As part of our services to you as a member, we may need to obtain and process personal data as required where necessary to provide our services such as (a member of our staff will explain the purpose why any information is required prior to obtaining the data): 1. Member [For each member if Joint Account] Your name, address, Eircode, phone number [landline & mobile], email, previous addresses, title, Nationality, Gender, Accommodation type, Tax Identification/PPSN numbers or foreign equivalent, proof via payslip or health card, proof of address, passport or driving licence details, date of birth, evidence of marital status, signatures, CCTV, Photo ID, Member Account Number, any International Bank Account Number (IBAN), currency information, if using online banking, user unique identifiers,  biometrics-facial recognition & IP address, contactless cards, security details to protect identity, Debit Cards details, beneficial owner details, if applicable political exposed person details, Source of funds, employer name and address, application processing and administration records, expected monthly lodgement, confirmation of tax residence, tax identification number, account transaction details, Stamp 4/5 for non EU nationals, sanction lists (the Credit Union is required to identify if any member is listed for sanctions) interactions with Credit Union staff and officers on the premises, by phone, or email, current or past complaints, Inferred details of special categories of data e.g. payments to trade unions, confirmation of gift letter, occupation, cookie consent and marketing consent. We may act on the authority of one joint Account Holder to share or allow a third-party access to your member account. This means, unless we have agreed that we need the consent of each joint Account Holder, or have a legal obligation to get this consent, we will treat the authority of one Account Holder as authorisation on behalf of any other Account Holder(s) for a joint Account. If you instruct us to share or allow a third party access to any Account information for a joint Account you are responsible for ensuring the other Account Holder(s) are aware and permit such access. Any joint account holder is entitled to access the details and transaction information of the joint account as a whole. 2. Additional information when applying for a loan Financial data (including bank & credit card account information), loan repayment status and credit history, credit assessment records, credit data from credit register, judgements searches, living expenses including child care costs (if applicable), dependents, disposable income and analysis of spend, existing loan contract commitments data, details of the Credit Union products you hold with us, salary, level of education, employment status, relationship with joint borrower, directorships held, employers name and address, period of time with employer, proof of employment & salary,  any court order charges, accommodation status, family details [dependencies] mortgage details, assets and equity, Partners/Spouse banking details & earnings, details of House insurance, Life assurance policy, independent valuation on property, security hold on assets, pension details, health information for the assessment of eligibility for the insurance on certain loans. 3. Additional information when applying for a mortgage loan Valuation Reports, Land registry folio, Certificate of Title, Life Assurance cover documents – these documents contain the following information: Name, Address, date of birth, property value, medical data, members’ solicitor name, address and contact details directorships held, relationship with joint borrower, retirement age, first time buyer, pension details. 4. Additional information when applying for a loan on Spouse/Partner Your name, address, email, telephone, Date of Birth, employment details, occupation, employment details, residential status, relationship status and dependents, financial data, Wage slips, Bank Statements, financial data, Relationship with member and Salary. 5. Additional information when applying for a loan on Dependent individuals Relationship with member, ages, reason for dependency, financial needs. 6. Additional information captured for vulnerable members Name of a ward of court and proof of a ward. Name and proof of power of attorney, Proof of ID, board appoint payment to another if member becomes mental incapacitated and no person has been legally appointed to administer your account. 7. Additional information captured for entrances to the members draw Draw numbers and winner details. 8. Additional information captured for minor accounts (under the age of 16) Parent/Guardian-Name, address, email, signature, phone number [landline & mobile], proof of ID, consent- authorisation form. Proof of ID for minors- birth certificate or passport, Debit Cards age 12 to 1, savings  card. 9. Additional information captured when you interact with our marketing platform Opens, Reads, Clicks, and any information you provide to use via our Webforms

As part of our services to you as a club member, we may need to obtain and process personal data as required where necessary to provide our services such as: 1. For trustees and relevant officials in the club Name, address, Eircode, phone number, email, previous addresses, Tax Identification/PPSN numbers (or foreign equivalent), proof of address, passport or driving licence details and, date of birth, signatures, CCTV, Photo ID, , if applicable political exposed person details, account transaction details, Stamp 4/5 for non EU nationals, sanction lists (the Credit Union is required to identify if any member is listed for sanctions), interactions with Credit Union staff and officers on the premises, by phone, or email, current or past complaints, Inferred details of special categories of data. 2. Additional information when applying for a loan Solicitor details including client bank account, affiliated bodies.

