Find your parish Donate

Privacy Statement and Policy

Dioceses of Galway, Kilmacduagh and Kilfenora, and of Clonfert
Diocesan Offices, The Cathedral, Gaol Road, Galway, and Coorheen, Loughrea, Co. Galway, Ireland

Registered Charity Numbers:

  • Diocese and Parishes of the Diocese of Galway, Kilmacduagh and Kilfenora (RCN 20007592 / CHY 7424)

  • Diocese of Clonfert (RCN 20016623 / CHY 7501)

1. Introduction

For the purposes of this Privacy Statement and Policy, the Roman Catholic Dioceses of Galway, Kilmacduagh and Kilfenora, and of Clonfert (“the Dioceses”) refer to the administration and operations of the following registered charities, with offices at Galway Cathedral, Gaol Road, Galway, and Coorheen, Loughrea, Co. Galway:

  • The Diocese and Parishes of the Diocese of Galway, Kilmacduagh and Kilfenora

  • The Clonfert Diocesan Trustees Unlimited

These charities, their activities, and their administration are generally known as the “Dioceses of Galway and Clonfert.”

Bishop” means the Roman Catholic Bishop of the Dioceses for the time being and from time to time, duly appointed by the canonically elected Supreme Pontiff, and — in the event of the office being vacant or impeded — the person who under Canon Law has power to perform the administrative duties of the Bishop in any interim period before the appointment of a successor as Bishop or until the impediment ceases, as the case may be, the person with this power being a diocesan administrator or an apostolic administrator.

The Bishop has published this Privacy Statement to demonstrate his commitment — and that of both Dioceses — to protecting and respecting your personal data.

The Dioceses fully respect your right to privacy and actively seek to preserve the privacy rights of those who share information with us. Any personal information you provide will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018.

This Privacy Statement explains how the Dioceses process information, in particular the personal data that we receive from you. Please read the following carefully to understand our practices regarding your personal data and how we treat it.

2. Relationship between the Dioceses and Parishes

If you have given your personal data to one of the Diocesan Offices (or the central administration of either Diocese), it is the Diocese directly that will usually be the data controller of that information.

If you have given your personal data to a parish within either Diocese, the parish (and not the Diocesan Office) will usually be the data controller of such information. You will need to contact the relevant parish directly in relation to any queries you have regarding that personal data.

In certain circumstances, the central administration of the Dioceses may process data on behalf of a parish — for example, in relation to safeguarding, vetting, payroll, or financial administration.

3. What Information Do the Dioceses Collect About You?

The Dioceses receive personal data about you in various ways including directly from you, and sometimes from a parish, family member, other dioceses, schools, employers, Revenue, medical professionals, CCTV, and webcams.

The personal data that may be collected includes:

  • Information relating to the sacraments of Baptism, Holy Communion, Confirmation, Marriage, and Holy Orders (Ordination)

  • Information relating to financial donations (requirements of the Charities Acts and to assist parishes claim tax back on donations)

  • Safeguarding information as required by the National Safeguarding Office and the National Vetting Bureau

Depending on your relationship with the Dioceses, we may also collect:

  • Name, contact details, and date of birth

  • Nationality and PPS number (where required by law)

  • Financial information (such as bank details)

  • Employment data and qualifications

  • Information about current involvement in the Dioceses

  • Volunteering information

  • CCTV recordings and photographs

Special-category data which reveals your religious beliefs may also be collected and processed. This list is not exhaustive.

4. Processing of Personal Information

The Dioceses collect and process information about you in a number of ways including face-to-face meetings, email, phone conversations, from parishes, and via forms sent by the diocesan offices.

The Dioceses must have a lawful basis for processing your information. This will vary according to the circumstances, but typical examples include:

  • Activities within the legitimate interests of the Dioceses in advancing and maintaining the Roman Catholic religion and providing information about diocesan or parish activities

  • Your consent to process information (which may be withdrawn at any time)

  • Processing necessary for compliance with a legal obligation

  • Processing necessary for carrying out a task in the public interest

  • Processing necessary to protect vital interests

Where the Dioceses process special categories of personal data, an additional lawful basis will apply, such as:

  • Explicit consent

  • Processing in the course of legitimate activities of the Church

  • Protection of vital interests

  • Information you have made public

  • Establishment, exercise or defence of legal claims

  • Employment or social security obligations

  • Reasons of substantial public interest

5. Baptism Registers and Other Sacramental Registers

The Bishop is the sole controller of the personal and special-category data contained in Baptism Registers held in parishes of the Dioceses with respect to storage, retention, standard or special annotation, and alteration of data. The Bishop and the Parish Priest/Administrator are joint controllers for the collection and recording of data in these registers.

