Progress in the
Penal System (PIPS)

Home Page

Data Protection & Privacy


When you share your personal data[1] with IPRT we are committed to protecting and respecting your privacy. This Privacy Statement tells you about your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose your personal data, particularly in respect of your interactions with our website (the Site).

This statement contains the following sections. Please read each carefully to understand our use of your personal data. We hope it will answer any questions you might have. If you have any other questions please contact us at

  1. How we collect information about you
  2. Special categories of personal data
  3. Consent
  4. How we use the personal data we collect
  5. How we keep your information safe
  6. Who do we share your information with?
  7. Links to other sites
  8. Your rights
  9. Exercising your rights
  10. What happens if there is a data breach?
  11. How to contact us
  12. Changes to this Privacy Statement

1. How we collect information about you

We collect personal data about you when you decide to provide us with such information – for example when you email us, use our online forms, request advice or information, sign up to our events or to request our newsletters. In addition to the personal information you provide to us, we also collect certain information when you visit our website, engage with our social media and discussion fora and when we take photos at our events.

We may collect and process the following types of personal data about you:

Identity Data: including name or similar identifier

Contact Data: including address, email address and telephone numbers

Financial Data: including bank account and payment card details. (This is only where you are making a donation or paying for membership).

Transaction Data: including details about donations or membership payments.

Usage Data: including information about how you use our site.

Communications Data: including your preferences in when and how you are happy to receive communications from us

Technical data and cookies

Our Site does not use cookies[2], apart from temporary "session" cookies which enable a visitor's web browser to remember which pages on this website have already been visited. Visitors can use the IPRT site with no loss of functionality if cookies are disabled from the web browser.

Technical details in connection with visits to our site are logged by our site hosting company (Linode), an international organisation, with the IPRT server based in the EU. IPRT will make no attempt to identify individual visitors, nor to associate the technical details with any individual. IPRT will never disclose such technical information in respect of individual website visitors to any third party (apart from our site hosting company, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by a rule of law.

IPRT also uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics does use “cookies”. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using you consent to the processing of data about you by Google in the manner and for the purposes set out above.

2. Special Categories of Personal Data

As a general rule we do not collect details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we generally collect any information about criminal convictions and offences.

However, there are some exceptions to this general rule:

3. Consent

Usually we will ask for your express consent to use your personal information. For example, when you sign up to become a member, we will ask for your consent to make you aware of other related things which may be of interest to you, for example making a donation to IPRT or attending one of our events. Before you give your consent, we tell you what information we collect and what we use it for. You can withdraw your consent at any time by contacting us.

4. How we use the personal data we collect

We will never release your personal details to any organisation outside IPRT for mailing or marketing purposes. We only use your personal data for the following purposes:

Click here to see a summary of the purpose and basis for processing your data, and for the retention period of your data.

5. How we keep your information safe

We are committed to protecting the security of your personal data. We use a variety of technical and physical security technologies and procedures to help protect your personal data from unauthorised access.

To ensure the security of your credit card information when you use it to log a donation or membership on our Site, we use Secure Socket Layer (SSL) technology. You will see the padlock in your browser’s security display indicating that the transfer of all data between your browser and our Site has been encrypted. When you supply us with your card information in the context of an online transaction, this information is not retained on this Site. Rather, it is securely transferred to Stripe, a secure online payments provider.

As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available.

Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.

6. Who do we share your information with?

In some very limited circumstances we will share your information with third parties in order to improve our service to you, for example:

We have taken steps to ensure that these third parties to have the same levels of data protection that we have. See for example:

7. Links to other sites

Our Site may, from time to time, contain links to and from other websites. Also, some parts of the Site are powered by widgets designed by third parties e.g. YouTube. If you follow a link to any of those websites or widgets, please note that they will have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites or widgets.

8. Your rights

You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. We will not charge for this service.

A summary of your rights and what they mean is available here.

9. Exercising Your Rights

Our Executive Director oversees how we collect, use, share and protect personal data to ensure your rights are fulfilled. If you wish to exercise any of the rights listed in the table above, please contact her. You may contact her in person, by telephone, in writing or by email at Any complaint will be fully investigated.

10. What happens if there is a Data Breach?

All staff of the organisation receive training on data protection. In the unlikely case of any data breach occurs (which we define as any loss of control over the personal data which has been entrusted to us, including any inappropriate access to personal data on our systems or sending personal data to the wrong receiver) IPRT will apply the Personal Data Security Breach Code of Practice issued by the Data Protection Commissioner and which can be viewed in full at

In brief:

11. Changes to this Privacy Statement

We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the Site prior to the change becoming effective. Please review this Privacy Statement periodically for updates.

12. Contact Us

Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed to the Executive Director at or sent in writing to:

Executive Director
GDPR Query
1 Green Street
Dublin 7

To download or print the privacy statement in full, click here.

[Last Updated: May 2018, changes to providers May 2019]

Data Subject Access Request

You are entitled to request access to your personal data under the General Data Protection Regulation (GDPR) 2018. To access the information we currently hold against you, please return the IPRT Data Subject Access Request, with a copy of photographic ID.

[1] "Personal data" means any information about an individual from which that person can be identified.

[2] A “cookie” is a text file placed on your computer, to help the website analyze how users use the site

Irish Penal Reform Trust


Copyright 2021 Irish Penal Reform Trust. CHY number: 11091

Read PIPS 2020
Online edition coming soon!
Explore PIPS 2019
This is an older online edition
viewed here