Data Protection Statement

The Pharmaceutical Society of Ireland (PSI) is committed to protecting the security of your personal data (personal information). This Data Protection Statement outlines the personal information that the PSI processes, which includes how information is collected and stored, and how it may be used. It also explains your data rights and how you can contact us about your data privacy.

It is important that you read this statement together with any other information relating to data protection which may be provided to you when we are collecting or processing your personal information, so that you are aware of how and why we are using your information.

We hope this statement will assist you to understand the PSI’s data processing activities. Please contact us if you have questions.

About Us

The PSI is a public body established in law to protect the health, safety and wellbeing of patients and the public by regulating pharmacists and pharmacies in Ireland. As the pharmacy regulator, the PSI collects and processes personal information when carrying out our role and functions as provided for under the Pharmacy Act 2007, and its associated statutory instruments. This information is received from, or about, a range of individuals (data subjects) including, PSI registrants, applicants seeking registration, patients and members of the public, and our service providers. We do this in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018 (the applicable data protection legislation) .

We use personal information to enable us to meet our public interest responsibilities as the regulatory body for pharmacists, pharmaceutical assistants and pharmacies in Ireland. We work to ensure, and where necessary enforce, compliance with the Pharmacy Act 2007. We process personal information when carrying out our role and legal responsibilities, which include:

  • Registration of pharmacists, pharmaceutical assistants and pharmacies;
  • Setting standards for pharmacy education and training at undergraduate and postgraduate level, including ensuring all pharmacists are undertaking appropriate continuing professional development (CPD);
  • Development of pharmacy practice for the benefit of patients and the wider health system;
  • Regulation through inspection and enforcement, and considering complaints made against a pharmacist or a pharmacy, including the imposition of sanctions; and,
  • Providing advice and guidance to the public, pharmacy profession and to Government on pharmacy care, treatment and service in Ireland.

For the purposes of the applicable data protection legislation, the PSI is the data controller of your personal information, and can be contacted at the Pharmaceutical Society of Ireland, PSI House, 15-19 Fenian St, Dublin 2, D02 TD72.

As an employer and public body with a board (the PSI Council) and committees, the PSI also holds information about its staff and office holders, and details about how we keep this information is provided to our internal stakeholders.

Data Protection Officer

We have appointed a Data Protection Officer who can be contacted in relation to the details in this Data Protection Statement and about exercising your data protection rights.
Phone: (0)1 218 4000
By post: Data Protection Officer, Pharmaceutical Society of Ireland, PSI House, 15-19 Fenian St, Dublin 2, D02 TD72.

Data Security

All personal information provided by you to the PSI will be treated in the strictest of confidence and maintained securely. We have put in place appropriate security measures to protect the personal information that we hold. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business or regulatory need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and the Data Protection Commission of a breach where we are legally required to do so.

Information we collect about you

To carry out our legal functions, we may process, including collect, use, store and transfer different kinds of personal information.

Personal information includes details such as your name, your personal and/or business address, phone number, e-mail address, your nationality, your birth certificate, details related to your education and qualification, evidence of English language competency, your place of work, and your bank or payment card details.

The PSI may also process details concerning your health (special category personal data), if it is required to do so by law, for example for the purpose of registration or where the PSI is considering a health impairment matter in relation to a registrant’s professional practise, or if provided with the consent of an individual, for example where a complaint is made to the PSI with details of healthcare, medicines and treatment.

Criminal offence information will be collected and processed by the PSI for the purposes of registration, or fitness to practise including sanctioning, as outlined in the Pharmacy Act 2007. This includes information about criminal allegations, proceedings or convictions, where applicable.

Usage and technical information may also be collected through your use of the PSI website or the PSI newsletter. Our cookies policy provides more details.

How your personal information is collected

The PSI generally obtains information in the following ways.

  • You provide us with your personal information. This may be given to us when you fill in a form, in writing or online, for registration and related purposes, to subscribe to the PSI newsletter, or other reasons connected to our statutory functions. You may also give us information in a letter, email or over the phone, or in order to provide your details for the provision of a service to the PSI.
  • A third party provides us with information about you. This may include your employer, an academic institution, another state agency, or another competent authority for the purpose of qualification recognition or registration. Information about a registrant may also be provided to the PSI when someone raises a formal complaint or where they have reason to be concerned about a pharmacist or pharmacy.
  • If you have consented to our Cookies Policy and are using PSI online services, the analytics service may gather information about you.

Why your personal information is collected

We process personal information in the course of carrying out our legal and contractual requirements, in order to meet our responsibilities to the public, or in the exercise of official authority vested in the PSI, or where consent for particular matters is provided. More detailed information is provided under each of the drop-down categories below.

The personal information you have provided will be processed by the PSI for the purposes outlined in this statement, and will be kept according to our retention schedule, which sets out the time periods for how long information is kept by the PSI for different purposes, and per legal requirements.

The PSI does not use your personal information for automated decision making.

