Privacy Notice
At Ballinasloe Credit Union, we prioritise your privacy and are dedicated to safeguarding your personal information. Handling and storing personal data involves significant rights for you and substantial responsibilities for us.
It’s crucial for you to understand precisely what we do with the personal data you and others provide, why we collect it, and what it means for you. Our Members Privacy Notice details how we manage your personal information.
You can download the latest version of our Members Privacy Notice – (V1.04) as a PDF or view each section online below.
For reference, the previous version (V1.03) is available here:: Members Privacy Notice – (V1.03).
1. Who we are?
Member Privacy’s Notices
The purpose of this single source combined privacy notice is to provide members and related parties with the opportunity to read our privacy information relating to your personal data in one document. This Privacy Notice should be read if any reference is made to any of the following- Account Opening Privacy Notice
- Lending Privacy Notice
- Mortgage Privacy Notice
- Debit Card Privacy Notice
- Guarantor Privacy Notice
- Nominations Privacy Notice
- Business and Agri Loan Privacy Statement
2. How to contact us?
3. What happens if we make changes to this notice?
- Section 20 Foreign exchange services -Fexco
- Section 24 What to do when you change any of your contact details
- Section 25 Tip’s when emailing us your information
- Section 26 Electronic Data
- Section 1 single source combined privacy notice
- Section 5 E Nominees explanation of collecting nominations
- Section 8 Consent explanation on electronical AGM documentation
- Section 8 Contract explanation were financially linked data
- Section 8 Compliance more details on general compliance
- Section 8 Legitimate Interest new introduction and details if a merger, or using contact details where a member is not responding to communication and additional information on use of debt collector, tracing agent, private investigator, or a solicitor to perform their services
- Section 8 Purposes for contacting members for essential communications
- Section 8 C Nominees updated to the new amount
- Section 10 Essential communications and methods
- Section 11 Enhanced the current statement to ensure you know your requirements when providing us with third party’s data.
- Section 11 Details on third party engagement for mortgages
- Section 16 Added automated decision marking and details of profiling
- Section 17 details on Irish League of Credit Unions (ILCU) Affiliation
- Section 18 Updated Joint Controller for Transact Payments Malta Limited in respect of the Cardholder Data
- Section 19 details of the Independent Controllers for the new Home Energy Upgrade Loan Scheme
- Section 21 Updated to how we determine the criteria to hold your data
- Section 23 Updates on automated decision making
4. Who do we collect data about?
- Personal Account members (Single, Joint and Minor)
- Club Members
- Business Member
- Guarantor
- Nominee
- School saving scheme
- School Quiz entrants, winners and co-ordinators within the schools
- Art competition entrants and winners
5. What types of your data do we collect?
- Opening an account
- Register online or open a member account in person
- Apply for a loan
- Apply for any other product we offer
- Request support which may require additional information
- Enter our competitions
- Voluntarily complete a member survey or provide feedback
- Use or view our website via your browser’s cookies
A. Member information collected
B. Club Member information collected
C. Business Member information collected
D. Guarantor
E. Nominee
- A member may change the details of their nomination as often as they like during the course of their membership with the credit union. In addition, there may be instances where a nomination is revoked through marriage or civil partnership, or the death of the nominee before the nominating member. There is therefore no guarantee that a nomination will be valid until the member has passed away and the validity of the nomination is confirmed by the credit union. As such, we are unable to contact individuals directly to advise them that we are processing their information.
- Where a member makes a nomination, we are required under the credit union legislation by which we operate to keep a record of all persons nominated (along with any revocation or variation of any nomination).
F. School Savings Scheme
G. School Quiz, winners and co-ordinators within the schools
H. Art competition entrants and winners
6. When do we collect sensitive personal data
- For loan assessments or insurance products with ECCU we may collect health data
- As part of AML, we are required to capture politically exposed persons and the country of origin
- Where a member makes payments to an organisation which may infer one of the types of special category data e.g. trade union or religious subscriptions
- Where a member chooses to join via “online onboarding”, their facial verification is used via biometrics.
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our data protection policy.
- Where it is needed in the public interest, and in line with our data protection policy.
