Who we are
Galway City Council is the democratically elected unit of local government in Galway City and under the provisions of the Local Government Acts (as amended) and various statutory provisions is responsible for providing a range of services to meet the economic, social and cultural needs of the people of the City.
The principle functions of the Council is to provide a wide range of services to the public including:
Arts, Community Development, economic development, Environment and climate change, building control, planning, housing, water services, recreation and amenity, parks, transportation, tourism, heritage and finance.
The support functions within the council supporting the work of the Council include:
ICT, Corporate services, finance and human resources.
For the purposes of the Data Protection Acts 1988-2018 (amended) and the General Data Protection Regulation (GDPR) Galway City Council is the ‘data controller’ for any personal data that you give to us. If you have any concerns about how we collect or process your personal data, our Data Protection Officer may be contacted as firstname.lastname@example.org or call 091-536400.
Galway City Council is committed to protecting your privacy when you use our services. This privacy notice explains how we use information about you and how we protect your privacy. The information provided below we set out how we use your data, our legal basis and how we secure it.
How we collect your personal data
In order to provide the most effective and targeted range of services which meet the needs of the citizens, communities and businesses within the City, we are required to collect, process and use certain types of information about people and organisations. Galway City Council collects and processes a significant amount of ‘personal data’ and in some cases sensitive personal data known as ‘Special Category Personal Data’ in various multiple formats on a daily basis. Our commitment is to ensure that the personal data supplied is:
- Obtained lawfully, fairly and in a transparent manner
- Collected for only specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary for the purposes for which it was obtained
- Recorded, stored accurately and where necessary kept up to date
- Kept for no longer than is necessary and in a form, which permits identification of the data subject
- Processed in a manner that ensure the appropriate security of the personal data including protection against unauthorised or unlawful processing of the data
Most of the personal data we process is provided to us directly by you for one of the following reasons.
- You make an application for a service we provide via an application form you fill in
- You write to us via letter or email
- You provide your details over the phone or in person
- You apply to work with us
- You supply us with goods or services
- When you use our website
- You are representing an organisation or community group
- You subscribe to our newsletters
We also receive personal information indirectly, in the following scenarios
- A complainant refers to you in their complaint correspondence
- An elected representative refers to you in a complaint on behalf of a constituent
- An elected representative makes a representative on your behalf
- A third party is acting on your behalf i.e. solicitor, family member
- An employee of the Council gives your contact details as an emergency contact or a referee
We also collect personal information when we are investigating under various powers conferred on us. This includes
- Illegal parking or overstay parking limits – car registrations
- Illegal dumping – checking for details in rubbish and identifying owners and details
- Illegal planning developments – identifying owners and details
What personal data we collect
We collect the following personal information when you:
Service users/members of the public:
- Name, address, date of birth, place of birth, telephone number, email address, employment details, family composition, income details, bank details, details relating to dependents and children, PPSN, insurance details, income tax details, education information, employment history, car images, proof of citizenship, parents/guardians/next of kin, proof of address, details of criminal offences, CCTV footage, photographic images at events, photographic images of your car and/or motor tax details, electoral register information
- Special category information such as ethnicity, health information, union membership
Apply for a job:
- Name, address, date of birth, email address and telephone number, employment history, referees, education, immigrant status
Supply goods or services:
- Contact details, name, address, email, business address, billing payment details, VAT number, Tax Clearance Certificates, insurance details, bank account details, health and safety training records
Why do we collect this information?
Service users/members of the public
- To fulfil our statutory functions and obligations as a local authority, as set out in various statutory provisions
- To process your application in relation to, and/or provide you with, any of our services pursuant to our statutory functions and obligations
- To communicate efficiently and effectively with you as part of our relationship with you
- To assist in the detection, prevention, investigation and prosecution of criminal offences and to help secure public order and safety in public places (through CCTV)
- To enforce traffic laws (for example, through issuing tickets for pay parking and motor tax offences) and to enforce waste/litter pollution laws (for example, through issuing fines for illegal dumping etc.)
- To deliver information about our services, where you have subscribed to receive same
- To investigate complaints received about our services
- To comply with health and safety law and other legal obligations
- To create a candidate profile for you if you are a prospective employee or nominated for election and to communicate with you in relation to your application
- To set you/your company up as a supplier on our systems
- To liaise with you about projects that we are undertaking with you
- To pay you and to collect payment from you
Our Lawful Basis
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the controller by virtue of our statutory functions set out under the Local Government Acts (as amended)
- Processing is necessary for the performance of a contract which you have entered into with us or take steps at your request when entering a contract
- Processing is necessary for compliance with a legal obligation we are subject
- That you have provided consent for the processing for one or more specified purposes such as marketing, for example, when you subscribe to receive news and updates about our organisation
- Our legal basis for processing special category data is that the processing is necessary for the performance of a function conferred to us under the Local Government Acts (as amended)
Who we share your personal data with
We may share your data with third parties and suppliers and contractors who are working on our behalf to provide services to you.
