Everyone has rights regarding how their personal information is handled. During Offaly Language Academy (OLA)’s operations, we may collect, store and process personal information about staff, students, guardians, host families, educational partners, clients and service providers. We recognise the need to treat this data in an appropriate and lawful manner and are committed to complying with all applicable data protection regulations, including the General Data Protection Regulation (GDPR) (EU) 2016/679.

OLA may be required to handle data relating to:

• Current, past and prospective employees, students, guardians, host families, educational partners, suppliers and clients.
• Data may be held on paper, computer systems, or other media and will be managed according to GDPR.

The designated Data Protection Lead (DPL) at OLA is [Insert Name & Contact]. The DPL is responsible for overseeing compliance and handling data protection matters.

This policy outlines OLA’s rules on data protection and the legal obligations relating to the collection, processing, storage, transmission, and destruction of personal and sensitive information.

• Data: Information stored electronically or in structured paper formats.
• Data Subjects: Living individuals whose personal data is held by OLA.
• Personal Data: Information relating to an identifiable person.
• Data Controllers: Entities responsible for determining how and why personal data is processed.
• Data Users: OLA employees who use personal data as part of their role.
• Processing: Any operation involving data such as collection, storage, use, disclosure or destruction.
• Sensitive Personal Data: Includes data on health, ethnicity, religious beliefs, or criminal history.

Anyone processing personal data at OLA must comply with the following principles:

1. Fair and lawful processing: Data must be collected fairly and transparently.
2. Purpose limitation: Data must be used only for specified and legitimate purposes.
3. Data minimisation: Data collected should be adequate, relevant and not excessive.
4. Accuracy: Data must be accurate and kept up to date.
5. Storage limitation: Data should not be retained longer than necessary.
6. Integrity and confidentiality: Data must be securely stored and processed.
7. Accountability: OLA must be able to demonstrate compliance.

OLA ensures personal data is:

• Stored securely (e.g., locked filing cabinets, password-protected systems)
• Disposed of properly (e.g., shredding, secure deletion of digital files)
• Accessed only by authorised personnel
• Protected through up-to-date IT security protocols and physical safeguards

Data should be accurate and regularly updated. Students, staff and partners must inform OLA of any changes to their information.

Data is retained only as long as necessary for the purpose it was collected, subject to legal or contractual obligations.

Data subjects have the right to:

• Access their personal data
• Request correction or deletion
• Object to processing
• Withdraw consent (where applicable)
• Lodge a complaint with the Data Protection Commission

Requests for data access must be submitted in writing to the DPL. Responses will be made within 30 days, in line with GDPR.

Employees should verify the identity of anyone requesting personal data. If in doubt, refer the query to the DPL.

OLA does not send direct marketing without prior consent. All marketing communications will provide a clear opt-out option. OLA does not send unsolicited texts, post, or faxes.

This policy is reviewed annually and updated as required to reflect legal, operational, or technological changes.

In the event of a suspected data breach (e.g. data sent to the wrong recipient, lost device, or hacking), the DPL must be informed immediately.

• Description of the breach
• Data affected
• Number of individuals impacted
• Potential consequences
• Actions taken

Breaches will be reported to the Data Protection Commission within 72 hours if they pose a risk to individuals’ rights and freedoms. Affected individuals will be notified where required.

If you have questions or concerns about how your data is handled, contact the Data Protection Lead at

Email: info@offalylanguageacademy.com
Phone: Nessa: +353 87 937 8856 / Una: +353 83 124 4079