Blanchardstown & District Credit Union
Last Updated: 2nd October 2020
1. What is Data Protection?
If you give your personal details to an organisation or individual, they have a duty to keep these details private and safe.
As the organisation who controls the contents and use of your personal details, Blanchardstown & District credit union is the Data Controller. The credit union has appointed a ‘Data Protection Officer’ (DPO), who is responsible for the protection of your rights in how we conduct our business and ensuring compliance with Data Protection laws and regulations.
On 25th May 2018 the General Data Protection Regulation (GDPR) came into effect. This sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardise data protection laws for all EU citizens.
These regulations apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.
2. The purpose of this notice
This notice outlines how Blanchardstown & District processes your personal information, why we gather it, how we gather it, how we use and the legal basis, who we share it with and how long we retain it.
Please take the time to read this notice carefully. If you are under 16 years of age, please read this notice with a parent or guardian to ensure you understand it fully.
In this notice, we use the terms “we” or “our” to refer to Blanchardstown & District Ltd.
Blanchardstown & District Limited is a registered credit union which is regulated by the Central Bank of Ireland. We are the data controller responsible for your personal data. Blanchardstown & District is a member-owned financial cooperative, democratically controlled by its members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to its members. Data collection, processing and use are conducted solely for the purpose of carrying out the above-mentioned objectives
3. Data Protection at Blanchardstown & District Credit Union
We always understand and appreciate the trust you place in us to collect, process and protect your personal information.
As the Data Controller and processor of your personal information, we have and will continue to:
- to act responsibly and give priority to the security of your information through a strong culture of compliance
- to provide you with the assurance that your information is safe and secure through how we manage our controls, processes and systems to improve our level of customer service while and
- conduct our business in a fair and transparent way and ensure we minimise the risk or impact on your data rights and freedoms.
4. Data Controller Contact details:
Blanchardstown & District Credit Union, Unit 9/10, Blanchardstown Business Centre, Clonsilla Road, Dublin 15, D15 FP92
Phone: 01-820 3495
5. Data Protection Officer:
Blanchardstown & District Credit Union has appointed a Data Protection Officer to enhance and maintain the protection and privacy of all personal data the credit union processes. If you have any queries regarding the use of your personal data you can contact the DPO at any time.
6. Data Protection Officer contact details:
Data Protection Officer
Blanchardstown & District Credit Union, Unit 9/10, Blanchardstown Business Centre, Clonsilla Road, Dublin 15, D15 FP92
Blanchardstown & District Credit Union is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal data about you during and after your relationship with us.
7. What personal data do we use?
We may collect, store, and use the following categories of personal data about you:
• Your name, address, date of birth, email, telephone, financial data, status and history, transaction data; contract data, details of the credit union products you hold with us, signatures, identification documents, salary, occupation, source of wealth, source of funds, Politically Exposed Status, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPSN numbers, passport details, driver licence details, tax residency, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage, telephone voice recordings.
• Additional Information required for home loans as follows: Valuation Reports, Land Registry folio, Certificate of Title, Life Assurance cover documents – these documents contain the following information – Name, Address, date of birth, property value, members solicitors name, address and contact details and medical data.
We need all the categories of information in the list above to allow us to; identify you, contact you, comply with our legal obligations and in order to perform our contract of providing financial services to you.
8. Purpose for which we process your personal data.
The credit union will use your personal data to assist it in carrying out the following:
• To open and maintain an account for you.
• To meet our obligations under the Credit Union’s Standard Rules.
• To contact you in respect of your account and any product or service you avail of.
• To comply with our legal obligation for example anti-money laundering obligations.
• In assessing your loan application and determining your creditworthiness for a loan.
• Verifying the information provided by you in the application.
• In order to purchase loan protection and life savings protection from Cuna Mutual.
• Conducting credit searches and making submissions to Irish Credit Bureau and the Central Credit Register.
• Administering the loan, including where necessary, to take steps to recover the loan or enforce any security taken as part of the loan.
• We may use credit scoring techniques [and other automated decision-making systems] to either partially or fully assess your application.
• To comply with Central Bank Regulations to determine whether you are a connected borrower or related party borrower.
• Providing updates on our loan products and services by way of directly marketing to you.
• When acting as an insurance intermediary, to meet our obligations.
