Data Protection Statement
The Pharmaceutical Society of Ireland (PSI) is committed to protecting the security of your personal data (personal information). This Data Protection Statement outlines the personal information that the PSI processes, which includes how information is collected and stored, and how it may be used. It also explains your data rights and how you can contact us about your data privacy.
It is important that you read this statement together with any other information relating to data protection which may be provided to you when we are collecting or processing your personal information, so that you are aware of how and why we are using your information.
We hope this statement will assist you to understand the PSI’s data processing activities. Please contact us if you have questions.
About Us
The PSI is a public body established in law to protect the health, safety and wellbeing of patients and the public by regulating pharmacists and pharmacies in Ireland. As the pharmacy regulator, the PSI collects and processes personal information when carrying out our role and functions as provided for under the Pharmacy Act 2007, and its associated statutory instruments. This information is received from, or about, a range of individuals (data subjects) including, PSI registrants, applicants seeking registration, patients and members of the public, and our service providers. We do this in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018 (the applicable data protection legislation) .
We use personal information to enable us to meet our public interest responsibilities as the regulatory body for pharmacists, pharmaceutical assistants and pharmacies in Ireland. We work to ensure, and where necessary enforce, compliance with the Pharmacy Act 2007. We process personal information when carrying out our role and legal responsibilities, which include:
-
Registration of pharmacists, pharmaceutical assistants and pharmacies;
- Setting standards for pharmacy education and training at undergraduate and postgraduate level, including ensuring all pharmacists are undertaking appropriate continuing professional development (CPD);
- Development of pharmacy practice for the benefit of patients and the wider health system;
- Regulation through inspection and enforcement, and considering complaints made against a pharmacist or a pharmacy, including the imposition of sanctions; and,
- Providing advice and guidance to the public, pharmacy profession and to Government on pharmacy care, treatment and service in Ireland.
For the purposes of the applicable data protection legislation, the PSI is the data controller of your personal information, and can be contacted at the Pharmaceutical Society of Ireland, PSI House, 15-19 Fenian St, Dublin 2, D02 TD72.
As an employer and public body with a board (the PSI Council) and committees, the PSI also holds information about its staff and office holders, and details about how we keep this information is provided to our internal stakeholders.
Data Protection Officer
We have appointed a Data Protection Officer who can be contacted in relation to the details in this Data Protection Statement and about exercising your data protection rights.
Email: dataprotection@psi.ie
Phone: (0)1 218 4000
By post: Data Protection Officer, Pharmaceutical Society of Ireland, PSI House, 15-19 Fenian St, Dublin 2, D02 TD72.
Data Security
All personal information provided by you to the PSI will be treated in the strictest of confidence and maintained securely. We have put in place appropriate security measures to protect the personal information that we hold. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business or regulatory need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and the Data Protection Commission of a breach where we are legally required to do so.
Information we collect about you
To carry out our legal functions, we may process, including collect, use, store and transfer different kinds of personal information.
Personal information includes details such as your name, your personal and/or business address, phone number, e-mail address, your nationality, your birth certificate, details related to your education and qualification, evidence of English language competency, your place of work, and your bank or payment card details.
The PSI may also process details concerning your health (special category personal data), if it is required to do so by law, for example for the purpose of registration or where the PSI is considering a health impairment matter in relation to a registrant’s professional practise, or if provided with the consent of an individual, for example where a complaint is made to the PSI with details of healthcare, medicines and treatment.
Criminal offence information will be collected and processed by the PSI for the purposes of registration, or fitness to practise including sanctioning, as outlined in the Pharmacy Act 2007. This includes information about criminal allegations, proceedings or convictions, where applicable.
Usage and technical information may also be collected through your use of the PSI website or the PSI newsletter. Our cookies policy provides more details.
How your personal information is collected
The PSI generally obtains information in the following ways.
- You provide us with your personal information. This may be given to us when you fill in a form, in writing or online, for registration and related purposes, to subscribe to the PSI newsletter, or other reasons connected to our statutory functions. You may also give us information in a letter, email or over the phone, or in order to provide your details for the provision of a service to the PSI.
