This notice sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be retained by Us, where ‘Us, We, Our’ means the Secretariat and HRCDC either separately or together. Any reference to ‘Data Controller’, ‘Data Processor’, ‘Personal Data’ and ‘Data Subject’ shall have the meaning ascribed to in the General Data Protection Regulations (the ‘GDPR’).
Examples of Personal Data that we may collect, process and retain include names and addresses, email addresses, CVs, details of previous employment, medical records and references and financial details.
The Data Protection Acts 1988 and 2003 (as amended) (the “DPA”) and, from 25 May 2018, the GDPR impose obligations on us, as a Data Controller, to retain the data for no longer than is necessary. We are obliged to provide individuals with information on our retention periods or criteria used to determine the retention periods.
The time periods for which we retain your information depends on the type of information and the purposes for which We use it. We will keep your information for no longer than is required or permitted. We do not transfer your data outside of the EU.
Please review the HRCDC Privacy Notice for further details on the HRCDC and/or Secretariat and role of Health Research Board (“HRB”) in providing the Secretariat support to the HRCDC.
We must retain certain records because they contain information that must be kept in order to satisfy statutory, legal, accounting or other regulatory requirements. We must balance these requirements with Our statutory obligation to only keep records for the period required and to comply with data minimisation principles. The retention schedule below sets out the relevant periods for the retention of various HRCDC documents.
| Categories of Personal Data | Internal Retention Period | Justification for Timeframe |
|---|---|---|
| Invalid application | 6 months | For future validation and follow on submission queries |
| Unsuccessful applications | 2 years after the date of submission | For future validation and follow on submission queries |
| Successful applications | 5 years after the expiration or termination of a declaration | For HRCDC memory and reporting purposes |
| HRCDC member contact details | 3 years after expiration of membership | For follow up queries by the Secretariat or |
| HRCDC member financial details | 7 years after expiration of membership | Revenue Requirements |
| HRCDC expense receipts | 7 years | Revenue Requirements |
| Prospective HRCDC members: CVs | 1 year | For future HRCDC opportunities |
| Letters of Offer for HRCDC membership | 2 years after expiration of membership | For HRCDC records |
| Categories of Personal Data | Retention period when made public | Justification for Timeframe |
|---|---|---|
| HRCDC member Bios & Photos | Will be removed immediately once membership has expired | No legal basis for retaining in public view |
| Minutes of HRCDC meeting | Permanent | Statutory obligations of the Regulations |
| Decisions of HRCDC meetings | Permanent | Statutory obligations of the Regulations |
Any remaining historic paper files will be retained until these are scanned. Where applications recorded are destroyed in line with this policy they will be shredded and disposed of as confidential waste.
Please see the HRCDC Standard Operating Procedures for more information on the application
submission process.
A record is any type of information created, received or transmitted in the transaction of the HRCDC’s business, regardless of physical format. Examples of where the various types of information are located are; calendars, emails, handwritten notes, invoices, voicemails.
All Personal Data retained by Us is stored in a secure online drive hosted on a server within the Health Research Board (HRB). The online secure drive can only be accessed by authorised members of the Secretariat and the ICT support team of the HRB. All paper copies are stored securely in Secretariat office. Personal Data will not be shared with other third-parties who are not outlined in this privacy notice.
Unsolicited confidential information submitted to Us shall be refused, returned to the sender where possible and deleted, if received electronically.
Any questions about this policy should be referred to the Secretariat: secretariat@hrcdc.ie