Find your parish Donate

1.  Introduction

The Dioceses of Achonry and of Elphin

Privacy Statement and Policy

For the purposes of this Privacy Statement and Policy, the Roman Catholic Dioceses of Achonry and of Elphin (“Dioceses”) refer to the administration and operations of the following registered charities with offices at St. Mary’s, Temple Street, Sligo, F91KTX2 and at Bishop’s Office, Convent Road, Ballaghaderreen, Co Roscommon F45 H004:

  • Parishes and Schools in the Diocese of Achonry – RCN 20014070, Revenue Number CHY6950.
  • The Diocese of Elphin General Trust – RCN: 20004729, Revenue Number: CHY3703
  • The Parishes of the Diocese of Elphin – RCN 20014018, Revenue Number

These charities, their activities and their administration are generally known as the Dioceses of Achonry and Elphin.

“Bishop” means the Roman Catholic Bishop of the Dioceses for the time being and from time to time, duly appointed by the canonically elected Supreme Pontiff, and in the event of the office being vacant or impeded, the person who under Canon Law has

power to perform the administrative duties of the Bishop in any interim period before the appointment of a successor as Bishop or until the impediment ceases, as the case may be, the person with this power being a diocesan administrator or an apostolic administrator.

The Bishop has published this Privacy Statement to demonstrate his commitment and that of the Dioceses to protecting and respecting your personal data.

The Dioceses fully respect your right to privacy and actively seeks to preserve the privacy rights of those who share information with us. Any personal information you provide to the Dioceses will be treated with the highest standards of security and confidentiality, in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018.

This Privacy Statement explains how the Dioceses process information, in particular the personal data that we receive from you. Please read the following carefully to understand our understanding and practices regarding your personal data and how we treat it.

2.  Relationship between the Dioceses and Parish

If you have given your personal data to the Diocesan Offices (or central administration of the Dioceses), it is the Dioceses directly that will usually be the data controller of that information.

If you have given your personal data to a parish within the Dioceses, the parish (and not the Dioceses) will usually be the data controller of such information. You will need to contact the parish directly in relation to any queries you have regarding that personal data. In certain circumstances, the central administration of the Dioceses may process data on behalf of the parish.

3.  What information do the Dioceses collect about you?

The Dioceses receive personal data about you in various ways including directly from the individual and sometimes from a parish, a family member, other dioceses, schools, employers, revenue, medical professionals, CCTV and webcams. The personal data that is collected may include;

  • Information relating to the sacraments of Baptism, Holy Communion, Confirmation, Marriage and Holy Orders (Ordination);
  • Information relating to financial donations (requirements of the Charities Acts and also to assist parishes claim tax back on donations);
  • Safeguarding information as required by the National Safeguarding Office and the Garda Vetting Bureau;
  • Depending on your relationship with the Dioceses, we may also collect a range of different information about you including
    • your name,
    • contact details,
    • date of birth,
    • nationality,
    • PPS number (where required by law),
    • financial information (such as bank details),
    • employment data and qualifications,
    • information about your current involvement with the dioceses,
    • information on your volunteering,
    • CCTV recordings and photographs;
    • Special category data which reveals your religious beliefs may also be collected and processed.

This list is not exhaustive.

4.  Processing of personal information

The Dioceses collect and process information about you in a number of ways including face to face meetings, email, phone conversations, from parishes and via forms sent by the diocesan offices.

