Privacy Statement / Policy
The purpose of this Privacy Policy is to explain how our Credit Union (the “Credit Union”, “we”, “us” and “our”) may process your personal data. This Privacy Policy relates to all personal data disclosed by yourself to us or (as applicable) by third parties as part of or incidental to your membership and/or use of the services of our Credit Union, and including (without limitation) your access to and use of our website, our online account/banking platform cu Online +, and our mobile account/banking application cu Mobile.
1 Introduction
We are committed to protecting your privacy.
This Privacy Policy together with our Website Terms and Conditions and our Cookies Policy set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us as well as details of how we collect, use, disclose, transfer and store your personal information, and accordingly (and together) constitute our privacy policy.
We reserve the right to amend this Privacy Policy from time to time without prior notice. You are advised to check our website or our office noticeboards regularly for any amendments. Such amendments will not be made retrospectively.
We will always comply with the General Data Protection Regulation (“GDPR”) when dealing with your personal data. Further details on GDPR can be found at Office of the Data Protection Commissioner’s dedicated GDPR website: www.gdprandyou.ie.
For the purposes of GDPR, we will be the “controller” of all personal data which we hold about you. You can find our contact details at the end of this Privacy Policy.
If you are providing personal information on behalf of a third party, you must ensure that the third party receives a copy of this Privacy Policy before their personal information is shared with us.
If you are registered to use our online account/banking platform cu Online +, then Wellington IT Limited (which hosts our platform) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available here https://www.letterkennycu.ie/downloads/
If you are registered to use our mobile account/banking platform cu Mobile, Wellington IT Limited (which provides our mobile application) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available here https://www.letterkennycu.ie/downloads/
If you use our on-line electronic signature facility to sign membership or loan related documents, our e-signature facility host, Wellington IT Limited will also be a controller of your personal data as arises from the use of such facility. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available here https://www.letterkennycu.ie/downloads/
If we issue you a debit card, Transact Payments Malta Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available at http://currentaccount.ie/files/tpl-privacy-policy.pdf
2 Why do we collect and use your personal information?
We gather and process your personal information for a variety of reasons and rely on a number of different legal bases to use that information, for example, we use your personal information to process your membership application, to help administer your products and services, to ensure we provide you with the best service possible, to prevent unauthorised access to your account and to meet our legal and regulatory obligations.
2.1 To comply with a legal obligation
We are required to process your personal information to comply with certain legal obligations, for example to:
- report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland and An Garda Síochána;
- comply with tax regulations that require us to report the tax status of our members;
- verify the personal information provided to us and meet our legal and compliance obligations, including to prevent money laundering, tax avoidance, financing of terrorism and fraud;
- perform credit checks in the event you apply for a loan and to supply information to the Central Credit Register, and to use the Central Credit Register when considering loan applications to determine your borrowing options and repayment capacity and/ or facilitate other lending institutions to carry out similar checks;
- cooperate and provide information requested in the context of legal and/or regulatory investigations or proceedings;
- keep records of communications and of member account activities;
- maintain a register of members of the Credit Union;
- administer our internal operational requirements (including credit, compliance and risk management, system development, staff training, accounting and for audit purposes);
- communicate with our members through certain mandatory service communications such as providing notice of the AGM; and
- undertake systems testing, maintenance and development and in order to ensure network and information security.
2.2 To enter into and perform a contract with you for the services or products which you require
In order to consider your application for membership of the Credit Union and to process any product/service applications which you may make, we have to gather some personal information.
In order to administer and manage any account you have with the Credit Union, we have to process your personal information. Examples of processing include the administration of accounts, payments, deposits, lending and credit decisions. As part of this process we may be required to pass some personal information to an intermediary or counterparty (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payee concerned).
2.3 To enable the Credit Union to function as a business
In certain circumstances, we process your personal information on the basis of the legitimate interests of the Credit Union. In doing so, we ensure that the impact of the processing on your privacy is minimised and that there is a fair balance between the legitimate interests of the Credit Union and your privacy rights. If you disagree with your information being processed in this manner, you are entitled to exercise your right to object.
