Privacy and Cookie Policy

Contact Bruff Credit Union

Bruff Credit Union is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us.

Purpose of Data Collection, Processing or Use

Bruff Credit Union is a member-owned financial co-operative, democratically controlled by its members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to its members. Data collection, processing and use are conducted solely for the purpose of carrying out the above-mentioned objectives.

What personal data do we use?

We may collect, store, and use the following categories of personal information about you;

Your name, address, date of birth, email, telephone financial data, status and history, transaction data; contract data, details of the credit union products you hold with us, signatures, identification documents, salary, occupation, accommodation status, mortgage details, previous addresses, spouse, Partners, nominations, Tax identification/PPSN numbers, passport details or other identification details, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints and CCTV footage.

We may also collect, store and use the following “special categories” of more sensitive personal information;

Information about your health, including any medical condition, health and sickness (See insurance for further details)

We need all the categories of information in the list above to allow us to; identify you and contact you and in order that we perform our contract with you.

We also need your personal identification data to enable us to comply with legal obligations. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to complete the contract we have entered into with you.

Change of purpose

You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. lf we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher levels of protection’. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

  • ln limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations and in line with our data protection policy.
  • Where it is needed in the public interest, and in Iine with our data protection policy.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. See insurance for further details.

Profiling

We sometimes use systems to make decisions based on the personal information we have (or are allowed to collect from others) about you. This information is used for loans assessment and anti-money laundering purposes and compliance with our legal duties in that regard.

Data Retention Periods

We will only retain your personal information for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. We document the reasons for our retention periods and where possible the retention periods themselves in our Retention Policy. [Please contact Bruff Credit Union for a copy of the Retention of Records Policy.

Once the retention period has expired, the respective data will be permanently deleted. Please see our retention periods below.

  • Accounting records required to be kept further to the Credit Union Act, 1997 (as amended) must be retained for not less than six years from the date to which it relates.
  • The money laundering provisions of Anti-Money Laundering legislation require that certain documents must be retained for a period of five years after the relationship with the member has ended.
  • We keep income tax records for a period of six years after completion of the transactions to which they relate.
  • Credit agreements should be retained for six years from the date of expiration or breach, and twelve years where the document is under seal.
  • CCTV footage which is used in the normal course of business (i.e. for security purposes) for one month.

Planned data transmission to third countries

There are no plans for data transmission to third countries.

Our use and sharing of your information

We will collect and use relevant information about you, your transactions, your use of our products and services, and your relationships with us:

Fulfilling contract

This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services to you

Administrative Purposes

We will use the information provided by you, either contained in this form or any other form or application, for the purpose of assessing this application, processing applications you make and to maintaining and administer any accounts you have with the credit union.

Third parties

We may appoint external third parties to undertake operational functions on our behalf. We will ensure that third parties conducting operational functions on our behalf will do so with respect for the security of your data and that any information passed to them will be protected in line with data protection law.

lrish League of Credit Unions (ILCU) Affiliation

The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by).

We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us.

The ILCU Savings Protection Scheme (SPS)

We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.

lnsurance

As part of our affiliation with the ILCU the credit union carries insurance products from ECCU Assurance DAC (ECCU) which includes Life Savings (LS), Loan Protection (LP) Death Benefit insurance (DBl) and Disability Cover where it applies.

To administer these products and services we may pass your details to ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the Irish League of Credit Unions which exists to provide insurance to credit unions affiliated to the Irish League of Credit Unions. It is a term of your membership, by virtue of our affiliation with the ILCU, that the credit union must apply to ECCU for Loan Protection (LP) if you choose to take out a loan with us.

lf covered, any outstanding sum will be repaid to the credit union by ECCU in the event of your death. ln order that we apply for LP it may be necessary to process ‘special category’ data, which includes data about your health. This information will be shared with ECCU to allow it to deal with insurance underwriting, administration and claims on our behalf. The Privacy Notice of ECCU can be requested by emailing the ECCU Data Protection Officer at DPO@eccu.ie.

Credit Assessment

When assessing your application for a loan, the credit union will take a number of factors into account and will utilise personal data provided from:

  • your application form or as part of your loan supporting documentation
  • your existing credit union file,
  • credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar

The credit union then utilises this information to assess your loan application in line with the applicable legislation and the credit unions lending policy.

Customer Service

To help us improve our service to you, we may use information about your account to help us improve our customer service.

Payzone

Bruff Credit Union use payzone to allow members to make payments to their credit union account. This can be done by:An online payment through Bruff Credit Union’s website

  • An online payment through Bruff Credit Union’s website
  • Over the phone by a Virtual Terminal
  • In the office at one of the payzone terminals

Payzone Ireland Ltd is committed to respecting your privacy and to complying with applicable Data Protection and privacy laws. Payzone is registered in Ireland with registration number 310110 and registered offices at Payzone, 4 Heather Road Sandyford Industrial Estate, Dublin 18, Ireland.

The privacy statement can be found https://www.payzone.ie/privacy

Legal Duty

This basis is appropriate when we are processing personal data to comply with an lrish or EU Law

Tax liability

We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Where a member is tax resident in another jurisdiction the credit union has certain reporting obligations to Revenue under the Common Reporting Standard. Revenue will then exchange this information with the jurisdiction of tax residence of the member. We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.