Information which you provide to one department within Galway City Council may be shared with other departments within the Council where this sharing is necessary and proportionate for the performance of our statutory functions. In particular, your information may be shared with other departments within the Council in order to enable the set off of moneys due to Monaghan County Council against sums owed to you, pursuant to Section 7 of the Local Government (Financial Provisions) (No.2) Act 1983.
- Department of Housing, Planning & Local Government
- Department of Employment Affairs & Social Protection
- Revenue Commissioners
- Department of Transport, Tourism & Sport
- Health Service Executive
- An Garda Síochána
- Limerick City and Limerick County Council
- Laois County Council
- Irish Credit Bureau
- Legal Firms
- Irish Public Bodies
- Courts Service
- Department of Defence
- Road Safety Authority
- Health & Safety Authority
- Enterprise Ireland
- Irish Water
How long do we retain your information?
We will not keep your personal data for longer than is required or necessary. The law, business needs and our regulatory requirements determine the length of time information has to be kept. Our retention periods are set out in the National Retention Policy. Please note that this retention policy is currently under review.
Protecting your personal data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, Galway City Council has put in place appropriate technical, physical and organisational procedures to safeguard and secure the information we collect about you.
Cookies are small text files that are placed on your computer by websites that you visit with the aim of making the site work, improving a user’s experience and/or making their activity more efficient. Web browsers allow control of cookie usage through the browser settings.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
Where is your personal information processed?
Your personal information is processed by our staff in Galway City Council. We do use contractors who operate elsewhere in Ireland or the UK. We may use contractors who are based in the EU or the USA.
We will not transfer or process data outside the European Europe Economic Area, unless we have your specific consent or the nature of the processing requires it.
All processors of personal information relating to EU citizens are required to comply with GDPR.
Your data protection rights
1. The right to be informed
This privacy notice provides you with some of the high level information required. Specific privacy notices are provided on the various functions of the Council.
2. The right to access information
You have the right to ask for the personal data we hold on you. This is known as a subject access request. When we receive a request from you we must provide you with a copy of your personal data within one calendar month.
If you wish to make a request to view your records please email email@example.com. However, we can’t let you see any parts of your record which contain:
- confidential information about other people or
- data a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing or
- if we think that giving you the information may stop us from preventing or detecting a crime.
This applies to personal data that is in both paper and electronic records.
3. The right to rectification
If your personal data is inaccurate we will correct it without undue delay. Please let us know what the correct information is so we can correct it.
If the personal data we hold on you is incomplete, please provide us with the supplementary information, so we can complete the information we hold.
4. The right to erasure (right to be forgotten)
In some circumstances you can ask for your personal data/information to be deleted, for example:
- where your personal data/information is no longer needed for the reason why it was collected in the first place
- where you have removed your consent for us to use your information (where there is no other legal reason for us to use it)
- where there is no legal reason for the use of your information
- where deleting the information is a legal requirement
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
- we are required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for, scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims.
5. The right to data portability
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However, this only applies if we’re using your personal data with consent (not if we are required by law), if the processing is carried out by automated means, or where processing is conducted on the basis of a contract between us.
6. The right to object to processing of personal data
You have the right to object to certain types of processing of your personal data where it is done in the public interest or under official authority. This is the processing that we do in the local authority.
However, if this request is approved this may cause delays or prevent us delivering that service.
7. The right of restriction
You have the right to ask us to stop or restrict what we use your personal data for.
When data is restricted, it cannot be used other than to securely store the data, and with your consent to handle legal claims and protect others, or where it’s in the public interest.
Where restriction of use has been granted, we will inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we will seek to comply with your request, but we may need to hold or use information because we are required to by law.
8. The right not to be subject to automated decision making, including profiling
You have the right not to be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.
Automated processing is permitted with your express consent, where necessary for the performance of a contract or when authorised by European Union or Irish law.
The Council does not currently use automated processing.
Where can I get advice or make a complaint
We have a Data Protection Officer who makes sure we respect your rights and comply with the law. If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Officer at
Data Protection Officer
Galway City Hall
You may lodge a complaint with the Data Protection Commissioner with respect to our processing of your personal data. Write to the Data Protection Commissioner by using the form available from the Data Protection Commission website and send to firstname.lastname@example.org or The Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28. Telephone 0761 104 800 or 0578 684 800
Changes to this privacy notice
This privacy notice may be updated to reflect changes in our services and how we comply with data protection legislation. We encourage you to review this notice on a regular basis.
This notice was last updated on 01 April 2019.