The Irish Congress of Trade Unions is a Data Controller and a Data Processor under the General Data Protection Regulations (GDPR) and respects the rights to privacy of the individual.

Personal data for the purpose of this document is any information which can identify an individual such as a name, address, date of birth etc.

ICTU Website

Congress fully respects the right to privacy of all of the users of our website, and will not collect any personal data about you on this website without your clear consent. Any personal information volunteered will be treated with the highest standard of security and confidentiality, strictly in accordance with the Data Protection Acts 1988 and 2003, and the General Data Protection Regulations.

Congress does not collect any personal data on its website apart from information which you volunteer using, for example , email or the online join a union form. Any information provided in this way is not made available to third parties, and is used only in line with the purposes for which you provided it. Such personal data may also be anonymised and used for statistical purposes.

Technical details in connection with visits to our website are logged for statistical purposes. The technical details logged include the following:

  • IP address of your internet connection

  • Browser type you are using

  • Date and time you accessed our site

  • The pages you have accessed and the documents downloaded

  • Websites you may have come from to access our website, including any search terms used.

Congress will not attempt to identify individual visitors, or to associate technical details listed above with any individual. This information is used to allow us to improve the information we are supplying to our users, find out how many people are vising our sites and for statistical purposes. Some of this information is used to create summary statistics which allow us to assess the number of visitors to the different sections of our site, discover what information is most and least used, inform us on future design and layout specifications, and help us make our site more user friendly.

We are not responsible for the content or privacy practises of other websites. Any external links to other websites are clearly identifiable as such. Some technical terms in this statement are explained below.

Glossary of terms used:

  • Web Browser – the piece of software you use to read web pages. Examples are Google Chrome, Microsoft Internet Explorer and Mozilla Firefox.

  • IP Address – the identifying details for your computer (or your internet company’s computer), expressed in ‘internet protocol’ code (for example Every computer connected to the web has a unique IP address, although the address may not be the same every time a connection is made.

  • Cookies – small pieces of information, stored in simple text files, placed on your computer by a website. Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can ‘remember’ you on your return visit. In general, cookies do not contain personal information from which you can be identified, unless you have furnished such information to the website.


Congress will from time to time take photographs of people at ICTU conferences, meetings, events, launches, rallies etc. and store these photographs in the cloud and on our servers. We may use these images in publications and to promote the work that Congress is involved in. If you have any objection to having your photograph taken, stored or used in this manner you can contact [email protected]


The Communications Department of Congress holds personal data of journalists and media contacts using the Mediahq platform. Mediahq are fully compliant with the provisions of GDPR. In the event of Congress directly issuing press releases or contacting journalists directly we undertake to do so using the bcc protocols for emails.

Any media contact lists held by the Congress Communications Department (other than on Mediahq) will be regularly updated by the Communications Officer and will be deleted once obsolete.

Congress uses software such as Mailchimp and Polldaddy to communicate with affiliates and all lists on such platforms will be kept in full compliance with the principles of GDPR.

Any incorrect or inaccurate information can be corrected by contacting Macdara Doyle, Communications Officer. To opt out of the receipt of any press releases or media contact from Congress please contact [email protected]

ICTU Constitutional Committees

Congress has a governing body known as the Executive Council which is constituted every two years at Biennial Delegate Conference. It also has a number of other committees a list of which can be viewed here

People who are elected onto Congress Committees are deemed to have given their consent to participate in that committee and for their name and union to be published in the Executive Council Report to Biennial Delegate Conference during their term of office. We will communicate with the members of each committee during their term of office to enable the committee to complete their work. Communications by email with Committee members will be by bcc. Materials circulated to committee members will only be pertinent to the work of that committee.

Committees which are reconstituted following Biennial Delegate Conference will have their mailing lists updated by the Congress Secretariat within 12 weeks of the new committee coming into effect, and the old contacts will be deleted.

Payment of expenses to committee members may necessitate the provision of personal information such as bank details to the Congress Accounts Office. We undertake to treat this information under the Congress Guidelines for Finance and Accounting Procedures and destroy all recordings within the timeframes provided therein.

ICTU Premises

All Congress service providers and contractors will have signed the ICTU Confidentiality Agreement by the 25 May 2018 deadline.

Congress employees who have responsibility for the maintenance of contracts with service providers and contractors must ensure that this agreement is signed by the contractor/service provider and themselves on behalf of Congress, and a copy given to Deirdre Mannion, HR Manager for the GDPR file.

