GDPR Privacy Notice
At Mitchelstown Credit Union, we take your privacy seriously and we are fully committed to keeping your information private. Providing and holding personal information comes with significant rights on your part and significant responsibilities on ours.
This Data Privacy Notice is provided to fulfil our obligations under the General Data Protection Regulation (GDPR), effective from 25 May 2018. GDPR requires greater accountability and transparency from organisations such as ours with regard to the treatment of your personal information, and provides data subjects with enhanced rights and greater control over how we process it.
This data privacy notice summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information and how you can exercise such rights.
Who are we?
Throughout this document, “we”, “us’, “our” and “ours’ refer to Mitchelstown Credit Union. Acting as a community-based credit union we are primarily focused on our members and pride ourselves on offering quality services to members within the common bond area.
The information we collect about you
We will hold:
- Identity & contact information
- Financial details
- Marital status and/or financial associations
- Other personal information
- Sensitive categories of data e.g. health information for insurance purposes
- Information which you have consented to us using
- Information about you provided by others e.g. joint account/group account applications or guarantor details
- Other personal information such as: telephone recordings, CCTV images at our branches and ATM and information provided
When we collect your information
We collect information: (i) you give us; (ii) information from your use of our products, services or our websites and mobile apps, and; (iii) information provided to us by third parties.
How we use your information
We use, and share, your data in the following cases:
- To assess eligibility and credibility for the services, products and facilities we offer
- To provide credit union and other related services, products and facilities to you
- To implement any contracts we have entered into with you
- To conduct credit searches with credit reference agencies in order to provide credit facilities and, where necessary, for fraud prevention and debt recovery.
- Use is necessary because we have to comply with a legal obligation (e.g reporting to the Central Credit Register, regulatory authorities and law enforcement)
- Use for our legitimate interests (which you may object to) such as managing our business on a day to day basis including credit risk management, providing service information, conducting marketing activities, training, quality assurance and strategic planning
- You have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time).
How we use automated processing of ‘analytics’
We may analyse your information using automated means to:
- We may use automated processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing, for example, to screen for suspicious transactions.
Who we share your information with
Sharing can occur in the following circumstances and/or with the following:
- Our systems suppliers who test backup data,
- Our supplier used for checking the names of members against sanctions lists,
- Our payroll bureau,
- Our off-site storage supplier
- Debt collectors & solicitors used for recovery of outstanding debts
- Members authorised representatives
- When you open or use a joint account
- Statutory and regulatory bodies and law enforcement authorities
- Credit reference/rating agencies
How long we hold your information
Our retention periods are subject to legislation and regulatory rules set by authorities such as the Central Bank of Ireland and the type of financial product provided to you.
Implications of not providing information
If you do not provide information we may not be able to:
- provide/continue to provide credit union services to you
You will be informed in instances where information which is not a contractual requirement or is not needed to comply with our legal obligations is requested.
How to exercise your information rights including the right to object
GDPR acts to empower data subjects with enhanced rights in relation to how we use your information, including the right, without undue delay, to:
- Find out if we use your information, access your information and receive copies of your information
- Have inaccurate/incomplete information corrected and updated
- Object to particular use of your personal data for our legitimate business interests or direct marketing purposes. Members possess the right to opt out any anytime.
- In certain circumstances, to have your information deleted or our use of your data restricted
- In certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision
- Exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider)
- To withdraw consent at any time where processing is based on consent.
If you have any questions as to how we use your information or if you wish to exercise any of your data rights, you can contact our data protection officer by contacting 025 24800 or at firstname.lastname@example.org. If you make your request electronically, we will try to provide you with the relevant information electronically.
You also have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.