7. When do we receive your data from a third party
- Related party information where a member is also an employee
- Loan applications where member is self-employed to confirm tax clearance for example your accountant
- Account Information Services Provider (AISP)
- When you are named in an insurance policy application
- Credit reference agencies- Central Credit Register, Vision Net and other credit registration agencies
- fraud prevention agencies, fraud detection service providers
- Public agencies such as property registration authorities, the Companies Registration Office or judgement registries
- Farm grant payments published
- Revenue commissions default payers list
- Published media reporting relating to your financial position
- A member provided your data where you are the guarantor, the spouse, the dependent individual, in such cases the member obtains consent from the adults to capture their data
- ECCU Assurance DAC
- Judgement searches available
- A member who nominated you to obtain their funds
- Solicitors where necessary
- Professional providers of valuations and proof of equity for certain loan approvals such as application for Mortgages
- Third parties nominated by you to act on your behalf such as accountants and financial advisers
- Payee to your account
- School on your behalf as an entrant to a competition
8. What are the legal bases we process your data
We collect your data based on the following legal basis:
Consent
- Members
- Collecting your data in the event that you apply for a loan, we may require certain special categories of data such as your health information where no other lawful basis exists
- A member provided third party’s data
- as a guarantor,
- the spouse,
- the dependent individual,
- Photograph on your member account for verification
- Where a member consents to join via “online onboarding”, their facial verification is used via biometrics.
- Provide instructions by e-mail, including a link to the portal of an Account Information Services Provider (‘AISP’)
- Member preferences to receive electronic statements and AGM booklets,
- Radio frequency tags used in contactless cards
- Use of members location data
- Marketing (see section 14)
- School Quiz entries
- Art Competition entries
- Any individual
- Photograph for publication at events
- Cookie (see cookie policy)
- Member Draws
Electronic AGM information
Right to withdraw consent at any time
Where consent is relied upon as a basis for processing of any personal data, you will be presented with an option to agree or disagree with the collection, use or disclosure of personal data. Once consent is obtained, it can be withdrawn at any stage.
We will hold a list of all individuals who have withdrawn their consent to ensure there is a record of their objection to direct marketing. We will hold a minimised amount of Personal Data in order to uphold this request.
Contract
- Administrative Purposes
- Opening credit union Account
- Manage and administer members accounts, transactions, policies, benefits or other products and services that the Credit Union or partners e.g. ECCU may provide the member with
- Loan assessments
- To manage and respond to a complaint or appeal
- To help improve service as agreed in the T&C to members
- For the processing of electronic payments services on the member account (such as SEPA direct debts, credit transfers, standing orders and direct debits), the Credit Union is a participant of Payac
- Providing Current Account services via MyCU
- Providing online banking
- Automated teller machine services
- School savings programme
- Euro drafts
- Bureau de change “Fexco” where we are the data processor for these transactions
- Insurance services
- Complying with binding requests for information from other payment service providers the member has instructed to act on their behalf
- Guarantors
- As part of a member loan conditions, the Credit Union may make the requirement for the appointment of a guarantor a condition of the member loan agreement in order for the Credit Union to ensure the repayment of loan.
- Security
- In order to secure repayment of the loan, it may be necessary to obtain security such as a charge on your property or other personal assets.
- Establish the members eligibility for our products and services
- Credit Assessment
- Carry out credit reviews for loan underwriting
- Utilises this information to assess member loan application in line with the applicable legislation and Credit Union lending policy.
- to carry out credit reviews and to search for details of your credit history and information at credit bureaus/agencies, including the Central Credit Register. Where we make these searches, agencies may keep a record of the search.
- Insurance
- certain loans must apply to ECCU for Loan Protection (LP). It may be necessary to process ‘special category’ data, which includes information about members health.
- Insurance Services on an introduction basis
- Home Loans/Mortgages
- To maintain and administer home loans/mortgages we may need to share your information with our solicitors
- Make essential communication to provide products and services to the member
- Manage and respond to a complaint or appeal
- Recover debts the member may owe
- Member draws
Compliance
- Retaining member records and details of individual transactions for the time periods as required by law. For example, the Consumer Protection Code.
