Tusla Web Portal Privacy Statement
BACKGROUND:
This statement relates to our privacy practices in connection with this Website. The Child and Family Agency is not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identifiable as such.
The Child and Family Agency (Tusla) understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.tusla.ie (“our site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
Please read this Privacy Statement carefully and ensure that you understand it. Your acceptance of our Privacy Statement is deemed to occur upon your first use of our site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
“Account” | Means an account required to access and/or use certain areas and features of Our Site; |
---|---|
“Cookie” | Means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site. Details of the Cookies used by Our Site are set out in section 12, below; |
“Cookie Law” | Means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003; |
“Personal Data” | Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our site. This definition shall, where applicable, incorporate the definitions provided in the Data Protection Acts of Ireland OR EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and |
“We/Us/Our” | Means The Child and Family Agency (Tusla), a body corporate established under the Child and Family Agency Act 2013 whose headquarters are located at Brunel Building, Heuston South Quarter, Dublin 8. |
1. Information About Us
1.1 Our site is owned and operated by the Child and Family Agency, (Tusla), a body corporate established under the Child and Family Agency Act 2013 whose headquarters are located at Brunel Building, Heuston South Quarter, Dublin 8.
1.2 Our Data Protection Officer can be contacted by email at datacontroller@tusla.ie or by telephone on +353 1 771 8500, or by post at Brunel Building, Heuston South Quarter, Dublin 8.
2. What Does This Privacy Statement Cover?
This Privacy Statement applies only to your use of our sites. Our site may contain links to other websites. Please note that we are not the data controller and have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy statements and policies of any such websites before providing any data to them
3. Your Rights
3.1 As a data subject, you have the following rights under the GDPR, which this privacy statement and our use of personal data have been designed to uphold::
3.1.1 The right to be informed about our collection and use of personal data;
3.1.2 The right of access to the personal data we hold about you (see section 10);
3.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact us using the details in section 12);
3.1.4 The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you;
3.1.5 The right to restrict (i.e. prevent) the processing of your personal data;
3.1.6 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
3.1.7 The right to object to us using your personal data for particular purposes; and
3.1.8 Rights with respect to automated decision making and profiling.
3.2 If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 12. If we are unable to help, you also have the right to lodge a complaint with the Irish supervisory authority, the Data Protection Commission.
3.3 For further information about your rights, please contact the Data Protection Commission or your local Citizens Advice Bureau.
4. Consent to using the Tusla Portal
As a user of Tusla’s Web Portal you are asked to confirm by ticking the Consent box on registration that you consent to Tusla processing your personal and/or sensitive personal data in compliance with current applicable data protection legislation. Tusla is required to process your personal and/or sensitive personal data for the purpose of verification of your details when making a submission to Tusla in compliance with Tusla’s statutory obligations under various Acts including but not limited to the Children First Act 2015, Child Care 1991, Education (Welfare) Act 2000 and the Birth Information & Tracing Act 2022. You can withdraw your consent to Tusla processing your personal and/or sensitive data on the Tusla Web Portal at any time by filing a request at datacontroller@tusla.ie. If you are not satisfied with the manner in which Tusla is processing your personal and/or sensitive data you can lodge a complaint with the Data Protection Commissioner.
5. What Data Do We Collect?
Depending upon your use of our site, we may collect some or all of the following personal and non-personal data (please also see section 11 on our use of Cookies and similar technologies):
5.1 Names
5.2 Addresses
5.3 Dates of Birth
5.4 Contact information such as email addresses and telephone numbers;
5.5 Occupations
5.6 Name of Employers
5.7 IP addresses
5.8 Web browser type and version;
5.9 Operating system;
5.10 A list of URLs starting with a referring site, your activity on our site, and the site you exit to;
5.11 We also ask for Special Categories of Personal Data in the form of information on the different Portal submissions we receive.