How information may be shared

In order to carry out our regulatory functions in accordance with legislation, we may share or provide access to personal information to other parties. If it is required, we will seek your consent before we release your personal information to others. Your information may be shared with:

  • Data Processors: Companies or individuals who provide the PSI with data processing services, including legal or IT services.
  • Disclosure to Third Parties: Some of your personal information may be disclosed to external organisations in certain circumstances for the PSI to comply with its legal obligations, for public health and safety purposes. These organisations include, but are not limited to, the Health Products Regulatory Authority (HPRA), the Health Service Executive (HSE), An Garda Síochana, Tusla, Schools of Pharmacy and pharmaceutical companies (arising from medicine supply shortages). The PSI also has memorandum of understanding (MOU) agreed with other organisations. Where it is appropriate to do so, limited personal information may be shared in accordance with an MOU’s stated purpose in line with the PSI’s regulatory remit. Your consent is not required to share personal information where there is a legal requirement and the PSI is operating within its legal remit.

We ensure the security and privacy of your information by requiring other parties to act in compliance with data protection law, and that they process or access information only for specific purposes and according to our instructions. We provide more details about information sharing under each of the drop-down categories below. We encourage you to read the sections relevant to you.

Transfers of personal information abroad

We seek to limit the transfer of personal information beyond the EU/EEA.

We may transfer personal information on the request of someone who is seeking to be, who is or has been registered with the PSI, for example, for the purposes of processing registration payments or where an individual seeks to share details of their qualifications, professional status and fitness to practise with a competent authority in a country outside the EU/EEA.

Please note that where the PSI selects to gather information or feedback using the online software called SurveyMonkey, participants will first be asked to consent before they provide information to the PSI through this channel. The collection of personal information is limited or avoided when using this software. SurveyMonkey’s servers are located in the United States. We have entered into a contractual arrangement with SurveyMonkey to ensure that your personal information is given the appropriate level of data protection. We work closely with them to ensure that your privacy is respected and protected at all times. 

The PSI may transfer personal information to a country outside the EEA where it is necessary for the establishment, exercise or defence of a legal claim, but will at all times ensure that any personal information transferred is done so within the requirements of the applicable data protection legislation.

More details in relation to this are provided in the drop-down categories below.

PSI functions and activities and your personal information

We have aimed to provide a broad understanding of the PSI’s data processing activities with as much information as possible, but it is not exhaustive. We are happy to provide any additional information or explanation as needed.The PSI may process your personal information in the course of performing one or more of the following functions.

Click on the relevant heading for more information

Expand all

  • Qualification Recognition and Registration of Pharmacists, Pharmacies and Pharmaceutical Assistants

  • PSI Public Registers

  • Research requests

  • Maintenance of the Internet Supply List

  • Education, training and CPD

  • Inspection and Enforcement

  • Complaints, Fitness to Practise Investigations and Sanctions (the Complaints Process)

  • Concerns about a pharmacist or pharmacy

  • Prosecutions

  • Pharmacy practice queries and other information provided to the PSI

  • Fee payments, tenderers and suppliers

  • Recruitment

  • Protected Disclosures

  • Visitors to PSI House

  • PSI website and cookies policy

  • PSI newsletter

PSI Statistics and Research

We sometimes use information for statistical and learning purposes. The PSI compiles statistics and research based on data we hold or when we invite feedback through public consultations, surveys and other opportunities to input to the PSI’s work. Where we do so, we make every effort to remove any personal information in the reports we produce.

Your Data Protection Rights

If your personal information is processed by the PSI, you have rights in relation to that data. You may exercise your rights by submitting a Subject Access Request form or by contacting the Data Protection Officer,

Your Rights

Expand all

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to withdraw consent

  • Right to receive your personal information in a portable format

If you are making a request to the PSI, please describe the records and actions you are seeking in detail. We may need to request specific information from you to help us confirm your identity and ensure your right to access personal information (or to exercise any of your other rights). Requests must be responded to by the PSI within one month, however, if there is a degree of complexity or large volume involved we may need to extend this period by a further two months. If this is the case we will inform you of this within one month of receiving your request. There will usually be no fee for making a request in relation to your data rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with those requests.

Please note that the scope of your data rights may be subject to restrictions if, for example:

  • your rights may be limited by the legal requirements in the Pharmacy Act, including the requirement that the PSI maintain registers of pharmacies, pharmacists, and pharmaceutical assistants, as well as, for example, carry out investigations and process complaints,
  • we are using your data to carry out our statutory functions, because there are strong public interest and patient safety grounds for us to process personal information in order to carry out our role,
  • your data protection rights may be restricted by the rights and freedoms of third parties,
  • we have another legal requirement to use your personal information in a particular way.

If we cannot comply with your request, we will let you know why this is the case.


If you have a query or complaint about the use of your personal information by the PSI, the Data Protection Officer is available to assist you in the first instance.

You have the right to make a complaint at any time to the Data Protection Commission, the supervisory authority in Ireland, which is responsible for upholding the rights of individuals under Data Protection legislation and GDPR.
Telephone: +353 (0)761 104 800
Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28

This notice may be updated from time to time.