Privacy Notice – MessagingIE

For the purpose covered by this privacy notice, the data controllers are the Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation (DPER) and the Public Sector Bodies (PSBs) who send messages on MessagingIE.

DPER is the data controller for the Public Service Identity (PSI) data which is processed when you authenticate using MyGovID. The PSI data is not shared with any of the PSBs.

The PSBs are the data controllers for any messages, and any attachments, that are sent to you using MessagingIE, with each PSB the data controller for each specific message that it sends.

The contact details for the various Data Protection Officers are listed below.

The purpose of the processing is to provide a secure mechanism for Public Sector Bodies to send messages, including file attachments, electronically to specific members of the Irish public.

The Public Service Body sending you the message are responsible for ensuring that there is a lawful basis, under data protection law, for processing any personal data, or special categories of personal data, in the messages that it sends to you. The Public Sector Body is the data controller for any messages it sends to you.

It should be noted that messages sent to you through MessagingIE are very likely to contain personal data and in some circumstances, they may also contain special categories of personal data (sensitive personal data) as defined by article 9 of the GDPR.

DPER process your Public Service Identity (PSI) data as part of the process of authentication using MyGovID. When a user authenticates, the following PSI attributes are shared between the Department of Social Protection (who administer MyGovID) and DPER: Personal Public Service Number (PPSN), First Name, Surname and Date of Birth. The purpose of the sharing of the PSI data is to ensure that only a person who has authenticated on MyGovID will be able to access the appropriate MessagingIE account that matches the PSI data shared. You will need a verified account on MyGovID to access your account on MessagingIE.

The legal basis for this sharing of the PSI data is section 262(6) of the Social Welfare Consolidation Act 2005. The PSI data sharing is also formalised in a data sharing agreement between DPER and the Department of Social Protection. It should be noted that DPER are a specified body under Schedule 5 of the Social Welfare Consolidation Act 2005 and are legally allowed to process the PSI data. None of the PSI data will be shared with any of the PSBs using MessagingIE.

The Minister for Public Expenditure, Infrastructure, Public Service Reform and Digitalisation has a remit under section 10(1) of the Ministers and Secretaries Act 2011, to modernise the public sector, enable the efficient and effective provision of services by public service bodies, and promote value for money in the provision of public services. MessagingIE is provided as a service to PSBs by DPER as one of the means to meet these objectives. The lawful basis for the development of MessagingIE is processing necessary for the performance of a task in the public interest, with the basis laid down in section 10(1) of the Ministers and Secretaries Act 2011

When you use Messaging for the first time, you will be asked for your consent for Public Sector Bodies to send you information in electronic format. If you remove this consent, your MessagingIE account can be deleted, and Public Sector Bodies will revert to sending you such information by other means (e.g. by post)

DPER as data controller for the authentication process, will process your PSI data to facilitate authentication when you log into your account on MessagingIE.

The PSBs will process the personal data in the messages that they send you. Note that it is not possible for you to send messages to a PSB on MessagingIE, so the only personal data being processed, will be personal data already held by the PSB.

The only data collected from you by MessagingIE is your PSI data, which is shared from the Department of Social Protection, when you authenticate with MyGovID

The only personal data you provide, through authenticating with MyGovID, is your PSI data. This is processed by DPER to ensure that only you can log into your MessagingIE account. The PSI data is not shared with anyone else, including the PSBs who may be sending you messages.

None of your personal data is shared with any third parties.

Your PSI data will be retained and updated as necessary every time you log into MyGovID, for as long as you maintain an account on MessagingIE.

The PSBs will determine the retention periods for any messages they send you on MessagingIE.

It is envisaged that a future version of MessagingIE will allow you to close your MessagingIE account and delete any messages within it. In the interim, you can request this to be done by emailing support@bts.cloud.gov.ie

Other rights you have under the GDPR include:

Access to your personal data (article 15 of the GDPR). Information on how to make a Subject Access Request in respect of your PSI data data can be found at this web page. In respect of the messages themselves, you should be able to access all the personal data in your messages by logging into your account on MessagingIE

The rectification of inaccurate personal data concerning you (article 16 – GDPR).
In certain circumstances, the right to the erasure of your personal data (article 17 of the GDPR)
In certain circumstances, the right to the restriction of the processing of your personal data (article 18 of the GDPR)
The right to data portability (article 20 of the GDPR)

To assert your rights under articles 16 to 18 under the GDPR, in respect of any personal data processed in a message sent to you, you will need to contact the relevant PSB to do this.

The contact details for Data Protection Officers is given below

If you are concerned about how personal data is processed, please do not hesitate to bring such concerns to our attention. To do so, you can contact the Department of Public Expenditure, NDP Delivery and Reform's Data Protection Officer at dataprotection@per.gov.ie or the Data Protection Officer for the PSB whom sent you a message you are concerned about.

The Privacy Notice for the Public Expenditure, Infrastructure, Public Service Reform and Digitalisation can be found on our data protection page.

You can also lodge a complaint with the Data Protection Commission. Their contact details are:

Data Protection Commission
6 Pembroke Row
Dublin 2
D02 X963
Ireland

1800 437 737 / (01) 765 0100

You can contact them electronically through webforms on their website

We may collect the following information from you

• Statistical information (IP address and hostname, web browser version, pages visited etc.)
• IP address information is recorded by MessagingIE. IP Addresses are retained indefinitely for security reasons and to prevent misuse of the website.
• The previous website address from which you reached us, including any search terms used. This helps us understand how you arrived to MessagingIE.
• Your language preference (English/Irish), in order to display MessagingIE in your preferred language
• The date and time you access our site. This information will help us to improve your experience, identify peak periods of usage, and manage the solution.

We will neither make attempts to identify individual visitors, nor associate the technical details listed above with any individual. It is our policy never to disclose such technical information in respect of individual website visitors to any third party unless explicitly stated or obliged to disclose such information by a rule of law. The information outlined above will be used only for statistical, security and technical purposes.

Cookies are small pieces of information, stored in simple text files, placed on your computer by a website. Some cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing activities on the website, or a unique identifier so that the website can ‘remember’ you on your return visit. Other cookies are deleted when you close your web browser and only relate to the working of the website. Generally speaking, cookies do not contain personal information from which you can be identified, unless you have furnished such information to the website. Please note that if you turn off cookies or change your settings, some features of the website may not work correctly.

Cookies are used in the following cases:

• A cookie is set to remember your language preference
• A cookie is set to remember you are logged in with MyGovID. This helps to avoid the user having to login with MyGovID again, if you refresh the browser.
• A cookie is set to temporarily persist information about the login flow, to correctly handle redirects.
• A security cookie is set before downloading a document. The cookie is cleared automatically after download of document.

Department of Public Expenditure Infrastructure Public Service Reform and Digitalisation - dataprotection@per.gov.ie or Data Protection Officer, Government Buildings, Upper Merrion Street, Dublin 2, D02 R583

Department of Education and Youth - dpo@education.gov.ie or Data Protection Officer, Department of Education and Youth, Cornamaddy, Athlone, County Westmeath, N35 X659