The Dioceses must have a lawful basis for processing your information. This will vary according to the circumstances of how and why we have your information but typical examples include evidence that:

  • the activities are within the legitimate interests of the Dioceses in advancing and maintaining the Roman Catholic religion, in providing information about the activities of the Dioceses or any Diocesan Parish, and to raise charitable funds;
  • you have given consent for the Dioceses to process your information which can be withdrawn at any time by contacting the Dioceses using the details below;
  • the Dioceses are carrying out necessary steps in relation to a contract to which you are party or prior to you entering a contract;
  • the processing is necessary for compliance with a legal obligation;
  • the processing is necessary for carrying out a task in the public interest;
  • the processing of data is necessary to protect your vital

If the Dioceses process any Special Categories of Personal Data, we must have a further lawful basis for the processing. This may include:

  • where you have given explicit consent;
  • where the processing is necessary to protect the vital interest of the Dioceses or someone else’s vital interests;
  • where the processing is carried out in the course of the legitimate interests of the

Dioceses working with and supporting the current and former members of the Roman Catholic Church, and the information is not shared outside the Roman Catholic Church with anyone else without your consent;

  • where you have made the information public;
  • where the processing is necessary for the establishment, exercise or defense of legal actions and/or claims; or
  • where the processing is necessary for carrying out the employment and social security obligations of the Dioceses
  • where the processing is necessary for reasons of substantial public

5.  Baptism Registers and other Sacramental Registers

The Bishop is the sole controller of the personal data and special category data contained in the Baptism Registers held in Parishes of the Dioceses with respect to storage and retention of data, standard and special annotation of data and alteration of data. The Bishop, along with the Parish Priest/Administrator assigned to the Parish which holds the Baptism Register, are each a joint controller of the personal data and special category data with respect to collecting and recording of data in the Baptism Register.

6.  Baptism Registers and other Sacramental Registers held in Parishes of the Dioceses

Where personal data and special category data is processed in the Baptism or other Sacramental Registers held in Parishes of the Dioceses, the Bishop relies on the principal of legitimate interest in preserving the information contained in those Registers because such registers consist of a record of the administration of certain sacraments in the Roman Catholic Church. It is essential that the Dioceses maintain a record of certain sacraments which may only be administered once in the Roman Catholic Church. As personal data contained in the Baptism or other Sacramental Registers is special category personal data, the Bishop must have an additional lawful basis for processing. The Bishop relies on processing carried out in the course of his legitimate activities with appropriate safeguards and the processing relates solely to members or former members of the Roman Catholic Church, and personal data is not disclosed outside the Roman Catholic Church without the consent of the data subject.

7.  For what do the Dioceses use your information?

We use your information for a range of different purposes including;

  • To facilitate the reception of the Sacraments of Baptism, Holy Communion, Marriage and Holy Orders (Ordination);
  • To facilitate general pastoral and spiritual care;
  • To provide information you request from the Dioceses;
  • To process various application forms;
  • For the purposes of processing requests for Tax Rebates on Donations received;
  • For the purposes of communicating with you about diocesan events
  • In order to respond to complaints and enquiries
  • To administer, support, improve and develop the administration of the work and operations of the Dioceses and to keep accounts and records of the Diocese up to date;
  • For auditing and statistical purposes;
  • As authorised or required by any law applicable to us or arising from your interaction with us;
  • To process job applications;

In addition:

  • Technical details in connection with visits to this website may be logged on the Diocesan server;
  • CCTV recordings for security purposes and to help create a safer environment for our staff, members of the faithful, clergy, volunteers and visitors.
  • The Dioceses do not use automatic decision-making software and does not engage in

8.  Practical examples of how we process your Personal Data

We will only process your Personal Data in line with our ministry and the services we provide. This information may include your name, address, email address, phone number, etc. as provided by you for the provision of a service, e.g.:

  • Making contact or application in relation to liturgies (including reception of Sacraments), retreats and/or pilgrimages;
  • Signing up for a newsletter or event;
  • Signing up for volunteer or fundraising activities;
  • Contacting us with a query in relation to information posted on our

Any data processed on our behalf by contracted third party service providers, e.g. for the purpose of enhancing the services we provide to you will be bound by the same privacy standards. We will not disclose Personal Data to any other third parties unless we have consent to do so.

We will disclose Personal Data if it is believed in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement. You can choose to opt out of receiving information from us at any time by contacting the Diocesan Secretary at the contact details given above.