- A third party provides us with information about you. This may include your employer, an academic institution, another state agency, or another competent authority for the purpose of qualification recognition or registration. Information about a registrant may also be provided to the PSI when someone raises a formal complaint or where they have reason to be concerned about a pharmacist or pharmacy.
- If you have consented to our Cookies Policy and are using PSI online services, the analytics service may gather information about you.
Why your personal information is collected
We process personal information in the course of carrying out our legal and contractual requirements, in order to meet our responsibilities to the public, or in the exercise of official authority vested in the PSI, or where consent for particular matters is provided. More detailed information is provided under each of the drop-down categories below.
The personal information you have provided will be processed by the PSI for the purposes outlined in this statement, and will be kept according to our retention schedule, which sets out the time periods for how long information is kept by the PSI for different purposes, and per legal requirements.
The PSI does not use your personal information for automated decision making.
How information may be shared
In order to carry out our regulatory functions in accordance with legislation, we may share or provide access to personal information to other parties. If it is required, we will seek your consent before we release your personal information to others. Your information may be shared with:
- Data Processors: Companies or individuals who provide the PSI with data processing services, including legal or IT services.
- Disclosure to Third Parties: Some of your personal information may be disclosed to external organisations in certain circumstances for the PSI to comply with its legal obligations, for public health and safety purposes. These organisations include, but are not limited to, the Health Products Regulatory Authority (HPRA), the Health Service Executive (HSE), An Garda Síochana, Tusla, Schools of Pharmacy and pharmaceutical companies (arising from medicine supply shortages). The PSI also has memorandum of understanding (MOU) agreed with other organisations. Where it is appropriate to do so, limited personal information may be shared in accordance with an MOU’s stated purpose in line with the PSI’s regulatory remit. Your consent is not required to share personal information where there is a legal requirement and the PSI is operating within its legal remit.
We ensure the security and privacy of your information by requiring other parties to act in compliance with data protection law, and that they process or access information only for specific purposes and according to our instructions. We provide more details about information sharing under each of the drop-down categories below. We encourage you to read the sections relevant to you.
Transfers of personal information abroad
We seek to limit the transfer of personal information beyond the EU/EEA.
We may transfer personal information on the request of someone who is seeking to be, who is or has been registered with the PSI, for example, for the purposes of processing registration payments or where an individual seeks to share details of their qualifications, professional status and fitness to practise with a competent authority in a country outside the EU/EEA.
Please note that where the PSI selects to gather information or feedback using the online software
called SurveyMonkey, participants will first be asked to consent before they provide information to
the PSI through this channel. The collection of personal information is limited or avoided when using this software. SurveyMonkey’s servers are located in the United States. We have entered into a contractual arrangement with SurveyMonkey to ensure that your personal information is given the appropriate level of data protection. We work closely with them to ensure that your privacy is respected and protected at all times.
The PSI may transfer personal information to a country outside the EEA where it is necessary for the establishment, exercise or defence of a legal claim, but will at all times ensure that any personal information transferred is done so within the requirements of the applicable data protection legislation.
More details in relation to this are provided in the drop-down categories below.
PSI functions and activities and your personal information
We have aimed to provide a broad understanding of the PSI’s data processing activities with as much information as possible, but it is not exhaustive. We are happy to provide any additional information or explanation as needed.The PSI may process your personal information in the course of performing one or more of the following functions.
Click on the relevant heading for more information
Expand all
Collapse all
-
Why we process your information and the legal basis
The PSI is responsible for the registration of pharmacists, pharmaceutical assistants and pharmacies in Ireland and is the competent authority for the recognition of qualifications that meet the standards necessary to practice as a pharmacist in Ireland. The PSI must also maintain registers of pharmacists, pharmaceutical assistants and pharmacies in order to carry out its statutory functions under the Pharmacy Act 2007.
