Data Retention Policy
Version 1.0 published 20 October 2020
1. Purpose of the policy
The National Office firmly commits to complying with our data protection obligations.
This policy sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be retained by Us, where ‘Us, We, Our’ means the National Office and National Research Ethics Committees either separately or together. Any reference to ‘Data Controller’, ‘Data Processor’, ‘Personal Data’ and ‘Data Subject’ shall have the meaning ascribed to in the General Data Protection Regulations (the ‘GDPR’).
The Data Protection Acts 1988 and 2003 (as amended) (the “DPA”) and, from 25 May 2018, the GDPR impose obligations on us, as a Data Controller, to retain the data for no longer than is necessary. We are obliged to provide individuals with information on our retention periods or criteria used to determine the retention periods.
The time periods for which we retain your information depends on the type of information and the purposes for which We use it. We will keep your information for no longer than is required or permitted. We do not transfer your data outside of the EU.
2. Who we are
We are the National Office for Research Ethics Committees, an independent statutory body based in the offices of the Health Research Board, Grattan House, 67-72 Lower Mount Street, Dublin 2, D02 H638.
The National Office is responsible for establishing National Research Ethics Committees (NRECs) in select areas of health research at the request of the Minister for Health and providing advice and support to the wider Irish health research community.
3. Document retention procedure
We must retain certain records because they contain information that must be kept in order to satisfy statutory, legal, accounting or other regulatory requirements.
We must balance these requirements with Our statutory obligation to only keep records for the period required and to comply with data minimisation principles. The retention schedule below sets out the relevant periods for the retention of various National Office documents.
Categories of personalised data | Internal retention period | Justification of timeline |
Invalid application | 6 months | For future validation and follow on submission queries |
Unsuccessful applications | 2 years after the date of submission | For future validation and follow on submission queries |
Successful applications | 5 years after the end of study completion | For reporting purposes and record keeping |
Membership expression of interest submissions | 5 years after submission | For future membership opportunities |
NREC member contact details | 3 years after expiration of membership | For follow up queries by the National Office |
NREC member financial details | 7 years after expiration of membership | Revenue Requirements |
NREC expense receipts | 7 years | Revenue Requirements |
Letters of Offer for NREC membership | 2 years after expiration of membership | For National Office records |
NREC member Bios & Photos | Will be removed immediately once membership has expired | No legal basis for retaining in public view |
Newsletter subscription | Will be removed immediately once requested or once newsletter terminated | No legal basis for retaining |
Minutes of NREC meeting | Permanent | Statutory obligation |
NREC decisions | Permanent | Statutory obligation |
4. Types of documents
A record is any type of information created, received or transmitted in the transaction of the National Office’s business, regardless of physical format. Examples of where the various types of information are located are; calendars, emails, handwritten notes, invoices, voicemails.
A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or a litigation hold or other special situation) calls for its continued retention.
5. Storage
All Personal Data retained by Us is stored in a secure online drive hosted on a server within the Health Research Board (HRB). The online secure drive can only be accessed by authorised members of the National Office and the ICT support team of the HRB. All paper copies are stored securely in the National Office. Personal Data will not be shared with other third-parties who are not outlined in this privacy notice.
6. Confidential information of others
Unsolicited confidential information submitted to Us shall be refused, returned to the sender where possible and deleted, if received electronically.
7. Questions about the policy
Any questions about this policy should be referred to the National Office: nationaloffice@nrec.ie