Mortgages Regulation

Savvi Mortgage Data Protection Statement

LAST UPDATED: 23rd April 2024

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

OUR MORTGAGE DATA PROTECTION STATEMENT

Under the General Data Protection Regulation (“GDPR”), we are required to explain to you why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.

We must also explain your rights under the GDPR and related data protection laws in relation to our processing of your Personal Data. For your convenience, we have divided our Data Protection Statement into sections.

This mortgage data protection statement sets out specific information relating to the Personal Data we process related to applications for a mortgage loan and mortgage loan related purposes. For all non-home loan related services and processing activities of Savvi Credit Union please see our General Data Protection Statement here.

We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).

ABOUT US

Savvi Credit Union is a progressive Credit Union serving the community of Dublin1,2 and 4 along with current and retired ESB staff, that has been in operation at the heart of the community for nearly 60 years. Our mission is to provide financial services for all our members residing, working, and studying in our community, offering products and services driven by the needs of our members.

We are Savvi Credit Union
You can find us at Main office at Docklands 56 Sir John Rogerson’s Quay, Dublin 2
Branches St Laurence O’Toole 1a Upper Oriel St, Dublin 1
Pearse 22 Upper Erne St., Dublin 2
Ringsend 5 Irishtown Road, Ringsend, Dublin 4
Email hello@savvi.ie
Telephone 01-6325100
Our website is www.savvi.ie

References to “We”, “Us” the “Credit Union” and “Savvi” shall apply to the company in the group that is processing your Personal Data.

CONTACT DETAILS

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact our Data Protection Officer

Email: dpo@savvi.ie

WHO THIS DATA PROTECTION STATEMENT APPLIES TO?

This Data Protection Statement describes how we collect and use Personal Data about Mortgage Applicants and Mortgage Account Holders.

LAWFULNESS OF PROCESSING

We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.

When Savvi processes Personal Data any one of the following legal grounds will generally apply.

Further detail about the lawful basis for our processing activities in included in the relevant sections of this Data Protection Statement.

Contract

We will process Personal Data where necessary to perform our obligations relating to or in accordance with the terms and conditions of the mortgage agreement you enter into with the Credit Union or to take steps prior to entering into such agreement.

Legal Obligation

We will need to process certain Personal Data in order to comply with any legal or regulatory obligations imposed on us, such as to comply with Mortgage Lending Regulations and the Code of Conduct on Mortgage Arrears as regulated by the Central Bank. We also need to meet legal obligations connected with the Consumer Protection Code and “know your customer” requirements under anti-money laundering (AML) laws, or under anti-money counter terrorist financing law.

Consent

For certain processing activities we may rely on your consent.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time contacting us at dpo@savvi.ie

Legitimate Interest

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to make legal claims and to provide information to you.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests and rights outweighs our legitimate interests.

If do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dpo@savvi.ie and we will review our processing activities.

SOURCES OF MORTGAGE RELATED DATA

We may obtain Personal Data from you directly or from a third party.

Credit Unions Members and their representatives

We will collect your Personal data directly from you when you:

  • apply for a mortgage loan or a mortgage loan related product;
  • assist the mortgage applicant with the deposit;
  • provide a certificate of income from your employer;
  • provide certified audited / trading accounts and tax status from your accountant if you are self-employed;
  • include information from a council housing department if purchasing property under tenant purchase or council buyout;
  • include a letter of supervision, certificate of professional indemnity insurance or information relating to the cost of construction from your engineer or architect in the case of a self-build.
Third Parties

we may collect your Personal Data from a 3rd party when we:

  • conduct background checks, including “know your customer” checks;
  • follow-up with your employer or accountant regarding salary and accounts information provided as part of your application;
  • run credit checks with credit referencing agencies such as the Irish Credit Bureau and the Central Credit Register;
  • receive information from our solicitor in relation to the exchange of contracts.

CATEGORIES OF MORTGAGE PERSONAL DATA

The list below sets out the general categories of Personal Data that we collect in relation to Mortgage applications.