The legal basis for collecting and processing your information during the qualification recognition and registration processes is in compliance with a legal obligation under the Pharmacy Act 2007, and its related statutory instruments.
What information do we hold?
We hold information submitted to us by way of applications for registration, continued registration, qualification recognition, and their related information requirements, as well as other forms and updates provided to us by registrants in order to maintain the registers. This includes information about the nomination of supervising pharmacists and superintendent pharmacists for a pharmacy.
The process of qualification recognition and registration of pharmacists with the PSI requires candidates to provide verification of the information contained in their application submitted to the PSI, such as certificates of qualification, duration of practical placements or training undertaken. This type of personal information is required to be submitted to the PSI directly by the competent authority in the relevant countries, where this is applicable, at the request of the candidate.
The information collected includes personal data (for example, your name, postal or email address, date of birth and identity documents, details of your education and training, or information in relation to criminal convictions and offences) or special categories of personal data (for example, medical records). We will also collect payment or credit card details to take the applicable fee payment; this information is held for a limited period according to our retention policy.
Who we share the information with
Following registration, the PSI may disclose personal information (as contained on the PSI’s registration database) where it is compatible with the purpose of its collection, including for the purpose of ensuring awareness of matters of public health and safety, and for public health gain. A registrant’s contact details will be shared as follows:
- The Irish Institute of Pharmacy (IIOP) in order to include the pharmacist registrant in the system of mandatory Continuing Professional Development and for CPD related updates from the IIOP.
- The Health Products Regulator Authority (HPRA) staff in order to send patient safety alerts relating to medicines and medical devices to pharmacists, pharmacies and pharmaceutical assistants.
- Where it is necessary to send hardcopy correspondance to registrants, an external print and/or packaging services provider will sometimes be used to print and distribute registration certificates, application forms and other documents to registrants.
The PSI is required by law to publish online searchable registers.See PSI Registers below for more information
Information may also be shared in the following circumstances.
At the request of an individual who is or was registered with the PSI, a recognised competent authority for pharmacists in any country may be provided with details and confirmation by the PSI of a registered pharmacist’s professional qualifications and status in Ireland. Find information on
certificates of current professional status.
If a candidate is seeking recognition to practise as a pharmacist in Ireland, their details may be shared with external assessors and nominated examination providers in order for the PSI to carry out the recognition process and for a candidate to be registered to sit the equivalence examination.
Personal information may be transferred to any third country if it necessary for the establishment, exercise or defence of a legal claim.
-
The PSI is required by law to keep registers of pharmacists, pharmaceutical assistants and retail pharmacy businesses (pharmacies). We are also required to publish searchable public registers. On the public register of pharmacists and pharmaceutical assistants the registrant’s full name, registration number, professional address, date of registration, expiry date of current certificate of registration, and any conditions attached to the registration are provided. The online register of pharmacies includes the full names of the pharmacy’s superintendent and supervising pharmacists, the owner name and other non-personal information. The public registers are available on the PSI website. The information published is as provided by registrants.
Find more information.
-
Registrants’ email contact information (as contained on the PSI’s registration database) may be shared with researchers and students for academic research purposes centred on protecting, maintaining and promoting the health and safety of the public, including informing pharmacy practice development and education. PSI registrants are requested to opt in (consent) to their data being shared for this purpose and may request a change to that consent at any time. The new PSI registration database system gives registrants personal ability to opt in/out to this data sharing option for research purposes. Until the new system is fully operational, the PSI continues to maintain record of individual consent. As with the PSI’s disclosure of any personal information, data recipients are required to handle data only for the specific purpose, and to act in accordance with data protection legislation and any other instructions provided. The PSI has a process in place to manage appropriate data sharing.
