SUSI respects individuals’ right to privacy and processes personal data securely and confidentially in accordance with data protection legislation.
When submitting a grant application, applicants and other parties to their applications are required to confirm that they have read and understood this SUSI Data Protection Statement.
The Student Grant Schemes are administered by the SUSI Unit of City of Dublin Education and Training Board (CDETB) as the student grant awarding authority designated by the Minister for Education and Skills under the Student Support Act 2011. For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (GDPR), CDETB is a joint data controller with the Department of Education and Skills (DES) for student grant applications under the Student Grant Schemes.
“Data controllers” are people or organisations that determine the purposes and manner of processing of personal data that make independent decisions in relation to the personal data or that otherwise control that personal data.
Where two or more controllers jointly determine the purposes and manner of the processing of personal data, they will be “joint controllers”. In such cases, the GDPR requires them to determine in a transparent manner their respective responsibilities for compliance with the obligations under the GDPR. This must be done by means of an arrangement between them.
CDETB and the DES have put in place a Joint Data Controller Agreement whereby CDETB takes on responsibility for dealing with all requests received from individuals regarding the processing of their personal data by CDETB and the DES. CDETB is accountable to the DES for the performance of all functions in respect of the administration of student grants under the Student Support Act 2011 and is responsible for ensuring compliance of the administration of student grants with the GDPR and other applicable data protection legislation. The DES’s role is to determine the type of information that individuals should furnish to the student grant awarding authority under the Student Grant Schemes. As part of its oversight and governance role, the DES also carries out random transaction testing of a limited number of SUSI applications each year to check compliance with the statutory provisions of the scheme and to enhance the quality assurance procedures for the scheme. For more information about the Joint Data Controller Agreement between CDETB and the DES, please contact us at the below details.
“Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour.
SUSI processes information, including personal data that grant applicants provide about themselves and other parties and persons relevant to their applications (including parents, legal guardians, spouses, civil partners, cohabitants, siblings, dependent children and other relevant persons) for the purpose of assessing applicants’ eligibility to receive student grant funding.
The personal data processed by SUSI for this purpose is as follows:
SUSI exchanges data with other Government bodies and agencies subject to data processing agreements. This data is processed for the purposes of –
SUSI may also share personal data with authorised agents or third parties as data processors or sub-processors who act on behalf of SUSI for the purposes of grant administration and who process data securely pursuant to its instruction under a contractual relationship and subject to data processing agreements. CDETB continues to be the data controller of this data.
SUSI may also share an individual’s personal data if it is under a duty to disclose or share such personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with such individual or other agreements, or to protect its rights, property, or safety of its employees or others. This includes reporting information about incidents (as appropriate) to the Gardaí and responding to any requirements from the Gardaí to provide information or personal data to them for the purposes of them detecting, investigating or prosecuting offences or in connection with crime sentencing.