We need all the categories of Personal Data in the list below to allow us to identify you and contact you and in order that we can provide our home loan services to you.

If you fail to provide certain Personal Data when requested, we may not be able to provide the home loan service or to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.

Identification Data

This includes name, marital status, title, data of birth, gender, PPSN, photographs, job title and employer. It also includes background and verification data such as a copy of passports, driver’s license, or utility bills as well as other information we require to comply with our obligations under anti-money laundering legislation.

Contact Data

This includes email address, phone number, postal address, billing address.

Financial Data

includes financial data such as your account status and history, transaction data, contract data, credit checks, details of the Credit Union products being used.

This also includes payment related information or bank account details and financial data received as part of the services that we offer.
With mortgages we may also request broader information around your financial income and outgoings such as salary, occupation, accommodation status, mortgage details, other loans and debts, spouse/partners, dependents and financial commitments, credit history, accommodation status, tax status and information about savings and financial gifts used to contribute towards the deposit.

Background Data

This includes information about you such as previous addresses, previous names, relationship with joint borrower, business ownership, directorships held, retirement age, first time buyer, pension details, residency, nationality, criminal sanctions.

Property Data

First time buyer status, Valuation Reports, Land Registry folio, Certificate of Title, Life Assurance cover documents- these documents contain the following information: – Name, Address, date of birth, property value, members solicitors name, address and contact details and medical data.

Correspondence Data

If you interact with us, we will record details of those interactions. For example, we will process details of phone calls, email correspondence and hard copy correspondence.

Special Categories of Personal Data

When we provide our mortgage services, we may process special categories of Personal Data.

Under the GDPR special category Personal Data includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The special category Personal Data that may be processed by the Credit Union include:

Health Data

A health declaration may be required in order to obtain insurance cover for the mortgage.

We process this information with your explicit consent.

Other Special Category Data

Special categories of data relating to political opinions, religious or philosophical beliefs, or trade union membership, or data concerning a natural person’s sex life or sexual orientation may be inferred from information you provide such as when you make payments to a religious or political organisation. Such information is incidental to the purposes of processing and we do not further process this information for any other purpose.

From time-to-time members may provide special category data to us to support a loan application. For instance, members may be applying for a loan to finance a medical procedure and may furnish information relating to the procedure. While we ask generally for information to support a loan application, we never ask for medical information or other special category data in these circumstances. It is our policy if it is provided to us to return such information to the member.

OUR PROCESSING ACTIVITIES

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

Purpose of Processing Categories of Personal Data Lawful Basis
To process your application for a mortgage Identification Data

Contact Data

Member Financial Data

Contract
Legal Obligation
To assess your application for a mortgage

To provide a decision regarding your application for a mortgage

Contact Data

Financial Data

Background Data

Property Data

Correspondence Data

Contract

Legal Obligation

To complete the mortgage underwriting process Background Data

Property Data

Correspondence Data

Contract

Legal Obligation

To provide mortgage drawdown Property Data

Contact Data

Financial Data

Correspondence Data

Contract
To manage the repayment schedule

To process mortgage payments

To provide you with statements and repayment information

Financial Data

Correspondence Data

Contract
To administer the ILCU Loan Protection Scheme Contact Data

Financial Data

Health data

Contract

Explicit Consent

To implement credit control measures where there are missed mortgage loan repayments

To carry out credit control including collecting and enforcing debts and arrears

To comply with the Mortgage Arrears Resolution Process

Contact Data

Financial Data

Contract

Legitimate Interests

To comply with our legal reporting obligations in respect of the Central Credit Register (CCR) Contact Data

Financial Data

PPSN

Legal Obligation
to interact with the regulator and the Central Bank of Ireland for reporting, compliance and auditing purposes;

To comply with anti-money laundering(AML) and combating terrorist financing obligations:

Contact Data

Financial Data

Legal Obligation
to respond to any requests from you in relation to the status of your mortgage application or your mortgage account

to manage and respond to a complaint or appeal

Contact Data

Financial Data

Correspondence Data

Legitimate Interests
to provide you with information about products and services that are relevant to you;

to tailor our mortgage related products and services to more effectively meet the needs of mortgage applicants and mortgage account holders;

to personalise marketing information and to segment and distribute targeted marketing

Contact Data

Financial Data

Legitimate Interests

RETENTION OF MORTGAGE PERSONAL DATA

We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements. Once the retention period has expired, the Personal Data will be permanently deleted.