- Preparing returns to regulators and relevant authorities.
- Complying with court orders arising in civil or criminal proceedings.
- Where required to comply with our obligations under the Payment Services Regulations relating to fraud prevention.
- Preparing returns to regulators and relevant authorities including preparing Deposit Interest Retention Tax, Common reporting standard (Where a member is tax resident in another jurisdiction), Prudential Return (https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements) and other CBI & revenue returns. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.
- Report on Central Credit Register (CCR) Register (https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements) andhttps://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/reporting-requirements) and, where relevant, conducting searches on CCR
- Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, the credit union is obliged to report both personal details and credit details of the borrower [and guarantor] to the CCR.
- Ireland Safe Deposit Box Bank and Payment Accounts Register (ISBAR)The information that the Credit Union will be required to send includes the IBAN, account name, date of account opening, date of account closing; the name, address and date of birth of the account holder; the name, address and date of birth of the beneficial owner of the account; and the name, address and date of birth of any person authorised to act on the account. https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/ireland-safe-deposit-box-bank-and-payment-accounts-register-(isbar). ISBAR is operated by the Central Bank of Ireland. The purpose of ISBAR is to hold information on accounts identifiable by IBAN (including account holders, beneficial owners and signatories), and information on safe deposit box services provided by credit institutions in Ireland, and to enable legally prescribed authorities to search and retrieve information. Further information (including the Central Bank’s Data Privacy Notices) can be found at https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/ireland-safe-deposit-box-bank-and-payment-accounts-register-(isbar)
- Beneficial Ownership Register for Certain Financial Vehicles. The Credit Union must update the Beneficial Ownership Register with relevant information on the beneficial owners of Certain Financial Vehicles (CFV) held by Central Bank State, where the PPS number as a validation mechanism for the information being delivered to the register https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism/beneficial-ownership-register.
- Report to the European Union Cross-Border Payments Reporting (“CESOP”) https://www.revenue.ie/en/companies-and-charities/international-tax/cesop/reporting-payments.aspx
- Report to the Central Register of Beneficial Ownership of Trusts (“CRBOT”) https://www.revenue.ie/en/crbot/index.aspx
- legal obligation to file reports on the Central Credit Register in accordance with the Credit Reporting Act 2013. https://www.irishstatutebook.ie/eli/2013/act/45/enacted
- Where you obtain a house loan from us, it will be necessary for the credit union to obtain a first legal charge on the property to be purchased and it will be necessary for us to process your personal data in order to register this charge or have this charge registered on our behalf.
- Connected/Related Party Borrowers
- We are obliged further to Central Bank Regulations to identify where borrowers are connected in order to establish whether borrowers pose a single risk. We are also obliged to establish whether a borrower is a related party when lending to them, i.e., whether they are on the Board/Management Team or a member of the Board/ Management teams family or a business in which a member of the Board /Management Team has a significant shareholding.
- Establishing members identity, nationality, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing. Screening applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result, we may need to disclose information to government and other statutory bodies.
- Providing the member with statutory and regulatory information and statements
- Complying with requests from regulatory bodies, including the Central Bank of Ireland.
- Complying with court orders arising in civil or criminal proceedings
- Complying with Assisted Decision-Making (Capacity) Act where you may be vulnerable
- Comply with all other laws and regulations.
- As this credit union is affiliated to the ILCU, the credit union must also operate in line with Irish League of Credit Unions (ILCU) Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by)
- To report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland and An Garda Siochana
- To meet obligations under the Credit Union Standard Rules & The Credit Union Act, 1997 (as amended)
- To maintain a register of members of the Credit Union
- To communicate all mandatory service communications such as providing notice of the AGM
- Nominate person
- The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum.
- Purpose of the loan
- The Credit Union is obliged to ensure that the purpose for the loan falls into one of the Credit Union categories of lending.
- To meet legislative and regulatory duties to maintain audited financial accounts
- To meet our health and safely compliance
- For the establishment, exercise or defence of legal claims.
