the purposes of the General Data Protection Regulation (GDPR).

Further detail on how long different types of data are retained is set out in the SDC PPN Data Retention Policy.

This Data Protection Policy sets out how South Dublin County Public Participation Network (SDC PPN) collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Irish data protection legislation.

This policy applies to all personal data processed by SDC PPN in the course of its statutory functions, including data relating to member groups, group contacts, representatives, Secretariat members and other stakeholders.

2. Data Controller

South Dublin County Public Participation Network (SDC PPN) is the Data Controller for all personal data processed in the course of its statutory functions.
SDC PPN determines the purposes and means of processing personal data relating to:

  • member groups
  • group contacts
  • elected PPN representatives
  • Secretariat members

3. Data Processors

SDC PPN works with several Data Processors who process personal data on its behalf under written Data Processing Agreements. These include:

  • South Dublin County Council (SDCC)
  • Volunteer Network (Salesforce CRM)
  • Website hosting and email communication service providers

All processors are required to comply with GDPR and act only on the documented instructions of SDC PPN.

4. Lawful Basis for Processing

SDC PPN processes personal data under the following lawful bases as set out in Article 6 of the GDPR:

  • Article 6(1)(e): performance of a task carried out in the public interest or in the exercise of official authority vested in the organisation
  • Article 6(1)(c): compliance with a legal obligation

Where consent is relied upon for specific activities (such as optional communications), individuals may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Categories of Personal Data and Information Collected

SDC PPN collects and processes only the personal data that is necessary to carry out its statutory functions.
This may include:

  • name of group contact or representative
  • email address
  • phone number
  • postal address (where required for governance or correspondence)
  • group name, pillar, and membership status
  • representative roles, terms and committee participation
  • records of engagement relevant to PPN functions (e.g. elections, submissions, linkage groups)

SDC PPN does not collect unnecessary personal data and does not process special category data unless there is a clear legal basis and appropriate safeguards are in place.

6. Data Subject Rights

All individuals whose personal data is processed by SDC PPN have the following rights under GDPR:

  • the right to access their personal data
  • the right to rectification of inaccurate or incomplete data
  • the right to erasure, where applicable
  • the right to restrict processing
  • the right to object to processing
  • the right to lodge a complaint with the data protection commission

Requests to exercise these rights should be made in writing to the PPN Coordinator. SDC PPN will respond within one calendar month, in line with GDPR requirements.

7. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected:

  • active member groups and contacts: retained for the duration of active membership
  • inactive or former member groups: retained for up to 7 years for statutory reporting, audit and governance purposes
  • former representatives and secretariat members: retained for up to 7 years following the end of their term
  • general correspondence: retained in line with operational and statutory requirements

Personal data is securely deleted or anonymised when retention periods expire.

8. Data Security

SDC PPN implements appropriate technical and organisational measures to protect personal data, including:

  • restricted access to systems
  • secure password management
  • use of gdpr-compliant platforms
  • confidentiality obligations for staff and volunteers

9. Data Breaches

Any personal data breach will be assessed promptly. Where required, breaches will be reported to the Data Protection Commission within 72 hours and to affected individuals without undue delay.

Data processors are required to notify SDC PPN of any breach within 24 hours of becoming aware of it.

10. Statement of GDPR Compliance and Principles

PPN is committed to complying fully with the GDPR and Irish data protection law.
Personal data is processed in accordance with the following GDPR principles:

  • lawfulness, fairness and transparency
  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality
  • accountability

SDC PPN takes responsibility for demonstrating compliance with these principles through documented policies, procedures, training, and Data Processing Agreements.

11. Transparency, Publication and Review

This policy is reviewed regularly to ensure continued compliance with GDPR and evolving best practice.

A plain-language summary of this policy is available on the SDC PPN website to support transparency for members and the public.

12. Cookie Policy

You can find our Cookie Policy here: https://sdcppn.ie/cookie-policy-eu/

13. Google Analytics

You can find the Google Analytics Privacy Policy here:  https://support.google.com/analytics/answer/6004245. To opt out of being tracked by Google Analytics across all websites visit the Google site. These cookies are used to collect information about how visitors use our site. The cookies collect information in an anonymous form that does not identify a visitor. They provide information regarding the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to compile reports and to help us improve the way our website works, for example by making sure users are finding what they need more easily.

14. Security

The Wordfence security plugin collects digital personal data that contains IP addresses from the site visitors, but this is only used to help protect this site against malicious attacks. It stores this data for 90 days unless there is still malicious activity for that data in which case it is kept until no longer malicious.
https://www.wordfence.com/privacy-policy/.

ModSecurity on our server also collects IP addresses to help protect the website against malicious attacks. It anonymises them after after 28 days.
https://modsecurity.org/privacy-policy/.

We use Google’s Recaptcha on contact forms to protect us from spam.
https://policies.google.com/privacy.

15. Contact Details

Data protection queries or requests should be directed to:

PPN Coordinator South Dublin County Public Participation Network. Email: