Central Applications Office
CAO is an organisation which was founded in 1976 by the higher education institutions (HEIs) in the Republic of Ireland. The purpose of the CAO is to process applications for higher education courses centrally and to deal with them in an efficient and fair manner. The HEIs retain the function of making decisions on admissions. The CAO and HEIs have agreed that they are Joint Controllers as defined in Article 26 of the GDPR, as both the CAO and HEI jointly determine the purposes and means of processing personal data.
Central Applications Office Ltd. (Universities and other Higher Education Institutions)
Registered in Ireland Number 53983
Registered Office: Tower House, Eglinton Street, Galway.
Central Applications Office,
Email: e-mail CAO
Contact Details of Data Protection Officer:
Data Protection Officer,
Central Applications Office,
How do we collect information from you?
We collect information from you through our online and paper application form and our online email communication system, all of which you complete voluntarily when you make your decision to apply to third level or wish to contact us with a query.
The Central Applications Office respects your right to privacy and will not collect any personal information about you on this website without your permission. Any personal information which you volunteer will be treated with the highest standards of security and confidentiality, strictly in accordance with the General Data Protection Regulation 2018.
What information do we collect from you?
We collect identifying information from you, such as your name, address, and date of birth and we also collect additional information in support of your application, including your examination details and PPS number. If you apply for the HEAR (Higher Education Access Route) or DARE (Disability Access Route to Education) schemes you may be required to provide sensitive information relating to your health or financial status.
For further information in relation to the information collected from you, please see the transparency document available on the CAO website.
Why do we collect information from you?
In order to allow us to process your application for entry to third level education, we collect relevant personal data from you. We need to obtain personal data from you so that we can link your application to your examination results to facilitate the evaluation of your application by the HEIs for your chosen course(s). We will also collect sensitive personal data from you when you apply for the DARE (Disability Access Route to Education) and HEAR (Higher Education Access Route) schemes.
For further information in relation to why certain information is collected from you, please see the transparency document available on the CAO website.
Who we share your information with
We share your information with those HEIs whom you list on your application form and with relevant approved third-party processors who provide information to CAO in support of your application, for example the Quality and Qualifications Ireland (commonly known as 'QQI') who provide the CAO with details of your further education after the CAO provide QQI with your personal data.
For further information in relation to whom the CAO shares your data with and why, please see the transparency document available on the CAO website. This includes details of processor agreements who may have access to some of your data.
Who has access to your information?
In order to process your application and assist you with any queries that may arise, all CAO employees may have access to your details.
As a joint controller, a HEI may decide who has access to your data in the respective HEI, however, it is not likely that all HEI employees will have access. This is a matter for each HEI to decide.
How to request access or make changes to your information?
If you are aware that any information we hold on file for you is inaccurate or out of date, you can contact us in writing (by email or post) to update your details.
In order to submit a subject access request under GDPR please refer to the data privacy section of the CAO website.
How long do we keep your information?
CAO has a data retention policy for each category of data held on our system. This policy explains the reasons for holding such data and the CAO will not retain data beyond the periods specified.
Links to other websites
Cookies and Technical Information
The CAO website uses "session cookies" within the online application facilities. Session cookies are temporary memory cookies, which are removed from your computer when the session is closed. Session cookies are what many interactive applications, such as our online application facilities, need in order to track your machine's unique messages while you are using the application.
If you use the CAO Virtual Assistant you will be asked to consent to "third party cookies". IBM use an anonymous identifier to track the usage of the virtual assistant to allow them to determine the level of service that CAO requires.
If you use the CAO interactive handbook you will be asked to consent to the use of "third-party cookies". Prospectus Plus use identifiers to track the usage of this handbook to allow them to improve the services they offer.
If you use the search bar on the CAO website our service provider (Search Site 360) will use "third-party cookies". Site Search 360 use these anonymous identifiers to allow them to improve the services they offer.
Technical details in connection with visits to this website may be logged for statistical purposes. The technical details logged are confined to the following items:
The Central Applications Office will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. It is the policy of the Central Applications Office never to disclose such technical information in respect of individual website visitors to any third party unless obliged to disclose such information by rule of law. The technical information will be used only by the Central Applications Office, and only for statistical and other administrative purposes. You should note that technical details which we cannot associate with any identifiable individual do not constitute "personal data" for the purposes of the General Data Protection Regulation 2018.
- The IP address of the visitor's web server;
- The top-level domain name used (for example .ie, .com, .org, .net);
- The previous website address from which the visitor reached us, including any search terms used;
- Clickstream data which shows the traffic of visitors around this web site (for example pages accessed and documents downloaded);
- The type of web browser used by the website visitor.