Our commitment to data privacy and information security
At Bruff Credit Union, we are fully committed to protecting and respecting our members’ privacy. This statement sets out the basis on which any personal data we collect from and about you, or that you provide us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
We are a Data Controller for the purposes of the Data Protection Acts 1988 and 2003 (“the Acts”) and the General Data Protection Regulation (“the GDPR”) which took effect since 25th May 2018.
Personal data we collect
We collect personal information from you, for the following purposes:
- When you create a member account
- When you interact with us for the products and services we supply to you
- We record through CCTV footage to offer you additional security, resolve complaints and improve service standards
- When you apply for loan facilities
- Any instructions we accept from you or transactions we undertake to which you are a party, whether through our website, or otherwise (this information may be provided by others e.g. joint account applications, club or other account(s) to which you are a nominated beneficiary)
How we use your personal data
The personal information we collect is for specified purposes and services we provide to you including:
- Administer the products and services we supply to you
- To implement any contracts we have entered into with you
- When assessing your loan application and determining your ability to meet the loan repayments.
- To contact you should you default on the terms of the credit agreement relating to any loan(s) to which you are a party
- To conduct credit searches with credit reference agencies in order to provide credit facilities and, where necessary, for fraud prevention and debt recovery
- We also use your information to notify you about changes to our services that you request from us, or, where you have agreed to us doing so, which we feel may interest you
We use personal information for the purpose it was collected. We do not use your personal information for any different purpose other than for what it was obtained for without notifying you and seeking your consent first.
Sharing your personal data
We only share your information with Credit Union authorised third parties for specific purposes related to the services we are offering you. We do not allow third parties to use your personal information for any other purposes.
We may have to share your personal data as required with regulatory authorities or with law enforcement agencies.
We may also share your information with your authorised representatives or third parties where you have authorised us to do so such as budgeting and advice agencies, receivers, liquidators and official assignee’s (as applicable).
We may use other companies and individuals to work on our behalf or to review information in order to help to make decisions for the benefit of the Credit Union and its members.
This may include debt collection, IT processing, insurance providers and credit agencies.
We have agreements in place with all third partied to whom we give your information, for the purpose of handling your data, in accordance with requirements of the GDPR.
The legal basis for retaining and/or processing your personal data
We use and share your information where:
- You have provided us with explicit consent to use that information in a specific way (you have the right to withdraw your consent at any time).
- It is required for us to provide a service to you or in the completion of a contract you have entered into with us. This may also arise in the context of when we are responding to a contract with us (e.g. a loan offer)
- We are required to do so to comply with a legal obligation (e.g. the performance of a contract, to comply with the requirements of the Criminal Justice legislation & regulation in respect of anti-money laundering/ the combating of the financing of terrorism/ UN financial sanctions, reporting credit information to the Central Credit Register, reporting to the regulatory authorities and law enforcement)
- Its use is required to protect your “vital interests” in exceptional circumstances
- Its use is required for our legitimate interests (which may object to) in the course of managing our business including credit risk management, providing service information, conducting marketing activities, training and quality assurance, strategic planning and the purchases or sale of assets.
Keeping your personal data secure
We employ physical, technical and administrative safeguards to protect the confidentiality and security of your personal information. We use industry standard procedures to protect your information from loss, misuse or unauthorised access.
Appropriate technical and organisational measures are taken to protect your data.
We may contact you by mail, email and text about our services and other events involving or relating to products and services which may be of interest to you. You have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you can unsubscribe or opt out at any time when you receive an email/ text or you can email us on firstname.lastname@example.org
You have certain legal rights to control your information and the manner in which we process it. This includes:
- A right to get access to you personal information
- A right to request us to correct inaccurate information, or update incomplete information
- A right to request that we restrict the processing of your information in certain circumstances
- A right to receive the personal information you provide to us in a portable format
- A right to object to us processing your personal information in a lawful manner, or for the purposes for which it was provided
- Where we have requested your permission to process your information, a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities
- A right to object to us processing our information for direct marketing purposes of marketing
Change of purpose
You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal information for an un related purpose, we will notify you and we will explain the legal basis which allows us to do so.
Implications of not providing information
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
How long we hold you personal data
Our retention periods are subject to legislation and regulatory rules set by authorities such as the Central Bank of Ireland and the type of financial product provided to you.
Updates to our privacy notice and policy
We keep this Privacy statement under regular review. This statement was last updated in May 2018.