Data Protection & Privacy Notice - Carmelite Monastery - Knock, Tranquilla
page-template-default,page,page-id-43837,page-child,parent-pageid-40441,ajax_fade,page_not_loaded,,select-theme-ver-2.3,smooth_scroll,wpb-js-composer js-comp-ver-5.2,vc_responsive

Data Protection & Privacy Notice

Who we are: We are the Carmelite Monastery of the Nativity (the “Charity”), an unincorporated association with its address at Tranquilla, Knock, Claremorris, Co. Mayo. F12 AH64 registered charity no. 20008499 and CHY 5538

What personal data we collect and why: We collect and use personal data relating to our benefactors, our Sisters, our employees, and others who engage with us.

Benefactors and supporters: We collect and process personal data of benefactors in relation to donations and prayer requests Benefactors do not have to provide any personal data to us, but if you do not provide it we cannot thank you for your donation, recover the tax-back from Revenue. etc.

We will use your personal data for the following purposes:




Thanks for Donations: If you make a charitable donation, we may collect your personal data to send you a receipt and thank you for any donation. We do this on the basis of our legitimate interests as a charity to thank our benefactors for their support. Having taken into consideration the reasonable expectations of the benefactor based on the fact that they have made a donation to us, we believe our writing to thank them for the donation does not override their fundamental rights and freedoms. However, we notify benefactors of their right to object to receipt of any correspondence from us (see further section 7 below).

If you wish to enable us to claim back the tax on your donation from the Revenue Commissioners, and you complete a Form CHY3 or CHY4 for that purpose, the form will contain your PPS number and will be submitted to the Revenue Commissioners for the Charity to recover the tax back on your donation. We will process this personal data and retain this record based on our Legal Obligation under the Taxes Consolidation Acts 1997 and the Charities Act 2009.


To send you greetings at Christmas:


Where we have your consent to do so, we will write to you (by post), to send you our Christmas greetings and newsletter. We will process this personal data based on your presumed Consent. If at any time you no longer wish to receive these from us, you can opt-out of receiving those letters at any time by contacting us so that we can update your contact preferences.




Some benefactors ask us to pray for their special intentions. Where our benefactor specifies what those personal special intentions are (e.g. their own ill-health, a family bereavement, etc) we will record the benefactor’s special intentions to ensure they are remembered in our prayers. We will treat personal data submitted via prayer requests with utmost confidentiality. When recording your special intentions, we will process this personal data based on your Presumed or explicit Consent. Consent can be withdrawn at any time – just contact us to let us know.  Where a benefactor asks us to pray for another living person with whom we have no regular contact (a “third party”) we will record the benefactor’s special intentions based on our legitimate interests to ensure that special intention is remembered in the Sisters’ prayers, but in order to respect that third party’s privacy we will endeavour not to record any special categories of personal data relating to that third party. We will endeavour to minimise any collection the third party’s personal data, for example: “We remember John’s special intentions in our prayers”. Where we are relying on legitimate interests, the person has the right to object at any time (see further section 7 below).




We display an email address and postal address on our website, so that people can get in touch with us if they wish. Although we cannot undertake to reply to individual messages on our website, your requests for prayer will be brought to the attention of the community. Be assured we will carry your intentions in prayer before the Lord.

If you chose to provide your personal data (e.g. name, phone number/contact details, email address, message) we will use that information to contact you and/or respond to your query where relevant. We will process this based on your Consent and will use same for as long as it necessary to complete the purpose for which you submitted the request to us, or for such longer period as required by law.




A cookie is a small text file stored on your computer/device when you visit a website for example, a cookie may allow a website “remember” your actions or preferences, or it may contain data related to the function or delivery of the site. Our website uses them to function and deliver a good viewing experience.

Our website is designed by Terrier Agency who also act as Server for the website.

Address: 8 Lee St, Dalston, London E8 4DY, United Kingdom.


General charity records:


We use your personal data based on our legitimate interests: for proper record keeping, for good corporate governance, to manage risk, for verification purposes, to obtain professional advices (including legal advice), for insurance purposes, and for legal claims: to prevent fraud, to resolve disputes and take or defend litigation etc. The legitimate interests are our charitable objectives, and to run an efficient charity.


Employees: (including applicants):


We collect and process personal data of employees (and those applying for jobs or sending us unsolicited applications). Employees have to provide the Charity with such information as is relevant to their employment, otherwise the Charity cannot comply with its legal obligations as an employer. The personal data we collect includes:

  • Contact details: your name; date of birth; address; contact details. We process this data for the performance of a contract (or to take steps prior to entering into a contract, namely the employment contract).


  • Employment data and pre-employment checks: CV, education, and qualifications; Vetting data and safeguarding data; registration with any other professional regulatory and/or accrediting body; PPS number; financial data; images (e.g. CCTV); medical, health and occupational health data; immigration/work-visa information; information relating to recruitment, promotions, and appointments processes; other IR/HR processes; pensions details etc. We process this data for the following purposes: for the performance of a contract (or to take steps prior to entering into a contract, namely the employment contract); due to a legal obligation; for the purposes of carrying out the legal obligations of the controller in the field of employment law, and for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee and for the establishment, exercise or defence of legal claims.


  • Legitimate activities and legal obligations: We use personal data for purposes including: running an efficient charity; complying with our legal obligations as a charitable body; complying with our obligations as an employer; for recruitment and appointments; allocating resources to discharge our duties to all our staff and others; complying with our statutory reporting obligations to Government bodies; to manage risk; for resolving disputes and taking/defending litigation etc. We process this on the lawful basis of our legitimate interests and for the establishment, exercise or defence of legal claims.