The below table outlines how the information you provide is being exchanged by SUSI with other Government bodies and agencies:
| Agency / Body | Purpose | Information exchanged | Format |
|---|---|---|---|
| Approved Further and Higher Education Institutions | Verification that the student has registered on and is continuing to attend an approved course in an approved institution Verification and validation of previous academic history | SUSI Reference College Code CAO number PPSN Surname Forename DOB Graduate Type Student ID Course details Fee details Attendance and progression details | Batch |
| CAO- Central Applications Office | Notification of accepted college places | CAO application no. Surname of Applicant First name of Applicant Date of Birth of Applicant CAO Course code Level of course Name of course Name of Institution | Batch |
| Department of Agriculture, Food and the Marine | Validation of information where applicants are in receipt of grant payments for farming Prevention and detection of fraud, including the provision of information to support criminal investigations or prosecutions | Business Identifier number PPSN Year Details of payments | Batch |
| Department of Education and Skills | Validation of residency (Post Primary Pupil Database) Clarify eligibility for a grant Ensure accurate interpretation and operation of grant scheme Ensure provision of the appropriate financial support Prevention and detection of fraud, including the provision of information to support criminal investigations or prosecutions Facilitate audits | All information pertaining to the application | Batch and Direct Access |
| Department of Employment Affairs and Social Protection | Verification of identity Facilitating registration and login to online SUSI account Contacting applicant in order to process application for a student grant | PPSN DOB First name Last name Email address Telephone number | Secure Token Service (STS) |
| Department of Employment Affairs and Social Protection – MyGovID | Verification of identity Facilitating registration and login to online SUSI account Contacting applicant in order to process application for a student grant | PPSN DOB First name Last name Email address Telephone number | Direct Access and real time Application Programming Interface (API) |
| Department of Justice and Equality | Validation of citizenship and nationality | Person ID SUSI Reference Application ID Legacy No Permission to remain in the State Date permission valid until | Case by case requests |
| Education and Training Boards | Verification and validation of receipt of VTOS payments | Name Date of Birth PPSN Payment amount | Batch and Case by Case requests |
| General Register Office (GRO) | Validation of nationality, date of birth and death records | SUSI Reference PPSN First name Last name DOB Mother’s maiden name | Batch |
| Higher Education Authority (HEA) | Verification and validation of previous academic history | PPSN SUSI SUSI Reference DOB NFQ level of course Course Title Return year Year of graduation Graduating Institution | Batch |
| TUSLA – The Child and Family Agency) | Validation of certain State payments Verification of applicant status or circumstances | Name DOB SUSI Reference Information on documents required | Batch |
| Other grant awarding authorities (Local Authorities and Education and Training Boards) | Verification and validation of previous grant support history | Name Date of Birth PPSN Payment amount and name | Batch and Case by Case requests |
| QQI (Quality and Qualifications Ireland) | Verification of qualifications and/or equivalence of qualifications from other jurisdictions | Application no. Full title of course Name of Relevant Awarding Institution Year of Award Copy of qualification NFQ level | Case by Case requests |
| Revenue Commissioners | Validation of income Prevention and detection of fraud, including the provision of information to support criminal investigations or prosecutions | PPSN Name Year Income details | Batch |
| SOLAS | Verification and validation of previous academic history of a student | PPSN First Name Last Name Date of Birth Provider Name Local Course Title Target Award level Awarding Body Course Type Fulltime/Part-time Learner Start Date Learner End Date | Batch |
| Student Grants Appeals Board | Processing and adjudication of any appeal to the Student Grants Appeals Board | All information pertaining to the application. | Batch and Case by Case requests |
SUSI uses contact and identification information of grant applicants and other parties to their applications for the following purposes:
Applicants and other parties to their applications may contact SUSI, or agents acting on its behalf, by telephone. To ensure that SUSI provides a high-quality customer service, telephone conversations are recorded for staff training and quality control purposes and for reviewing and confirming details of conversations with SUSI, where necessary.
The consent of grant applicants and other parties to their applications is not generally required for SUSI to process their personal data for the purposes of the statutory basis on which grant applications are administered, namely the Student Support Act 2011 (as amended from time to time together with any statutory instrument, order, rule or regulation made thereunder, as from time to time amended, extended, re-enacted or consolidated) and the Student Grant Schemes (as amended from time to time).
SUSI communicates directly with grant applicants for these purposes in line with the specific requirement of the Student Grant Schemes that an applicant shall furnish such information and evidence to an awarding authority as it requests in order to determine if they are eligible to receive a grant.
Where it is necessary for another party to an application, or a third party outside the application, to communicate with SUSI about this personal data on behalf of any party to the application, each party to the application can authorise this as described below in relation to enquiry handling.
Where an applicant provides information that any person relevant to their application is also an applicant, and where both applicants authorise the cross-referencing of their applications in this context, SUSI will cross-reference both applications in order to ensure that any increased entitlement to grant funding can be applied and to ensure efficiency and consistency in the processing of grant applications.
