Careers

Candidate data protection statement

This data protection notice sets out the basis on which Revenue will process your personal data during the recruitment process.

The legal basis for processing data

Revenue will carry out all procedures necessary in order to undertake the recruitment, assessment and selection of suitable candidates for appointment to Revenue.

These are in accordance with Article 6(1)(c), (e), (f) and Article 9 of the General Data Protection Regulation (GDPR). Our processing is covered by:

• Civil Service Regulation Acts, 1956-2005
• Public Service Management Act, 1997
• Public Service Management (Recruitment and Appointments) Act, 2004
• Safety, Health and Welfare at Work Act, 2005
• Employment Equality Acts, 1998-2015 
• The Disability Act, 2005.

Purposes of processing and categories of data

Your personal data will be used for all stages of the recruitment process. The data is collected by different means throughout the recruitment process such as an application form via Revenue’s Applicant Tracking System, online registration or testing, virtual proctoring and video assessments. The information contained on the form will be used:

• to assess eligibility for a specific competition
• to assess suitability for the role
• to determine preferences in relation to the location, if applicable
• to determine whether the candidate meets the set shortlisting criteria, if applicable
• to aid the selection board in the assessment or interview situation, should the candidate be called to this stage
• to ensure that a third party has not impersonated a candidate at any stage of the process (an assessment of candidates ID documents during virtual proctoring, video assessment, interview stage and so on).

When you begin the recruitment process, Revenue will create a personnel record in your name. This record contains information from your application form such as contact details, qualifications, ID documents and career history.

Special categories of personal data

Certain special categories of personal data may be processed during the recruitment process. This is to allow us to fulfil our statutory obligations under the Employment Equality Acts 1998-2015 and the Disability Act 2005.

Disclosure of your personal data

Revenue will share your personal data with third parties:

• where we are obliged to do so in order to comply with a legal or regulatory obligation
• where the personal data on your application form is being reviewed by selection board members as part of the recruitment process
• where a third-party processor acting on Revenue’s behalf is employed to carry out assessment tests and surveys as part of the recruitment process.

Service providers

Revenue have engaged with third-party service providers to help facilitate both our application and recruitment process, alongside the processing of your personal data on our behalf.

It must be noted that all data service providers need to process your personal data in line with the terms of that contract and are obliged to comply with the GDPR during their processing.

Transfers to third countries and the safeguards in place

Under the GDPR, your personal data can only be transferred to a third country in certain circumstances.  A third country means a country outside of the European Economic Area (EEA).  The EEA is made up of 27 European Union (EU) Member States, as well as Norway, Iceland and Liechtenstein. Examples of how personal data can be transferred are:

• if the European Commission considers the third country to have an adequate level of data protection (adequacy decision)
• if the transfer of personal data is required, or authorised, by law.

Retention period

As part of Revenue’s record retention policy, details of unsuccessful candidates will be held for 18 months following the establishment of the applicable panel. The details of successful candidates not assigned will be held for one year after the panel has expired. Details of candidates who have been assigned will be held for the length of their employment, plus seven years.

Further information

You can find further information on Revenue's Data Protection Policy and on your rights under the GDPR on our website. These rights include the right to make a request to Revenue to access the personal data held about you. Requests for access to personal data should be made by email to dataprotection@revenue.ie or in writing to:

Data Protection Unit
Ground Floor
Cross Blocks
Dublin Castle
Dublin 2
D02 F342.

Next: Assignment data protection statement