- Credit Union handbook https://www.centralbank.ie/regulation/industry-market-sectors/credit-unions/credit-union-handbook
- Credit union act 1997 (regulatory requirements) (amendment) regulations 2020 https://www.irishstatutebook.ie/eli/2020/si/675/made/en/pdf
- Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021
- (Act 3 of 2021) https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism
- Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020 (Bill 23 of 2020) https://www.oireachtas.ie/en/bills/bill/2020/23/
- I. No. 579/2012 - European Union (Consumer Credit Agreements) (Amendment) Regulations 2012. https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
- Minimum Competency Code 2017 (MCC 2017) and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017 (MCR 2017) https://www.centralbank.ie/regulation/how-we-regulate/authorisation/minimum-competency#:~:text=The%20MCC%202017%20specifies%20certain,Supervision%20and%20Enforcement)%20Act%202013.
- European Union (Consumer Credit Agreements) (Amendment) Regulations 2012. https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
- European Union (Payment Services) Regulations 2018, https://www.irishstatutebook.ie/eli/2018/si/6/made/en/print
- Consumer Protection Code 2012 Guidance https://www.centralbank.ie/regulation/consumer-protection/consumer-protection-codes-regulations
- European Union (Payment Services) Regulations, 2018 https://www.centralbank.ie/regulation/psd2-overview/psd2 https://www.irishstatutebook.ie/eli/2015/act/64/enacted/en/html
Public interest
Legitimate interest
- To develop and implement the current and future strategy. Assess the current and future performance, as this enables the credit union to improve its services to the members.
- To maintain financial stability and ensure long-term growth.
- By analyzing member data, the credit union can better understand member needs, optimize product offerings, and enhance operational efficiency. This not only helps meet regulatory requirements but also supports the credit union’s mission to serve its members responsibly and sustainably, fostering a strong, member-centric financial institution.
- Use of Credit Assessment and Credit Reference Agencies as Credit Union must lend responsibly. We will use your credit scoring information in order to determine your suitability for the loan applied for. When using the service of a credit referencing agency, we will pass them your personal details and details of your credit performance.
- In carrying out our loan underwriting, we capture and use a range of Personal Data in order to assess factors affecting those risks, for example age, location and claims history.
- As part the loan underwriting process we may access third-party databases or publications as stated in Section 7. We carry out searches in order to assess your credit worthiness to repay a loan, for our own benefit and therefore the benefit of its members, we must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. In carrying out such a search we can better determine your overall financial position in order to lend to you.
- Share your member data with Account Information Services Provide (AISP) to facilitate the online loan approval process when the member authorises us to do so.
- Where a member breaches the loan agreement the Credit Union may access third-party databases as stated in Section 7 and use the service of a debt collection agency, solicitors or other third parties to obtain updated contact information for you to recover the debt.
- Where the Credit Union is using a third party to assist with recouping any outstanding debt due to us by you, the Credit Union may provide your specific personal data held on file by us, which is necessary, to the third party such as a debt collector, tracing agent, private investigator, or a solicitor to perform their services. We may provide then with details of the indebtedness in order that they recover the outstanding sums. We will take the necessary steps to recover a debt to protect the assets and equity of the Credit Union.
- Tracing agency, where the address you have provided is no longer accurate and the Credit Union needs to either contact you or provide you with documentation in relation to the products or services you have obtained from us.
- Use of a Private Investigator to locate the member in the event that they fail to make repayments on member loan and/or fail to make contact with the credit union when required. We will first investigate all other less invasive means to make contact with the member.
- Where a member is not responding to correspondence from the Credit Union at their most recent verified address, the credit union may send correspondence to any other address provided by the member, for example, a different address stated on a bank statement provided as part of the loan assessment. This will only occur if the Credit Union deems it necessary, such as, default in a loan where the Credit Union has exhausted other communication channels provided by the member.
- Use of CCTV on our premises to safeguard the health, safety and security of all resources
- All incoming calls are recorded as stated in the greeting message on our phone system. Outgoing calls may be recorded, in such cases, the individual will be informed in advance of the conversation. The telephone recordings are used for training and quality purposes.
- keep a record of your instructions.
