Read our privacy statement
Privacy Statement - Carrickmacross Credit Union Ltd

Introduction

At Carrickmacross Credit Union (CCU), we are a data controller and as such, we respect and protect the privacy of our members, the data subjects. The below Privacy Notice highlights the processes and procedures we have in place including how we collect, use, share and protect your information. Our online Privacy Notice describes in detail how we protect our member’s right to privacy.

Our Privacy Notice summary below is designed to inform you about the information we collect, how we use this information, the security we use, any sharing of your information and our members rights in relation to this personal information.

In respect of Credit Union Members

Your name, address, date of birth, email, telephone financial data, status and history, transaction data; contract data, details of the credit union products you hold with us, signatures, identification documents, salary, occupation, source of wealth, source of funds, Politically Exposed Status, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPSN numbers, passport details, driver license details, tax residency, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage.

We collect personal information from you for the following purposes:

Lending

CCU will use your personal data to assist it in carrying out the following:

  • Assessing your loan application and determining your creditworthiness for a loan. Verifying the information provided by you in the application.
  • Purchasing loan protection and life savings protection from ECCU.
  • Conducting credit searches and making submissions to Irish Credit Bureau and the Central Credit Register. Administering the loan, including where necessary, to take steps to recover the loan or enforce any security taken as part of the loan.
  • Where applicable, utilising credit scoring techniques and other automated decision-making systems to partially assess your application.
  • Meeting legal and compliance obligations and requirements under the Rules of the Credit Union.
  • To comply with Central Bank Regulations to determine whether you are a connected borrower or related party borrower.
  • Providing updates on our loan products and services by way of directly marketing to you.

Operational

CCU will process personal data to assist it in carrying out the following:

  • CCTV footage for the purposes of crime prevention and security,
  • Providing updates on our products and services by way of directly marketing to you;
  • From time to time we may collect a small amount of personal data from you for entry into competitions and prize draws. We will only use this data for the purpose of determining entry and selecting a winner for the competition/draw.

Account Opening

CCU will use your personal data to assist it in carrying out the following:

  • To open and maintain an account for you
  • To meet our obligations to you under the Credit Union’s Standard Rule
  • To contact you in respect of your account and any product or service you avail of; and
  • To comply with our legal obligations, for example anti-money laundering, to identify connected borrower.

Nominations

CCU will use your personal data to assist it in carrying out the following:

  • To allow us to record your details in our register of nominations, identify you, to contact you and then upon order upon the passing of the member, to process the nomination (subject to a valid nomination) and transfer any nominated property to you, the nominee(s).

Recruitment

CCU will use your personal data to assist it in carrying out the following:

  • To communicate with you about the recruitment process
  • To keep your record on file for future opportunity may arise

Virtual Annual General Meeting

CCU will process personal data to assist it in carrying out the following:

  • Collect personal data, including name, account number, email address for the purposes of AGM registration, casting electronic voting and random selection for prize draw. Your data maybe shared with 3rd party providers hosting the virtual AGM in compliance with GDPR legislation.

Tax liability: We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Where a member is tax resident in another jurisdiction the credit union  has  certain  reporting  obligations  to  Revenue  under  the  Common Reporting Standard.  Revenue will then exchange this information with the jurisdiction of tax residence of the member. We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.

Special categories of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:

  • Loan Protection Insurance

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Irish League of Credit Unions (ILCU) Affiliation: The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us.

The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.

The Privacy Notice of ILCU can be found at www.creditunion.ie

[For the processing of electronic payments services on your account (such as credit transfers, standing orders and direct debits), the Credit Union is a participant of CUSOP (Payments) DAC (“CUSOP”). CUSOP is a credit union owned, independent, not-for-profit company that provides an electronic payments service platform for the credit union movement in Ireland. CUSOP is an outsourced model engaging third party companies, such as a Partner Bank, to assist with the processing of payment data.

Administrative Purposes: We will use the information provided by you, contained in any form or application, for the purpose of assessing an application, processing applications you make and to maintain and administer any accounts you have with the credit union.

Security: In order to secure repayment of the loan, it may be necessary to obtain security such as a charge on your property or other personal assets.

Third parties: We may appoint external third parties to undertake operational functions on our behalf. We will ensure that any information passed to third parties conducting operational functions on our behalf will be done with respect for the security of your data and will be protected in line with data protection law.

