Privacy Policy

Data Privacy Notice

We are committed to protecting the privacy and security of your personal information. This notice (together with our website terms and conditions, Privacy Notice and Cookie Notice) describes how we process personal information about you during and after your relationship with us. If you are providing personal information on behalf of a third party, you must ensure that the third party receives a copy of this privacy notice before their personal data is shared with us.

Purposes of Processing and Legal Basis

A credit union is a member-owned financial cooperative, democratically controlled by its members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to its members. Data collection, processing and use are conducted solely for the purpose of carrying out the abovementioned objectives.

Performance of a Contract

This basis is appropriate where the processing is necessary for us to manage your accounts and provide services to you. This includes for example account opening, payments, lending, current accounts. As part of this process, we may be required to pass some of your personal information to a third party, intermediary or counterparty.

Compliance with a Legal Obligation

This basis is appropriate when we are processing personal data to comply with legal obligations to which we are subject.

Tax Regulations: We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Where a member is tax resident in another jurisdiction, we have certain reporting obligations to the Revenue Commissioners under the Common Reporting Standard. Revenue will then exchange this information with the jurisdiction of tax residence of the member. We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions.

Regulatory and Statutory Requirements: To meet our duties to regulators (which includes the Central Bank of Ireland), we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. We may also process your personal data and share your information with certain statutory bodies such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland if required by law. We also collect and process your information for compliance with Anti-Money Laundering/ Combating Terrorist Financing regulations.

Audit: To meet our legislative and regulatory duties for general compliance and to maintain audited financial accounts, we appoint auditors in various capacities. We allow such auditors to see our records (which may include information about you) for these purposes.

Central Credit Register: We are required to perform credit checks in the event you apply for a loan and to supply information to the Central Credit Register and to use the Central Credit Register when considering loan applications to determine your borrowing options and repayment capacity and/or facilitate other lending institutions to carry out similar checks.

Nominations: The Credit Union Act 1997 (as amended) allows members to nominate a person/persons to receive a certain amount of funds from their account on death, subject to a statutory maximum. We must record and process the personal data of nominees in this event and you should inform your chosen nominees of this fact and show them a copy of this privacy notice.

Legitimate Interests

A Legitimate interest is when we have a business or commercial reason to use your information. It is our legitimate interest to protect our assets and the savings of our members. But even then, it must not unfairly go against what is right and best for you. Examples of situations in which your personal information is processed based on our legitimate interests are:

Guarantors: As part of your loan conditions, we may make the requirement for the appointment of a guarantor a condition of your loan agreement in order to ensure the repayment of your loan. Should your account go into arrears, we may need to call upon the guarantor to repay the debt in which case we will give them details of the outstanding indebtedness. If your circumstances change it may be necessary to contact the guarantor. Likewise, if you are acting as the guarantor in these circumstances, your personal information will be used and shared for the purposes of providing the guarantee which includes disclosing information to relevant third parties as required

Debt Collection: We may use the services of debt collection agencies if you are in breach of any agreement relating to credit. This will involve passing your personal information to agencies such as solicitors, private investigators and other third parties so that debts can be collected.

CCTV: We have CCTV footage installed in our premises with clearly marked signage. The purpose of this is for security.

Your Image: When you open an account or when we need to update your identification we will take and/or store your image and place this on our systems. This will be displayed on our account screens when we access your account information and at the front counter when you come in to transact with us. The purpose of this is to help us to identify you, to provide security and to help prevent fraud.

Consent

Sometimes we need your consent to use your personal information. With direct marketing for example, we need your consent to make you aware of products and services which may be of interest to you. Before you give your consent, we will tell you what information we collect and what we use it for. You can withdraw your consent at any time by contacting us or by logging on to our website (https://secure.athenrycu.ie/login.asp)

What Personal Data do we Use?

We may collect, use and store the following categories of personal information about you either in paper or electronic form (which will be dependent on which credit union service you avail of):

Name, address, date of birth, email address, telephone number, financial data, status and history, transaction data, contract data, details of the credit union product you hold with us, signatures, identification documents, salary, occupation, accommodation status, mortgage details, previous addresses, your spouse, partner, nominee, guarantor or other connected third party, Tax Identification Numbers (TIN), Personal Public Service Numbers (PPSN), legal documentation, third party professional services correspondence, local authority/ government correspondence, records of discussions with our personnel whether on our premises, by phone or email, current or past complaints, CCTV footage and your image (for security and verification purposes) and telephone voice recordings with respect to both incoming and outgoing calls.

We may also collect and use the following 'special categories' of more sensitive personal information:

• Information about your health or any medical conditions (when it is required in connection with a loan application for insurance purposes).

We need all of this information to contact you, to identify and verify who you are, to comply with our legal obligations and to be able to provide you with our services.

Special Categories Data: “Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

• In limited circumstances, with your explicit written consent;
• Where we need to carry out our legal obligations and in line with our data protection policy; and
• Where it is needed in the public interest, and in line with our data protection policy.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent or where you have already made the information public.

