At Ballaghaderreen CU, our priority is to protect, respect and recognise the importance of your privacy.
In this policy document, we will explain the manner and the reasons why we collect personal details from the visitors to our site. It also explains how we use the information, the situations under which the information may be revealed to others and how we ensure its protection.
Ballaghaderreen Credit Union, Main Street, Ballaghaderreen, County Roscommon.
About Ballaghaderreen CU
At Ballaghaderreen Credit Union, we pride ourselves on excellent service to our members. We are a not-for-profit organisation and exist to provide a safe, convenient place for members to obtain loans and other financial services at reasonable rates.
Our goal is to promote the financial well-being of our members. To achieve this, we are committed to providing a broad range of innovative financial products supported by the excellent service of our dedicated, well-trained staff.
GDPR Data Protection Officer
Ballaghaderreen and District Credit union have appointed a Data Protection Officer under Article 37(4) of the General Data Protection Regulation.
The contact details for the DPO are: email firstname.lastname@example.org
Telephone : 094-9860522
What information do we collect?
We collect and use a wide variety of information about different classes of persons including members, members with loans, guarantors, staff, volunteers, nominees and service providers. The following details the information we collect:
Account Opening and Lending:
- Your name, address, date of birth, email, telephone, financial data, status and history, transaction data; contract data, details of the credit union products you hold with us, signatures, identification documents, salary, occupation, source of wealth, source of funds, Politically Exposed Status, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPSN numbers, passport details, driver license details, tax residency, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage and telephone voice recordings. We collect this information from membership application forms, lending forms and guarantor forms.
- Your name, address, contact details, income and expenditure details.
- Your name, address, relationship to member, bank details (to allow payment/transfer of nominated property).
How we use particularly sensitive personal data
“Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:
- When completing a loan application, we will ask you to complete a simple medical questionnaire to ensure that the Loan Protection Cover is available to clear that loan in the event of your death or serious illness, subject to the terms and conditions of the cover.
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our data protection policy.
- Where it is needed in the public interest, and in line with our data protection policy.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
How we may share the information
- We disclose information about you to various parties, mostly where required by law. These include the Central Bank, Revenue, the Gardai (in respect of suspicions of money laundering), Data Protection Commission, Financial Services Ombudsman, Criminal Assets Bureau, as well as parties designated by/under the relevant legislation, police forces and security organisations, ombudsman and regulatory authorities, as well as fraud prevention agencies. We may share your information with ECCU Assurance DAC, the insurer who provides Loan Protection and Life Savings cover. Our statutory auditors also need to see personal information relating to members, staff and others in order to complete their audit.
- We also use a variety of service providers who have access to different kinds of information about you. These include suppliers of our computer systems, cloud storage providers, solicitors, debt collection service providers, auditors, ILCU, risk management and compliance consultants, CCTV maintenance firms, telephone recording equipment providers and other outsourced service providers. In all cases we ensure that these service providers are of good standing & repute and commit to keeping your information safe and secure. They are also prohibited from passing information about you to any other persons.
- We may transfer and/or store information related to you to a destination outside the European Economic Area (“EEA”). In this context, this Information may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Any transfer of information relating to you to a location outside the EEA is made in accordance with data protection law. Specifically, such transfers are only ever made lawfully by way of the European Commission’s Model Contractual Clauses. More information and a copy of the Model Contractual Clauses are available on the European Commission’s website.
- We share your information with the Central Credit Register in order to comply with our legal obligations under the Credit Reporting Act 2013. We may also search the Central Credit Register where permitted but not obliged to do so to protect our legitimate interests. The disclosure of personal information to State agencies (e.g. Central Bank, Revenue, Gardai) and statutory auditors is permitted under GDPR Article 6 because it is required by law. However, for virtually all other personal information, the legal justification for obtaining the information is that it is necessary for the purposes of the credit union’s legitimate interests, and nothing that we do infringes your fundamental rights to privacy or any other rights available under law or any freedoms arising from those rights.
- However, if you think that any collection or use of your personal information is unnecessary, disproportionate or otherwise improper please let us know and we shall be happy to address your concerns. However, our position will be that resolution of any such concerns must not prejudice the legitimate interests of the credit union. If we cannot satisfy you, it may be that your membership, loan application or any other relationship you have with us must be discontinued. If this is unsatisfactory to you, you have a right to complain to the Data Protection Commissioner who will give an independent, authoritative and binding view of whatever matter divides us.