- Conduct Member Satisfaction Surveys to provide information on the quality of our services and products
- Use your member data to operate the Credit Union’s business on a day-to-day basis
- To provide service information (including sending service-related messages),
- To improve the Credit Union service quality
- To enhance the training for our staff.
- To establish, exercise and safeguard our rights, (including where necessary to take enforcement action) and to respond to claims made against the Credit Union.
- To safeguard the safety and security of the employees, IT systems and devices, property, and member, buildings, information located or stored on the premises, and assets, and those of service providers, consultants, and advisors that assist the Credit Union in carrying out its functions.
- In the prevention and detection of fraud
- To keep members informed about the services the Credit Union are currently providing.
- The Credit Union may in the future wish to sell, transfer or merge part or all of its business or assets or to buy a new business or the assets of another Credit Union or enter into a merger with another Credit Union. If so, we may disclose your personal information under strict duties of confidentiality to a potential Credit Union and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the new Credit Union may use or disclose your personal information in the same way as set out in this Privacy Notice. You will be informed about any mergers prior to your data being shared
9. What happens if you do not provide us with the data if legal basis is contract or compliance
10. What is the purpose (s) for processing your data
We are a financial co-operative formed to allow members to save and lend to each other at fair and reasonable rates of interest. We are a not-for-profit organisation with a volunteer ethos and community focus. We process your data to provide this service.
You agree that any data you provide to us will be true, complete and accurate in all respects and you agree to notify us immediately of any changes to it. See section 24 if you need to inform us of a change. We will only collect personal information from or about you which is necessary for the following purposes:
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the basis which allows us to do so.
A. All Members (Joint, Club, Business)
- To provide and administer our member accounts per the terms of service under contract as stated in Section 8
- To meet our legal and compliance obligations and requirements under the Rules of the Credit Union, Central Bank Regulations, Anti money laundering and any other relevant compliance as stated under compliance in Section 8 for all services provided
- To maintain our relationship with you whilst you are a member and investigate any complaints or disputes or accidents
- Contact you for direct marketing purposes, subject to restrictions under the relevant laws, including the right to opt out of such marketing
- Provide you with information relating to all our products
- To provide essential communication with you, including to respond to information requests submitted
- To obtain your feedback on all our products and services
- To notify you about changes to contracted services relevant to you
- When acting as an insurance intermediary, to meet our obligations.
- We collect spouses’ details where relevant to assess the joint earnings to ensure the member has the means to meet the repayments
- To provide our member draws
- To identify death beneficiaries
- To report on related party transactions when members are employees or board members
- To assist vulnerable members with special needs
- As part of loan assessment, identify dependent individuals to establish net disposal income available to pay back loan
- Verifying the information provided by you in the application
- To obtain credit references, credit checks and for debt collection, fraud detection and prevention and risk management purposes and to make submissions to the Central Credit Register.
- Assessing your loan application and determining your creditworthiness for a loan as stated under legitimate interest in Section 8. We may use credit scoring techniques and other automated decision making systems to either partially or fully assess your application, you will be informed in advance of your application being processes.
- As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. This includes Life Savings (LS) Loan Protection (LP), and optional related riders (where applicable). If you choose to take out a loan with us, it is a term of your membership, by virtue of our affiliation with the ILCU that the credit union will apply to ECCU for Loan Protection (LP). This protection and cover may only be available to individual members on certain loans.
- We collect dependent individuals’ expenditure needs to assess the net disposal income of the member
- To establish new contact details where your details have changed and have not been advised by you to the credit union
- Administering the loan, including where necessary, to take steps to recover the loan or enforce any security taken as part of the loan.
- Credit Reporting: Where a loan is applied for in the sum of €2,000 or more, the Credit Union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, we are obliged to report both personal details and credit details of the borrower to the CCR.
- Property Loan: Where you obtain a property loan from us, it will be necessary for us to obtain a first legal charge on the property to be purchased and it will be necessary for us to process your personal data in order to register this charge or have this charge registered on our behalf.
B. Guarantor
- To have person to undertake to repay the loan in the event that the member for whatever reason, is unable to repay.