Sharing Of Personal Data

We may share your personal information with trusted external third parties we have appointed to perform important functions on our behalf based on our instructions and applying appropriate confidentiality and security measures in compliance with Data Protection regulations. We may share your personal information with the following third parties:

• statutory and regulatory bodies. These include the courts and those appointed by the courts, statutory and regulatory bodies including: the Central Bank of Ireland, the European Central Bank, the Data Protection Commission, Financial Services Ombudsman, An Garda Síochána/ police authorities/ enforcement agencies, Revenue Commissioners, Criminal Assets Bureau, ombudsmen and regulatory authorities, as well as fraud prevention agencies;
• our legal and professional advisers such as auditors and external legal counsel;
• trade associations and professional bodies;
• insurers;
• any sub-contractors, agents or service providers engaged by the Credit Union (including their employees, directors and officers), such as back up and server hosting providers, IT software and maintenance providers, and suppliers of other back office functions;
• credit reference (CCR), debt recovery or fraud prevention agencies;
• payment recipients and other financial institutions.

If we issue you a debit card, Transact Payments Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available at https://currentaccount.ie/files/tpl-privacy-policy.pdf.

If you use our electronic payment services to transfer money into or out of your credit union account we are required to share your data with our electronic payment service provider. As part of these processes, we may be required to pass some personal information to an intermediary or counterparty (e.g., if you perform a payment transaction, we pass information on the transaction to the payee concerned).

We may also share your personal information with any third parties to whom you have instructed us to share your information with.

Transfer to a Third Country or International Organisation

For the majority of our services, we do not transfer your personal data to countries outside the European Economic Area (EEA) or those countries not deemed by governmental authorities to have an equivalent system of data protection in place.

In relation to our current account, some of your data may be transferred outside of the EEA (for example the United Kingdom) which is connected to the business of the service providers who we rely on to assist us to provide this particular service to you.

Data Retention Period

We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Where possible we record how long we will keep your data. Where that is not possible, we will explain the criteria for the retention period. This information is documented in our Retention Policy. Once the retention period has expired, the data will be permanently deleted. Examples of our retention periods are as follows:

• Successful Membership Application: 7 Years after the relationship has ended
• Member ID, address verification and PPSN documentation: 5 years after relationship has ended
• Loan Applications Approved: 7 years after the loan is paid in full
• Nomination Forms: 7 Years after the relationship has ended.

If you would like further information about our data retention policy, you can contact us using the details below.

Your Rights Under Data Protection Laws

Consistent with the requirement to have a legal basis for processing your personal data as outlined above, you also have certain rights in relation to such processing under applicable data protection law. These are:

• to find out whether we hold any of your personal data and if we do, to request access to that data or to be furnished a copy of that data. You are also entitled to request further information about the processing;
• to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified;
• to request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You have also the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
• to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
• to request the restriction of processing of your personal information. You can ask us to suspend processing personal information about you in certain circumstances;
• to withdraw your consent at any time and free of charge when this is the sole basis upon which we process your personal information;
• to request that we provide you with a copy of any relevant personal data in a reusable format or request that we transfer your relevant personal data to another data controller where it is technically feasible to do so. ("relevant personal data” is personal data that you have provided to us or which is generated by the use of our services which is processed by automated means and where the basis that we process it is on your consent or to fulfil a contract you have with us).

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:

Please note that the above rights are not always absolute and there may be some limitations.

If you want access to and/or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we send you a copy, or a third party a copy of your relevant personal data in a reusable format, please contact our Data Protection Officer in writing or by email using their contact details below.

There is no fee for exercising any of these rights unless we deem your request to be unfounded or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to verify your identity if we have any doubt as to who you are, and we will not be able to act on any requests in relation to your personal data until we receive this verification and are satisfied with it.

Ensuring our information is up to date and accurate: We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any changes to your personal information.

Implications of Not Providing Information

If you fail to provide information when requested, we may be unable to enter into or administer the relationship with you. In cases where providing your personal information is optional, we will make this clear. In particular, it is not mandatory that our members sign up to receive marketing communications.

Automated Decision Making/Profiling

Sometimes we may use electronic systems to assist us to make decisions based on personal information we have (or are allowed to collect from others) about you. This information may be used for loan assessment, provisioning and anti-money laundering purposes and compliance with our legal duties in those regards. Please let us know if you would like further information on these processes and how they may impact our provision of services to you.

Processing for Another Purpose

You can be assured that we will only use your personal data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use this data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Contact Details

Any queries with respect to this notice or if you want to exercise any of your rights in relation to your personal data, please contact:

The Data Protection Officer, Athenry Credit Union, Old Church Street, Athenry, Co. Galway.

Email: dataprotection@athenrycu.ie - Telephone: 091 844306

Please also note that you have a right to complain to the Data Protection Commission (DPC) in respect of any processing of your personal data by:

Telephone: 076 110 4800/057 868 4800 - Post: DPC, 21 Fitzwilliam Square, South Dublin 2, D02 RD28, Ireland

Please also see the DPC website for how to complain and for further information on data protection law and the rights available to you (this website also contains the most up to date contact details for the DPC and their preferred method of contact for example by the online webforms available.): https://www.dataprotection.ie/

Updates

This Privacy Notice may be updated from time to time and the current version of this Privacy Notice shall be displayed on our website www.athenrycu.ie