Data Protection
The Sea-Fisheries Protection Authority (SFPA) respects your right to privacy and the protection of your personal data. For SFPA to effectively deliver and administer the public services entrusted to us, it is necessary to collect and process personal data about you.
The SFPA, as Data Controller is Ireland's competent authority for the enforcement of sea fisheries law and is an official agency of the Food Safety Authority of Ireland for the enforcement of food safety law in the seafood sector up to the point of retail. In fulfilling its statutory mandate, and for the necessary administrative functions that underpin this work, the SFPA collects a wide range of data including personal data and special categories of personal data. As a data controller, the SFPA is responsible for determining how and why your personal data will be used under the application of data protection laws, such as the General Data Protection Regulation (GDPR).
Data may be collected from a variety of sources including industry, national, European or international control authorities, other state agencies, employees, contractors, agents, and other customers.
The SFPA keeps all personal data safe and secure and implements technical measures to ensure the safety and security of the systems that hold this data.
Where individuals provide personal data within queries/complaints sent to the SFPA, this data will be processed within the SFPA as necessary to deal with such queries/complaints.
If you require any further information or have any queries in relation to data protection, please contact our Data Protection Officer through the contact details below:
SFPA Data Protection Officer
SFPA
Clogheen
Clonakilty
Co Cork
P85 TX47
Email: SFPADataProtection@sfpa.ie
Tel: +353 23 8859 300
To lodge a Subject Access Request with the SFPA, you need to contact us and ask us for your data. This can be done, via email, phone call or in writing.
Requesters can be asked to provide additional information that may be necessary to locate your records such identification numbers, specific dates etc.
It may also be necessary to obtain proof of identity and address to ensure that the person making the access request is acting legitimately. Requests should be sent to the Data Protection Officer.
A Subject Access Request Form is available below to assist you - please find here
Is there a fee?
There is no fee applicable under GDPR to make an access request for your own personal data. However, where we determine a request to be unjustified or excessive, we may charge you a reasonable fee.
When should a response issue?
Under the GDPR the information requested must be provided within one month. If a request is complex and involves a large volume of records this time limit may be extended for a further two months.
Are there exceptions to the right of access?
Some exceptions can apply to the release including access to third party data, legally privileged data and data required for the prevention, investigation or prosecution of criminal offences.
Right of Appeal
If the SFPA fails to comply with a valid subject access request, the requester has the right to make a complaint to the supervisory authority which is the Data Protection Commission. The Data Commissioner will investigate the matter and has wide powers to ensure the SFPA complies with the legislation. Financial penalties can be imposed.
Complaints should be made in writing, including email to the Data Protection Commission directly and their contact details are below: -
Data Protection Commission
Address: 6, Pembroke Row, Dublin 2, D02 X963.
Webform at www.dataprotection.ie
Email: info@dataprotection.ie
Telephone: (01) 765 0100/ 1800 437 737
Further Information
The website of the Data Protection Commission is an excellent resource and has a section dedicated for all customers called Your Data www.dataprotection.ie
Legislation
All personal data processed by the SFPA is processed in accordance with applicable Irish data protection and privacy laws, the General Data Protection Regulations (‘GDPR’) and the Law Enforcement Directive (‘LED’) (where applicable) to ensure we properly protect your personal data.
The GDPR
The GDPR came into force on 25th May 2018, strengthening the rights of individuals and increasing the obligations of controllers and processors. The GDPR is designed to give individuals more control over their personal data. The key principles relating to the processing of personal data under the GDPR are lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability (Article 5 of the GDPR). In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act, 2018.
The Law Enforcement Directive
The Law Enforcement Directive (‘LED’) deals with the processing of personal data for “law enforcement purposes” by data controllers which fall within the definition of being a ‘competent authority’ for the purposes of the LED, as transposed into Irish law, mainly by Part 5 of the Data Protection Act 2018. Section 70 of the Data Protection Act 2018 defines the scope of the processing of personal data which falls within that part of the Act, and which falls outside the scope of the GDPR. It states that Part 5 of the Act applies to the processing of personal data carried out
“For the purposes of (i) prevention, investigation, detection or prosecution of criminal offences, including the safeguarding against, and prevention of threats to public security, or (ii) the execution of criminal penalties…”
The term ‘competent authority’ is defined in Section 69 of the Data Protection Act 2018 as being, inter alia, “A public authority competent for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties in the State, including the safeguarding against, and the prevention of, threats to public security”.
For certain processing activities which it carries out, the SFPA is a ‘competent authority’ for the purposes of Part 5 of the Data Protection Act 2018 and therefore these processes are subject to the LED.
The Privacy Notices section provides additional information on specific progressing activities undertaken by the SFPA.
Who is the Data Controller?
Under Data Protection legislation, The Sea Fisheries Protection Authority, as a data controller is responsible for the collection and processing of all personal data under its administration.
If you have a query, concern or complaint regarding a data protection matter or if you simply require further information about the way your personal data will be used by the SFPA, you can engage with our Data Protection Officer:
SFPA Data Protection Officer, SFPA, Clogheen, Clonakilty, Co. Cork.
Email: SFPADataProtection@sfpa.ie
Tel: +353 23 8859 300
You have the right to lodge a complaint with the Data Protection Commission; you can engage with the Data Protection Commission in the following ways:
• By webform on www.dataprotection.ie
• Email at info@dataprotection.ie
• By telephone (01) 765 0100 /1800 437 737
• By post: Data Protection Commission: 6, Pembroke Row, Dublin 2, D02 X963.
