TCD Privacy Statement for Applicants

This is a statement of the practices of Trinity College Dublin, The University of Dublin (the "University") of College Green, Dublin 2, Ireland in connection with the capture and the use of personal data and the steps taken by the University to protect your personal data and respect your right to privacy.

The University fully respects your right to privacy and actively seeks to preserve the privacy rights of those who share information with the University. Any personal information which you volunteer to the University will be treated with the highest standards of security and confidentiality, in accordance with Irish and European Data Protection legislation. The University shall process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018.

The privacy notice explains the following

  • How and why we collect personal data
  • Information we hold about you as an Applicant
  • The purpose and legal basis for collecting personal data
  • How we store and secure personal data
  • How and why we use your data
  • Details of third parties with whom we share personal data
  • What are your rights

How and why we collect personal data

The data we collect from you will be used by the University in accordance with the purposes outlined in this privacy notice. We also collect information from third parties such as the Central Applications Office (CAO) and international affiliates.

Applicants’ personal data are normally gathered by the University via the my.tcd.ie Applicant portal and CAO (Central Applications Office). The University has a joint data controller agreement with the Central Applications Office (CAO). This agreement as well the CAO’s Privacy Statement is available from their privacy pages at the following link
http://www.cao.ie/index.php?page=privacy

The Application process includes the following data collection: 

  • Information you provide to us via my.tcd.ie;
  • Information you provide to us in any applications to TCD that you complete;
  • Any other application and admission processes required by TCD;
  • Information you provided through a specified application process e.g. Central Applications Office;
  • Communication between you and TCD via the my.tcd.ie portal, email and phone.

Information we hold about you as an Applicant

  • Unique Personal Identifiers (Applicant ID) and Applicant Biographical Information, such as Name, Title, Date of Birth, Gender
  • Your Contact Details
  • Details of Applicants’ Education (the courses you have completed, your subjects, dates of study, details of any awards, scholarships or other accolades achieved during your University years)
  • Next of kin/emergency contact details
  • PPSN number
  • Email address(es)
  • Information to provide applicants with support services such as Disability, where applicable
  • Financial information (including details of funding and fees)
  • Bank details, including IBAN, BIC, Name of bank/building society
  • Academic history – where applicable ie: where an applicant was enrolled previously in TCD
  • Details of previous examination results from other institutions
  • Details of what correspondence we have sent to you
  • Information about parties who are providing funding, including names and financial information to allow us to contact them and process payments

The purpose and legal basis for collecting your data

In order for the use of personal data to be lawful it should be processed on the basis of either the consent of an individual concerned or another legal basis, set out in the General Data Protection Regulation or in the Data Protection Act2018.

The University will ensure that your data is processed fairly and lawfully in keeping with the principles of data protection and will process personal data under various legal bases depending on the purpose for which the data is collected.  
Personal data is collected from applicants for the following purposes:

  • The administration of your application and to register you as a student;
  • To provide you with information relevant to your application.

Personal data is collected as it is necessary to carry out the official functions of the University as defined by the Universities Act 1997.

If you register with us a student, the University processes personal data as outlined in the following table.

Purpose for processing personal data

Category

Legal basis for processing

  • Admission and registration.
  • Administration of your education.
  • Administration of University policies.
  • Administration and provision of IT and Library services.
  • Provision of data to the Higher Education Authority and Department of Education.
  • The provision of data to the Department of Justice to support visa applications for international students.
  • To provide student ID cards and TCard services.

Administrative

Necessary to carry out the objects and functions under the Universities Act 1997.
Performance of a contract.
Statutory requirements. 

  • Academic assessment and supervision and monitoring of attendance.
  • Graduation and granting of awards.
  • Processing of appeals, complaints and disciplinary issues.
  • Audio recording of lectures.
  • Administration of research programmes and funding.
  • Administration of placements.
  • Surveys and student feedback

Academic

Necessary to carry out the objects and functions under the Universities Act 1997.

  • The provision of medical, counselling and disability and equality services.
  • The provision of reasonable accommodations.
  • The provision of careers services and mentorship.
  • The use of sports and recreational facilities.
  • The provision of University accommodation.

Student Services

Consent or explicit consent.
Vital interests of the individual.
Necessary to carry out the objects and functions under the Universities Act 1997.

  • If necessary due to a medical emergency.
  • The protection of vital interests.
  • The protection of public health.

Duty of Care

Vital interests of the individual.
Statutory requirement.

  • Processing and recovery of fees and payments
  • Administration of TCard

 

Financial

Necessary to carry out the objects and functions under the Universities Act 1997.

  • The administration of campus CCTV for security.
  • Provision of a safe environment for educational activities.