-
Why we process your information and the legal basis
The PSI has responsibility to register online sellers of non-prescription medicines and to place them on the approved
Internet Supply List, in line with the Falsified Medicines Directive and the EU common logo initiative introduced in June 2015. The objective of the Directive is to strengthen the EU legal framework which regulates medicines to prevent falsified (counterfeit) medicines being supplied to patients through the legal supply chain. The purpose of Article 85c of the Directive is to introduce regulatory controls on the supply of medicines over the internet in order to reduce the risks associated with the supply of counterfeit medicines, thereby protecting public health. In Ireland this applies to pharmacies and other non-pharmacy retailers involved in the internet supply of non-prescription medicines only.
The European Union (Amendment of the Pharmacy Act 2007) Regulations 2015 (S.I. No. 86 of 2015) make it a principle function of the PSI to establish and maintain a list of persons entitled to supply non-prescription medicinal products via internet supply (entitled the ISS (Information Society Service) supply list or Internet Supply List). The Medicinal Products (Prescription and Control of Supply)(Amendment) Regulations 2015 (S.I. No. 87 of 2015) requires all pharmacies and other entities engaged in internet supply of non-prescription medicines to notify the PSI of their internet activities.
What information do we hold?
We hold information submitted to us by way of applications for entry to the Internet Supply List, Part A and Part B. The personal information collected includes the name of the responsible person or company secretary making the application, as well as contact details and payment or credit card information.
The PSI assesses compliance with the requirements of the Directive and may gather information about the use of the Common Logo and appropriate supply of non-prescription medicines by internet supply. The HPRA and the PSI can carry out inspections of any premises involved in the supply of non-prescription medicines online under Section 32 of the Irish Medicines Board Act 1995 and Section 67 of the Pharmacy Act 2007.
Who we share the information with
The PSI is required to make the Internet Supply List, parts A and B, publicly available on the
PSI website. This lists company details as opposed to personal information.
-
Why we process your information and the legal basis
The PSI is responsible for defining and ensuring the standards of
education and training for pharmacists qualifying in Ireland. This includes developing standards, policies and carrying out accreditation of pharmacy degree programmes. The PSI also ensures that registered pharmacists undertake appropriate continuing professional development (CPD).
The PSI holds personal information from pharmacy students through applications that are received for participation in the National Pharmacy Internship Programme (NPIP) and applications to sit the PSI Professional Registration Examination (PRE).
A registrant’s contact details (from the PSI Register) will be shared with the Irish Institute of Pharmacy (IIOP) in order to include the pharmacist registrant in the system of CPD, and for related updates from the IIOP, as it is charged with the development and implementation of the system of CPD on the PSI’s behalf. The CPD process includes an ePortfolio submission/review and practice review, carried out by the IIOP. The PSI processes information where a pharmacist applies to the PSI to seek an exemption from submitting an ePortfolio or participating in practice review, due to extenuating circumstances.
What information do we hold?
The information collected includes personal data (for example, your name, postal or email address, date of birth and identity documents, details of your education and training) or special categories of personal data (for example, medical health references or records). We will also collect payment or credit card details to take the applicable fee payment; this information is held for a limited period according to our document retention policy.
Who we share the information with
The Royal College of Surgeons in Ireland is the provider of the NPIP programme on the PSI’s behalf and will be shared the relevant personal information of pharmacy students participating in the programme, as well as the tutor to whom you, as a student, are assigned.
The Royal College of Surgeons in Ireland (RCSI) administers the PRE exam on the PSI’s behalf and will be shared contact information for participants on that basis also.
The PSI processes requests from pharmacy technicians who apply for a certificate from the PSI in relation to the pharmacy technician qualification. On request, and with the consent of the data subject, this information is shared with the UK’s pharmacy regulator, the General Pharmaceutical Council.
-
Why we process your information and the legal basis
The Pharmacy Act 2007 gives the PSI powers of
inspection, investigation and enforcement as part of our regulatory role, in the interest of patients and public health and safety.
Information relating to a PSI registrant may be collected by an Authorised Officer of the PSI (PSI inspector) during the course of an inspection or investigation under section 67 of the Pharmacy Act 2007 or IMB Act 1995 and other relevant legislation.
During the course of an investigation, relevant information pertaining to patients, employees or other relevant persons may also be gathered under relevant legislation. The PSI seeks to minimise the personal information that it collects and retains.
