Data Protection Policy

Data Protection Policy

December 2007
View our Privacy Statement


At An Post your privacy and data protection rights are very important to us.

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.

This document outlines An Post’s policy to help ensure that we comply with the Data Protection Acts.

Inquiries about this Data Protection Policy should be made to Data Protection Co-Ordinator, An Post, Management Suite, GPO, O’Connell Street, Dublin 1.

Data Protection Policy

Purpose of this policy
This policy is a statement of An Post’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts.  This policy was approved by the Board of An Post on 24th January, 2008.

Collecting information about you.
We collect and use information to provide the following services:

  • to provide a national and international postal service; provision of money remittance and counter services and provision of agency services including the collection of television licence revenue.
  • to provide Savings Services, Post Office Savings Bank; Savings Bonds; National Instalment Savings, and Savings Certificates.
  • to provide, through the national postal service, names and addresses of electors to allow election candidates mail communications to registered electors.
  • to undertake advertising, marketing, direct marketing and public relation exercises.
  • to perform accounting and other record-keeping functions.
  • to help detect and prevent crime and prosecute offenders.
  • to provide personnel, payroll and pension administration services.
  • to use change of address details from our Redirection Service to update databases within An Post and to update third parties’ data.  We only do this with your consent.
  • to keep your information secure.
  • to enhance or improve your experience on our website.
  • to provide you with online services. Each service has different information requirements. Therefore the information we need, and what it is needed for, can differ. For full details please refer to the terms and conditions for each service. 
Data Protection Principles

We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:

  1. Obtain and process information fairly
    We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations. 
  2. Keep it only for one or more specified, explicit and lawful purposes
    We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes. 
  3. Use and disclose only in ways compatible with these purposes
    We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data. 
  4. Keep it safe and secure
    We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction. 
  5. Keep it accurate, complete and up-to-date
    We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date. 
  6. Ensure it is adequate, relevant and not excessive
    We shall only hold your personal data to the extent that it is adequate, relevant and not excessive. 
  7. Retain for no longer than is necessary
    We have a retention policy for your personal data. 
  8. Give a copy of his/ her personal data to that individual, on request
    We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.

Overall responsibility for ensuring compliance with Data Protection Acts rests with An Post. However our responsibility varies depending upon whether we are acting as either a Data Controller or a Data Processor.
All employees and contractors of An Post who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-Ordinator is An Post’s Data Protection Officer, and co-ordinates the provision of support, assistance, advice, and training throughout the An Post Group to ensure that An Post is in a position to comply with the legislation.

Procedures and Guidelines

An Post is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Data Protection Policy is supplemented (and may be amended) by specific policies and procedures adopted by Directorates within An Post and subsidiaries of An Post.  In the event of a conflict between this Data Protection Policy and those of our Directorates and subsidiaries, then the latter policies and procedures shall prevail.
You can view An Post’s Access Request Policy and Access Request Form.


This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

Dated: 3 December 2007