Regulatory and statutory requirements

To meet our duties to the Regulator, the Central Bank of Ireland, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. We may also share information with certain statutory bodies such as the Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland if required by law.

Compliance with our anti-money laundering and combating terrorist financing obligations

The information provided by you in this membership application will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under The Money Laundering provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended by Part 2 of the Criminal Justice Act 2013 (“the Act”).

Audit

To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external auditor. We will allow the external auditor to see our records (which may include information about you) for these purposes.

Nominations

The Credit Union Act 1997 as amended allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. Where a member wishes to make a nomination, the credit union must record personal data of nominees in this event.

Credit Reporting

Where a loan is applied for in the sum of €2,000 above pledged shares or more, the credit union is obliged to make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where a loan is granted in the sum of €500 above pledged shares or more, the credit union is obliged to report both personal details and credit details of the borrower to the CCR.

Legitimate interests

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. lf we rely on our legitimate interest, we will tell you what that is

Credit Assessment and Credit Reference Agencies

When assessing your application for a loan, as well as the information referred to above in credit assessment, the credit union also utilises credit data from credit referencing agencies such as the Irish Credit Bureau and the Central Credit Registrar [Legal duty under the Credit Reporting Act 2013].

Our legitimate interest

The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly. ICB are using Legitimate lnterests (GDPR Article 6 (f)) as the legal basis for the processing of your personal and credit information. These Legitimate interests are promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention.

Please review ICB’s Fair Processing Notice which is available here.

CCTV

We have CCTV footage installed on the premises with clearly marked signage. The purpose of this is for security and operations within the credit union.

Our legitimate interest: With regard to the nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to the credit union.

Your rights: in connection with your personal information are to:

  • To find out whether we hold any of your personal data, if we do to request access to that data that to be furnished a copy of that data. You are also entitled to request further information about the processing
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes
  • Request the restriction of processing of your personal information. You can ask us to suspend processing personal information about you, in certain circumstances.
  • Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.
  • Request that we provide you with a copy of any relevant personal data in a reusable format or request that we transfer your relevant personal data to another controller where it’s technically feasible to do so.

‘Relevant personal data is personal data that: You have provided to us or which is generated by your use of our service. Which is processed by an automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us.

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:

  • Telephone: +353 57 8684800 / +353 (0)761 104 800
  • Lo Call Number: 1890252231
  • E-mail: info@dataprotection.ie
  • Postal Address: Data Protection Commissioner, Canal House Station Road, Portarlington, Co. Laois, R32 AP23

**Please note that the above rights are not always absolute and there may be some limitations; lf you want access and or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we send you a copy/a third party a copy your relevant personal data in a reusable format, please contact Bruff Credit Union DPO in writing using contact details below.

There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Ensuring our information is up to date and accurate. We want the service provided by us to meet your expectations at all times. Please help us by telling us straight away if there are any changes to your personal information.

Cookies

We may obtain information about your general Internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. Bruff Credit Union uses cookies to collect information about visitors’ use of the website, including matters like connection speed, operating system details, the time and duration visits and IP addresses. Some of the cookies we use are essential for the Website to operate. Bruff Credit Union will not attempt to personally identify visitors from their IP addresses.

You block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit the website. For more information on cookies please refer to our cookie policy.

Site visitation tracking

This site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. Bruff Credit Union  consider Google to be a third party data processor and their privacy policy can be viewed here. Google are based in the USA and are EU-U.S Privacy Shield compliant.

Google Analytics makes use of cookies, details of which can be found on Google’s developer guides.

Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.

Cookies used by Google Analytics include: utma / utmb / utmc / utmt / utmz / ga / gat / gid

Contact forms and email links

Should you choose to contact us using the contact forms on the Bruff Credit Union website, none of the data that you supply will be stored by this website or passed to third parties. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).

WordPress

This site uses WordPress as the content management system to run the site. WordPress sets cookies which are known as “Functional Cookies”, meaning they are essential to the running of the site but do not collect any personal information. Cookies used by WordPress include;

wordpress_logged_in* Checks whether or not the current visitor is a logged in WordPress.com user.
wp-settings-{user_id} Persists a user’s wp-admin configuration.
wp_sharing_{id} Tracks whether or not a user has already performed an action.

Types of Cookies

  • Strictly Necessary: These cookies are essential for websites on our services to perform their basic functions.
  • Functionality: These cookies are used to allow the feneral function of the website and end-user experience.
  • Security: We use these cookies to help identify and prevent potential security risks.
  • Analytics and Performance: Performance cookies collect information on how users interact with our websites, including what pages are visited most, as well as other analytical data. We use these details to improve how our websites function and to understand how users interact with them.
  • Third Party / Embedded Content: We make use of different third-party applications and services to enhance the experience of website visitors. These include social media platforms such as Facebook and Twitter (through the use of sharing buttons), or embedded content from Youtube and Vimeo. As a result, cookies may be set by these third parties and used by them to track your online activity. We have no direct control over the information that is collected by these cookies.

Embedded content from other websites

Articles on this site may include embedded content (such as YouTube videos). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

This Websites Server

This website is hosted by Siteground within a UK data centre located in Chessington, South West London, and is run by Digital Realty.

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Data Breaches

Even thoughBruff Credit Union do not store any personal information on our website database, we will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Contact Bruff Credit Union

If you wish to avail of either of these rights, please contact us at O61 – 382111 or email at info@bruffcu.ie

Data Privacy