As part of our services to you as a business member, we may need to obtain and process personal data as required where necessary to provide our services such as: 1. For business owners/Directors Name, address, Eircode, phone number, email, previous addresses, Tax Identification/PPSN numbers (or foreign equivalent), proof of address, passport or driving licence details, date of birth, signatures, CCTV, Photo ID, Member Account Number, if using online banking, user unique identifiers,  biometrics-facial recognition & IP address, beneficial owner details, if applicable political exposed person details, account transaction details, Stamp 4/5 for non EU nationals, sanction lists (the Credit Union is required to identify if any member is listed for sanctions), interactions with Credit Union staff and officers on the premises, by phone, or email, current or past complaints, Inferred details of special categories of data e.g. payments to trade unions. 2. Additional information when applying for a loan Financial data (including bank & credit card account information), loan repayment status and credit history, credit assessment records, credit data from credit register, judgements searches, disposal income and analysis of spend, existing loan contract commitments data, details of the Credit Union products you hold with us, occupation, level of education, bank statements, income details,  mortgage details on assets, assets and equity, financial statements, cashflow projections, health information, details of insurance, health information for the assessment of eligibility for the insurance on certain loans.

As part of our loan approval, we may need to appoint a guarantor, in such cases we need to obtain and process personal data on the guarantor as required where necessary such as: Your name, address, Eircode, phone number [landline & mobile], email, previous addresses, Tax Identification/PPSN numbers (or foreign equivalent), proof of address, proof of ID passport or driving licence (physical verification only) details, date of birth, signatures, CCTV, Member Account Number if applicable, occupation, employer details, period of time with employer, bank statements, income/payslips details,  credit check, list of outstanding debts and repayment amounts

The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. To fulfil our role, we will need to obtain and process personal data on the nominee as required where necessary either at the nomination stage or the payment stage,  such as Your name, address, Eircode, phone number, email, previous addresses, proof of address, passport or driving licence details, date of birth, signatures, CCTV, Member Account Number if applicable, relationship with member who they are being nominated by. Nominations

• A member may change the details of their nomination as often as they like during the course of their membership with the credit union. In addition, there may be instances where a nomination is revoked through marriage or civil partnership, or the death of the nominee before the nominating member. There is therefore no guarantee that a nomination will be valid until the member has passed away and the validity of the nomination is confirmed by the credit union. As such, we are unable to contact individuals directly to advise them that we are processing their information.
• Where a member makes a nomination, we are required under the credit union legislation by which we operate to keep a record of all persons nominated (along with any revocation or variation of any nomination).

We may collect store and use the following categories of personal information about you where necessary: In addition to the students account details the following is captured Parental/Guardian Consent for School Savings Scheme, the child’s account no, home address and school attended.

Each year around 25,000 school children around Ireland take part in the Credit Union Schools Quiz. The Quiz is about encouraging learning and teamwork among young schoolchildren. Applications are received by the credit union. As part of our role in organising the quiz, we need to obtain and process personal data as required where necessary such as: School Name, address, school number, school contact name and phone, team names, team data of birth, confirmation of consent from the teacher , parents/guardians consent, photos of team, winners

The Irish League of Credit Unions (ILCU) and our credit union collects your information and that relating to your parents or legal guardian for the art competition . We are primary data controller of the personal information you give us. Chapter will be considered a data controller for stage 2 (Regional level). The ILCU will be considered a data controller for the purposes of stage 3 (National level).  As part of our role in organising this competition, we may need to obtain and process personal data as required where necessary such as: 1. General category Age range, name, date of birth, home address, email address, school/college/club organisation, consent to use photographic images, signature parents/guardians’ consent. 2. Extra information for Additional needs category Group team entry, inferred medical data

Where you have explicitly agreed to us processing your information for a specific reason such as

• Members
  • Collecting your data in the event that you apply for a loan, we may require certain special categories of data such as your health information where no other lawful basis exists
  • A member provided third party’s data
    • as a guarantor,
    • the spouse,
    • the dependent individual,

in such cases the member obtains consent from the adults to capture their data

• Photograph on your member account for verification
• Where a member consents to join via “online onboarding”, their facial verification is used via biometrics.
• Provide instructions by e-mail, including a link to the portal of an Account Information Services Provider (‘AISP’)
• Member preferences to receive electronic statements and AGM booklets,
• Radio frequency tags used in contactless cards
• Use of members location data
• Marketing (see section 14)

• School Quiz entries
• Art Competition entries
• Any individual
  • Photograph for publication at events
• Cookie (see cookie policy)
• Member Draws

Where the Credit Union already hold the email address for the members, the credit union will send the electronic notice by email, along with information on how to object to receiving the notice electronically. If the member does not object within 10 days from receipt of electronic AGM Notice, then they will receive the AGM notification electronically thereafter . Objection to Electronic AGM Notice - if the credit union has an email address for the member and they object to receipt of AGM notice by email within the 10-day deadline, then the credit union will provide same by post or in person. You may request, at any time in the future, that the annual accounts be provided to you in writing by agm@ballinasloecreditunion.ie

Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data. Once consent is obtained, it can be withdrawn at any stage.

We will hold a list of all individuals who have withdrawn their consent to ensure there is a record of their objection to direct marketing. We will hold a minimised amount of Personal Data in order to uphold this request.

Processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. We will collect your data in order to consider your application for membership of the Credit Union. Where you have opened a member account or obtained a loan and signed up to the contractual terms in our T&C’s, it is necessary to process your data for the administration of accounts, payments, deposits, lending and credit decisions. Processing may be necessary for the performance of a contract such as:

• Administrative Purposes
  • Opening credit union Account
  • Manage and administer members accounts, transactions, policies, benefits or other products and services that the Credit Union or partners e.g. ECCU may provide the member with
  • Loan assessments
  • To manage and respond to a complaint or appeal
  • To help improve service as agreed in the T&C to members
  • For the processing of electronic payments services on the member account (such as SEPA direct debts, credit transfers, standing orders and direct debits), the Credit Union is a participant of Payac
  • Providing Current Account services via MyCU
  • Providing online banking
  • Automated teller machine services
  • School savings programme
  • Euro drafts
  • Bureau de change “Fexco” where we are the data processor for these transactions
  • Insurance services
  • Complying with binding requests for information from other payment service providers the member has instructed to act on their behalf
• Guarantors
  • As part of a member loan conditions, the Credit Union may make the requirement for the appointment of a guarantor a condition of the member loan agreement in order for the Credit Union to ensure the repayment of loan.
• Security
  • In order to secure repayment of the loan, it may be necessary to obtain security such as a charge on your property or other personal assets.
• Establish the members eligibility for our products and services
• Credit Assessment
  • Carry out credit reviews for loan underwriting
  • Utilises this information to assess member loan application in line with the applicable legislation and Credit Union lending policy.
  • to carry out credit reviews and to search for details of your credit history and information at credit bureaus/agencies, including the Central Credit Register. Where we make these searches, agencies may keep a record of the search.
• Insurance
  • certain loans must apply to ECCU for Loan Protection (LP). It may be necessary to process ‘special category’ data, which includes information about members health.
• Insurance Services on an introduction basis
• Home Loans/Mortgages
  • To maintain and administer home loans/mortgages we may need to share your information with our solicitors
• Make essential communication to provide products and services to the member
• Manage and respond to a complaint or appeal
• Recover debts the member may owe
• Member draws

If you are financially linked to another member in the context of a particular shares or loan account, a financial association may be created between your records and the other member’s records, including any previous and subsequent names used by you (for example, if you apply jointly or one is guaranteeing the debts of another). This means that we may treat your financial affairs as affecting each other. These links will remain on your and the other member’s account until you or another member terminate that link. We may make searches on all joint applicants, and evidence of that search will be left on all applicants’ records.

We must meet our duties to the Regulator, the Central Bank of Ireland and comply to our legal obligations. We may also share personal data with certain statutory bodies such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland and the appropriate Supervisory Authority if required by law Where it is necessary and proportionate, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. Processing may be necessary for compliance with a legal obligation:

• Retaining member records and details of individual transactions for the time periods as required by law. For example, the Consumer Protection Code.
• Preparing returns to regulators and relevant authorities.
• Complying with court orders arising in civil or criminal proceedings.
• Where required to comply with our obligations under the Payment Services Regulations relating to fraud prevention.
• Preparing returns to regulators and relevant authorities including preparing Deposit Interest Retention Tax, Common reporting standard (Where a member is tax resident in another jurisdiction), Prudential Return (https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements) and other CBI & revenue returns. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.
• Report on Central Credit Register (CCR) Register (https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements) andhttps://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements)  and, where relevant, conducting searches on CCR
  • Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, the credit union is obliged to report both personal details and credit details of the borrower [and guarantor] to the CCR.
• Ireland Safe Deposit Box Bank and Payment Accounts Register (ISBAR)The information that the Credit Union will be required to send includes the IBAN, account name, date of account opening, date of account closing; the name, address and date of birth of the account holder; the name, address and date of birth of the beneficial owner of the account; and the name, address and date of birth of any person authorised to act on the account. https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/ireland-safe-deposit-box-bank-and-payment-accounts-register-(isbar). ISBAR is operated by the Central Bank of Ireland. The purpose of ISBAR is to hold information on accounts identifiable by IBAN (including account holders, beneficial owners and signatories), and information on safe deposit box services provided by credit institutions in Ireland, and to enable legally prescribed authorities to search and retrieve information. Further information (including the Central Bank’s Data Privacy Notices) can be found at https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/ireland-safe-deposit-box-bank-and-payment-accounts-register-(isbar)
• Beneficial Ownership Register for Certain Financial Vehicles. The Credit Union must update the Beneficial Ownership Register with relevant information on the beneficial owners of Certain Financial Vehicles (CFV) held by Central Bank State, where the PPS number as a validation mechanism for the information being delivered to the register https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/beneficial-ownership-register.
• Report to the European Union Cross-Border Payments Reporting (“CESOP”) https://www.revenue.ie/en/companies-and-charities/international-tax/cesop/reporting-payments.aspx
• Report to the Central Register of Beneficial Ownership of Trusts (“CRBOT”) https://www.revenue.ie/en/crbot/index.aspx
• legal obligation to file reports on the Central Credit Register in accordance with the Credit Reporting Act 2013. https://www.irishstatutebook.ie/eli/2013/act/45/enacted
• Where you obtain a house loan from us, it will be necessary for the credit union to obtain a first legal charge on the property to be purchased and it will be necessary for us to process your personal data in order to register this charge or have this charge registered on our behalf.
• Connected/Related Party Borrowers
  • We are obliged further to Central Bank Regulations to identify where borrowers are connected in order to establish whether borrowers pose a single risk. We are also obliged to establish whether a borrower is a related party when lending to them, i.e., whether they are on the Board/Management Team or a member of the Board/ Management teams family or a business in which a member of the Board /Management Team has a significant shareholding.
• Establishing members identity, nationality, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing. Screening applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result, we may need to disclose information to government and other statutory bodies.
• Providing the member with statutory and regulatory information and statements
• Complying with requests from regulatory bodies, including the Central Bank of Ireland.
• Complying with court orders arising in civil or criminal proceedings
• Complying with Assisted Decision-Making (Capacity) Act where you may be vulnerable
• Comply with all other laws and regulations.
• As this credit union is affiliated to the ILCU, the credit union must also operate in line with Irish League of Credit Unions (ILCU) Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by)
• To report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland and An Garda Siochana
• To meet obligations under the Credit Union Standard Rules & The Credit Union Act, 1997 (as amended)
• To maintain a register of members of the Credit Union
• To communicate all mandatory service communications such as providing notice of the AGM
• Nominate person
  • The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum.
• Purpose of the loan
  • The Credit Union is obliged to ensure that the purpose for the loan falls into one of the Credit Union categories of lending.
• To meet legislative and regulatory duties to maintain audited financial accounts
• To meet our health and safely compliance
• For the establishment, exercise or defence of legal claims.