9.  Transfer of your personal data outside the European Economic Area (“EEA”)

We do not usually transfer your data outside the EEA. However, there may be some limited circumstances where this is necessary (eg, where you are marrying in a country outside the EEA). Some of these countries do not have laws which provide the same level of protection to your personal data as laws within the EEA. We will either obtain your consent before transferring your personal data to such a country or otherwise transfer such data in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act (as amended).

10.  Cookies

“Cookies” are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. The website of the Dioceses uses cookies to improve navigation and to enable traffic monitoring.

Non-registered visitors of the site may be sent anonymous cookies to keep track of their browsing patterns and build up a demographic profile. Whilst you do not need to allow your browser to accept cookies in order to browse much of our web site or to access many of our services, you must have cookies enabled if you wish to access any areas reserved for registered users.

Most browsers allow you to turn off the cookie function. If you want to know how to do this, please look at the help menu on your browser. As described above this will restrict the services you can use on our website.

11.  With whom do the Dioceses share your information?

The information you give us is used by the Dioceses only in accordance with the purpose for which you provided the information. This information will only be retained for as long as required for the purpose for which it was gathered. The Dioceses may share your information with government bodies for tax relief purposes or law enforcement agencies for the prevention and detection of crime. Information will only be made available to third parties who assist the Dioceses with our work. The Dioceses may share information with service providers but only when an appropriate Service Provider Agreement/contract is in place outlining exactly what they are permitted to do. Any data processed in the course of such services is processed in compliance with the GDPR and national data protection law.

Where permitted by law, the Dioceses reserve the right to release personal data without your consent and/or without consulting you, including when we believe that this is appropriate to comply with our legal obligations.

12.  Where do the Dioceses store your information?

The Dioceses may store your information in hard copy or in electronic format, in storage facilities owned or operated by the Dioceses, or that are owned and operated by his service providers.

13.  How long do the Dioceses retain your information?

The Diocese retains your personal information for as long as necessary with regard to the purposes for which it was collected or lawfully further processed, or for as long as may be necessary in light of our legal obligations. All information held is in accordance with the diocesan retention policy to ensure its compliance with GDPR.

In relation to the Baptism or other Sacramental Registers held in the Parishes of the

Dioceses, personal data and special category data are retained in perpetuity, in order to achieve the purpose of correctly administering certain sacraments that may only be undertaken once in a person’s lifetime.

14. Data Transfers outside of the European Economic Area (EEA)

All personal data transferred within the European Union (EU)1and the European Economic Area (EEA)2 is subject to the General Data Protection Regulation, 2018 (GDPR).

Personal data may be transferred to jurisdictions which are deemed to have similar safeguards in terms of data protection using the same criteria as if transferring within the European Union (EU) and/or the European Economic Area (EEA). Such jurisdictions include the:

United States of America [Commercial companies based in the United States of America participating in the EU-US Data Privacy Framework, 2023 (DPF)]; Principality of Andorra;

Argentine Republic; Canada;

Faroe Islands of the Kingdom of Denmark;

United Kingdom of Gt. Britain [under the General Data Protection Regulation, 2018 (GDPR) & the Law Enforcement Directive, 2018 (LED) transposed into Irish law through the Data Protection Act, 2018] the British Crown Dependency of the Bailiwick of Guernsey, the British Crown Dependency of the Bailiwick of Jersey, and the British Crown Dependency of the Isle of Mann;

State of Israel;

Japan;

Republic of Korea;

Swiss Confederation (Switzerland); Oriental Republic of Uruguay.

Personal data may only be transferred to other countries outside of the European Union (EU) and the European Economic Area (EEA) in compliance with the conditions for such transfers laid down in Chapter V of the General Data Protection Regulation, 2018 (GDPR).