We may also collect, store and use the following “special categories” of more sensitive personal information:
• Information about your health, including any medical condition and sickness. How we use particularly sensitive personal data.
“Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations and in line with our data protection policy.
3. Where it is needed in the public interest, and in line with our data protection policy.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
9. How secure is my information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes unless they are deemed to be controllers in their own right. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Usually, information will be anonymised but this may not always be possible. The recipient of the information will also be bound by confidentiality obligations.
10. Data Security, Integrity and Confidentiality
Blanchardstown & District Credit Union has implemented all necessary physical and technical measures to ensure all data is secure and remains confidential. Blanchardstown & District Credit Union’s Officers undertake yearly training to ensure compliance with all policy and procedures relating to Data Protection. Blanchardstown & District Credit Union monitors and reviews these measures annually.
11. If you fail to provide personal data
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
12. Change of purpose
You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We sometimes use systems to make decisions based on personal data we have (or are allowed to collect from others) about you. This information is used for loan assessment, provisioning, anti-money laundering purposes and compliance with our legal duties in those regards. We also carry out profiling in order to tailor our marketing to you by email, text, post or phone, where we retain consent to do so.
14. Data Retention Periods
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Where possible we record how long we will keep your data, where that is not possible, we will explain the criteria for the retention period. This information is documented in our Retention Policy. Once the retention period has expired, the respective data will be permanently deleted. Please see our retention periods below:
• Credit agreements are contracts and as such the credit union retains them for six years from date of final repayment and/or twelve years where the document is under seal.
• Loan applications form part of your credit agreement and as such we retain them for six years from the date of final repayment.
• Loan assessment documentation (i.e. Payslips, P60’s, Bank statements etc.) – this documentation will be retained in conjunction with the loan application and credit agreement for six years from the date of final repayment to ensure ability to repay was assessed appropriately.
• ICB and CCR reports – this documentation will be retained in conjunction with the loan application and credit agreement for six years from the date of final repayment to ensure the ability to repay was assessed appropriately.
• Accounting records required to be kept further to the Credit Union Act, 1997 (as amended) must be retained for not less than six years from the date to which it relates.
• The money laundering provisions of Anti-Money Laundering legislation require that certain documents must be retained for a period of five years after the relationship with the member has ended.
• We keep income tax records for a period of six years after completion of the transactions to which they relate.
• CCTV footage which is used in the normal course of business (i.e. for security purposes) for one month. We may retain CCTV footage for longer than one month where there is an unresolved dispute or the footage has been requested by An Garda Síochána.
15. Planned data transmission to third countries (i.e. places outside of the European Economic Area)
Blanchardstown & District Credit Union does not envisage plans for data transmission to third countries.
16. Updates to this notice
We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of this notice on www.blanchardstowncu.ie or you can ask us for a copy.
17. Our use and sharing of your information
We will collect and use relevant information about you, your transactions, your use of our products and services, and your relationships with us. We will typically collect and use this information for the following purposes:
Fulfilling contract: This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services, see details below:
Administrative Purposes: The credit union will use the information provided by you, either contained in this form or any other form or application, for the purpose of assessing this application, processing applications you make and to maintain and administer any accounts you have with the credit union.
Security: In order to secure repayment of the loan, it may be necessary to obtain security such as a charge on your property or other personal assets.
Third parties: The credit union may appoint external third parties to undertake operational functions on our behalf. We will ensure that any information passed to third parties conducting operational functions on our behalf will be done with respect for the security of your data and will be protected in line with data protection law.
Guarantors: As part of your loan conditions we may make the requirement for the appointment of a guarantor, a condition of your loan agreement, in order to ensure the repayment of your loan. Should your account go into arrears, we may need to call upon the guarantor to repay the debt in which case, we will give them details of the outstanding debt. If your circumstances change it may be necessary to contact the guarantor.
C Mutual Affiliation:
C Mutual is an insurance specialist for Credit Unions, Building Societies and mutual lenders in Ireland and the UK. They have been serving credit unions in Ireland since 1963 and in the UK since 1974. We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of C Mutual for the purpose of C Mutual providing these services to us. The Privacy Notice of ILCU can be found at www.cmutual.ie/privacy-statement.