5.12 The Categories of Data Subjects we collect all of this data or part of this data on are as follows:
For Child Protection and Welfare Report submissions, we collect:
- The individual filing the report
- The child who is the subject of the report
- The family of the child in question
- The person allegedly causing harm to the child
- Individuals from other organisations or agencies who may have information about the child or their family, e.g. social workers, teachers, doctors, nurses etc.
For School Absence Report submissions, we collect:
- The individual filing the report
- The child who is the subject of the absence report
For Service Provider Funding Application submissions, we collect:
- The individual filing the report
- The main contact person of the Service Provider
- The second authorised contact of the Service Provider
- The Chairperson of the Service Provider
- The Chief Executive Officer of the Service Provider
- The Tusla nominated contact in Tusla
For Early Years School Age Services and Childminder submissions, we collect:
- The individual filing the report
- The registered provider of the Service
- The person nominated as the person-in-charge of the Service
For Retrospective Report submissions, we collect:
- The individual filing the report
- The adult complainant who has made allegations of child abuse.
- The person who is the Person Subject to Allegations of Abuse (PSAA)
- Individuals who may have information relevant to the Report, e.g., other reporters etc
For Birth Information and Tracing requests, we collect details on:
- The individual submitting the request
- Details of the applicant if the individual submitting the request is acting on behalf of someone else
- Details of the adoptive/foster/registered/social parent(s) and their home address at the time the applicant was placed with them
- Details of the person the applicant is seeking to trace
- Details of any previous enquires made by the applicant
- Photographic identification, such as your driver’s licence or passport
- Proof of address
6. How Do We Use Your Data?
6.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the Irish Data Protection Acts and any amendments to same as well as the GDPR at all times. For more details on security see section 6, below.
Our use of personal data will always have a lawful basis, either because it is necessary for our performance of our services, because you have consented to our use of personal data, because it is in our legitimate interests or in the public interest.
Specifically, we may use your data for the following purposes:
6.1.1 Tusla have a statutory obligation under the Child Care Act (1991), the Child and Family Agency Act (2013) and Children First Act (2015) to promote the welfare of children who are at risk of not receiving adequate care and protection. Tusla therefore has an obligation to receive information about 1) any child who is not receiving adequate care and/or protection, 2) about any adult who alleges child abuse that took place during their childhood and there is a possible ongoing risk to children from the person against whom there is an allegation and 3) about any adult who may have abused a child. Tusla ask for Personal Data and Sensitive Personal Data of the Data Subjects to assist it in screening the Report, assessing the level of risk to a child and when necessary in assigning a priority status to the case, or identifying the type of support services required.
6.1.2 Tusla have a statutory obligation under the Education (Welfare) Act, 2000, to promote school attendance. Tusla therefore has an obligation to receive information from schools with regard to students with attendance issues that have been identified during the current academic year i.e. students that have been absent from school for a cumulative total of twenty days or more. Only children over the age of 6 years and children who have not reached the age of 16 years, or have not completed 3 years of post-primary education, whichever occurs later should be reported.
6.1.3 Providing and managing your access to our site;
6.1.4 Personalising and tailoring your experience on our site;
6.1.5 Supplying our services to you;
6.1.6 Personalising and tailoring our services for you;
6.1.7 Replying to emails from you;
6.1.8 Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by contacting the Child and Family Agency (Tusla));
6.1.9 Research purposes;
6.1.10 Contacting you by text as part of our security measures to enable us to authenticate you as a user of the Portal.
6.2 We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Irish Data Protection Acts and GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
6.3 Third parties whose content appears on our site may use third party Cookies, as detailed below in section 11. Please refer to section 11 for more information on controlling Cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy statements and policies of any such third parties.
6.4 You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
6.5 We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the period as set out in the Child and Family Agency GDPR Privacy Policy.
