Privacy Statement

CES works with government departments and service providers to design, develop, implement and evaluate public policies and services. Our services and activities require us to process personal data from time to time. CES processes personal data in accordance with the General Data Protection Regulation (GDPR(EU)2016/679), Irish data protection laws and any other relevant data protection laws and codes of conduct.

This statement informs you about the types of personal data that CES processes, how we handle it and what your rights are in relation to it.

CES processes data for:

  1. Communications and Events
  2. Recruitment
  3. Our project work

How we process personal data for communications and events

Our communications platforms

At CES we use our website to communicate about our work, promote events and to share resources and tools that we produce.

When you sign up for our mailing list, you will receive updates from CES, including our Ezine.  You can also subscribe to the weekly CES Knowledge Exchange.

From time to time, we will use our mailing list to notify you about new resources, to seek feedback from you about our work, or to invite you to our events. If you register for an event, you will be asked for details such as your name, email address and organisation.

What data do we collect on our website?

Our website uses cookies, small text files with pieces of data which are placed on your device as you navigate a website. We use Google Analytics cookies to tell us about levels of activity on our website, for example which pages on the site are used more frequently. This information helps us to improve and enhance our website. You will find full details of how we use cookies in our Cookie Policy.

Subscribing to our mailing lists

CES uses third-party platforms to support our communications. These include Mailchimp, Eventbrite, Survey Monkey, Zoom and Microsoft Teams. Personal data such as email address, name, organisation and area of work may be stored on these platforms for a period of time The lawful basis for collecting this data is consent which means that an individual has given us clear, explicit consent to process their personal data for a specific purpose. Consent may be withdrawn at any time. CES ensures that specific data protection guarantees have been provided by these services including where data is hosted and security credentials. The privacy notices of these providers are available here:

Newsletter, Ezine, Knowledge Exchange and other communications: Mailchimp

Event registration and communication: Eventbrite

Surveys: Survey Monkey

Online events hosting: Zoom

Retention periods and opting out

If at any time you decide that you no longer wish to hear from us, you can unsubscribe from our mailing list. At the bottom of our Ezine and other communication from CES, you will be given the option to unsubscribe. When you click on this option, we will remove your name from our mailing list.

You can also adjust the settings in your browser to decline cookies. This will have an impact on your experience of our website. To read more, click here and see CES’ Cookie Policy

If we have collected your personal data for an event we will delete your data after that event, unless you have given clear consent for further communications from us.

Recruitment - How we process the personal data of job applicants

From the point at which we receive your application for employment, CES will need to maintain and process data about you for the purposes of assessing and communicating a recruitment decision. The following outlines what data we obtain and process, our basis for doing so, and for how long it is retained.

What personal data does CES process in our recruitment?

At the recruitment stage, applicants are requested to submit an application form and/or a cover letter and a CV. Data obtained includes the following:

  • Name and contact details including home address, email address, phone number
  • Candidate’s work history
  • Candidate’s education history
  • Qualifications and experience relevant to the role
  • Eligibility to work in the EEA
  • Contact details for referees: previous employer(s) and personal or educational referees

Selection Process – Short-listing:

The information provided by the applicant will be used to assess their suitability to be interviewed for the advertised role. This will be done through a process of reviewing the information provided in the application documents against the requirements of the role. The most suitable candidates are selected for the interview stage.

Selection Process – Interviews:

Applicants may be invited to interview(s) for a role following the short-listing process. The data generated at this stage of the process will be as follows:

  • Interview details including notes and assessment of the interview board, dates and times
  • A record of candidates’ arrival to and departure from the CES offices for Health and Safety purposes
  • References provided by previous employers and personal or educational referees
  • Communication of the recruitment decision.

What is CES’ lawful basis for processing your data and for how long do we retain it?

Under data protection law, there are six available lawful bases under which an organisation may process personal data. They are consent, contractual purposes, legal obligations, vital interests, public task, and legitimate interests.

We process and retain your recruitment data on the basis of your consent at application stage and, if unsuccessful in your application, for one year after the recruitment process to keep your data on file for other opportunities.

Consequences of failing to provide the information

CES requests the same information of all intending applicants. If you do not provide the information as requested, we will not be able to process your job application.

Does CES share your personal data with third parties?

CES interview panels may include an external panel member, in which case we will provide the applications of short-listed applicants for the purposes of conducting the interview and evaluating candidates. All interviewers are required to return hardcopy interview documentation and to confirm deletion of any copies and any electronic applicant data provided.

  1. We may contact referees following interviews. This is on the basis of the referee information you have provided. We will ask you at interview and via email after interview whether you consent to us contacting referees.How we process personal data in our project work

CES is contracted and commissioned by a wide range of funders including government departments, statutory services, community and voluntary sector organisations and philanthropic organisations.

This work sometimes requires us to process personal data. The legal basis for collecting this data will be clear consent from an individual. The data collected includes:

  • Quantitative data collected by, or on behalf of, CES. This is usually collected by survey using a confidential survey platform. If there are direct identifiers such as a name, email address, or other contact details these are personal data. These will be stored separately and linked to the main dataset through an assigned ID (pseudonymised data). Otherwise, data is anonymous. For the period of time during which there is a link to the identifier, the main dataset will be considered personal data. If it is reasonably possible to identify someone, for instance through a combination of variables, this will be categorised as personal data.
  • Qualitative data collected by, or on behalf of, CES. Data collection methods are usually by face to face interviews and/or focus groups (in person or via reputable online platforms). This often requires recording and subsequent transcription using secure transcription tools.
  • Secondary data. CES also accesses or processes data from other agencies or sources. These data do not contain identifiers.

Retention periods

CES retains personal data for the lifetime of the project or for such time as is contracted by the project commissioner.

How can I make a Data Subject Access request from CES?

If you would like to make a Subject Access Request, or exercise any other of your data protection rights, please contact our Data Protection Lead, Michelle Hannon at or by post at:

Data Protection Lead

Centre for Effective Services (CES)

27 Fitzwilliam Street Upper

Dublin 2

D02 TP23.

In order to facilitate processing of your request and timely retrieval of your personal data, we ask that you provide the following details:

  • Your Name
  • Details of the personal data that you are requesting
  • Data Subject Right you wish to exercise (where applicable) e.g., right to rectification, erasure
  • Any other relevant information
  • The format you request data to be provided to you (e.g. electronic, hard copy)


In order to ensure that personal data is not disclosed to the wrong person and/or if there is any doubt about the identity of the person requesting the data, proof of identity will be required with your data access request. If a request is being made on your behalf by a third party such as a solicitor, authority and verification will be sought.

Data pertaining to your information only

You are entitled to your own data only. If data from additional parties to the request are required by you, it is necessary for each party to consent to the release of their personal data in writing to the Data Protection Lead. Data pertaining to individuals not party to the request will not be released to you.

Response Times

We will respond to your request without undue delay and your request will be concluded no later than 1 month from when it is received. The timeline may be extended by up to 2 months taking into account the complexity and whether it is a repeat request. In this case, we will communicate with you to ensure you are aware of where we are in the process.


Your data will be provided to you free of charge.

However, a reasonable fee may apply when a request is manifestly unfounded or excessive.

Right to complain to Data Protection Commissioner

If you are unhappy with the outcome of your request, you may make a complaint to the Data Protection Commission. They can be contacted through their website or in writing at:  

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28

Further details on your rights under Data Protection legislation are also available on their website.