All personal data processed by the Sea Fisheries Protection Authority will take place in accordance with the laws on Data Protection and will only be used for the purposes connected to the functions of this Authority.
Established in 2007 under the provisions of the Sea-Fisheries and Maritime Jurisdiction Act, 2006 the SFPA operates under the aegis of the Department of Agriculture, Food and Marine. In carrying out it’s mandate the SFPA undertakes a variety of functions including: -
• Secure, efficient and effective enforcement of sea-fisheries law and seafood safety law.
• Promotes compliance with and deter contraventions of sea-fisheries law and food safety law.
• Detects contraventions of sea-fisheries law and food safety law
• Provides information to the sea-fisheries and seafood sectors on sea-fisheries law and food safety law and relevant matters within the remit of the Authority, through the Consultative Committee established under Section 48 of the above Act, or by any other means we consider appropriate.
• Advises the Minister in relation to policy on the effective implementation of sea-fisheries law and food safety law.
• Provides assistance and information to the Minister in relation to the remit of the Authority.
• Collects and reports data in relation to sea-fisheries and food safety as required by the Minister and under community law.
• Represents or assists in the representation of the State at national, community and international fora as requested by the Minister.
• Engages in any other activities relating to the functions of the Authority as may be approved of by the Minister.
Your rights as a data subject are provided under the GDPR and the Data Protection Act 2018. They are as follows:
- Right to be informed – You have the right to be informed in a clear and transparent manner regarding our processing activities, such as through this privacy notice.
- Right of access – You have the right to request a copy of the information we hold about you and to check that we are lawfully processing it.
- Right to rectification – You have the right to ask for incorrect, inaccurate or incomplete personal data of yours to be corrected, though we may need to verify the accuracy of the new data you provide to us.
- Right to seek erasure of your personal data (right to be forgotten) – You have the right, in certain circumstances, to request that your personal data be erased from our records.
- Right to seek restriction of processing your personal data – You have the right to ask us to suspend the processing of your personal data in specific circumstances.
- Right to object to processing of your personal data – You have the right to request that we stop processing your personal data or prevent us from processing your data in specific circumstances.
- Right to data portability – You have the right to receive your personal data in a machine-readable format and send it to another controller, in certain circumstances.
- Right to withdraw consent – You have the right to withdraw consent.
- Right not to be subjected to automated decision making and profiling without human intervention and which results in a legal consequence or significantly impacts you.
These rights may be subjected to certain exemptions or limitations that are available under the GDPR and the Irish Data Protection Act. If you wish to exercise any of your rights or want to know about the applicable exemptions, please contact the Data Protection Officer at SFPADataProtection@sfpa.ie If you are not satisfied with the resolution of your request by SFPA, you may also raise your concern by way of a representation to the Data Protection Commission as follows:
• By webform on www.dataprotection.ie
• Email at info@dataprotection.ie
• By telephone (01) 7650100 /1800 437 737
• By post: Data Protection Commission: 6, Pembroke Row, Dublin 2, D02 X963.
We use a range of physical, electronic, and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include training for all staff to ensure they are aware of our data protection obligations when processing personal data, administrative and technical controls to restrict access to personal data to a need to know basis, technology security measures, including firewalls, encryption, and anti-virus software; and physical security measures, such as staff security passes to access our premises.
We retain your information in accordance with our Data Retention Policy. Subject to your rights, we will ordinarily process your personal data throughout the course of your relationship with us and will then retain it for a period after that. The precise length of time will depend on the type of data, our legitimate interests and other legal or regulatory rules that may require us to retain it for certain minimum periods.
In determining the appropriate retention period for different types of personal data, the amount, nature and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means are all considered.
We may share your personal data with other bodies, including, but not limited to, government departments, law enforcement agencies, Irish governmental agencies or EU bodies with responsibility for the marine, for example, the Department of Agriculture, Food and the Marine (DAFM), Bord Iascaigh Mhara (BIM), the Marine Institute.
We may also share your personal data with service providers to assist us in delivering our services, such as IT providers. We will only permit our service providers to process your personal data for specified purposes and in accordance with our instructions. Only the minimum, personal data necessary will be shared. We ensure staff members are trained in data protection and are bound by confidentiality agreements and contracts have access to your personal data on a need-to-know basis only.
Where personal data is collected and a research/statistics purpose is deemed compatible with the purpose for collection, then it may be used/shared for this purpose. This will take place in accordance with Data Protection law. Where possible information on this will be provided to the customer at the point of data collection, or as soon as possible thereafter.
Cookies are little pieces of text stored by your browser on your computer at the request of our servers. These often enable a specific functionality or enhance your user experience of visiting our website. These help to keep the website secure and analyse website traffic and how people use our website. You are always free to decline our functional and other similar cookies anytime you visit our website. Certain cookies classified as strictly necessary are installed on your device by visiting our website. To update your consent preferences, you can also visit our consent preference page. For more information on what cookies are used on this website, please read our SFPA Website Privacy Policy
If you have any questions or concerns on cookies, please contact our Data Protection Officer at SFPADataProtection@sfpa.ie
SFPA Data Protection Fair Processing Notice
Prior Notification Messages Privacy Notice
SFPA Website Privacy Policy
If you are concerned that your data has been breached by the SFPA then you should provide full details of the complaint to our Data Protection Unit:
SFPA Data Protection Officer, SFPA, Clonakilty, Clogheen, Co. Cork.
Email: SFPADataProtection@sfpa.ie
Tel: +353 23 8859 300