7. How and Where Do We Store Your Data?
7.1 All personal data and special categories of personal data entered on a Child Protection and Welfare Report is retained for a maximum of 48 hours on the Portal, by which time it is either transferred to Tusla’s internal systems (if the report was submitted by the Reporter) or fully erased (if the report was left in an un-submitted status by the Reporter)
7.2 All personal data and special categories of personal data entered on a School Absence Report is retained for the duration of the current and previous academic school year reporting periods, by which time it is either transferred to Tusla’s internal systems (if the report was submitted by the Reporter) or fully erased (if the report was left in an un-submitted status by the Reporter)
7.3 All personal data and special categories of personal data entered on the Funding Application Report and the Tusla Early Years Reports are retained for the duration of the relationship with the Service Provider, by which time it is either transferred to Tusla’s internal systems (if the report was submitted by the Reporter) or fully erased (if the report was left in an un-submitted status by the Reporter)
7.4 All of your data will be stored by us solely within the European Union with the exception of your mobile phone number. Our mobile phone service provider may store your mobile number outside the European Union while providing a mobile phone verification service to us, but no personal identifiable data is shared with them. We will only store your data in locations that the European Commission has deemed to have adequate levels of data protection, e.g. the UK.
You are deemed to accept and agree to this by using our site and submitting information to us.
7.5 Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our site.
7.6 Steps we take to secure and protect your data include:
7.6.1 Data is stored on encrypted format and is also encrypted in transit.
7.6.2 We limit access to those who can access data.
7.6.3 ICT security features are installed and in place to reduce the risk of data identify theft or hacking.
7.6.4 Your data is your own and we only will use it for the purpose stated
8. Do We Share Your Data?
8.1 In assessing the level of risk to the child or in assessing the support services required, Tusla may disclose Personal Data or Sensitive Personal Data of a Data Subject to an Garda Síochána. We also may share your data with other public bodies and authorised third parties.
8.2 In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where e.g. are complying with legal obligations, a court order, or a governmental authority.
8.3 We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with authorised third parties or other Public Bodies. Data will only be shared and used within the bounds of the law.
8.4 The third party data processors used by us are located within the European Union. The exception to this, is our mobile phone service provider who may store your mobile number outside the European Union, but no personal identifiable data is shared with them. We will only store data in locations that the European Commission has deemed to have adequate levels of data protection, e.g. the UK. We have entered into a Data Processor Agreement with our Data Processors wherein they agree to protect, secure and keep confidential any Personal data they process.
9. How Can You Control Your Data?
9.1 In addition to your rights under the GDPR, set out in section 3, when you submit personal data via our site, you may be given options to restrict our use of your data.
10. Your Right to Withhold Information
10.1 You may access certain areas of our site without providing any data at all. However, to use all features and functions available on our site you may be required to submit or allow for the collection of certain data.
10.2 You may restrict our use of Cookies. For more information, see section 11.
11. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Requests for records can be made by accessing our requests portal at datacontroller@tusla.ie.
12. Our Use of Cookies
12.1 Our site may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of our site and to provide and improve our services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
12.2 By using our site, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us. For more details, please refer to section 5, above, and to section 11.6 below. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
12.3 All Cookies used by and on Our Site are used in accordance with current Cookie Law.
12.4 Before Cookies are placed on your computer or device, you will be shown a pop-up message requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of our site may not function fully or as intended. You will be given the opportunity to allow only first party Cookies and block third party Cookies.
12.5 Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are listed in our Cookie Policy and you should refer to same for further details. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings but please be aware that our site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
12.6 In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
12.7 You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our site more quickly and efficiently including, but not limited to personalisation settings.
12.8 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
13. Contacting Us
If you have any questions about our site or this privacy statement, please contact us by email at datacontroller@tusla.ie or by post at Brunel Building, Heuston South Quarter, and Dublin 8. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you (as under section 10, above).
14. Changes to Our Privacy Statement
We may change this Privacy Statement from time to time (for example, if the law changes). Any changes will be immediately posted on our site and you will be deemed to have accepted the terms of the Privacy Statement on your first use of our site following the alterations. We recommend that you check this page regularly to keep up-to-date.
15. How Can I Find Out More?
More detail on how we use your personal data, what we use it for, why we are allowed to use it, who we will share it with, your rights in relation to your personal data and how we keep it secure are contained in our Data Protection Notice which you can access here