Set out below are the main legal instructions,  and regulations and legislation the credit union must be compliant with.  We will also comply to the following legislation and other legislation as required. A member of our team will be able to answer a question you may have as to why we need certain data to provide our member services to you.

• Credit Union handbook https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/credit-union-handbook
• Credit union act 1997 (regulatory requirements) (amendment) regulations 2020 https://www.irishstatutebook.ie/eli/2020/si/675/made/en/pdf
• Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021
• (Act 3 of 2021) https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism
• Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020 (Bill 23 of 2020) https://www.oireachtas.ie/en/bills/bill/2020/23/
• I. No. 579/2012 - European Union (Consumer Credit Agreements) (Amendment) Regulations 2012. https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
• Minimum Competency Code 2017 (MCC 2017) and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017 (MCR 2017) https://www.centralbank.ie/regulation/how-we-regulate/authorisation/minimum-competency#:~:text=The%20MCC%202017%20specifies%20certain,Supervision%20and%20Enforcement)%20Act%202013.
• European Union (Consumer Credit Agreements) (Amendment) Regulations 2012. https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
• European Union (Payment Services) Regulations 2018, https://www.irishstatutebook.ie/eli/2018/si/6/made/en/print
• Consumer Protection Code 2012 Guidance https://www.centralbank.ie/regulation/consumer-protection/consumer-protection-codes-regulations
• European Union (Payment Services) Regulations, 2018 https://www.centralbank.ie/regulation/psd2-overview/psd2 https://www.irishstatutebook.ie/eli/2015/act/64/enacted/en/html

In the case of a default of a loan, provision of section 71(2) of the Credit Union Act 1997  allows a credit union to disclose a member’s account information where the Central Bank of Ireland is of the opinion that doing so is necessary to protect shareholder or depositor funds or to safeguard the interests of the credit union. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.

The processing of personal data for the purposes of the prevention of money laundering and terrorist financing is considered to be a matter of public interest https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32018L0843

Legitimate Interests means the interests of the Credit Union in conducting and managing our business to enable us to give you the best service and the best and most secure experience. When we process your personal data based on our legitimate interests, we carefully consider the impact on you, and uphold your rights under data protection laws to objective where applicable. Our legitimate business interests do not automatically take precedence over yours. We refrain from using your Personal Data for activities that would negatively impact you unless we have your consent or we are legally required or permitted to do so. Outlined below are the ways we process your data for our legitimate interests. If you have any concerns about this processing, you have the right to object. For more information on your rights, please refer to the "Your Rights" section below. Processing of your personal data may be necessary for the purposes of a legitimate interest pursued by us in any of the following: To develop and execute the strategy

• To develop and implement the current and future strategy. Assess the current and future performance, as this enables the credit union to improve its services to the members.
• To maintain financial stability and ensure long-term growth.
• By analyzing member data, the credit union can better understand member needs, optimize product offerings, and enhance operational efficiency. This not only helps meet regulatory requirements but also supports the credit union’s mission to serve its members responsibly and sustainably, fostering a strong, member-centric financial institution.