- To assess if you can demonstrate the ability to repay the loan where you will need to disclose their financial information and agree to a credit check being carried out
C. Nominee
- To record the wishes and instructions of the member
- To pay the nominee of choice your property/savings presently up to a maximum value of €23,000 predate of death 21.2.2024, €27,000 affected from 22.2.2024
- To update where necessary as member may change the details of their nomination as often as they like. The most recent nomination is the valid nomination
D. School saving scheme
- To provide a saving scheme for members attending school where the Credit Union collects the lodgements
- To provide a saving card to the members
- To enable the member to transfer the saving into their Credit Union member account
E. All Competitions and School Quiz, winners and co-ordinators within the schools
- To provide the competition per the Terms/Rules signed up to by the entrant
- Administer the competition
- To contact the winner
- To deal with queries
- Capture photographs of the winners to be used in advertising and publicity where consent obtained
- To meet our requirements to host a stage of one of the national competitions. Entries must be submitted directly to our credit union only.
- We will inform the Chapter (Regional level) of our winners to be brought forward to Stage 2, at this point the Chapter becomes an independent data controller. The winners of Stage 2 will progress to the national final Stage 3 where the Irish League of Credit Unions (ILCU) becomes an independent data controller
F. Delegated authority acting on behalf of a member
- To facilitate a third party to conduct transaction on behalf of a member, where the member nominates such person to act on their behalf e.g. a member incapacitated or a minor where the parent nominated an individual to operate the minors account
G. General
- To provide this website to you and respond to your queries
- To comply with all relevant law
- To manage your safety and security while you are on our premises
- To facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders
- To investigate, exercise or defend legal claims or other claims of a similar nature
- To obtain consent from any individual for the purposes of publishing photos/video of such person.
11. What you need to do when you provide us with other individuals information data
- the individual already has the information
- obtaining or disclosure such information is expressly laid down in the law to which the credit union must comply and which provides appropriate measures to protect the individual’s legitimate interests
- where the personal data must remain confidential subject to an obligation of professional secrecy regulated by law
12. How we protect your data
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by us on the basis of either a valid contract, consent, legal compliance or legitimate interest
- Protected against any unauthorised access or illegal processing by internal or external parties.
- Communicated to any unauthorised internal or external parties
- Stored for longer than required for the purpose obtained
- Transferred to organisations, states or countries outside the European Economic Area without adequate safeguards being put in place as required under Data Protection Law.
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in data protection and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
13. How our third-party providers protect your data
We only engage with third-party service providers who provide sufficient guarantees to protect your data following our instructions and are bound by a data processing agreement.
14. How we use your information as a member for Marketing
- Types of loans
- Your spending and saving habits
- Use transaction history/ account information
- Insurance or assurance linked to a product
- Previous interactions with marketing communications e.g opens, reads, clicks
- through Mobile App
- by e-mail
- SMS
- post
- telephone
15. How we use your information for Surveys
We would like the opportunity to understand your experiences with us and to monitor the performance and effectiveness of our delivery of products and services to you. We would like to assess the quality of our member services. We promise to listen to our members and to adapt to the recommendations provided to ensure our members are receiving the best quality service from your own credit union. From time to time, we may conduct member satisfaction surveys. Where we do so we rely on the lawful processing of legitimate interest to enhance our service delivery. A withdrawal option will be provided in all survey communication thereafter.
16. How we use Automated Processing or “Analytics”
We do not conduct profiling on children.
We are committed to protecting your privacy and ensuring transparency in how we use your personal data. As part of our ongoing efforts to provide tailored services and improve our offerings, we may use profiling to assess your financial behaviour and preferences. Profiling allows us to better understand your needs, conduct loan assessments, recommend relevant products or services, and manage risks effectively. What is Profiling? Profiling involves the automated processing of your personal data to evaluate certain aspects of your financial behaviour. This may include analysing your transaction history, loan activity, savings patterns, or other interactions with the credit union. Profiling helps us make informed decisions on creditworthiness, fraud prevention, and personalised offers. We do not conduct profiling which produces legal effects concerning any of our members. You have the right to object to the use of your personal data for profiling purposes. If you wish to exercise this right, you can contact us at GDPR@ballinasloecreditunion.ie, and we will review your request.17. Who we share your information with
Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information where necessary to the following:
A. Auditors
To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external and internal auditor. We will allow the internal and external auditor to see our records (which may include information about you) for these purposes.