Health & Safety

Legitimate interest of the University.
Statutory requirement.

  • Garda Vetting for placements on specific courses.
  • For the purposes of criminal investigations. when requested by An Garda Síochána.
  • Exercise or defence of legal claims.

 

Legal

Statutory requirement.

Legal claims.

  • Provide information about University events and activities.

 

Communications

Necessary to carry out the objects and functions under the Universities Act 1997.

  • Retention of academic data and data of archival value in the public interest.

Archives

Necessary to carry out the objects and functions under the Universities Act 1997.
Permitted by section 42 of the Data Protection Act 2018.

  • Provision of education and contact data to Trinity Development & Alumni for the purposes of alumni engagement and fundraising.

Alumni

Necessary to carry out the objects and functions under the Universities Act 1997.

  • Provision of contact data to the Students Union.

Students Union

Necessary to carry out the objects and functions under the Universities Act 1997.

How we store and secure your data

Any data we collect from you will be stored confidentially and securely as required by the University Information Security Policy. The University is committed to ensuring all accesses to, uses of, and processing of University data is performed in a secure manner.
In keeping with the data protection principles we will only store your data for as long as is necessary and in accordance with our Records Management Policy and Records Retention Schedule which you can find on our website.
When we store your personal data on our systems the data will primarily be stored either on the University premises and secure IT platforms within the European Economic Area (EEA) which are also subject to European data protection requirements.  
We may store or share your data outside the EEA in the following circumstances:

  • For processing international applications and sharing data with partner Universities.
  • When using cloud services for the secure storage of data. Some cloud service providers store data in international data centres e.g. the US. The University will only use services which are compliant with the European General Data Protection Regulation and who satisfy the conditions for processing personal data outside the EEA.
  • For research projects with other research partners where we have your consent to do so.

If we are required to do so by law.

Details of third parties with whom we share personal data

The University will share your data with third parties where necessary for purposes of the processing and where there is a legal basis to do so.  The University may share relevant personal data with the following categories of third parties:

  • State or regulatory bodies including the Higher Education Authority, CAO, Department of Education and Skills, Department of Justice and Equality, Department of Employment Affairs and Social Protection
  • Information from your sponsor/grant awarding body (e.g. Student Universal Support Ireland (SUSI)) and information from your previous educational establishments
  • Information about you provided by referees you have nominated as part of your application process
  • IT or cloud service providers that provide essential services to the University e.g. Microsoft.
  • Firms that provide professional services to the University such as legal firms and auditors.
  • Firms that provide archiving and storage and disposal of confidential waste.
  • Research and academic partners.
  • Organisations including hospitals and public services that provide placements for students.

When we share your data with the third parties outlined here the University will endeavour only to share the data that is needed, that the data is only processed according to our specific instructions and that the same standards of confidentiality and security are maintained. Once the processing of the data is complete any third parties with whom data was shared will be required to return the data to the University save where they are required to retain it by law.

What are your rights?

You have the following rights over the way we process your personal data:

Right of Access

  • You have the right to request a copy of the personal data we are processing about you and to exercise that right easily and at reasonable intervals.

Consent

  • You have the right to withdraw your consent where that is the legal basis of our processing.

Rectification

  • You have the right to have inaccuracies in personal data that we hold about you rectified without delay.

Erasure

  • You have the right to have your personal data deleted where we no longer have any justification for retaining it subject to exemptions such as the use of anonymised data for scientific research.

Object and Restrict

You have the right to object to processing your personal data if:

  • We have processed your data based on a legitimate interest or for the exercise of the public tasks of the University if you believe the processing to be disproportionate or unfair to you.
  • The personal data was processed for the purposes of direct marketing or profiling related to direct marketing.

We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Restriction
You have the right to restrict the processing of your personal data if:

  • You are contesting the accuracy of the personal data;
  • The personal data was processed unlawfully;
  • You need to prevent the erasure of the personal data in order to comply with legal obligations;
  • You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.

Portability

Where it is technically feasible you have the right to have a readily accessible electronic copy of your data transferred or moved to another data controller if we are processing your data based on your consent and if that processing is carried out by automated means.

Contact

If you have any queries relating to the processing of your personal data or if you wish to make a complaint or escalate an issue relating to any of your rights you can contact the Data Protection Officer at dataprotection@tcd.ie  or at:

Data Protection Officer
Secretary’s Office, Trinity College Dublin,
Dublin 2, Ireland.
+353 1 896 8486

Finally is you are not satisfied with the information we have provided to you in relation to the processing of your data or you can also make a complaint to the Data Protection Commissioner via the link in their website Making a Complaint to the DPC.