Candidate Privacy Statement

Candidate Privacy Statement

Data Controller - Public Appointments Service, Chapter House, 26-30 Abbey Street Upper, Dublin 2

Data Protection Officer - Contact at DPO@publicjobs.ie


Legal Basis for Processing Data

The Data Protection Bill provides that the processing of personal data shall be lawful where such processing is necessary for the performance of a statutory function of a controller. PAS is mandated by statute to act as the centralised assessment and selection body for the civil service and to carry out all the procedures necessary to undertake the recruitment, assessment and selection of suitable candidates for appointment (Section 34 of the Public Service Management (Recruitment and Appointments Act 2004) (2004 Act) therefore, the processing of personal data necessary for this purpose is lawful as Article 6(1) (e) GDPR applies.

The Data Protection Bill also provides a legal basis for the processing of "special categories" of personal data for the performance of a function conferred by or under an enactment. The information collected from applicants that falls within the "special categories" of personal data set out in Article 9 GDPR will be subject to a "toolbox" of measures designed to safeguard the fundamental rights and freedoms of data subjects. The "toolbox" of measures includes encryption and pseudonymisation of data, obtaining the explicit consent of the data subject and includes strict time limits for the erasure of relevant personal data. The data processing must be necessary and proportionate and in accordance with the principles of data protection including data minimisation ? i.e. that the data processing is limited to what is necessary for the purposes for which the data processed.

Categories of Personal Data Concerned

Personal data is collected on all candidates for competitions run by PAS in order to process their applications. This information is used by the relevant recruitment unit to run a recruitment and selection competition up to the appointment of a successful candidate to the vacant post. The data is collected by means of an application; this application is used to assess eligibility for a particular competition; determine preferences in relation to the location (if applicable); determine whether the candidate meets the set shortlisting criteria (if applicable); and to aid the selection board in the interview/assessment situation (should the candidate be called to this stage). Information which is required to be provided by candidates as part of the application process relates to their relevant qualifications and experience, and examples of the competencies required for the particular post (it also includes their name, address, contact details, and date of birth); the date of birth is not shared with selection board members.

Other data collected is required to confirm that the candidate meets the essential requirements for the competition and for background checks conducted at clearance and assignments stage to ensure the person is suitable for appointment in respect of character and that he or she if fully competent to undertake, and fully capable of undertaking, the duties attached to the position. Data collected at clearance and assignments stage from those candidates under consideration for a position includes security checks and/or Garda vetting; employment or other references; health and medical information; health and character declaration; copies of relevant qualifications and proof of identification; workplace accommodation form (if such accommodations are required); drivers licence (if essential); reports from the CMO If required).

Candidates may also provide equality monitoring information on a voluntary basis; this is used to ensure that our assessment processes are fair to all groups covered by the Equality legislation.

PAS only keeps data for purposes which are specific, lawful and clearly stated and the data will only be processed in a manner compatible with the stated purpose. Information collected from candidates is used only in order to process their application for a particular competition.

Regular audits are conducted on all personal information collected from all sources and this established that there are sound, clear and legitimate purposes for collecting all of the information currently collected. These audits are conducted on an ongoing basis (every two years) by a nominated staff member for the Data Protection Officer. The findings are reviewed by the Risk Management Group.

All data is obtained and processed in compliance with the GDPR; PPSN are only requested where required in order to support the provision of a public service to a customer (i.e. for recruitment and selection purposes).

Information on Cookies is provided in a separate statement on the Data Protection page of publicjobs.ie.

Recipients or Categories of Recipients

Examples of legitimate disclosures specific to PAS are listed below:

  • Information on candidates who are being offered appointment is provided to the client organisation (this includes contact details and information in relation to the candidate?s qualifications/experience for the post);
  • Material is provided to the Chief State Solicitor and any of their legal advisers, and to the Workplace Relations Commission (or other appropriate body) as required in the event of a case being taken against PAS;
  • National Archives disclosures are set out in the Code of Practice for the Protection of Personal Data;
  • Certain data is disclosed to assessment providers who carry out some of the assessments run by PAS; only the minimum amount of personal data is disclosed to allow them to fulfil their functions as data processors (name, email address and PAS candidate identification number);
  • PAS use external selection board members/assessors/invigilators and these board members/assessors/invigilators may receive, or have access to, candidate application data in order to assist in the determination of suitability for a specific role; selection board members/assessors/invigilators have a duty to keep such information confidential and secure;
  • Information is provided to the Chief Medical Officer (CMO) where PAS has concerns in relation to a candidate's suitability for appointment on health related grounds (as the CMO is the qualified occupational health service for PAS);
  • Some organisations (which are involved with the security of the state) may require that candidates assigned to them have additional security clearance conducted; the names and addresses of those candidates are sent to the relevant client organisation for processing.
  • NCHD applications are collected for the HSE through our recruitment application;
  • The results of State Board's assessment processes are sent to the appropriate Department in order for the Minister to make a decision.

Period for which personal data will be retained

The Record Retention Schedule sets out the retention period for all items of personal data kept and the procedures in place to implement this policy. Necessary approval has been sought from the Director of the National Archives to destroy electronic and physical records.

Some data in relation to testing (test scores) are anonymised and retained for research, validation and statistical purposes. The minimum amount of data is retained for the shortest period possible, as set out in the Records Retention Schedule.

Your responsibility

You can update your own profile at any stage and should do so as your circumstances change.

Subject Access Requests

PAS is aware of its obligations as a data controller with primary responsibility for, and a duty of care towards, the personal data within its control. Our obligations are set out in the GDPR and associated implementing and supplementary legislation in Ireland.

Data subjects whose personal data is held by PAS are entitled to ask PAS and receive confirmation as to whether or not personal data concerning them is being processed. Where that is the case, data subjects are entitled to access the personal data as well as certain information in relation the processing of that data.

The subject access request should be made in writing, and should include sufficient information to identify the data subject to our reasonable satisfaction so we can verify that we are not releasing your data to someone who is impersonating you. When the criteria are satisfied, we will be in a position to commence the work involved in responding to your request. PAS will strive to respond as quickly as possible and in any event without undue delay, but if we have not been able to complete our work in that regard within one calendar month we will update you as to the progress of our response to your request. The Subject Access Request Form is available on the Data Protection page of publicjobs.ie.

PAS will provide the data subject with any relevant data in response to a subject access request in electronic format. If you do not wish to receive our response to your request by email, please let us know in advance. Once our response to your subject access request has been finalised, we will make a full copy of the material to be retained for our own reference. This records will be used as a reference should there be any dispute as to the content or timeliness of our response provided to you. It will be retained for seven years.

Any individual may apply at any stage (to the Data Protection Officer) to have any personal information held by PAS updated or corrected (if the individual believes that any information held is incorrect/incomplete.

By clicking "continue", you indicate you have read and understood the implications of this candidate privacy statement.