Top

Harrington Street, Ballincollig, Co Cork
Tel: 021 4872305 | Fax: 021 4876364
Email: admin@bcu.ie | Website: www.bcu.ie

PRIVACY NOTICE OF BALLINCOLLIG CREDIT UNION LIMITED

OUR CONTACT DETAILS ARE:

Ballincollig Credit Union Limited, Harrington Street, Ballincollig, Co. Cork
Phone 021-4872305
Email info@bcu.ie

For Data Protection queries contact dataprotection@bcu.ie

Ballincollig Credit Union is committed to protecting the privacy and security of your personal information. This privacy notice describes
how we collect and use personal information about you during and after your relationship with us.

 

PURPOSE OF DATA COLLECTION, PROCESSING OR USE

A credit union is a member-owned financial cooperative, democratically controlled by its members, and operated for the purpose of
promoting thrift, providing credit at competitive rates, and providing other financial services to its members. Data collection, processing
and use are conducted solely for the purpose of carrying out the abovementioned objectives.

 

WHAT PERSONAL DATA DO WE USE?

We may collect, store, and use the following categories of personal information about you:

  • Your name, address, date of birth, email, telephone financial data, status and history, transaction data; contract data, details of
    the credit union products you hold with us, signatures, identification documents, salary, occupation, accommodation status,
    mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPSN numbers, passport details,
    interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your health, including any medical condition, health and sickness (See Insurance for further details)
    We need all the categories of information in the list above to allow us to identify you and contact you and in order that we perform our
    contract with you. We also need your personal identification data to enable us to comply with legal obligations. Some of the above
    grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

 

IF YOU FAIL TO PROVIDE PERSONAL INFORMATION

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or
we may be prevented from complying with our legal obligations.

 

CHANGE OF PURPOSE

You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we
need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to
do so.

 

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

”Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification
for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations and in line with our data protection policy.
3. Where it is needed in the public interest, and in line with our data protection policy.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your
interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information
public. See Insurance for further details

 

PROFILING

We sometimes use systems to make decisions based on personal information we have (or are allowed to collect from others) about you.
This information is used for loans assessment and anti-money laundering purposes and compliance with our legal duties in that regard.

 

DATA RETENTION PERIODS

We will only retain your personal information for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account
any legal/contractual obligation to keep it. We document the reasons for our retention periods and where possible the retention periods
themselves in our Retention Policy. Once the retention period has expired, the respective data will be permanently deleted. Please see our
retention periods below.

  • Accounting records required to be kept further to the Credit Union Act, 1997 (as amended) must be retained for not less than
    six years from the date to which it relates.
  • The money laundering provisions of Anti-Money Laundering legislation require that certain documents must be retained for a
    period of five years after the relationship with the member has ended.
  • We keep income tax records for a period of six years after completion of the transactions to which they relate.
  • Credit agreements are retained for contracts should be retained for seven years from date of expiration or breach, and twelve
    years where the document is under seal.
  • CCTV footage which is used in the normal course of business (i.e. for security purposes) for one month.

 

PLANNED DATA TRANSMISSION TO THIRD COUNTRIES

There are no plans for a data transmission to third countries

 

OUR USE AND SHARING OF YOUR INFORMATION

We will collect and use relevant information about you, your transactions, your use of our products and services, and your relationships
with us:

Fulfilling Contract

This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services to you

Administrative Purposes: We will use the information provided by you, either contained in this form or any other form or application, for
the purpose of assessing this application, processing applications you make and to maintaining and administer any accounts you have with
the credit union.

Third parties: We may appoint external third parties to undertake operational functions on our behalf. We will ensure that any
information passed to third parties conducting operational functions on our behalf will do so with respect for the security of your data and
will be protected in line with data protection law.

Irish League of Credit Unions (ILCU) Affiliation: The ILCU (a trade and representative body for credit unions in Ireland and Northern
Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial,
compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU,
the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the
purpose of the ILCU providing these services to us.

The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from you or in respect of any account or
transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the
ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.

Insurance: As part of our affiliation with the ILCU we carry insurance products from ECCU Assurance DAC (ECCU) which includes Life
Savings (LS) , Loan Protection (LP) Death Benefit Insurance (DBI) and Disability Cover where it applies . To administer these products and
services we may pass your details to ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the Irish League of Credit
Unions which exists to provide insurance to credit unions affiliated to the Irish League of Credit Unions. It is a term of your membership, by
virtue of our affiliation with the ILCU, that we musst apply to ECCU for Loan Protection (LP) if you choose to take out a loan with us. If
covered, any outstanding sum will be repaid to the credit union by ECCU in the event of your death. In order that we apply for LP it may be
necessary to process ‘special category’ data, which includes data about your health. This information will be shared with ECCU to allow it
deal with insurance underwriting, administration and claims on our behalf.