Guarantors: As part of your loan conditions, we may make the requirement for the appointment of a guarantor a condition of your loan agreement in order that credit union ensures the repayment of your loan. Should your account go into arrears, we may need to call upon the guarantor to repay the debt in which case we will give them details of the outstanding indebtedness. If your circumstances change it may be necessary to contact the guarantor.

Insurance: As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. This includes Life Savings (LS), Loan Protection (LP), and optional related riders (where applicable).

If you choose to take out a loan with us, it is a term of your membership, by virtue of our affiliation with the ILCU that the credit union will apply to ECCU for Loan Protection (LP). In order that we apply for LP it may be necessary to process ‘special category’ data, which includes information about your health. This information will be shared with ECCU to allow it deal with insurance underwriting, administration and claims on our behalf.

Fulfilling contract This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services to you.

Credit Assessment: When assessing your application for a loan, the credit union will take a number of factors into account and will utilise personal data provided from:

  • your application form or as part of your loan supporting documentation
  • your existing credit union file
  • credit referencing agencies such as the Irish Credit Bureau and the Central Credit Register

The credit union then utilises this information to assess your loan application in line with the applicable legislation and the credit unions lending policy.

Member Service: To help us improve our service to you, we may use information about your account to help us improve our services to you.

Debt Collection: Where you breach the loan agreement we may use the service of a debt collection agency, solicitors or other third parties to recover the debt. We will pass them details of the loan application in order that they make contact with you and details of the indebtedness in order that they recover the outstanding sums.

Legal Duty This basis is appropriate when we are processing personal data to comply with an Irish or EU Law.

Regulatory and statutory requirements: To meet our duties to the Regulator, the Central Bank of Ireland, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. We may also share personal data with certain statutory bodies such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland, the appropriate Supervisory Authority if required under law.

Purpose of the loan: We are obliged to ensure that the purpose for the loan falls into one of our categories of lending.

Compliance with our Anti-Money Laundering and combating terrorist financing obligations: The information provided by you will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under The Money Laundering provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended by Part 2 of the Criminal Justice Act 2013 (“the Act”).

Audit: To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external and internal auditor. We will allow the internal and external auditor to see our records (which may include information about you) for these purposes.

Credit Reporting: Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, the credit union is obliged to report both personal details and credit details of the borrower to the CCR.

Connected/Related Party Borrowers: We are obliged further to Central Bank Regulations to identify where borrowers are connected in order to establish whether borrowers pose a single risk.  We are also obliged to establish whether a borrower is a related party when lending to them, i.e. whether they are on the Board/Management Team or a member of the Board/ Management teams family or a business in which a member of the Board/Management Team has a significant shareholding.

Nominations: The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. Where a member wishes to make a nomination, the credit union must record personal data of nominees in this event.

Incapacity to Act on your account: The Credit Union Act 1997 (as amended) provides, in the circumstances where you become unable to transact on your account, due to a mental incapability and no person has been legally appointed to administer your account, that the Board may allow payment to another who it deems proper to receive it, where it is just and expedient to do so, in order that the money be applied in your best interests. In order to facilitate this, medical evidence of your incapacity will be required which will include data about your mental health. This information will be treated in the strictest confidentiality.

Legitimate Interests: A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Credit Assessment and Credit Reference Agencies:

When assessing your application for a loan, as well as the information referred to above in credit assessment, the credit union also utilises credit data from credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar.

Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. When using the service of a credit referencing agency we will pass them your personal details and details of your credit performance.

CCR and ICB are using Legitimate Interests (GDPR Article 6 (f)) as the legal basis for processing of your personal and credit information. These Legitimate Interests are promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention.

Please review ICB’s Fair Processing Notice which is available at http://www.icb.ie/pdf/Fair Processing Notice.pdf. It documents who they are, what they do, details of their Data Protection Officer, how they get the data, why they take it, what personal data they hold, what they do with it, how long they retain it, who they share it with, what entitles them to process the data (legitimate interests), what happens if your data is inaccurate and your rights i.e. right to information, right of access, right to complain, right to object, right to restrict, right to request erasure and right to request correction of your personal data.

Debt Collection: Where you breach the loan agreement we may use the service of a debt collection agency, solicitors or other third parties to recover the debt. We will pass them details of the loan application in order that they make contact with you and details of the indebtedness in order that they recover the outstanding sums.

Our legitimate interest: The credit union, where appropriate will necessary take steps to recover a debt to protect the assets and equity of the credit unio

CCTV: We have CCTV footage installed on the premises with clearly marked signage. The purpose of this is for security, public safety and the prevention and detection of fraud.