To offer our loan products

• Use of Credit Assessment and Credit Reference Agencies as Credit Union must lend responsibly. We will use your credit scoring information in order to determine your suitability for the loan applied for. When using the service of a credit referencing agency, we will pass them your personal details and details of your credit performance.
• In carrying out our loan underwriting, we capture and use a range of Personal Data in order to assess factors affecting those risks, for example age, location and claims history.
• As part the loan underwriting process we may access third-party databases or publications as stated in Section 7. We carry out searches in order to assess your credit worthiness to repay a loan, for our own benefit and therefore the benefit of its members, we must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. In carrying out such a search we can better determine your overall financial position in order to lend to you.
• Share your member data with Account Information Services Provide (AISP) to facilitate the online loan approval process when the member authorises us to do so.
• Where a member breaches the loan agreement the Credit Union may access third-party databases as stated in Section 7 and use the service of a debt collection agency, solicitors or other third parties to obtain updated contact information for you to recover the debt.
• Where the Credit Union is using a third party to assist with recouping any outstanding debt due to us by you, the Credit Union may provide your specific personal data held on file by us, which is necessary, to the third party such as a debt collector, tracing agent, private investigator, or a solicitor to perform their services. We may provide then with details of the indebtedness in order that they recover the outstanding sums. We will take the necessary steps to recover a debt to protect the assets and equity of the Credit Union.
• Tracing agency, where the address you have provided is no longer accurate and the Credit Union needs to either contact you or provide you with documentation in relation to the products or services you have obtained from us.
• Use of a Private Investigator to locate the member in the event that they fail to make repayments on member loan and/or fail to make contact with the credit union when required. We will first investigate all other less invasive means to make contact with the member.
• Where a member is not responding to correspondence from the Credit Union at their most recent verified address, the credit union may send correspondence to any other address provided by the member, for example, a different address stated on a bank statement provided as part of the loan assessment. This will only occur if the Credit Union deems it necessary, such as, default in a loan where the Credit Union has exhausted other communication channels provided by the member.

General operations

• Use of CCTV on our premises to safeguard the health, safety and security of all resources
• All incoming calls are recorded as stated in the greeting message on our phone system. Outgoing calls may be recorded, in such cases, the individual will be informed in advance of the conversation. The telephone recordings are used for training and quality purposes.
• keep a record of your instructions.
• Conduct Member Satisfaction Surveys to provide information on the quality of our services and products
• Use your member data to operate the Credit Union’s business on a day-to-day basis
• To provide service information (including sending service-related messages),
• To improve the Credit Union service quality
• To enhance the training for our staff.
• To establish, exercise and safeguard our rights, (including where necessary to take enforcement action) and to respond to claims made against the Credit Union.
• To safeguard the safety and security of the employees, IT systems and devices, property, and member, buildings, information located or stored on the premises, and assets, and those of service providers, consultants, and advisors that assist the Credit Union in carrying out its functions.
• In the prevention and detection of fraud
• To keep members informed about the services the Credit Union are currently providing.
• The Credit Union may in the future wish to sell, transfer or merge part or all of its business or assets or to buy a new business or the assets of another Credit Union or enter into a merger with another Credit Union. If so, we may disclose your personal information under strict duties of confidentiality to a potential Credit Union and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the new Credit Union may use or disclose your personal information in the same way as set out in this Privacy Notice. You will be informed about any mergers prior to your data being shared

The credit union may contact the member, where it is necessary, regarding services it provides or to inform the member of relevant changes to the existing service where such changes occur. The credit union will select the most appropriate method of media such as email, letter, phone, SMS for each situation. Such communication is deemed "essential" to the terms of the service and such communication will not constitute marketing.

• To provide and administer our member accounts per the terms of service under contract as stated in Section 8
• To meet our legal and compliance obligations and requirements under the Rules of the Credit Union, Central Bank Regulations, Anti money laundering and any other relevant compliance as stated under compliance in Section 8 for all services provided
• To maintain our relationship with you whilst you are a member and investigate any complaints or disputes or accidents
• Contact you for direct marketing purposes, subject to restrictions under the relevant laws, including the right to opt out of such marketing
• Provide you with information relating to all our products
• To provide essential communication with you, including to respond to information requests submitted
• To obtain your feedback on all our products and services
• To notify you about changes to contracted services relevant to you
• When acting as an insurance intermediary, to meet our obligations.
• We collect spouses’ details where relevant to assess the joint earnings to ensure the member has the means to meet the repayments
• To provide our member draws
• To identify death beneficiaries
• To report on related party transactions when members are employees or board members
• To assist vulnerable members with special needs