B. All categories of individuals
- We have a legitimate interest to share your personal data with our approved outsourced third party providers, such as IT Service Providers including Cloud Providers,, legal advisors, business advisors, debt collectors, couriers, shredding company, security company, printing company, CCTV company, administration services, internal and external auditors, insurers, marketing consultants or subcontractors
C. Personal Account Members, Guarantor Club Members and Business Members
- Where you authorised individuals to act on your behalf for example ward of court/Power of Attorney
- Third parties we need to share your information with order to facilitate payments or services you have requested. Examples include: Banks, Credit Unions, An Post or payment service providers, payment schemes or systems (e.g. MasterCard), merchant acquirers and providers of payment processing services;
- Those you ask us to share your information with.
- Where you instruct an Account Information Service Provider (AISP) to provide us with your data. The AIS service change enables the Credit Union to connect directly with the Member Bank account to extract historical transaction and balance information.
- When you apply to us for insurance and receive insurance we will collect and share your data with ECCU Assurance DAC per the Terms and Conditions of product you signed up to.
- Where we share your joint account details and transactions with the other holder of the account
- Following your instruction, we will share you information with your guarantor or nominated person at point of payment
- We have a legitimate interest to share your personal data with our approved Outsourced third party providers, such as IT Service Providers, legal advisors, business advisors, debt collectors, couriers, shredding company, security company, printing company, CCTV company, administration services, internal and external auditors, insurers, marketing consultants or subcontractors
- We have a legitimate interest to share your personal data for the processing of electronic payments services on your account (such as credit transfers, standing orders and direct debits, card based payments). The Credit Union is a participant of Payac. Payac is a credit union owned, independent, not-for-profit company that provides an electronic payments service platform for the credit union movement in Ireland. Payac is an outsourced model engaging third party companies, such as a Partner Bank, to assist with the processing of payment data for example as the Card Processor, as Bank Identification Number (BIN) sponsor.
- Electronic Payments If you use our electronic payment services to transfer money into or out of your credit union account or make payments through your debit card into your credit union account, we are required to share your personal data with our electronic payment service provider
- Debit or Charge Card or ATM Card: If you have a debit with us, we will share transaction details with companies which help us to provide this service
- We may share your data with possible successors or merging credit unions
- Statutory and regulatory bodies as legally required including but [not] limited to Regulators Central Bank Ireland, Enforcement bodies, an Garda Siochana, Data Protection Commission, the courts, fraud prevention agencies or other bodies; the Department of Finance, the Revenue Commissioners, Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland, Irish Financial Services Appeals Tribunal, Irish Revenue, debt recovery or fraud prevention agencies, the appropriate Supervisory Authority if required under law.
D. Mortgages
The credit union utilises a third party Outsourced Service Provider who carry on the business of, inter alia, servicing, administering and managing mortgage loans secured on residential properties in Ireland. This business will support the credit union in the processing, fulfilment and special servicing (arrears management) of residential mortgages based on a standardised consistent and reliable methodology and is therefore of ultimate benefit to its member.
We are also members of Credit Union Mortgage Services DAC (MSDAC) which provides mortgage origination support services to the Credit Union as well as marketing support
The third parties supporting the Home Loans, Credit Union Service Organisation (CUSO) are committed to respecting the rights of those people whose data is processed under this CUSO.The credit union utilises a third party valuation management solutions company who provide, inter alia, valuation management services on residential properties in Ireland. This service will ensure that valuations are carried out by professional valuers and that the valuations follow mandatory valuation standards and is therefore of ultimate benefit to its members.
The credit union may utilise a third party storage solution company to ensure safe, secure storage of Title Deeds and security documents and is therefore of ultimate benefit to its members.The credit union provides your information to insurance companies for the purpose of insuring the loan.