Our legitimate interest: With regard to the nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to the credit union and to prevent and detect fraud.

Recruitment: To communicate with you about the recruitment process.

Our legitimate interest: To ensure we keep you updated on the process, we will contact you via your preferred method of communication, to ensure that correct instructions were given or taken due to the nature of our business and to quickly and accurately resolve any disputes

Record Keeping: To keep your records on file.

Our legitimate interest: To keep records related to the hiring process in case you wish to exercise any rights relating to the data and quickly and accurately resolve any disputes. If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your consent to retain your personal data for a fixed period on that basis.

Consent Explained

Marketing and Market Research

To help us improve and measure the quality of our products and services we undertake market research from time to time. This may include using the Irish League of Credit Unions and/ specialist market research companies. Members consent is obtained via the Member Marketing Consent Form.

Schools Quiz

Carrickmacross Credit Union is involved in the Schools Quiz in liaison with the ILCU. Upon entry parent/legal guardians will be given further information and asked for their consent to the processing of their child’s personal data. This information is processed only where parental consent has been given.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Where possible we record how long we will keep your data, where that is not possible, we will explain the criteria for the retention period. Once the retention period has expired, the respective data will be permanently deleted. Please see our retention periods below.

Accounting records required to be kept further to the Credit Union Act, 1997 (as amended) must be retained for not less than six years from the date to which it relates. Credit agreements are contracts and as such the credit union retains them for [six] years from date of expiration or breach, and twelve years where the document is under seal.

The money laundering provisions of Anti-Money Laundering legislation require that certain documents must be retained for a period of five years after the relationship with the member has ended. We keep income tax records for a period of six years after completion of the transactions to which they relate.

Loan application information is retained for a period of [six] years from the date of discharge, final repayment, transfer of the loan. CCTV footage which is used in the normal course of business (i.e. for security purposes) for one month.

In relation to nominations, we will retain permanently, your name in our register of nominations. Member nomination forms (and any other documentation related to the nomination will be retained for a period of six years after the relationship with the member has ended (e.g. the member passing away). Once the retention period has expired, the respective data will be permanently deleted If you require further information please contact us.

In relation to recruitment, we will retain your personal data for a period of [13 months] after we have communicated to you our decision about whether to appoint you to the position. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

Keeping your personal data secure

We employ physical, technical and administrative safeguards to ensure the protection of the confidentiality and security of your personal information, in line with the measures referred to in Article 32(1) of the GDPR. We use industry standard procedures to protect your information from loss, misuse or unauthorised access.

Your Privacy Rights

To find out whether we hold any of your personal data and if we do to request access to that data that to be furnished a copy of that data.  You are also entitled to request further information about the processing. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal data. You can ask us to suspend processing personal data about you, in certain circumstances.

Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.

Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer your relevant personal data to another controller where it’s technically feasible to do so. ‘Relevant personal data is personal data that:  You have provided to us or which is generated by your use of our service. Which is processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us.

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:

Telephone +353 57 8684800 +353 (0)761 104 800

Lo Call Number 1890 252 231

E-mail info@dataprotection.ie

Postal Address: Data Protection Commissioner

Canal House Station Road

Portarlington R32 AP23 Co. Laois

Please note that the above rights are not always absolute and there may be some limitations.

If you want access and or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we send you a copy/a third party a copy your relevant personal data in a reusable format please contact the Data Protection Officer in writing using their contact details above.

There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. We also reserve the right to refuse to comply with the request in such circumstances.

We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Ensuring our information is up to date and accurate

We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any changes to your personal data. If you wish to avail of either of these rights, please contact us at dpo@carrickmacrosscu.ie

Updates to our Privacy Notice and Policy

We may update our Privacy Notice from time to time. If we modify our Privacy Notice, we will post the revised version in the below listed online location, and with an updated revision date.

If we make any material changes to our Privacy Notice, we may also contact you by other means to inform you of the changes taking effect, such as by phone, post or posting a notification on our website.

How to contact us

If you have any questions, concerns or suggestions related to our Privacy Notice, you can contact us using the below details or alternatively you can refer to the more detailed information on each of the above headings which is available in our online Privacy Notice at the below location.

Online:

www.carrickmacrosscu.ie/privacy-statement/

Contact details:

Email: dpo@carrickmacrosscu.ie

Address: Carrickmacross Credit Union, 15 & 17 O’Neill Street, Carrickmacross, Co Monaghan Data Protection Representative: Aisling Ginnitty

Email: dpo@carrickmacrosscu.ie

Top