Examples of situations in which your personal information is processed based on our legitimate interests, include to:
- collect due and outstanding debt which may involve passing your personal information to debt collection agencies;
- keep records of communications, including telephone lines, if required in order to evidence what has been discussed and keep a record of your instructions and of any documents you have signed (whether under hand or electronically);
- prevent or detect crime;
- utilise credit data from credit referencing agencies when assessing an application for credit;
- perform research and analysis aimed at improving our products, services and technologies; and
- establish, exercise and safeguard our rights, including where necessary to take enforcement action) and to respond to claims made against the Credit Union.
2.4 Where you have provided consent
We use your personal information to make you aware of products and services which may be of interest to you where you have consented to us doing so and in accordance with your preferences. You can at any time withdraw that consent using the contact details below. In the event that you apply for a loan, we may collect and process information on your health. You will be asked for your consent to process this type of personal information.
3 What personal information do we collect about you?
The information we hold about you can vary depending on the products and services you use. This includes personal information which you give to us when you are applying for membership or applying for a product or service, personal information we collect automatically, for instance, your IP address and the date and time you accessed our services when you visit our website or mobile application(s) or used our e-signature facility, and personal information we receive from other sources like credit referencing agencies. The personal information we collect about you may include:
- home address, date of birth, full name, place of birth, personal public service number [PPSN], identification documents, details of income and source of wealth, nationality and tax identification number [TIN];
- information obtained from third parties such as credit reference agencies or business information providers;
- details of employment status and occupation;
- information that we gather from publicly available sources such as biographies held on the Internet;
- recordings of calls between you and employees of the Credit Union;
- closed-circuit television may be used in and around our premises for the purposes of security and preventing crime – therefore we may have images of you captured by our CCTV cameras;
- information relating to member transactions (such as dates, amounts, currencies, payer and payee details); and
- information we obtain about you from the way you use our products or services or website or mobile application(s) such as security authentication, login information, membership user name, membership user number and smart device information.
4 How is the personal information collected?
We collect personal information from a number of sources, including:
- information we receive directly from you or from a person acting on your behalf;
- information we obtain from your interaction with us on our website and mobile application(s) and e-signature facility;
- information we obtain from third parties such as credit reference, debt recovery or fraud prevention agencies, which may have originated from publicly accessible sources;
- information that we gather from publicly available sources such as the Internet.
5 Cookies
We may obtain information about your general Internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies are small pieces of information, stored in simple text files, placed on your computer by a website. Cookies can be read by the website on your subsequent visits so that you can access information in a faster and more efficient way. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can “remember” you on your return visit. Generally speaking, cookies do not contain personal data from which you can be identified, unless you have separately furnished such information to the website. Some of the cookies we use are essential for the website to operate. For information on the cookies we use, please refer to our Cookies Policy as published on our website, For more information on how to manage cookies, including how to disable cookies please visit: www.aboutcookies.org.
6 How do we make use of Automated Decision Making?
We sometimes use automated decision making to help us manage our business for our legitimate interests including the delivery of decisions within a shorter time frame and improvement in the efficiency of our processes. An example of where we use automated decision-making is as part of our credit decision process, which involves assessing your application for credit, taking account of your current circumstances and evaluating your ability to meet the required repayments. The decision process takes into account different types of information, for example: information you have provided in your application such as the amount requested, the repayment period, your income, employment details, credit history with credit reference agencies such as the Central Credit Register and details of other credit facilities you may have such as loans, overdrafts, credit cards, etc. The Credit Union uses this information to apply internal credit assessment rules in a consistent manner. This ensures that your application for credit is treated fairly, efficiently and that we believe you can afford the required repayments. We review the automated credit decision making process on an ongoing basis to ensure that it remains fair, efficient and unbiased in order to better serve our members.
7 Who do we share your personal information with?
We sometimes share your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we may share your personal information with the following third parties:
(a) our legal and professional advisers such as auditors and external legal counsel;
(b) trade/representative bodies;
(c) any sub-contractors, agents or service providers engaged by the Credit Union (including our employees, directors and officers), such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
(d) credit reference, debt recovery or fraud prevention agencies;
(e) payment recipients and other financial institutions.