What information do we hold?
We hold information that may be submitted in the first instance to the PSI where a person or another agency/authority has reason to be concerned about the operation of a pharmacy, or conduct or behaviour of a pharmacist, as well as subsequent information obtained by the PSI in the course of an investigation or inspection. The personal information collected in the course of these regulatory activities may include personal data (for example, your name, date of birth and identity documents, location data, CCTV footage, information provided in witness statements etc.) or special categories of personal data (for example, medical and health records).
Who we share the information with
Depending on the details and nature of the information and our legal obligations, the PSI may disclose personal, special category or criminal offence information regarding a PSI registrant, or other person identified within an investigation in other state agencies, such as to staff at the Health Products Regulatory Authority (HPRA), the Health Service Executive (HSE), Department of Agriculture, Tusla, An Garda Síochána, or the registrant’s legal representative.See also Memorandum of Understanding arrangements in place with relevant authorities where limited personal information may be shared in certain circumstances.
-
Why we process your information and the legal basis
The PSI must consider and investigate
complaints in order to carry out its statutory functions under the Pharmacy Act 2007.
The legal basis for which we collect and process your information during the complaints process is in line with one or more of the following:
- to comply with a legal obligation, specifically Part 6 of the Pharmacy Act 2007,
- to protect the vital interests of you or another natural person,
- it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the PSI,
- for reasons of substantial public interest, on the basis of the Data Protection legislation which is proportionate, respects the essence of the right to data protection and provides suitable and specific measures to safeguard your fundamental rights and interests,
- on the basis of consent.
What information do we hold?
We hold information contained in complaints submitted to the PSI and subsequent information obtained in the investigation of those complaints. Following the completion of the investigation, we also hold information in relation to a mediation or hearing which may take place and its outcome, including sanctions and undertakings. The information collected may include personal data (for example, your name, postal or email address or information in relation to criminal convictions and offences) or special categories of personal data (for example, medical or pharmacy records).
Who we share the information with
We are required by law to provide complaint information, including your name and contact details, to the pharmacist and/or pharmacy, or their legal advisors, about whom the complaint has been made. Where required for the purposes of the investigation of a complaint, mediation or hearing, we also share information with affected third parties, including patients.
For the purposes of the investigation of a complaint, mediation or hearing, your information is held by the PSI and by our legal representatives, by the relevant statutory committees of the PSI and their legal representatives and also where applicable, expert and factual witnesses. On occasion, and only where necessary, we share your information with PSI service providers, for example translation service providers and stenographers.
We publish some information about fitness to practice sanctions on our website (this includes the PSI newsletter, which is also available on our website) and on the online public registers. You can find more information about what we publish and how we publish fitness to practise information including the relevant time periods
here.
Sometimes, owing to the nature of the complaint, we may also share your information, or part of your information, with relevant bodies and organisations such as:
- Government Departments and Agencies
- An Garda Siochana
- Tusla
- The HSE
- The HPRA
- Other regulatory bodies within the EEA, and at times regulatory bodies outside the EEA.
- Employers
- The Courts Services
In these cases, we take care to ensure that only the minimum information is shared and that this is in line with data protection legislation.
-
Why we process your information and the legal basis
In order to carry out its statutory functions under the Pharmacy Act 2007, the PSI considers and investigates information received where a person has a concern in relation to a pharmacist or pharmacy.
The legal basis for which we collect and process your information in respect of a concern is in line with one or more of the following:
- to protect the vital interests of you or another natural person,
- it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the PSI,
- for reasons of substantial public interest, on the basis of the Data Protection legislation which is proportionate, respects the essence of the right to data protection and provides suitable and specific measures to safeguard your fundamental rights and interests,
- on the basis of consent.
What information do we hold?
We hold information in relation to a concern submitted to the PSI and subsequent information obtained in the investigation of that concern. The information collected during the concern process may include personal data (for example, a person’s name, postal or email address or information in relation to criminal convictions and offences) or special categories of personal data (for example, medical or pharmacy records).