The dioceses may rely on the following derogations for specific situations when transferring to third countries, including the Holy See:

Article 49.1(a) GDPR the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safe-guards;

1 In addition to Ireland, the European Union member states consist of the Republic of Austria, Kingdom of Belgium, Republic of Bulgaria, Republic of Croatia, Republic of Cyprus, Czechia (Czech Republic), Kingdom of Denmark, Republic of Estonia, Republic of Finland, French Republic (France), Federal Republic of Germany, Hellenic Republic (Greece), Republic of Hungary, Italian Republic (Italy), Republic of Latvia, Republic of Lithuania, Grand Duchy of Luxembourg, Republic of Malta, Kingdom of the Netherlands, Republic of Poland, Portuguese Republic (Portugal), Romania, Slovak Republic (Slovakia), Republic of Slovenia, Kingdom of Spain and Kingdom of Sweden.

2 The EEA includes EU countries and also the United Kingdom of Gt. Britain, Iceland, Principality of Liechtenstein and Kingdom of Norway.

Article 49.2(b) GDPR the transfer is necessary for the performance of a contract between the data subject and the controller to the implementation of pre-contractual measures taken at the data subject’s request;

Article 49.2(c) GDPR the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and other natural or legal person;

Article 49.2(e) GDPR the transfer is necessary for the establishment, exercise or defence of legal claims.

Where a transfer could not be based on a provision in Article 45 or Article 46 GDPR, including the provisions on binding corporate rules, and none of the derogations for a specific situation referred to in the first sub-paragraph of this paragraph is applicable, a transfer to a third country or an international organisation may take place only if the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subjects, and the controller has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. The controller shall inform the data subject of the transfer and the compelling legitimate interests pursued. We rely on this derogation to transfer personal data with the Holy See.

Personal data is transferred to the Holy See for very specific and limited purposes e.g. laicisation from the clerical state; Catholic clergy becoming Ministers in the Anglican denomination; the awarding of Bene Merenti and other papal awards and honours; Bi-Ritual faculties; and the alienation of property. Such personal data is hand-delivered to the Apostolic Nunciature to Ireland, the diplomatic mission to the Holy See in Ireland, based in Dublin and sent to the Holy See by Diplomatic Pouch. On some occasions, where the personal data is not of a sensitive nature, documents may be sent via registered post. The Holy See takes every measure to ensure the ongoing security and confidentiality of all documents sent to the Holy See.

Some couples chose to be married in parishes, churches and chapels outside Ireland. To facilitate the celebration of the Sacrament of Marriage abroad, certain documentation must be sent to the local dioceses where the couple are planning the celebration of their marriage. In many instances the couples courier such personal data to the parish themselves but on occasion this will be organised by the Diocesan Chancellery. A copy of such papers may be retained by the Diocesan Chancellery.

The dioceses interact with dioceses abroad in relation to regular religious and extern priests. The dioceses will request documents relating to the visiting priest should that priest be appointed to hold a ministry in the dioceses. This information will be retained for the lifetime of the individual regular religious or priest concerned.

The dioceses participate in World Youth Day. This festival celebrating the faith of young people may be held in parts of the world outside of the EU and EEA. Where this occurs, explicit consent of the young adult will be requested to facilitate participation in this event. Should the young person be under the age of 18 years, their parent(s)/guardian(s) consent will also be required.

15.  Data Protection Principles

We promise to follow the following data protection principles:

  • Processing is lawful, fair, transparent. Our processing activities have lawful grounds. We always consider your rights as a Data Subject before processing personal data. We will provide you information regarding processing upon request;
  • Processing is limited to the purpose for which data was gathered;
  • Processing is carried out using the minimum amount of personal data required for any purpose;
  • We will not store your personal data for longer than needed;
  • We will do our best to ensure the accuracy of data;
  • We will do our best to ensure the integrity and confidentiality of data;
  • We will use all reasonable means to avoid Breaches of Where a Data Breach occurs, we will notify the relevant authority and follow their instructed next steps.

