-
Overview
We want to explain clearly how we process your Personal Data when you apply for and receive a loan from the Credit Union.
In order to provide Credit Union loans, we need to collect Personal Data from our members. This section of the Data Protection Statement provides specific information relating to loan applications and maintenance of loan accounts.
-
Members and their representatives
Our Members are individuals to whom we provide Credit Union loans.
For the most part we transact directly with members in relation to the operation of the Credit Union loans. On occasion we may transact with relatives, guarantors or representatives who are acting on behalf of a member.
When we transact with someone on behalf of a member, we will also collect limited additional Personal Data about that person.
- A person who acts as guarantor on a member’s loan;
- A spouse or relative who provides information to us to support the loan application;
- A legal representative of a member who communicates with us on the member’s behalf.
-
Categories of Personal Data
This Data Protection Statement provides information relating to the categories of Personal Data we process.
When you apply for a Credit Union loan, we collect the following information Category of Personal Data Description Contact Data This includes email address, phone number, postal address, billing address. Financial Data This includes financial data such as your account status and history. With loans we may also request broader information around your financial income and outgoings such as salary, occupation, accommodation status, mortgage details, other loans and debts, previous addresses, spouse, partners and we may request further information to support the purpose for the loan.
Correspondence Data If you interact with us, we will record details of those interactions. For example, we will process details of phone calls, email correspondence and hard copy correspondence. PPSN Your Personal Public Services Number (PPSN) will be collected, if not already on file in order to meet our reporting requirements to the CCR. -
Processing Activities
We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
We have to process Personal Data legally. As a regulated entity much of the data that we process is required to meet with a regulatory obligation or in order to deliver Credit Union loan services to you. Purpose of Processing Categories of Personal Data Lawful Basis To process your application for a loan; - Contact Data
- Financial Data
- Contract
To assess your application for a loan to determine whether the product meets your needs and to assess your ability to repay the loan; To evaluate and manage the risk exposure of the credit union;
To train and improve machine learning and AI (artificial intelligence) models that assist in loan decision making.
- Contact Data
- Financial Data
- PPSN
- Contract
- Legal Obligation
- Legitimate Interests
To provide loan drawdown and to manage the repayment schedule
To provide you with information about the performance of your loan;- Contact Data
- Financial Data
- Correspondence Data
- Contract
To administer the ILCU Loan Protection Scheme; - Contact Data
- Financial Data
- Contract
To implement credit control measures where there are missed loan repayments;
To carry out credit control including collecting and enforcing debts and arrears- Contact Data
- Financial Data
- Contract
To comply with our legal reporting obligations in respect of the Central Credit Register (CCR); - Contact Data
- Financial Data
- PPSN
- Legal Obligation
To interact with the regulator and the Central Bank of Ireland for reporting, compliance and auditing purposes; - Contact Data
- Financial Data
- Legal Obligation
We process your personal data to assist with the formulation and refinement of our credit policies and lending criteria to ensure responsible and equitable lending practices, including; - the evaluation and management of risk exposure of the credit
union and - to train and improve machine learning and AI (artificial
intelligence) models that assist in loan decision making.
- Contact Data
- Financial Data
- Legitimate Interest
-
Sources of Personal Data
We receive information from you when you apply for a loan from us either in-branch or over the phone – where this facility is offered.
This information is collected from you directly through the loan application form or from you and other people in the case of a joint loan application or where proof of household income is sought.
We receive information from external sources such as the CCR when we carry out Credit Checks relating to the Loan application.
Where you chose to provide financial details via Open Banking, we will receive financial information from your bank via the open banking platform.
We receive information from you during the course of the loan such as:
- Information related to loan repayments;
- Information you supply when you communicate with us about your loan repayments.
We may receive information about you from a representative when they communicate with us on your behalf.
-
Retention of Loan information
Our retention policy is as follows:
Purpose Retention Period Loan application and approval, loan administration Termination of loan + 7 years Note that this section of the Credit Union Data Protection Statement relates only to how we process data relating to the processing of Credit Union loans.
We provide information about how we process your data when you interact with any of the Credit Union Services such as membership; website; online banking; and other general services offered by the Credit Union on a service-by-service basis. For further information relating to (i) how to exercise your rights, (ii) who your Personal Data may be shared with (including cross border transfer); (iii) the security measures we have implemented and the contact details for the Data Protection Commission in Ireland you should read the full Credit Union Data Protection Statement here. -
DISCLOSURE OF PERSONAL DATA
In certain circumstances, we may disclose Personal Data specifically in relation to your loan to third parties as follows:
- with other banks or payment service providers such as SWIFT, credit card issuers, digital wallet providers, merchant acquirers and merchant banks in order to process payments.
- with PLAID AISP, where you have chosen to provide your financial details including bank statements, for loan assessment via the open banking platform. PLAID AISP is a Controller of your personal data and their data protection statement is available at the following link https://plaid.com/legal/.
- we will share your information with any person or entity which guarantees your obligations to us (for example, if a parent guarantees your loan or an entity provides a guarantee as part of a statutory scheme)
- with the Central Credit Register for the purposes of assessment of the loan application as part of our legal requirements
- with specialist credit control and debt collection agencies
- with ECCU Assurance DAC (“ECCU”) for the administration of Loan Protection insurance
- to other insurance companies for the purpose of insuring the loan. The insurance company will have an independent relationship you for the purposes of the loan and will provide their own data protection statement.
- with another financial service provider to facilitate a potential or actual transfer of any loan or product provided to you or in connection with a securitisation or other funding arrangement.
Additionally, we may also disclose Personal Data generally in relation to your relationship with us to third parties as outlined in the Data Protection Statement – Savvi Credit Union
-
SECURITY OF YOUR PERSONAL DATA
We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Data Protection Statement and the
relevant law.In particular, we have put in place appropriate physical, technical, and organisational procedures to safeguard and secure the Personal Data we process.
We will also take reasonable steps to verify your identity before granting access to information to protect the privacy and security of the Personal Data we process.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
-
TRANSFERS OUTSIDE THE EEA
We will only transfer Personal Data outside the EEA if necessary and with appropriate safeguards in place.
The Credit Union may transfer limited Personal Data to be processed outside the EEA by our processors. In such cases we use processors who provide sufficient guarantees to ensure the security and protection of your Personal Data.
-
PROFILING AND AUTOMATED DECISION MAKING
We sometimes use systems to make decisions based on Personal Data we have (or are allowed to collect from others) about you. This Personal Data is used for loan assessment, provisioning, credit control workflow automation, anti-money laundering purposes and compliance with our legal duties in that regard.
-
YOUR RIGHTS
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold on you.
You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
- your Personal Data is no longer needed for the reason that it was collected in the first place
- you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
- there is no lawful basis for the use of your Personal Data
- deleting the Personal Data is a legal requirement.
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we cannot delete your Personal Data where:
- we are required to have it by law.
- it is used for freedom of expression.
- it is used for public health purposes.
- it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing.
- it is necessary for legal claims.
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
- you have identified inaccurate Personal Data, and have told us of it.
- where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether.
When Personal Data is restricted, it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent, or the processing is authorised by law.
You can make a complaint.
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
QUESTIONS OR COMPLAINTS
Thank you for reading our Data Protection Statement. Please Contact Us if you have any questions.
Contact Details – Savvi Credit Union DPO
If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact our Data Protection Officer
Email: DPO@savvi.ie
Contact Details – Data Protection Commission
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.
Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800
AMENDMENTS TO THIS DATA PROTECTION STATEMENT
We will post any changes to this Data Protection Statement on the Website alongside our loan information and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.