For Loans

• As part of loan assessment, identify dependent individuals to establish net disposal income available to pay back loan
• Verifying the information provided by you in the application
• To obtain credit references, credit checks and for debt collection, fraud detection and prevention and risk management purposes and to make submissions to the Central Credit Register.
• Assessing your loan application and determining your creditworthiness for a loan as stated under legitimate interest in Section 8. We may use credit scoring techniques and other automated decision making systems to either partially or fully assess your application, you will be informed in advance of your application being processes.
• As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. This includes Life Savings (LS) Loan Protection (LP), and optional related riders (where applicable). If you choose to take out a loan with us, it is a term of your membership, by virtue of our affiliation with the ILCU that the credit union will apply to ECCU for Loan Protection (LP). This protection and cover may only be available to individual members on certain loans.
• We collect dependent individuals’ expenditure needs to assess the net disposal income of the member
• To establish new contact details where your details have changed and have not been advised by you to the credit union
• Administering the loan, including where necessary, to take steps to recover the loan or enforce any security taken as part of the loan.
• Credit Reporting: Where a loan is applied for in the sum of €2,000 or more, the Credit Union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, we are obliged to report both personal details and credit details of the borrower to the CCR.
• Property Loan: Where you obtain a property loan from us, it will be necessary for us to obtain a first legal charge on the property to be purchased and it will be necessary for us to process your personal data in order to register this charge or have this charge registered on our behalf.

• To have person to undertake to repay the loan in the event that the member for whatever reason, is unable to repay.
• To assess if you can demonstrate the ability to repay the loan where you will need to disclose their financial information and agree to a credit check being carried out

The ability of a member over the age of 16 to nominate individuals to receive property in their credit union account on their death is a unique facility available for credit union members under the credit union legislation by which we operate. The nominated property does not form part of a deceased person’s estate.

• To record the wishes and instructions of the member
• To pay the nominee of choice your property/savings presently up to a maximum value of €23,000 predate of death 21.2.2024, €27,000 affected from 22.2.2024
• To update where necessary as member may change the details of their nomination as often as they like. The most recent nomination is the valid nomination

• To provide a saving scheme for members attending school where the Credit Union collects the lodgements
• To provide a saving card to the members
• To enable the member to transfer the saving into their Credit Union member account

• To provide the competition per the Terms/Rules signed up to by the entrant
• Administer the competition
• To contact the winner
• To deal with queries
• Capture photographs of the winners to be used in advertising and publicity where consent obtained
• To meet our requirements to host a stage of one of the national competitions. Entries must be submitted directly to our credit union only.
• We will inform the Chapter (Regional level) of our winners to be brought forward to Stage 2, at this point the Chapter becomes an independent data controller. The winners of Stage 2 will progress to the national final Stage 3 where the Irish League of Credit Unions (ILCU) becomes an independent data controller

• To facilitate a third party to conduct transaction on behalf of a member, where the member nominates such person to act on their behalf e.g. a member incapacitated or a minor where the parent nominated an individual to operate the minors account

• To provide this website to you and respond to your queries
• To comply with all relevant law
• To manage your safety and security while you are on our premises
• To facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders
• To investigate, exercise or defend legal claims or other claims of a similar nature
• To obtain consent from any individual for the purposes of publishing photos/video of such person.

To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external and internal auditor. We will allow the internal and external auditor to see our records (which may include information about you) for these purposes.

• We have a legitimate interest to share your personal data with our approved outsourced third party providers, such as IT Service Providers including Cloud Providers,, legal advisors, business advisors, debt collectors, couriers, shredding company, security company, printing company, CCTV company, administration services, internal and external auditors, insurers, marketing consultants or subcontractors

• Where you authorised individuals to act on your behalf for example ward of court/Power of Attorney
• Third parties we need to share your information with order to facilitate payments or services you have requested. Examples include: Banks, Credit Unions, An Post or payment service providers, payment schemes or systems (e.g. MasterCard), merchant acquirers and providers of payment processing services;
• Those you ask us to share your information with.
• Where you instruct an Account Information Service Provider (AISP) to provide us with your data. The AIS service change enables the Credit Union to connect directly with the Member Bank account to extract historical transaction and balance information.
• When you apply to us for insurance and receive insurance we will collect and share your data with ECCU Assurance DAC per the Terms and Conditions of product you signed up to.
• Where we share your joint account details and transactions with the other holder of the account
• Following your instruction, we will share you information with your guarantor or nominated person at point of payment
• We have a legitimate interest to share your personal data with our approved Outsourced third party providers, such as IT Service Providers, legal advisors, business advisors, debt collectors, couriers, shredding company, security company, printing company, CCTV company, administration services, internal and external auditors, insurers, marketing consultants or subcontractors
• We have a legitimate interest to share your personal data for the processing of electronic payments services on your account (such as credit transfers, standing orders and direct debits, card based payments). The Credit Union is a participant of Payac. Payac is a credit union owned, independent, not-for-profit company that provides an electronic payments service platform for the credit union movement in Ireland. Payac is an outsourced model engaging third party companies, such as a Partner Bank, to assist with the processing of payment data for example as the Card Processor, as Bank Identification Number (BIN) sponsor.
• Electronic Payments If you use our electronic payment services to transfer money into or out of your credit union account or make payments through your debit card into your credit union account, we are required to share your personal data with our electronic payment service provider
• Debit or Charge Card or ATM Card: If you have a debit with us, we will share transaction details with companies which help us to provide this service
• We may share your data with possible successors or merging credit unions
• Statutory and regulatory bodies as legally required including but [not] limited to Regulators Central Bank Ireland, Enforcement bodies, an Garda Siochana, Data Protection Commission, the courts, fraud prevention agencies or other bodies; the Department of Finance, the Revenue Commissioners, Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland, Irish Financial Services Appeals Tribunal, Irish Revenue, debt recovery or fraud prevention agencies, the appropriate Supervisory Authority if required under law.