Loan Protection & Life Savings Insurance (LPLS): As part of our affiliation with C Mutual, we purchase Loan Protection (LP) which is a Group insurance policy paid for by the credit union, which is used to repay the outstanding loan should the member die. Ultimately, helping to protect your credit union’s financial position and removing a potential stress from your member’s family, at an extremely difficult period.
In addition to LP, the credit union also purchase Life Savings Insurance (LS) which is an integral part of the credit union’s member promise. It was created as a support to aide Credit Unions reward its members for depositing money into shares and maintaining these share balances over time.
If you choose to save or take out a loan with us, it is a term of your membership, by virtue of our affiliation with C Mutual that the credit union will apply for Life Savings Insurance (LP) and Loan Protection (LP). In order that we apply for LPLS, it may be necessary to process ‘special category’ data, which includes information about your health. This information will be shared with C Mutual to allow it deal with insurance underwriting, administration and claims on our behalf.
Please contact our office on 01-820 3495 for any queries or additional information about LPLS.
Electronic Payments: If you use our electronic payment services to transfer money into or out of your credit union account or make payments through with your debit card into your credit union account, we are required to share your personal data with our electronic payment service provider Intesa San Paolo, Realex and AIB Merchant Services.
Credit Assessment: When assessing your application for a loan, the credit union will take a number of factors into account and will utilise personal data provided from:
• Your application form or as part of your loan supporting documentation
• Your existing credit union file
• Credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar
The credit union then utilises this information to assess your loan application in line with the applicable legislation and Blanchardstown & District Credit Union’s lending policy.
Member Service: We may use information about your account to help us improve our services to you.
Home Loans/Mortgages: To maintain and administer home loans/mortgages we may need to share your information with our solicitors – OCWM law solicitors
Legal Duty: This basis is appropriate when we are processing personal data to comply with an Irish or EU Law, see details below:
Tax liability: We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Where a member is tax resident in another jurisdiction the credit union has certain reporting obligations to Revenue Commissioners under the Common Reporting Standard. Revenue will then exchange this information with the jurisdiction of the tax residence of the member. We shall not be responsible to you or any third party, for any loss incurred as a result of us taking such actions. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.
Regulatory and statutory requirements: To meet our duties to the Regulator, the Central Bank of Ireland, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. We may also share personal data with certain statutory bodies such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland, the appropriate Supervisory Authority if required by law
Purpose of the loan: We are obliged to ensure that the purpose of the loan falls into one of our categories of lending.
Compliance with our anti-money laundering and combating terrorist financing obligations: The information provided by you will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under The Money Laundering provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended by Part 2 of the Criminal Justice Act 2013 (“the Act”) and any subsequent Anti Money Laundering legislation.
Audit: To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external and internal auditor. We will allow the internal and external auditor to see our records (which may include information about you) for these purposes.
Nominations: The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. Where a member wishes to make a nomination, the credit union must record personal data of the nominees in this event.
Incapacity to Act on your account: The Credit Union Act 1997 (as amended) provides, in the circumstances where you become unable to transact on your account, due to a mental incapability and no person has been legally appointed to administer your account, that the Board of Directors may allow payment to another who it deems proper to receive it, where it is just and expedient to do so, in order that the money be applied in your best interests. In order to facilitate this, medical evidence of your incapacity will be required which will include data about your mental health. This information will be treated in the strictest confidentiality.
Credit Reporting: Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 or more, the credit union is obliged to report both personal details and credit details of the borrower to the CCR.
House Loan/Mortgage: Where you obtain a house loan from us, it will be necessary for the credit union to obtain a first legal charge on the property to be purchased and it will be necessary for us to process your personal data in order to register this charge or have this charge registered on our behalf.
Connected/Related Party Borrowers: We are obliged further to Central Bank Regulations to identify where borrowers are connected in order to establish whether borrowers pose a single risk. We are also obliged to establish whether a borrower is a related party when lending to them, i.e. whether they are on the Board/Management Team or a member of the Board/ Management team’s family or a business in which a member of the Board /Management Team has a significant shareholding.
18. Legitimate Interest
Legitimate interests: A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is, see details below:
Credit Assessment and Credit Reference Agencies: When assessing your application for a loan, as well as the information referred to above in credit assessment, the credit union also utilises credit data from credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar (See legal duty).
Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. When using the service of a credit referencing agency, we will pass them your personal details and details of your credit performance.
