Skip to main content
  1. Compliance
  2. Data Protection

Data Protection

Data Protection Privacy Statement

1. Introduction

Fiosrú, Office of the Police Ombudsman is committed to protecting the rights and privacy of all individuals. As a Data Controller, Fiosrú is subject to the EU General Data Protection Regulation (GDPR), the EU Law Enforcement Directive (LED) and the Data Protection Act, 2018 (“Data Protection Legislation”).

Data Protection legislation grants rights to you as an individual and imposes obligations on Fiosrú as a Data Controller when processing personal data. 

1.1 Purpose

The purpose of this privacy statement is to explain the following:

  • How Fiosrú collects your personal data.
  • Fiosrú’s legal basis for processing your personal data.
  • Personal data processed by Fiosrú.
  • Special category data processed by Fiosrú.
  • Consequences of failing to provide information.
  • Data Security.
  • Rules for processing personal data.
  • Disclosure of personal data to third parties.
  • Retention of your personal data.
  • International transfers.
  • Your rights under data protection legislation.

2. How Fiosrú collects your personal data

Fiosrú collects your personal data in order to provide its services to you. Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties such as An Garda Síochána, independent witnesses, medical professionals or CCTV footage.

3. Legal Basis for processing personal data

The Policing, Security and Community Safety Act, 2024 is the legislation which governs Fiosrú’s functions and legal basis for processing personal data.

Fiosrú’s statutory functions, include:

  • To deal with complaints concerning Garda conduct;
  • To conduct independent investigations following a referral from An Garda Síochána;
  • To investigate matters in relation to the conduct of Gardaí in the public interest.;
  • To report the results of those investigations to the Office of the Director of Public Prosecutions or the Garda Commissioner.

4. Personal data processed by Fiosrú

In order to perform our statutory functions, Fiosrú processes personal data about individual members of the public (including children), individual garda members and staff.

The table below illustrates examples of the personal data we collect, the reason why we collect it and the lawful basis for processing your personal data:

Personal Data

Reasons for Processing

Lawful Basis

Name, address, email address, phone numbers, date of birth, gender, occupation, medical information, racial or ethnic origin, images.

It is necessary to collect personal information from you to process complaints concerning Garda conduct.

Compliance with Statutory function.  

Compliance with a legal obligation.

Performance of a task and exercise of official authority vested in the Controller.

Name, address, email address, phone numbers, date of birth, gender, location, medical information, images, criminal convictions, physical attributes, garda rank, registration, district number, training qualifications

It is necessary to collect personal information from you to conduct a criminal investigation. 

Compliance with a Statutory function.

Performance of a function.

Name, address, email address, phone numbers, date of birth, gender, images, occupation, medical information, racial or ethnic origin, physical attributes, garda rank, registration, district number, training qualifications.

It is necessary to collect personal information from you to conduct a non-criminal investigation. 

Compliance with Statutory function.

Compliance with a legal obligation.

Performance of a task and exercise of official authority vested in the Controller.

Name, address, email address, phone numbers, date of birth, gender, occupation, training qualifications identification documents, financial information.

It is necessary to collect personal information from you for the purposes of a contract, example: building maintenance, building security, professional services.  

Performance of a contract.

5. Special Category Data

Fiosrú may also collect personal data of a sensitive nature, as defined under Data Protection legislation as special category data, which includes data such as:

  • racial or ethnic origin and sexual orientation may be collected for the purposes of conducting research.
  • genetic and biometric data for the purpose of uniquely identifying a natural person, which may be collected for the purposes of a criminal investigation.
  • data concerning health, including medical records or injury photographs, which may be collected with your explicit consent for the purposes of investigating a complaint.

6. Consequences of failing to provide information

Where we need to collect personal data from you in order to carry out our statutory functions, for example, making a complaint, and you fail to provide the required data, in some cases, we may be unable to process your complaint.

7. Data Security

Fiosrú stores all personal data confidentially and securely. We have implemented appropriate technical and organisational measures in accordance with data protection legislation to ensure that the personal data we process is safeguarded and not at risk from unauthorised access, loss or destruction. Security measures in place are monitored on an ongoing basis.

8. Rules for processing personal data

Data Protection Legislation requires Fiosrú to process personal data in accordance with the following principles:

  • Processed in a way that is lawful, fair and transparent;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and is limited to what is necessary;
  • Accurate and kept up to date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
  • Processed in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the use of appropriate technical organisational measures.

Fiosrú’s Data Protection Policy sets out how we obtain and process personal data. This policy is available here.

9. Disclosure of Personal Data to Third Parties

In order to fulfil our statutory functions and in compliance with the Policing Security and Community Safety Act, 2024, with your consent or when we are legally obliged to, Fiosrú may share your personal data with third parties.

Examples of third parties to which Fiosrú may provide this information include: parties to an investigation, the Garda Commissioner, An Garda Síochána, the Office of the Director of Public Prosecutions and the Policing and Community Safety Authority.

Personal data of Fiosrú staff members may be shared with other government organisations, such as the National Shared Services Office (NSSO).

10. Retention of personal data

Fiosrú is subject to the National Archives Acts. We will retain your data for as long as it is necessary to serve the purpose for which it was collected, where we are obliged to by law and in line with our data retention schedules.

11. International Transfers

The personal data that we collect from you is not generally transferred outside the European Economic Area (EEA). In the case that Fiosrú needs to transfer such data outside the EEA, it will ensure that an adequate level of data protection in that country exists that is no less protective than that which is provided in Ireland.

12. CCTV

Fiosrú operates camera surveillance systems (CCTV) throughout its Dublin office for the purposes of maintaining the health and safety and security of its staff, clients and members of the public. The use of CCTV cameras is clearly signposted. Fiosrú is aware that footage or images containing identifiable individuals captured by CCTV is personal data under data protection legislation.

Fiosrú may use CCTV footage in the establishment of facts in relation to an investigation, such as, a security incident or safety concern. 

13. Data Protection Rights

You have the following rights under the Data Protection Legislation, although your ability to exercise these rights may be subject to certain conditions:

Right of Access

You have the right to receive a copy of and/or access the personal data that we hold about you together with other information about our processing of that personal data.

Rectification

You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update your personal data.

Erasure

You have the right to request, in certain circumstances that Fiosrú erase your personal data.

Object

You have the right, in certain circumstances, to request that we no longer process your personal data the way in which we process it.

Restriction

You have the right to request to restrict the processing of your personal data if:

  • You are contesting the accuracy of the personal data.
  • The personal data was processed unlawfully.
  • You need to prevent the erasure of the personal data to comply with legal obligations.
  • You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing is verified.

Portability

Where it is technically feasible, you have the right to request that we transfer your personal data to another organisation.

Consent

If Fiosrú has collected personal data with your consent, you have the right to withdraw your consent.

Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

Complaints submitted to Fiosrú are not subject to automated processing.

Right to Complain

If you are not satisfied with the information Fiosrú has provided to you in relation to the processing of your personal data or you are dissatisfied with how Fiosrú is processing your personal data, you can make a complaint to the Data Protection Commissioner. Address: Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963.

 

14. Further Information

If you have any queries in relation to how your personal data is processed, please contact our Data Protection Officer, Ms Pauline Byrne at the details below:

Email:    data.protection@fiosru.ie

Phone: 0818 600 800

If you wish to exercise your rights under Data protection legislation please Select “Make a personal data request” on this website for further information on how to make a data access request.

To read Fiosrú's full Data Protection Policy, please click here.