We may share your data with Irish League of Credit Unions, Credit Union Development Association, potential mergers.

The credit union utilises a third party Outsourced Service Provider who carry on the business of, inter alia, servicing, administering and managing mortgage loans secured on residential properties in Ireland. This business will support the credit union in the processing, fulfilment and special servicing (arrears management) of residential mortgages based on a standardised consistent and reliable methodology and is therefore of ultimate benefit to its member.

We are also members of Credit Union Mortgage Services DAC (MSDAC) which provides mortgage origination support services to the Credit Union as well as marketing support

The third parties supporting the Home Loans, Credit Union Service Organisation (CUSO) are committed to respecting the rights of those people whose data is processed under this CUSO.The credit union utilises a third party valuation management solutions company who provide, inter alia, valuation management services on residential properties in Ireland. This service will ensure that valuations are carried out by professional valuers and that the valuations follow mandatory valuation standards and is therefore of ultimate benefit to its members.

The credit union may utilise a third party storage solution company to ensure safe, secure storage of Title Deeds and security documents and is therefore of ultimate benefit to its members.The credit union provides your information to insurance companies for the purpose of insuring the loan.

If you have a secured loan or mortgage with us, we may need to share information with other lenders who also hold a charge on your property

The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, guidance, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (by which the credit union is bound to the ILCU). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us. The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS The Privacy Notice of ILCU can be found at www.creditunion.ie .

Regulators Central Bank Ireland, Enforcement bodies, an Garda Siochana, Data Protection Commission, the courts, Financial Services and Pensions Ombudsman Bureau of Ireland, Irish Revenue, legal and professional advisers such as auditors and external legal counsel; Irish League of Credit Unions, Credit Union Development Association, IT Provider, outsourced service providers, potential mergers.

Regulators Central Bank Ireland, legal and professional advisers such as auditors and external legal counsel; Irish League of Credit Unions, Regional Chapter, associated named school/club/organisation IT Provider, outsourced service providers, potential mergers, social media (print and online).

When have I the right to all my personal data being deleted by the Credit Union? You have the right to have your personal data deleted without undue delay if:

• The personal data is no longer necessary in relation to the purpose(s) for which it was collected/processed
• You are withdrawing consent and where there is no other legal ground for the processing
• You object to the processing and there are no overriding legitimate grounds for the processing
• The personal data has been unlawfully processed
• The personal data must be erased so that we are in compliance with legal obligation
• The personal data has been collected in relation to the offer of information society services with a child.

What happens if the Credit Union has made my personal data public? If we have made your personal data public, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform those who are processing your personal data that you have requested the erasure. What happens if the Credit Union has disclosed my personal data to third parties? Where we have disclosed your personal data in question to third parties, we will inform them of your request for erasure where possible.  We will also confirm to you details of relevant third parties to whom the data has been disclosed where appropriate.

When can I receive my personal data in machine readable format from the Credit Union? You have the right to receive your personal data, which you provided to the Credit Union, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another organisation without hindrance from the Credit Union to which the personal data have been provided, where:

• processing is based on consent or contract and
• processing is carried out by automated means.

Would the Credit Union transfer the personal data to another service provider if I requested this? We can transfer this data to another company selected by you on your written instruction where it is technically feasible taking account of the available technology and the feasible cost of transfer proportionate to the service, we provide to you. Under what circumstances can the Credit Union refuse? You will not be able to obtain, or have transferred in machine-readable format, your personal data if we are processing this data in the public interest or in the exercise of official authority vested in us. Will the Credit Union provide me with my personal data if the file contains the personal data of others? We will only provide you with your personal data, ensuring we protect the rights and freedoms of others.  Where personal data of another person may be on the same files as yours, we will redact the full details of the other person. Contact us at GDPR@ballinasloecreditunion.ie.

What are my rights in respect of automated decision making? We do not conduct automated decisions which produces legal effects concerning any of our members, see Section 16 for details. You can object to a decision based on automated processing, you can contact us at GDPR@ballinasloecreditunion.ie.

Have I already been informed about my right to object? We have informed you of your right to object prior to us collecting any of your personal data as stated in our privacy statement for example when opening an account or at loan application. When can I object to the Credit Union processing my personal data? You can object on grounds relating to your situation, at any time to processing of personal data concerning you which is based on one of the following lawful basis:

• public interest or
• legitimate interest, including profiling based on those provisions.