Credit Assessment: When assessing your application for a loan, the credit union will take a number of factors into account and will utilise personal data provided from:

  • your application form or as part of your loan supporting documentation
  • your existing credit union file
  • credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar

We utilise this information to assess your loan application in line with the applicable legislation and the credit unions lending policy.

Customer Service: To help us improve our service to you, we may use information about your account help us improve our customer
service.

 

Legal Duty

This basis is appropriate when we are processing personal data to comply with an Irish or EU Law.

Tax liability: We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in
any jurisdiction. Where a member is tax resident in another jurisdiction the credit union has certain reporting obligations to Revenue
under the Common Reporting Standard. Revenue will then exchange this information with the jurisdiction of tax residence of the member.
We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions.

Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to
report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.

Regulatory and statutory requirements: To meet our duties to the Regulator, the Central Bank of Ireland, we may allow authorised people
to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we
will also hold the information about you when you are no longer a member. We may also share information with certain statutory bodies
such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of
Ireland if required by law.

Compliance with our anti-money laundering and combating terrorist financing obligations: The information provided by you in this
membership application will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under The Money Laundering provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 , as amended by Part 2 of the Criminal Justice Act 2013 (“the Act”), Audit: To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external auditor. We will allow the external auditor to see our records (which may include information about you) for these purposes. Nominations: The Credit Union Act 1997 as amended allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. Where a member wishes to make a nomination, the credit union must record personal data of nominees in this event.

Credit Reporting: Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to make an enquiry of the Central
Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, the credit union is obliged to report
both personal details and credit details of the borrower to the CCR.

Legitimate interests

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go
against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Credit Assessment and Credit Reference Agencies: When assessing your application for a loan, as well as the information referred to
above in credit assessment, the credit union also utilises credit data from credit referencing agencies such as the Irish Credit Bureau and
the Central Credit Registrar [See legal duty].Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its
members, must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for.
When using the service of a credit referencing agency we will pass them your personal details and details of your credit performance.

ICB are using Legitimate Interests (GDPR Article 6 (f)) as the legal basis for processing of your personal and credit information. These
Legitimate Interests are promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in
the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and
regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention.

Please review ICB’s Fair Processing Notice which is available at http://www.icb.ie/pdf/Fair Processing Notice.pdf. It documents who they
are, what they do, details of their Data Protection Officer, how they get the data, why they take it, what personal data they hold, what
they do with it, how long they retain it, who they share it with, what entitles them to process the data (legitimate interests), what happens
if your data is inaccurate and your rights i.e. right to information, right of access, right to complain, right to object, right to restrict, right to
request erasure and right to request correction of your personal information.

CCTV: We have CCTV footage installed on the premises with clearly marked signage. The purpose of this is for security. With regard to the
nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to the credit
union.

 

Your consent

Marketing and Market Research

To help us improve and measure the quality of our products and services we undertake market research from time to time. This may
include using the Irish League of Credit Unions and/or specialist market research companies. See section on Your Marketing Preferences
below.

YOUR RIGHTS IN CONNECTION WITH YOUR PERSONAL INFORMATION ARE TO:

  • Find out whether we hold any of your personal data, if we do to request access to that data that to be furnished a copy of that
    data. You are also entitled to request further information about the processing.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate
    information we hold about you rectified.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there
    is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal
    information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and
    there is something about your particular situation which makes you want to object to processing on this ground. You also have
    the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. You can ask us to suspend processing personal information
    about you, in certain circumstances.
  • Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and
    free of charge.
  • Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer
    your relevant personal data to another controller where it’s technically feasible to do so.

‘Relevant personal data is personal data that: You have provided to us or which is generated by your use of our service. Which is
processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into
with us.

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:

Telephone +353 57 8684800 | +353 (0)761 104 800
Lo Call Number 1890 252 231
E-mail info@dataprotection.ie

Postal Address
Data Protection Commissioner
Canal House Station Road
Portarlington R32 AP23 Co. Laois

**PLEASE NOTE THAT THE ABOVE RIGHTS ARE NOT ALWAYS ABSOLUTE AND THERE MAY BE SOME LIMITATIONS.

If you want access and or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal
information, object to the processing of your personal data, or request that we send you a copy/a third party a copy your relevant
personal data in a reusable format please email dataprotection@bcu.ie

There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. Alternatively, we may
refuse to comply with the request in such circumstances.

We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Ensuring our information is up to date and accurate
We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any
changes to your personal information. If you wish to avail of either of these rights, please contact us.