16.  How do the Dioceses keep your information safe and accurate?

The Dioceses are committed to ensuring your information is secure. In order to prevent unauthorised access or disclosure the Dioceses have put in place suitable physical, electronic and managerial procedures to safeguard and secure your information. The Dioceses use technical and organisational security measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. These security measures are continuously adapted in line with technological developments.

The Dioceses seek to ensure that we keep your personal data accurate and up to date. However, you are responsible for informing the Dioceses, or its relevant offices, of any changes to your personal data and other information.

Baptism Registers are annotated upon administration of the Sacraments of Confirmation, Marriage or Holy Orders to an individual. Where an individual receives any of these sacraments, a note will be made in the Baptism Register entry for that individual. Annotations are necessary as it ensures the sacraments of Confirmation, Marriage or Ordination may only be undertaken once during a person’s lifetime.

No personally identifiable information is collected on this website from visitors, staff, clergy and volunteers that browse the website for information on our activities. The Dioceses review these measures regularly.

Unfortunately the transmission of information via the internet is not completely secure. Although the Dioceses do their best to protect your personal data, any transmission via our website is ultimately at your own risk. Once we have received your information we will use strict procedures and security features to try and prevent unauthorised access to, or unlawful processing or disclosure of, such data.

In terms of the internet, this Privacy Statement and Policy relates to the website/domain of the dioceses and/or the parish only. In the event that you use links on our websites to visit other web-sites over which the Dioceses have no control, and you provide information to such third-part websites, any such data is not covered by this Privacy Statement and Policy.

In addition, the Dioceses may operate social media accounts on other websites (eg. Facebook, Instagram, etc.). You will need to consult the privacy polices of those websites for information on how your personal data is used by such social media providers. On written request the Dioceses will inform you about the data stored about you. Requests for access, rectification, erasure or blocking of personal data will be processed on the basis of applicable legal provisions. Please contact the Data Protection Officer, St Mary’s, Temple Street, Sligo, F91KTX2 or dpo@elphindiocese.ie

17.  What are your rights?

You have many rights under Irish Data Protection legislation with regard to the processing of your data.

  • Right of Access – You have the right to access information the Dioceses hold on No fee will apply for your first request for access to personal data. We may charge a reasonable fee for two or more personal data requests. Any access requests will need to be requested in writing or by email. Evidence of identification will be required as this makes sure that the personal information is not given to the wrong person. Information will be sent within 1 month of receipt of the written request.
  • Right of Correction – you have the right to have any inaccurate or incomplete data rectified by the Dioceses.
  • Right of Erasure – In certain circumstances you can request the erasure of the data the Dioceses hold on you i.e. the right to be forgotten
  • Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data.
  • Right of Portability – Subject to certain circumstances, you have the right to have any data the Dioceses hold on you transferred to another organisation where it is held in electronic
  • Right to Object – You have the right to object to certain types of data
  • The Right to Lodge a Complaint with the Data Protection

18.  Review

This Privacy Statement explains the privacy policy of the Dioceses, approved by the Bishop. The Dioceses reserve the right to review and amend this Statement at any time without notice and you should check this page regularly to view the most up to date Privacy Statement.

19.  Further Information and Contact Details

Further information on your data privacy rights is available on the website of the Data Protection Commissioner www.dataprotection.ie

If you have any questions relating to the processing of personal data please email dpo@elphindiocese.ie

or

contact the Data Protection Officer, St. Mary’s, Temple Street, Sligo, F91KTX2

20.  How to contact the appropriate Data Protection authority

Should you wish to report a complaint or you feel that we have not addressed your concern in a satisfactory manner, you may contact:

Office of the Data Protection Commissioner, 21, Fitzwilliam Square South, Dublin 2., Ireland Telephone:

01 7650100 (calls from within Ireland)

+353 1 7650100 (calls from outside Ireland)

 

Dated: April 2026