We may also share your personal information with any third parties to whom you have instructed us to share your information with.
We are required to cooperate by law or otherwise through a legal process with Irish and EU regulatory and enforcement bodies such as the Central Bank of Ireland, An Garda Síochána, the courts, fraud prevention agencies or other bodies. We are also required to report personal and account information to the Irish Revenue Commissioners for interest reporting, CRS and FATCA purposes.
We are required by law to report periodically (typically monthly) to the Central Credit Register (being a loan and credit register administered by the Central Bank of Ireland) personal data relating to any loan you may have with us, to include your name, date of birth, address (including eircode), contact telephone number and PPSN. The Central Bank of Ireland is the data controller for the personal data maintained on the Central Credit Register, and is subject accordingly to such data privacy and protection obligations as arise by law including, without limitation, under GDPR.
The Central Bank of Ireland is required by law and pursuant to a memorandum of understanding to submit periodically to the Central Statistics Office particulars of loans and credits that are registered on the Central Credit Register, and accordingly including personal data so registered in relation to such loans and credits save and excepting PPSN and address particulars. The Central Statistics Office is the data controller of all such personal data as is transferred to it by the Central Bank of Ireland, and is subject accordingly to such data privacy and protection obligations as arise by law including, without limitation, under GDPR.
We may disclose personal information relating to our members to any third party in the event of a transfer or merger (or potential transfer or merger) of the Credit Union.
The people and organisations that we may share your personal information with may be located in a country that does not have data protection laws which provide the same level of protection as the laws in Ireland. Some countries already have adequate protection for personal information under their applicable laws. In other countries safeguards will be applied to maintain the same level of protection as the country in which the products and services are supplied. These safeguards may be contractual agreements with the overseas recipient or it may require the recipient to subscribe to international data protection frameworks. For more information about the European Commission’s decisions on the adequacy of the protection of personal information in countries outside the EEA, please visit: www.ec.europa.eu/info/law/law-topic/data-protection-en.
8 Is providing your personal information obligatory?
We are unable to enter into or administer our relationship with you without some personal information about you. In cases where providing your personal information is optional we will make this clear. In particular, it is not mandatory that our members sign up to receive marketing communications.
9 Updates to your personal information
If any of the personal information you have given to us should change, such as your contact details, please inform us without delay. Similarly, if we have collected personal information about you that you consider to be inaccurate, please inform us. Our contact details are set out below.
10 How long do we keep your personal information?
We need to keep your personal information for as long as necessary to fulfil the purposes for which it was collected (as described above). Even when you close your account with us, we must retain some of your personal information in order to comply with legal and regulatory requirements and in case of claims.
The criteria we use to determine data retention periods for your personal information includes the following:
- Retention in case of queries. We will retain some of your personal information in case of queries from you (for instance, if you submit an application for a product or service and if that is unsuccessful);
- Retention in case of claims. We will retain some of your personal information for the period in which you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We will retain some of your personal information after our agreement with you has come to an end, based on our legal and regulatory requirements.
- If you would like further information about our data retention policy, you can contact us using the details set out below.
11 Your rights under data protection laws
Your rights are as follows (noting that these rights do not apply in all circumstances):
- right to be informed about the processing of your personal information;
- right to have your personal information corrected if it is inaccurate, and to have incomplete personal information completed;
- right to object to processing of your personal information;
- right to restrict processing of your personal information;
- right to have your personal information erased (the right to be forgotten);
- right to request access to your personal information, and to obtain information about how we process your personal information;
- right to move, copy or transfer your personal information (data portability).
In addition, you have the right to complain to the Office of the Data Protection Commissioner which has enforcement powers and can investigate compliance with data protection laws.
If you wish to exercise any of these rights you can contact us using the details set out below.
12 How to contact us
If you have any questions about this privacy notice or your personal information, please contact: Data Protection Officer, Letterkenny Credit Union, High Road, Letterkenny, Co. Donegal F92 H662
Email: dpo@letterkennycu.ie