Where personal or special-category data is processed in the Baptism or other Sacramental Registers held in parishes, the Bishop relies on the principle of legitimate interest in preserving the information contained in those registers, as they form the permanent record of sacraments that may only be administered once in the Roman Catholic Church.

Personal data in such registers is processed within the legitimate activities of the Church, with appropriate safeguards, and is not disclosed outside the Church without consent.

6. For What Do the Dioceses Use Your Information?

The Dioceses use your information for purposes including:

  • Facilitating the reception of the sacraments

  • Providing pastoral and spiritual care

  • Responding to enquiries and complaints

  • Processing application forms or donations

  • Communicating about diocesan or parish events

  • Maintaining accounts and statutory records

  • Supporting the work and operations of the Dioceses and parishes

  • Auditing and statistical reporting

  • Ensuring compliance with legal obligations

In addition, technical details connected with visits to diocesan websites may be logged for administrative and security purposes. CCTV may also be used to help create a safe environment for clergy, volunteers, and visitors.

The Dioceses do not use automatic decision-making or profiling software.

7. Practical Examples of Processing

Personal data may be processed in the course of:

  • Requests for information or sacramental records

  • Participation in liturgies, retreats, or pilgrimages

  • Subscriptions to newsletters or parish communications

  • Volunteering or fundraising

  • Employment or safeguarding vetting

  • Enquiries submitted through the diocesan website

Any third-party service providers acting on behalf of the Dioceses are bound by the same privacy and data-protection standards.

8. Transfers Outside the European Economic Area

The Dioceses do not usually transfer data outside the European Economic Area (EEA). Where such transfer is necessary (e.g. for marriages abroad), this will be done in compliance with the GDPR and Data Protection Act, and your consent will be obtained where appropriate.

9. Cookies

The diocesan website uses cookies to improve navigation and monitor web traffic. Non-registered visitors may receive anonymous cookies to analyse general browsing patterns.

You can disable cookies in your browser settings, though some site functions may not work correctly without them.

10. Sharing Your Information

Your information will only be used for the purposes for which it was collected. It may be shared with:

  • Statutory bodies such as Revenue or law enforcement, where required by law

  • Approved service providers under written agreement

  • Regulatory or auditing authorities where legally necessary

The Dioceses will never sell or exchange your personal data.

11. Storage and Retention

Your data may be stored in hard copy or electronically in facilities owned or operated by the Dioceses or their service providers.

Personal information is retained only as long as necessary for the purpose for which it was collected or as required by law. Sacramental registers are retained in perpetuity.

12. Data Protection Principles

The Dioceses commit to the following principles:

  • Lawful, fair, and transparent processing

  • Limiting processing to stated purposes

  • Minimising data collection

  • Ensuring accuracy and integrity

  • Retaining data only as necessary

  • Maintaining confidentiality and security

  • Reporting data breaches promptly to the relevant authority

13. Security and Accuracy

The Dioceses employ physical, electronic, and managerial safeguards to protect personal data against loss, unauthorised access, or alteration.

Individuals are encouraged to inform the Dioceses of any changes to their personal information.

Sacramental registers are updated with relevant annotations (e.g. Confirmation, Marriage, or Holy Orders) to ensure accuracy and completeness.

14. Your Rights

Under Irish data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (“the right to be forgotten”) in certain cases

  • Restrict processing under defined conditions

  • Request transfer (portability) of your data

  • Object to certain types of processing

  • Lodge a complaint with the Data Protection Commission

Requests should be made in writing or by email with proof of identity to:
Data Protection Officer
St Mary’s, Temple Street, Sligo, F91 KTX2
E. dpo@elphindiocese.ie

15. Review

This Privacy Statement has been approved by the Bishop. The Dioceses reserve the right to review and amend this policy at any time without notice. The current version will always be available at www.clonfertgalway.ie.

16. Further Information and Complaints

Further information on your data privacy rights is available from the Data Protection Commission at www.dataprotection.ie.

If you wish to report a concern or make a complaint, contact:
Office of the Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
T. 01 7650100 (Ireland) or +353 1 7650100 (outside Ireland)

Bishop Michael Duignan
Date: October 2023