Who we share the information with
Details of a concern, which could include your name and contact details, may be shared with the pharmacist or pharmacy, or their legal advisors, to which the concern relates. Where required for the purposes of the investigation of a concern, we may also share information with affected third parties, including patients.
For the purposes of the investigation of a concern your information is processed by the PSI and where necessary, our legal representatives. Sometimes, owing to the nature of the concern, we will also share your information, or part of your information, with other bodies/organisations, such as:
- Government Departments and Agencies
- An Garda Siochana
- Tusla
- The HSE
- The HPRA
- Employers
- Relevant Health Practitioners
- Other regulatory bodies within the EEA
In these cases, we take care to ensure that only the minimum information is shared and that this is line with data protection legislation.
-
Why we process your information and the legal basis
The PSI has statutory authority to inspect and investigate pharmacies and, where necessary, to issue prosecutions in relation to applicable offences.
The legal basis for which we collect and process your information during a prosecution is in line with one or more of the following:
- to comply with a legal obligation, to include applicable national and EU legislation, specifically Part 7 of the Pharmacy Act 2007,
- to protect the vital interests of you or another natural person,
- it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the PSI,
- for reasons of substantial public interest, on the basis of the Data Protection legislation which is proportionate, respects the essence of the right to data protection and provides suitable and specific measures to safeguard your fundamental rights and interests,
- on the basis of consent.
What information do we hold?
We hold information arising from PSI inspections and/or investigations resulting in a prosecution. The information collected during the prosecution process may include personal data (for example, a person’s name, postal or email address or information in relation to criminal convictions and offences) or special categories of personal data (for example, medical or pharmacy records).
Who we share the information with
We are required by law to provide information as a result of a prosecution to the pharmacist and/or pharmacy or their legal advisors to which the prosecution relates. Where required for the purposes of a prosecution, we also share information with affected third parties, including patients.
For the purposes of a prosecution, your information is held by the PSI and by our legal representatives and where applicable, any expert and factual witnesses. On occasion, and only where necessary, we share your information with PSI service providers, for example translation service providers.
We also publish the outcome of a prosecution on our website (this includes the PSI newsletter which is also available on our website). We may also publish a press statement in respect of the outcome of a prosecution.
Sometimes, owing to the nature of the prosecution, we will also share your information, or part of your information, with other bodies/organisations such as:
- Government Departments and Agencies,
- An Garda Siochana
- Tusla
- The HSE
- The HPRA
- Other regulatory bodies within the EEA and at times, regulatory bodies outside the EEA
- Employers
- The Courts Services
In these cases, we take care to ensure that only the minimum information is shared and that this is in line with data protection legislation.
-
Why we process your information and the legal basis
The PSI has a duty to take suitable action to improve the profession of pharmacy, as well as to facilitate the provision of information to its registrants and any other member of the public in line with our role.
The PSI facilitates a query-response service for pharmacists, other healthcare professionals and members of the public who have pharmacy practice related questions. We seek to provide relevant compliance information and guidance, and access to materials, to assist with those requests.
The PSI also carries out regular public consultations, other survey analysis, events and feedback opportunities so that the opinion and input of our stakeholders is considered in the work we are undertaking.
What information do we hold?
We hold contact details of pharmacists who sumit queries or seek guidance from the PSI, and this is managed in a case management system. This information may be received by telephone, by post or by email, or using this
query form. We also hold contact details and other personal health information provided by members of the public who submit queries to the PSI, and this is also managed in a case management system. This information may be received by telephone, by post or by email.
We receive feedback and commentary when we conduct public consultations, carry out surveys, and hold events for registrants and other stakeholders. We will limit personal information gathered for those purposes and we will seek consent to process information if it is provided.
Who we share the information with
We do not share the details submitted to third parties. We do compile and publish summary data based on the queries and feedback that we receive, so as to identify trends, develop materials or improve our regulatory processes. Feedback received may also identify matters that should be brought to the attention of other regulators or public bodies, and in general we will summarise or anonymise this information if it is shared.