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy is as follows:

Purpose of Processing Retention Period
Mortgage Loan applications 7 years from the date of final repayment for successful applications

6 Months from application date in the case of incomplete or expired applications

7 years from date of decision in the case of denied applications

Mortgage loan assessment documentation Retained in conjunction with the loan application and credit agreement for 7 years from the date of final repayment
Mortgage (Credit) Agreement 7 years from date of final repayment, and twelve years where the document is under seal
Correspondence in relation to your mortgage such as annual interest certificates and statements, general correspondence Retained in conjunction with the loan application and credit agreement for 7 years from the date of final repayment
Credit Control Information 7 years from date of final repayment
Marketing communications 1 Year

DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data specifically in relation to your mortgage to third parties as follows:

  • with your authorised representatives which includes your broker/retail intermediary, solicitor (including under a Power of Attorney) and any other party authorised by you to receive your personal data
  • with other banks or payment service providers such as SWIFT, credit card issuers, digital wallet providers, merchant acquirers and merchant banks in order to process payments
  • we will share your information with any person or entity which guarantees your obligations to us (for example, if a parent guarantees your mortgage or an entity provides a guarantee as part of a statutory scheme
  • with the Credit Union Solicitor for the purposes of exchange of deeds
  • the Credit Union may utilise a third-party storage solution company to ensure safe, secure storage of Title Deeds and security documents
  • with the Central Credit Register for the purposes of assessment of the loan application as part of our legal requirements
  • with specialist credit control and debt collection agencies
  • with ECCU Assurance DAC (“ECCU”) for the administration of Loan Protection insurance
  • to other insurance companies for the purpose of insuring the loan. The insurance company will have an independent relationship you for the purposes of the loan and will provide their own data protection statement
  • with another financial service provider to facilitate a potential or actual transfer of any loan or product provided to you or in connection with a securitisation or other funding arrangement.

Additionally, we may also disclose Personal Data generally in relation to your relationship with us to third parties as outlined in the Data Protection Statement – Savvi Credit Union

SECURITY OF YOUR PERSONAL DATA

We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law.

In particular, we have put in place appropriate physical, technical, and organisational procedures to safeguard and secure the Personal Data we process.

We will also take reasonable steps to verify your identity before granting access to information to protect the privacy and security of the Personal Data we process.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

TRANSFERS OUTSIDE THE EEA

We will only transfer Personal Data outside the EEA if necessary and with appropriate safeguards in place.

The Credit Union may transfer limited Personal Data to be processed outside the EEA by our processors. In such cases we use processors who provide sufficient guarantees to ensure the security and protection of your Personal Data.

PROFILING AND AUTOMATED DECISION MAKING

We sometimes use systems to make decisions based on Personal Data we have (or are allowed to collect from others) about you. This Personal Data is used for loan assessment, provisioning, credit control workflow automation, anti-money laundering purposes and compliance with our legal duties in that regard.

YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where:

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we cannot delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims.
Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate Personal Data, and have told us of it
  • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

QUESTIONS OR COMPLAINTS

Thank you for reading our Data Protection Statement. Please Contact Us if you have any questions.

Contact Details  – Savvi Credit Union DPO

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact our Data Protection Officer

Email: DPO@savvi.ie

Contact Details  – Data Protection Commission

If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.

Online Form: https://forms.dataprotection.ie/contact

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel: +353 578 684 800 or +353 761 104 800

AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes to this Data Protection Statement on the Website alongside our mortgage information and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

 
Back To Top