Privacy Policy

Last updated: 5th December 2025

This Privacy Policy explains how we collect, use, store and protect your personal data when you access and use our online application system. We are committed to ensuring that your personal data is protected, handled lawfully, and processed in accordance with the General Data Protection Regulation (GDPR) and all applicable Irish and EU data protection laws.

1. Data Controller

The Data Controller responsible for your personal data is:

Drumcondra Education Support Centre
[Address]
[Email]
[Phone]

Where relevant, certain data may also be shared with the Department of Education & Youth, who will act as an independent Data Controller for their own statutory purposes.

2. Personal Data We Collect

When you use our online application system, we may collect and process the following categories of personal data:

2.1 Data You Provide Directly

• Name, contact details, and user account information

• Application and course-related information

• Course provider details

• Documents submitted as part of the application process

• Any additional information needed for course approval, monitoring, reporting or evaluation

2.2 Automatically Collected Data

• IP address and device identifiers

• Browser type and operating system

• Pages visited and actions taken on the website

• Login session identification cookies

2.3 Cookies Used

Our system uses the following cookies:

a) User Login Cookie (Essential)

A Joomla session cookie is created when you log in.
Purpose:

• Authenticate your session

• Maintain secure access to your account and application forms

This cookie is strictly necessary for the website to function and does not require consent.

b) Google Analytics Cookie

We use Google Analytics (GA4) to understand usage patterns, site performance, and user behaviour.

Data processed may include:

• IP address (anonymised)

• Page views and navigation activity

• Device type and browser information

These cookies are non-essential and are only stored if you consent via our cookie banner.

3. Purposes of Processing Your Personal Data

Your personal data may be processed for the following lawful purposes:

3.1 Application Processing

• Managing, reviewing, and approving course applications

• Verifying information provided

• Communicating with applicants

Legal Basis:
Article 6(1)(e) — task carried out in the public interest
and/or
Article 6(1)(b) — performance of a contract (application submission).

3.2 Course Monitoring, Reporting & Evaluation

We may use your application and course data to:

• Monitor delivery standards

• Evaluate the effectiveness and outcomes of courses

• Ensure compliance with Department of Education & Youth guidelines

3.3 Statistical Analysis

Aggregated and anonymised data may be shared with the Department of Education & Youth to help with:

• National programme planning

• Research and statistical reporting

• Policy development

Legal Basis: Article 6(1)(e) — public interest/statistical reporting obligations.

3.4 Consent to Share Data with the Department of Education & Youth

Where required, you will be asked to explicitly consent to the sharing of your data with the Department of Education & Youth for:

• Statistical analysis

• Application approval

• Course monitoring

• Course reporting and evaluation

You may withdraw this consent at any time by contacting us (see Section 10).

4. How Your Data Is Stored and Secured

Your data is stored on secure servers hosted within the EU/EEA.
We implement multiple technical and organisational measures including:

• Encrypted HTTPS access

• Firewalls and malware protection

• Access controls and user permissions

• Regular auditing and system monitoring

• Encrypted backups

Only authorised staff and approved third parties (e.g., Department of Education & Youth where consented or legally required) may access your data.

5. Data Sharing

Your personal data may be shared with:

• The Department of Education & Youth (for statutory, monitoring, statistical and evaluation purposes, and only where consented or required by law)

• IT service providers who support the hosting, maintenance, or security of this system

• Inspectors or authorised evaluators where necessary for course monitoring and approval

We never sell your personal data to third parties.

6. Data Retention

We retain your data only for as long as necessary for the purposes described above or as required by law.

Typical retention periods include:

• Application data: [Insert duration – often 7 years]

• Cookies: session-only or up to 2 years for Google Analytics

After retention periods expire, data will be securely deleted or anonymised.

7. Your Rights Under GDPR

You have the right to:

• Access your personal data

• Correct inaccurate or incomplete data

• Request deletion (where legally permissible)

• Restrict processing

• Object to certain types of processing

• Withdraw consent at any time

• Receive a copy of your data in portable format (data portability)

To exercise these rights, contact us using the details in Section 1.

8. International Transfers

We do not transfer your data outside the EEA unless required for analytics or technical services.
Where such transfers occur (e.g., Google Analytics servers), we ensure appropriate safeguards (Standard Contractual Clauses, data minimisation, IP anonymisation).

9. Cookies and Consent

Non-essential cookies (including Google Analytics) will only be loaded after you actively consent via our cookie banner.

You may withdraw your consent at any time using the cookie settings link on the website.

10. Contact Information

For data protection queries, corrections, or rights requests, contact:

Data Protection Officer / Privacy Contact:
[Insert Name]
[Insert Email]
[Insert Address]

If you are not satisfied with our response, you may lodge a complaint with:

Data Protection Commission (DPC)
https://www.dataprotection.ie/

11. Changes to This Privacy Policy

We may update this Privacy Policy occasionally. Any significant changes will be clearly communicated on this website.