-
Why we process your information and the legal basis
For the purpose of legal and contractual arrangements, the PSI processes bank account information for suppliers, contractors, staff, Council and Committee members and other third parties for reimbursement of fees and expenses.
The PSI processes payment information for fees owed for registration, continued registration, qualification recognition and other purposes in line with our statutory responsibilities.
The PSI may process personal data submitted by tenderers to manage procurement award procedures and decide whether to enter into a contract with a particular tenderer.
What information do we hold?
The PSI holds bank account information for suppliers, contractors, staff, Council and Committee members and other third parties for reimbursement of fees and expenses.
The PSI will process payment information including credit card details in order to process fee payments for registration, continued registration, qualification recognition and other purposes in line with our statutory responsibilities.
Personal data may be collected as part of a procurement process that may relate to the tenderer, its staff or its sub-contractors. Following finalisation of the procurement procedure in question and entry into a contract, the PSI may process certain personal data in order to perform its obligations under that contract, such as holding bank details for payment purposes. We retain files relating to procurement procedures in accordance with the PSI’s retention policy.
Financial information is held for a limited period, revenue and other requirements and in accordance with the PSI’s retention policy.
Who we share the information with
This information may be shared with staff at banks used by the PSI to process its financial transactions.
For the purpose of internal control the PSI engages both internal and external audit services, and they may have reason to have access to personal information in accordance with their role and under PSI instructions.
-
Why we process your information and the legal basis
The PSI collects personal information from candidates and/or recruitment agencies for recruitment purposes. A candidate consent form is used by the PSI at the point of collecting the information so that the PSI can process the personal information submitted in application forms, CVs or assessments.
Candidate information is kept for different durations depending on your success or otherwise in the recruitment process. Details are available in the PSI’s retention schedule.
What information do we hold?
As part of the recruitment process, the PSI may collect and hold your personal information such as name and contact details, details about qualifications, skills, experience and employment history, current immigration status if applicable, and other information provided by you as a candidate such as referee information, or information provided during interview or at another point in the recruitment process.
Who we share the information with
Personal information provided by candidates may be shared with those appointed to an interview board (these may be PSI employees, PSI office holders or external persons). Limited information is provided to the PSI’s occupational health assessor for the candidate to be assessed for fitness to work, if a person is being considered for appointment. Successful candidates will be further advised about how their personal information will be used by the PSI once employed.
-
The Protected Disclosures Act 2014, and the PSI policy and reporting on any disclosures to us is available on our
website.
Any information including personal data received by the PSI from a person making a protected disclosure (i.e. a whistle blower) will be used for the PSI to carry out its statutory functions under the Act. The PSI has a legal obligation to protect the identity of a person who makes a protected disclosure and not to disclose any information that might identify that person, subject to certain exceptions.
The PSI is obliged to publish a summary report each year of any disclosures received, and this is made available also in the PSI Annual Report.
-
For health and safety purposes, we ask visitors to PSI House to provide their name by signing in at reception on arrival. Visitors may be required to wear a visitor badge for the duration of their time in non-public areas of the building.
In the PSI’s management of a safe working environment for staff and visitors to PSI House, and in compliance with government and public health authority guidance and direction, as in the case of the COVID-19 national public health emergency, it may be necessary to process additional personal information for limited and specific purposes. The PSI will make visitors aware of their personal obligations and highlight safety considerations (those for whom COVID-19 poses increased risk), and will record and maintain as necessary a log of contacts for HSE contact tracing purposes.
In these situations, the PSI will only collect the minimum information necessary, particularly health related information (special category data) to achieve these objectives and the information will not be processed for any other purpose. The information will be held by the PSI for the necessary time only to meet a need or fulfil obligations, and this will be set out in the PSI’s document retention schedule. Access to, and sharing of, such information will be strictly limited.