ICB are using Legitimate Interests (GDPR Article 6 (f)) as the legal basis for processing of your personal and credit information. Please review ICB’s Fair Processing Notice which is available at http://www.icb.ie/pdf/FairProcessing Notice.pdf It documents who they are, what they do, details of their Data Protection Officer, how they get the data, who they share it with, what entitles them to process the data (legitimate interests), what happens if your data is inaccurate and your rights i.e. right to information, right of access, right to complain, right to object, right to restrict, right to request erasure and right to request correction of your personal data.
These Legitimate Interests are promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention.
Debt Collection: Where you breach the loan agreement, we may use the service of a debt collection agency, solicitors or other third parties to recover the debt. We will pass them details of the loan application in order that they make contact with you and details of the indebtedness in order that they recover the outstanding sums. We may use a tracing agent to locate you in the event that you fail to make repayments on your loan and or fail to make contact with the credit union.
Our legitimate interest: The credit union, where appropriate, will take necessary steps to recover a debt to protect the assets and equity of the credit union
Judgements Searches: We carry out searches on the Land Registry and Stubbs Gazette for any judgements against your property, in order to assess your credit worthiness to repay a loan.
Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly and will use your credit history in order to determine your suitability for the loan applied for. In carrying out such a search we can better determine your overall financial position in order to lend to you.
CCTV: We have CCTV footage installed on the premises with clearly marked signage. CCTV is used by the credit union in line with our policies, to protect the assets and security of the credit union and to ensure accuracy of member transactions.
Our legitimate interest: With regard to the nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to the credit union and to prevent and detect fraud.
Voice Recording: We record phone conversations both incoming and outgoing for the purpose of verifying information and quality of service.
Our Legitimate interest: To ensure a good quality of service, to ensure that correct instructions were given or taken due to the nature of our business and to quickly and accurately resolve any disputes.
19. Your consent
Your consent: We will only carry out the below processing when we have obtained your consent and will cease processing once you withdraw such consent, see details below:
Marketing and Market Research: To help us improve and measure the quality of our products and services we undertake market research from time to time. This may include using CUDA (Credit Union Development Association) via the Solution Centre and/or specialist market research companies. Marketing preferences forms are provided to members at membership application, loan application and Online banking application stages. If you wish to avail of these preferences you can ask in branch or select your preferences online at any time.
Schools Quiz: This credit union is involved in the Primary Schools Quiz in liaison with CUDA (Credit Union Development Association). Upon entry parent/legal guardians will be given further information and asked for their consent to the processing of their child’s personal data. This information is processed only where consent has been given. A separate privacy notice is included in all School Quiz entry forms.
For more information view the cookies consent pop up on our website www.blanchardstowncu.ie
20. Your Rights in connection with your personal data are to:
To find out whether we hold any of your personal data and, if we do, to request access to that data that to be furnished a copy of that data. You are also entitled to request further information about the processing.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.
Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal information. You can ask us to suspend processing personal data about you, in certain circumstances.
Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge
Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer your relevant personal data to another controller where it’s technically feasible to do so. ‘Relevant personal data is personal data that: You have provided to us or which is generated by your use of our service. Which is processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us.
Please note that the above rights are not always absolute and there may be some limitations.
You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:
Telephone: +353 57 8684800
+353 (0)761 104 800
Lo Call Number: 1890 252 231
Data Protection Commissioner
If you want access and/ or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we send you or a third party a copy your relevant personal data in a reusable format please contact The Data Protection Officer in writing using their contact details listed at the beginning and end of this document.
For your request to dealt with promptly, you can download the Subject Access Request (SAR) form on our website (https://www.blanchardstowncu.ie/wp-content/uploads/2018/05/SUBJECT-ACCESS-REQUEST-FORM.pdf), complete it and send it to contact The Data Protection Officer in writing using their contact details listed at the beginning and end of this document.
There is no fee in using any of your rights unless your request for access is clearly unfounded or excessive. We also reserve the right to refuse to comply with the request in such circumstances. We may need to verify your identity if we have reasonable doubts as to who you.
We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
To enable the credit union to ensure our information is up to date and accurate at all times, we would encourage you to notify us immediately if there is any change to any of your personal information which we hold on your file.
21. Updates to this notice