We are most careful to comply with all of our data protection obligations. Specifically:
- When we collect, use or disclose any personal information, we do so fairly and lawfully. This means that we make sure you know why we are collecting your information and what we are doing with it.
- We collect and use it only for specified, explicit and legitimate purpose(s).
- We do not use or disclose it in any way which is incompatible with those purposes.
- We protect it against unauthorised access, alteration, disclosure or destruction, or unlawful use.
- We make sure that all personal information we hold is accurate, complete and where necessary, kept up to date.
- We make sure that when we collect personal information, it is adequate, relevant and not excessive in relation to the purpose for which it was collected.
- We do not keep personal information for longer than is necessary. Most information is retained for 6 years which is a common minimum records retention period required by law. However, if personal information can be lawfully destroyed after a shorter period, we try to do so. We also try to destroy all personal information when we no longer have any need to retain it.
- If you ask, we will provide you with a copy of all information we hold about you. Furthermore, if you ask us to correct or destroy any information, we hold about you, we will do so, subject to the legal provisions surrounding any such request. We have a detailed Data Protection Policy which addresses our entire approach to this important topic.
- All of our officers, whether paid staff or volunteers, are provided with data protection training regularly. They also sign a confidentiality pledge annually.
- We view our obligations in respect of data protection very seriously and any suspected or actual breach is investigated thoroughly with appropriate action taken where necessary.
How do you make a complaint?
If you have a complaint about how we have used your personal information, please mark your letter “For the Attention of the Data Protection Officer’’. under our complaints procedures we shall acknowledge your complaint within 5 working days, we shall provide you with the name of the person handling your complaint and try to have a full response within 40 working days. If you are unhappy with how we have dealt with your complaint, you will be able to refer the matter to the Data Protection Commissioner.
Should you have any further questions about any of the foregoing, please ask any of our officers who shall be pleased to help:
- write to us, Ballaghaderreen Credit Union, Main Street, Ballaghaderreen, Co. Roscommon.
- telephone us 094-9860522
- email us at email@example.com
- contact the ICB, CCR or Data Protection Commissioner using the details below
Use of ‘cookies’
These cookies don’t collect any individual identification data, but rather just statistical insights about the sites you visit and what your online behaviour and patterns are. This actually assists us to improve our user experience and personalise your online interactions. You are able to turn off cookies using your browser settings.
External links to other websites
16 and Under
The personal information of minors under the age of 16 is particularly vulnerable, and we try our utmost to ensure that it is well protected. If you are 16 years or younger, please gain permission from a parent or guardian to distribute your personal information to us.
Transferring your details outside of the EU
By offering your personal information to us, you are acknowledging that they could be transferred to locations outside of Ireland. This could happen if a server is located in a country outside of Ireland. We cannot guarantee that these locations have the same protection laws as we do when it comes to personal data.
By giving us your information, you are agreeing to these terms. However, if we are aware of your data being transferred out of the country, we will make sure the right protection processes are in place to ensure your personal information remains as secure as possible, in line with what we have stated above. If you engage with our website while outside the country, then our data may be transferred internationally in order to provide you with the correct services.
Your Rights in connection with your personal data are:
It is within your rights to ask Ballaghaderreen CU for your own copy of the details we hold on you. You can request us to edit, adjust or delete this information.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal information. You can ask us to suspend processing personal data about you, in certain circumstances.
Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.
Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer your relevant personal data to another controller where it’s technically feasible to do so. ‘Relevant personal data is personal data that: You have provided to us or which is generated by your use of our service. Which is processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us.
You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:
|Telephone +353 57 8684800 +353 (0)761 104 800
Lo Call Number 1890 252 231
|Postal Address: Data Protection Commissioner
Canal House Station Road
Portarlington R32 AP23 Co. Laois
Please note that the above rights are not always absolute and there may be some limitations.
If you want access and/ or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we send you or a third party a copy your relevant personal data in a reusable format please contact the Data Protection Leader in writing using their contact details above.
There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. We also reserve the right to refuse to comply with the request in such circumstances.
We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Ensuring our information is up to date and accurate We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any changes to your personal information. If you wish to avail of either of these rights, please contact us at 094-9860522 or at firstname.lastname@example.org