If you have a secured loan or mortgage with us, we may need to share information with other lenders who also hold a charge on your property
E. Irish League of Credit Unions (ILCU) Affiliation
F. Nominee
Regulators Central Bank Ireland, Enforcement bodies, an Garda Siochana, Data Protection Commission, the courts, Financial Services and Pensions Ombudsman Bureau of Ireland, Irish Revenue, legal and professional advisers such as auditors and external legal counsel; Irish League of Credit Unions, Credit Union Development Association, IT Provider, outsourced service providers, potential mergers.
G. School Quiz entrants, winners and co-ordinators within the schools & Art competition entrants and winners
Regulators Central Bank Ireland, legal and professional advisers such as auditors and external legal counsel; Irish League of Credit Unions, Regional Chapter, associated named school/club/organisation IT Provider, outsourced service providers, potential mergers, social media (print and online).
18. Joint Controllers
19. Independent Controllers
- Provide paper bank statements to us.
- Send bank statements to us by e-mail.
- Upload bank statements (when making an on-line loan application).
20. Foreign exchange services - Fexco
21. How long will we hold your information
- Legal compliance
- Contractual terms and conditions for the products sold
- Regulatory compliance
- Until consent is withdrawn and the data is no longer needed
- Best practice for example CCTV footage is held for one month
22. Processing your information outside the EEA
- Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. Copies of our current Model Clauses are available on request.
- Transfers to countries outside the EEA which have an adequate level of protection as approved by the European Commission such as the United Kingdom, https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. The adequacy decision on the EU-U.S. Data Privacy Framework covers data transfers from any public or private entity in the EEA to US companies participating in the EU-U.S. Data Privacy Framework https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_3752.
- Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR. For example, where it is necessary to transfer information to a non-EEA country to perform our contract with you.
23. How to exercise your information rights
A. Erasure
- The personal data is no longer necessary in relation to the purpose(s) for which it was collected/processed
- You are withdrawing consent and where there is no other legal ground for the processing
- You object to the processing and there are no overriding legitimate grounds for the processing
- The personal data has been unlawfully processed
- The personal data must be erased so that we are in compliance with legal obligation
- The personal data has been collected in relation to the offer of information society services with a child.
B. Data portability
- processing is based on consent or contract and
- processing is carried out by automated means.
C. Automated individual decision making
D. Object
- public interest or
- legitimate interest, including profiling based on those provisions.
- we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or
- the processing is for the establishment, exercise or defence of legal claims.
E. Restrict processing
- While we are verifying the accuracy of your personal data which you have contested
- If you choose restricted processing over erasure where processing is unlawful
- If we no longer need the personal data for its original purpose but are required to hold the personal data for defence of legal claims
- Where you have objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our legitimate grounds override.
F. Rectification
G. Withdraw consent
H. Lodge a complaint
I. Access your data
- why we are processing your personal data
- the types of personal data concerned
- the third parties or categories of third parties to whom the personal data have been or will be disclosed. We will inform you if any of the third parties are outside the European Economic Area (EEA) or international organisations
- how your personal data is safeguarded where we provide your personal data outside the European Economic Area or to an international organisation
- the length of time we will hold your data or if not possible, the criteria used to determine that period
- your rights to:
- request any changes to inaccurate personal data held by us
- have your personal data deleted on all our systems
- restriction of processing of personal data concerning you
- to object to such processing
- data portability
- your right to lodge a complaint with the Data Protection Commission info@dataprotection.ie
- where we have collected your personal data from a third party, we will provide you with the information as to our source of your personal data
- any automated decision-making, including profiling which includes your personal data. We will provide you with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Business Information pertaining to your role as an employee
- If we do not provide you with your personal data, we have an obligation to give reasons why this personal data is being withheld.
24. What to do when you change any of your contact details
- current passport or driving licence,
- Proof of Address (no more than 6 months old) being a household utility bill,
- Statement from another financial institution,
- Social services document (issue by the Government), or documentation issued by the Revenue Commissioners.
25. Tip when emailing us your information
- PPSN
- IBAN
- Health data
- Any special categories of data are defined by GDPR as processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
- Passport copy or details
- Driving License copy of details
- Proof of address details