SUSI may otherwise cross-reference grant applications generally and without consent for the purposes of audit and for the prevention and detection of fraud where it has a legitimate interest to do so.
Discussing Grant Applications
Applicants and other parties to their applications can contact the SUSI Support Desk to make enquiries about the status of an application and about any documents or actions required to progress it.
In order to facilitate such enquiries, SUSI will discuss, with all parties to an application, information about the status of the application and any documents or actions required to progress it.
Where disclosure of such information to another party to an application is not desired, applicants should inform SUSI of this so that appropriate controls can be put in place on a case by case basis.
SUSI Support Desk staff will ask verification questions to ensure that SUSI only shares this information with a party to the application.
Discussing Personal Data
SUSI will not discuss personal data of a party to an application with other parties to the application, or with a third party outside the application, without their authority.
Applicants and other parties to grant applications can cross-authorise each other, and can also authorise third parties outside the application, to discuss their personal data with SUSI on their behalf by-
Authorisations may be withdrawn at any time by applicants and other parties to grant applications.
Individuals have certain rights in relation to personal information that is processed by SUSI. These rights are listed below. These rights are not absolute and apply subject to certain conditions. Under certain circumstances, by law individuals have the right to:
Individuals may access or request a copy of their personal data held by SUSI, or they may request its rectification, by downloading, completing and submitting a Subject Access Request Form available at www.susi.ie
Otherwise, individuals can exercise their rights by contacting CDETB at the below details.
No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaint handling. In the event that an individual wishes to make a complaint about how their personal data is being processed by SUSI, or how their complaint has been handled, such individual has the right to lodge a complaint directly with the supervisory authority who can be contacted as follows. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance:
| Contact | Data Protection Commission |
| Telephone | +353 57 8684800/+353 (0)761 104 800 |
| Website | www.dataprotection.ie |
| Post | Data Protection Commission
21 Fitzwilliam Square South Ireland |
SUSI retains data securely for the purposes of grant administration, audit and case reviews and does not retain personal data for longer than is necessary and/or as required by law. In determining its retention period for categories of personal data, SUSI, at all times, will consider its obligations under the data protection legislation, guidance from the Data Protection Commission, any other specific legislative requirements as well as the amount and nature of the data itself.
There are circumstances in which SUSI may have to transfer an individual’s personal data out of the European Economic Area for the purposes of grant or grant application administration. Where the need for such a transfer arises SUSI will always ensure that there are appropriate safeguards in place to protect personal data such as:
Data retained by SUSI, including computer and paper records, is stored in secure facilities. SUSI takes appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, data and against accidental loss or destruction. Data processing agreements entered into between SUSI and those persons or bodies with whom it exchanges data take account of the security requirements and measures necessary to protect the data that is exchanged.
Where applicants or other parties to their applications agree, accept or request that SUSI communicates with them by e-mail, they are solely responsible for ensuring the availability, security and integrity of their own email account. The transmission of information via the internet is not completely secure and, consequently, while SUSI takes all reasonable security measures, it cannot guarantee the privacy or confidentiality of information transmitted by e-mail.
SUSI maintains data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
The SUSI website and the SUSI online grant application system make use of cookies. For more information about our use of cookies, please see our Cookie Policy.
Contact us
You can contact CDETB regarding any matter concerning your data protection rights using the details below:
| Contact: | Data Protection Officer |
| Telephone: | + 353 1 668 0614 |
| Email: | dataprotection@cdetb.ie |
| Post: | CDETB
Town Hall, Merrion Road, Ballsbridge, Dublin 4 Ireland |
SUSI reserves the right to modify this Data Protection Statement at any stage. If and when changes are made to this Data Protection Statement, any changes will be posted on the SUSI website and will be effective when posted. Please continue to check this page to ensure that you are always aware of any changes.