How long we keep it: The Charity complies with the storage limitation principle by only keeping data for the period necessary for the purposes for which the data are processed. We will retain personal data to manage risk, to prevent fraud, for insurance purposes, to resolve disputes and take or defend litigation etc. How long we retain personal data depends on various factors.

Short retention periods: Some personal data is only kept for a short period. For example, CCTV recordings are held for 28 days (unless an issue is identified in which case the recording will be held for longer for transfer to An Garda Síochána and/or the monastery’s insurance company and solicitors).

Longer retention periods: We retain some personal data for a longer period. For example, if you are an employee of the Charity, we retain your data after you leave or otherwise finish your employment with us for example where same are required for employment references, or pension purposes etc).

Archival retention periods: Some data we retain indefinitely due to its enduring historical value (e.g. information that will have enduring historical value for archival purposes). For example, if a benefactor remembers us in their Will, we will keep a copy of the solicitor’s letter (and any correspondence with the estate) in our active accounting system for accounting and audit purposes in line with our legal obligations as a registered charity; after that, we transfer the Will to our archives. We believe that benefactors’ Wills are documents of enduring historical value and we retain that to honour the testator’s memory and to acknowledge the meaningful contribution they have made to the work of the monastery. The monastery’s archives are not open to the public.

Who we share it with: We share personal data with third parties, including where required to comply with our legal obligations (including complying with court orders, discovery orders etc.) Where required, we will share your personal data with our insurance company, our legal advisors, and other service providers (including auditors, payroll providers, IT providers, security providers, etc.) to enforce our legal rights (for fraud prevention, credit risk, litigation) and to resolve disputes and defend litigation.




We share benefactors’ personal data with third parties, for example with the Revenue Commissioners to claim the tax-back on any charitable donations where applicable (CHY3 and CHY4 forms), with payment service providers (receiving data from Paypal re any online donation), with our banks (to process any cheques). After completion of the payment, the documentation is retained and shared with our Auditors for audit and verification purposes (in compliance with our financial audit requirements as a registered charity). Our financial records and donations information are disclosed to the Charities Section of the Revenue Commissioners and/or the Charities Regulatory Authority in any audits and/or investigations. If you give us your consent to the use of your photograph for upload to our social media account (e.g. Facebook) the photograph is subject to the privacy policy of that social media company. Where necessary for security, fraud-prevention, cyber-security, and where same is in our legitimate interests, we will report relevant matters to and share data with An Garda Síochána and other police and law enforcement authorities.




We share employees’ data with third parties where there is a lawful basis for us to do so. For example:


  • Auditors, statutory inspections etc. For example, employees’ data may be disclosed to the Charity’s auditors in compliance with our financial audit requirements as a registered charity. If the Workplace Relations Commission conducts a workplace inspection, the employees’ records will be opened to them to confirm compliance with all relevant employment laws.


  • Payroll and pensions: we share employees’ data with banks/financial institutions (to pay wages); pension administrators and pension trustees (re the occupational pension scheme).


  • Future employers: if the employee (or a former employee) requests a service reference, we will share his/her personal data with any future employers.


  • Government/public bodies: We also share employees’ data with Government bodies including Revenue Commissioners, Department of Social Protection, TUSLA, An Garda Síochána, and the HSE; any professional and/or regulatory body to which the employee belongs, and in such circumstances those bodies to who we transfer your personal data will use it for their own purposes (including: to verify other information they already hold about you, for fraud prevention measures, etc) and may aggregate it with other information they already hold about you.


  • IR/HR, claims and legal claims: We will share an employee’s data with his/her trade union if required for employment rights, IR/HR issues etc. We also share employees’ data with our insurance company (re any claims and/or insurable events); other service providers (including auditors, IT providers, security providers, legal advisors) etc.


  • Occupational health: If any issues/concerns arise with regard to the employee’s occupational health or welfare, a referral will be made to the employer’s occupational health specialists. The employee’s personal data (including special categories of personal data such as medical information, sick leave certificates, absence records etc) will be released to the employer’s occupational health specialists. This is to safeguard to the employee’s health and well-being for the purposes of the employer complying with section 8 Safety, Health and Welfare at Work Act 2005, and although the employee may be notified, his/her consent will not be sought. Reports will be issued by the occupational health specialist directly to the employer (without seeking the employee’s consent) as the lawful basis of this disclosure is not consent as the processing is necessary for the purposes of carrying out the legal obligations of the controller in the field of employment law, and for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee and for the establishment, exercise or defence of legal claims.


Third country transfers: in general, the Charity does not transfer personal data outside the EEA. We need to mention that our web server is in the U.K.


Automated Decision Making/Profiling:


The Charity does not engage in any automated decision making or profiling.

Your rights: You have the following statutory rights that can be exercised at any time subject to the limitations and exceptions set out in GDPR and the Data Protection Act 2018. You can exercise these by contacting us, and providing us with proof of identity and the detail of your request:

Right to complain to supervisory authority their contact details are set out below:


Telephone:  +353 57 8684800 +353 (0)761 104 800/Lo Call Number 1890 252 231


Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois


  • Right of access.


  • Right to rectification.


  • Right to erasure (right to be forgotten).


  • Right to restrict processing.


  • Right to data portability.


  • Right to object.


  • Right not to be subjected to automated decision making/profiling.



Contact us: If you have any queries, please contact us at:

Carmelite Monastery,




Co. Mayo, F12 AH64