The ICTU Confidential Agreement should be integrated into the main service contract from 2019 onwards as a matter of course.

Congress staff should ensure that they do not display personal information or data in their workspace (ie on noticeboards or files left out on desks) for others to view. Congress employees are asked to adhere to the following guidelines:

  • Sensitive information and data must be disposed of by shredding in-house or given to the authorised contract waste disposal company for confidential shredding

  • Ensure that confidential documents and files are locked away when you are out of your office

  • Ensure your computer defaults to screen lock mode when the keyboard has been inactive for 5 minutes or more

  • Do not share passwords to your computer with other members of staff

  • Ensure swift removal of photocopying from photocopiers

  • If using the technology in meeting rooms, please be sure to delete files saved onto the desktop of the computer, and remove USBs from the system

  • Ensure that all sensitive materials and paperwork is removed for meeting rooms after meetings i.e. minutes of meetings, copies of presentations etc.

  • Refrain from propping open doors which have keypad access on them

All members of Congress staff are data controllers and processers in their own right and have personal data on their own computers, phones and devices, and should adhere to the main principles of GDPR in the maintenance of this information:

  1. Shall be obtained and processed fairly

  2. Shall be kept only for one or more specified and lawful purposes

  3. Shall not be used or disclosed in any manner incompatible with that purpose or those purposes

  4. Shall be kept safe and secure

  5. Shall be accurate and kept up-to-date

  6. Shall be adequate, relevant and not excessive

  7. Shall not be retained for longer than is necessary for the purpose or purposes.


Congress operates of CCTV system on its premises. Those entering the building alerted to this by the signage on display, and must keep in mind that they are on view outside the front door, in the carpark at the rear of the building, in the main entrance hall, and in the lobby area outside the canteen.

The CCTV system is to deter burglars and for safety purposes and is not used to monitor the day-to-day activity of any employee or contractor/service provider. The information is stored in-house on computer and is rerecorded every 28 days. Any queries in this regard should be addressed to [email protected]

A request from An Garda Síochana to simply view CCTV footage on the premises should be acceded to. Requests for copies of CCTV footage by An Garda Síochana should only be acceded to where a formal written or email request is provided to the data controller stating that An Garda Síochana is investigating a criminal matter. For practical purposes and to expedite a request speedily, a verbal request may be sufficient to allow for the release of the footage sought. However, any such verbal request must be followed up with a formal written request. Congress will maintain a disclosures log of all CCTV footage requests made by An Garda Síochana.

Human Resources

The Irish Congress of Trade Unions as an employer holds personal data on its employees and does so to enable Congress to fulfil its contractual obligations towards its employees.

Information provided by an employee is treated with the highest standards of confidentiality, and Congress considers this essential to maintaining confidence between the organisation and our employees.

The HR Manager holds next of kin contact details nominated by employees for use in emergency situations only. This information is held in the strictest confidence and can be updated by contacting the HR Manager on [email protected]

Personal information will be updated as necessary and held for as long as is necessary to fulfil our contractual obligations to employees. This information may be shared with a third party from time to time to provide services to employees under the terms of their contract of employment.

Congress undertakes to destroy by shredding the CVs of interviewees and people seeking employment with Congress within one year of the selection process being completed. The CV will be retained for one year in case of a review of the interview process or procedures. We will retain only the CVs of people who are successful in their employment application.

Congress uses the Flextime Ltd platform to provide HR services and a flexible working hours system for staff members who wish to avail of same. Flextime Ltd are fully compliant with GDPR requirements. This system operated by Congress is password protected with each user having their own unique password. Staff members are required to not share their password with other users or non-users. Congress operates this system with the utmost confidentiality, and only for the purpose of operating the flexible hours system, sick leave records, annual leave records, and to comply with attendance records in line with the Organisation of Working Time Act 1997.

Storing information

We make use of the following data processor website services not otherwise mentioned in this policy to deliver functionality as part of our services:

Access Requests

Access requests regarding the personal information held by the Irish Congress of Trade Unions should be made in writing to Deirdre Mannion, HR Manager, Irish Congress of Trade Unions, 31-32 Parnell Square, Dublin 1, D01YR92. We will reply to such requests within 30 days of receipt of same.

If you are aware or believe that the information held by Congress on you is inaccurate or incorrect you have the right to have this information corrected or deleted and you can do so by contacting [email protected]