The Credit Union will stop processing your personal data unless:

• we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or
• the processing is for the establishment, exercise or defence of legal claims.

What are my rights to object for direct marketing purposes? Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, we will no longer process this data for such purposes. What are my rights to object in the use of information society services (online services)? In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications. Contact us at GDPR@ballinasloecreditunion.ie.

When can I restrict processing? You may have processing of your personal data restricted:

• While we are verifying the accuracy of your personal data which you have contested
• If you choose restricted processing over erasure where processing is unlawful
• If we no longer need the personal data for its original purpose but are required to hold the personal data for defence of legal claims
• Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override.

What if the Credit Union has provided my personal data to third parties? Where we have disclosed your personal data in question to third parties, we will inform them about the restriction on the processing, unless it is impossible or involves disproportionate effort to do so. How will I know if the restriction is lifted by the Credit Union and/or relevant third parties? We will inform on an individual basis when a restriction on processing has been lifted. Contact us at GDPR@ballinasloecreditunion.ie.

What can I do if the Credit Union is holding incorrect personal data about me? Where you suspect that data we hold about you is inaccurate, we will on demand, in compliance to central bank rules, rectify any inaccuracies without undue delay and provide confirmation of same.  What happens if the Credit Union has disclosed my personal data to third parties? Where we have disclosed inaccurate personal data to third parties, we will inform them and request confirmation that rectification has occurred.  We will also provide you with details of the third parties to whom your personal data has been disclosed. Contact us at GDPR@ballinasloecreditunion.ie.

Under what circumstances could I withdraw consent? You can withdraw consent if we are processing your personal data based on your consent. When can I withdraw consent? You can withdraw consent at any time. If I withdraw consent what happens to my current data? Any processing based on your consent will cease upon the withdrawal of that consent.  Your withdrawal will not affect any processing of personal data prior to your withdrawal of consent, or any processing which is not based on your consent. Contact us at GDPR@ballinasloecreditunion.ie.

Can I lodge a complaint with the Data Protection Commission? You can lodge a complaint with the Data Protection Commission in respect of any processing by or on behalf of the Credit Union of personal data relating to you. How do I lodge a complaint? Making a complaint is simple and free.  All you need to do is write to the Data Protection Commission giving details about the matter.  You should clearly identify the organisation or individual you are complaining about.  You should also outline the steps you have taken to have your concerns dealt with by the organisation, and what sort of response you received from them.  Please also provide copies of any letters between you and the organisation, as well as supporting evidence/material. What happens after I make the complaint? The Data Protection Commission will then take the matter up with the Credit Union on your behalf.

When do I have the right to access my personal data from the Credit Union? Where the Credit Union process any personal data relating to you, you have the right to obtain confirmation of same from us, and to have access to your data. What information will the Credit Union provide to me? If we are processing your personal data, you are entitled to access a copy of all such personal data processed by us subject to a verification process to ensure we are communicating with the correct person.  We will provide any of the following information:

• why we are processing your personal data
• the types of personal data concerned
• the third parties or categories of third parties to whom the personal data have been or will be disclosed. We will inform you if any of the third parties are outside the European Economic Area (EEA) or international organisations
• how your personal data is safeguarded where we provide your personal data outside the European Economic Area or to an international organisation
• the length of time we will hold your data or if not possible, the criteria used to determine that period
• your rights to:
• request any changes to inaccurate personal data held by us
• have your personal data deleted on all our systems
• restriction of processing of personal data concerning you
• to object to such processing
• data portability
• your right to lodge a complaint with the Data Protection Commission info@dataprotection.ie
• where we have collected your personal data from a third party, we will provide you with the information as to our source of your personal data
• any automated decision-making, including profiling which includes your personal data. We will provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

  What Information is not provided?

• Business Information pertaining to your role as an employee
• If we do not provide you with your personal data, we have an obligation to give reasons why this personal data is being withheld.

How long will it take to receive my personal data from the Credit Union? We will provide you with a copy of the personal data we are currently processing within one month of request.  In rare situations if we are unable to provide you with the data within one month we will notify you, within one month of your valid request, explaining the reason for the delay and will commit to delivery within a further two months. How much will it cost me to receive my personal data? We will not charge for providing your personal data unless we believe the request is excessive and the cost of providing your data is disproportionate to your services provided. Can I request additional copies of my personal data? If you require additional copies, we will charge €20 to cover our administrative costs. Can I receive my personal data electronically? You can request your personal data by electronic means and we will provide your personal data in a commonly used electronic form if technically feasible. What will the Credit Union do if another person’s personal data is shared with my personal data? We will only provide you with your personal data, ensuring we protect the rights and freedoms of others.  Where personal data of another person may be on the same files as yours, we will redact the full details of the other person. Contact us at GDPR@ballinasloecreditunion.ie.