Scoil Pól Secondary School, Kilfinane, Co. Limerick
Effective Date: January 2025
1. Introduction
Scoil Pól Secondary School is a voluntary secondary school committed to protecting the privacy and personal data of our students, parents/guardians, staff, and visitors in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018.
This Privacy Policy explains how we collect, use, store, and protect personal data in the course of operating our school. We act as a Data Controller for all personal data processed by the school.
Contact Details:
Scoil Pól Secondary School
Kilfinane, Co. Limerick
Email:
Telephone: 063 91197
2. What Personal Data We Collect
We collect and process personal data necessary for the provision of education and the safe operation of our school:
Students:
- Name, address, date of birth, PPS number
- Contact details of parent(s)/guardian(s)
- Previous school and educational records
- Academic performance, assessment results, attendance records
- Medical and health information (including special educational needs)
- Photographs and video (school events, yearbooks, website)
- CCTV footage (on school premises for safety and security)
- Disciplinary records where applicable
Parents/Guardians:
- Name, address, telephone, email
- Relationship to student
- Emergency contact information
Staff (including prospective staff):
- Name, address, contact details, PPS number
- Teaching Council registration number (where applicable)
- Employment history, qualifications, references
- Garda vetting outcomes
- Payroll and bank details
- Attendance, leave, and performance records
- Health and medical information (where relevant to employment)
Visitors and Contractors:
- Name, organisation, contact details
- Sign-in/sign-out records
- CCTV images
Website Users:
- Name, email, phone (if submitted via contact or enquiry forms)
IP address, cookies, and browsing data (see Section 8)
3. Why We Process Personal Data (Lawful Basis)
We process personal data for the following purposes:
- Education and Enrolment: Managing student admissions, academic progress, curriculum delivery, and examinations
- Care and Welfare: Ensuring the health, safety, and wellbeing of students and staff, including administering medication and managing medical emergencies
- Safeguarding: Complying with child protection legislation, including Children First Act 2015, and reporting concerns to TUSLA
- Statutory and Regulatory Compliance: Reporting to the Department of Education, State Examinations Commission (SEC), Educational Welfare Services, inspectorates, and other statutory bodies
- School Operations: Managing staff employment, payroll, HR functions, communication with the school community, organising events, school tours, extra-curricular activities
- Security: CCTV monitoring for the safety and security of students, staff, and property
- Website and Communications: Operating our website, responding to enquiries, and providing school information
Legal Bases for Processing:
- Consent (where explicitly obtained, e.g., photographs for promotional purposes)
- Contract (staff employment contracts)
- Legal obligation (compliance with education and child protection laws)
- Public interest (provision of education)
- Vital interests (protection of health and safety)
- Legitimate interests (administration of the school)
4. How We Share Personal Data
We do not sell or rent personal data to third parties. We may share personal data with:
Department of Education (enrolment returns, staffing, funding)
State Examinations Commission (exam entries and results)
TUSLA Educational Welfare Services (attendance monitoring, child protection)
National Council for Special Education (NCSE) and Special Education Needs Organisers (SENOs)(special education support)
Health Service Executive (HSE) (public health, immunisation, school health services)
An Garda Síochána (where legally required, e.g., child protection, criminal investigations)
School insurers, legal advisors (claims management, legal compliance)
IT service providers (website hosting, school management systems, data storage) under confidentiality and data processing agreements
Examination boards, further and higher education institutions, prospective employers (references, transcripts)
All third-party processors are required to comply with GDPR and maintain appropriatesecurity measures.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements:
- Student records: Retained in line with Department of Education guidelines (typically until the student reaches 25 years of age or longer if required for legal or safeguarding reasons)
- Staff records: Retained for the duration of employment and up to 7 years thereafter (or longer where legal obligations require)
- Financial and payroll records: Retained for 6–7 years in accordance with Revenue and employment legislation
- CCTV footage: Typically retained for 28 days unless required for investigation or legal proceedings
- Website enquiries: Retained until the matter is resolved or for a reasonable period thereafter
Personal data is securely destroyed or anonymised once the retention period expires.
6. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, damage, or disclosure. These include:
- Secure storage of paper and electronic records (locked cabinets, password-protected systems)
- Access controls (restricted access to staff with legitimate need)
- Staff training on data protection and confidentiality
- Secure backup and IT systems with firewalls and encryption where appropriate
- Regular review of security policies and procedures
7. Your Data Protection Rights
Under GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of personal data in certain circumstances (subject to legal retention obligations)
- Restriction: Request that we limit processing of your data in certain circumstances
- Objection: Object to processing based on legitimate interests or for direct marketing
- Data Portability: Request your data in a structured, commonly used format (where applicable)
- Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
To exercise any of these rights, please contact the school at
You also have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie.
8. Cookies and Website Usage
Our website uses cookies to improve user experience and analyse site traffic. Cookies may collect IP addresses, browser type, and pages visited. You can disable cookies in your browser settings, though this may affect website functionality. For further details, see our separate Cookie Policy (available on our website click here).
9. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in law or school practice. Any updates will be published on our website with a revised effective date.
Please review this policy regularly.
10. Contact and Queries
If you have any questions or concerns regarding this Privacy Policy or how we process your personal data, please contact:
Scoil Pól Secondary School
Kilfinane, Co. Limerick
Email:
Telephone: 063 91197
Document Review Date: January 2026