The PSI operates a Closed Circuit Television (CCTV) system in its premises which captures and stores personal information. This information will be used only for the purposes outlined in our
CCTV policy.
-
The PSI website collects cookies. A pop-up cookies alert appears when someone visits the PSI website.
Read our cookies policy.
There is related information about the use of the PSI website under its
terms of use.
-
The PSI issues an electronic
newsletter several times each year. It is published on the PSI website and circulated by email for the purpose of providing regulatory and public health updates, offer opportunities to engage with the PSI, and remain informed on matters of pharmacy and medicines legislation, compliance, and related matters aligned to the PSI’s remit to protect the health, safety and wellbeing of patients and the public.
It is automatically sent to PSI registrants using the contact email address provided by them on the Register. It is also sent to online subscribers who have provided their name and email address to the PSI. Details provided by subscribers are maintained for the purpose of sending newsletters only, and those details are not shared with another party.
A newsletter recipient may unsubscribe using the link at the bottom of each email, or by contacting
communications@psi.ie. The PSI strongly advises that its registrants (pharmacies, pharmacists and pharmaceutical assistants) should continue to receive the newsletter in order to be kept up to date with regulatory and public health matters.
PSI Statistics and Research
We sometimes use information for statistical and learning purposes. The PSI compiles statistics and research based on data we hold or when we invite feedback through public consultations, surveys and other opportunities to input to the PSI’s work. Where we do so, we make every effort to remove any personal information in the reports we produce.
Your Data Protection Rights
If your personal information is processed by the PSI, you have rights in relation to that data. You may exercise your rights by submitting a Subject Access Request form or by contacting the Data Protection Officer, dataprotection@psi.ie.
Your Rights
Expand all
Collapse all
-
You have the right to ask for and receive a copy of the personal information held about you by the PSI, and to understand how the information is used.
-
You have the right to ask the PSI to amend or correct your personal information so that the information held about you is accurate and complete.
-
You have the right to seek the erasure of your personal information from the PSI’s systems and records. This right is also known as the right to be forgotten. It may apply where there is no longer a legal basis for the PSI to hold the information.
-
You have the right to ask to restrict or suspend the PSI in the use of the personal information held about you if you contest the accuracy of the information being processed and the PSI will need to establish the data's accuracy; where the PSI’s use of the information is unlawful but you do not want it to be erased; or where you need the information to be held even if the PSI no longer requires it as you need it to establish, exercise or defend legal claims.
-
If the legal basis for the PSI’s processing of your personal information is based solely on your consent, you have the right to withdraw your consent. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
-
You have the right to request the transfer of your personal information to you or to a third party in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you are making a request to the PSI, please describe the records and actions you are seeking in detail. We may need to request specific information from you to help us confirm your identity and ensure your right to access personal information (or to exercise any of your other rights). Requests must be responded to by the PSI within one month, however, if there is a degree of complexity or large volume involved we may need to extend this period by a further two months. If this is the case we will inform you of this within one month of receiving your request. There will usually be no fee for making a request in relation to your data rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with those requests.
Please note that the scope of your data rights may be subject to restrictions if, for example:
- your rights may be limited by the legal requirements in the Pharmacy Act, including the requirement that the PSI maintain registers of pharmacies, pharmacists, and pharmaceutical assistants, as well as, for example, carry out investigations and process complaints,
- we are using your data to carry out our statutory functions, because there are strong public interest and patient safety grounds for us to process personal information in order to carry out our role,
- your data protection rights may be restricted by the rights and freedoms of third parties,
- we have another legal requirement to use your personal information in a particular way.
If we cannot comply with your request, we will let you know why this is the case.
Complaints
If you have a query or complaint about the use of your personal information by the PSI, the Data Protection Officer is available to assist you in the first instance.
You have the right to make a complaint at any time to the Data Protection Commission, the supervisory authority in Ireland, which is responsible for upholding the rights of individuals under Data Protection legislation and GDPR.
E-mail: info@dataprotection.ie
Telephone: +353 (0)761 104 800
Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
This notice may be updated from time to time.