1. ABOUT OUR CREDIT UNION
2. THE PURPOSE AND STRUCTURE OF OUR DATA PROTECTION STATEMENT
3. WHO OUR DATA PROTECTION STATEMENT APPLIES TO
4. CATEGORIES OF PERSONAL DATA
5. OUR LEGAL BASIS
6. OUR PROCESSING ACTIVITIES
7. SOURCES OF PERSONAL DATA
8. DISCLOSURE OF PERSONAL DATA
10. SECURITY MEASURES
11. TRANSFERS OUTSIDE THE EEA
12. RETENTION
13. YOUR RIGHTS UNDER THE GDPR
14. COOKIES
15. AMENDMENTS TO THIS DATA PROTECTION STATEMENT
16. OUR CONTACT INFORMATION
17. SUPERVISORY AUTHORITY DATA PROTECTION STATEMENT - MEMBER ACCOUNTS DATA PROTECTION STATEMENT - LOAN ACCOUNTS DATA PROTECTION STATEMENT - WEBSITE USERS DATA PROTECTION STATEMENT - ONLINE BANKING USERS DATA PROTECTION STATEMENT - ONLINE LOANS
1. ABOUT OUR CREDIT UNION
ANSAC Credit Union Limited as a Data Controller.
| Credit Union: | ANSAC CREDIT UNION |
| Address: | 18 Drumcondra Road Upper, Drumcondra, Dublin 9 D09XF86. |
| Website: | www.ansaccu.ie |
| Email: | dataprotection@ansaccu.ie |
| Phone: | 01 8554489 |
ANSAC Credit Union Ltd. (“ANSAC”) is a member-owned financial organisation that provides financial services to its members. We are committed to the privacy of those that we engage with, and this statement details our approach. While providing personal data to us in the course of business or using our website, we will manage your data in accordance with this privacy statement.
Credit Union: | ANSAC Credit Union Ltd. |
Address: | 18 Drumcondra Road Upper, Drumcondra, Dublin 9 D09XF8675. |
Website: | |
Email: | |
Phone: | 01 8554489 |
Personal data processed by ANSAC is in accordance with current Data Protection Regulation in Ireland and the General Data Protection Regulation in Europe (the “GDPR”).
If you are under the age of 18, please read this statement with the assistance of a parent or guardian. General Data Protection Regulation in Europe (the “GDPR”).
2. KEY DEFINITIONS
Our / We / ANSAC / Credit Union / CU refers to ANSAC Credit Union Limited.
You / Your / Member / Subject refers to the individual person whose personal data is the subject of the text.
Personal Data: Information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one of more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject: The identified or identifiable natural person.
Special (often referred to as Sensitive) Data: Information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trades union membership, or that includes genetic data, biometric data to reveal the identity of a person, or data concerning health, sex life or sexual orientation. Personal data relating to criminal convictions is also considered sensitive.
Controller: The natural or legal person or body which alone or jointly determines the purpose and means of the processing of personal data.
| Data Protection Statement | Details |
| Summary Data Protection Statement | provides summary information about the processing activities of the Credit Union |
| General Data Protection Statement | provides general data protection related information |
Services Data Protection Statement(s) including
| provides further information about particular services and processing activities of the Credit Union. These service data protection statements are included at the end of our General Data Protection Statement and will be provided when relevant to your interaction with us. |
3. PURPOSE AND LAWFUL BASIS
This section sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us.
The Credit Union processes your personal data for many reasons, and we are obliged to inform you of the purposes for which we use your data and legal basis for processing.
In general, we may obtain personal data including name, address, phone numbers, e-mail address, other electronic identifiers, title, profession, images, IP address, photographic ID, company details, dependants or partner details, your bank or mortgage details, politically exposed status, tax identities, video recordings, emails and other information provided by you while engaging with the Credit Union and in particular while agreeing credit. We may also obtain similar information from third parties such as Irish credit agencies, or from your use of ANSAC systems, or when you sign up to or attend events or otherwise engage with the Credit Union.
Data Protection Statement | Details |
Privacy Notice | Provides general data protection related information. |
Services Data Protection Statement(s) including
| Provides further information about particular services and processing activities of ANSAC. |
The purposes for processing your personal data may overlap, and some purposes for processing may have multiple legal basis. They are as follows:
Category | Purpose | Examples of the Type of Data Processed | Legal Basis for Processing* |
*Note; Where this document refers to the Legitimate Interest of ANSAC as a legal basis for processing, such legitimate interest refers to the management and delivery of the services of a Credit Union as provided for in the Credit Union Act 1997 as amended. Such processing also includes activities mandated, approved or deemed acceptable by Irish or EU regulatory or oversight authorities.
Membership | |||
Application / Membership Administration | To initiate and manage our relationship with our members or potential members | General Personal Details; name, contact details, address, tax identities, date of birth, nationality, tax residency, financial position, proof of identity details, beneficial ownership details, related parties, security details, occupation, security facts, records of interactions with the CU. | - Entering into or performance of a contract - Consent - Legitimate interest of ANSAC* - There is a legal / regulatory obligation |
Savings & Current Account | To manage member savings accounts | General personal details plus source of funds, account turnover, bank details, record of transactions, debit card usage details and balances. For clubs or businesses, identity of officers. | - Performance of a contract - Legitimate interest of ANSAC* - There is a legal / regulatory obligation - Consent |
The Personal Data of Third Parties | We may need to communicate with connected third parties that are not members of the Credit Union to manage an event, to comply with law or regulation, or in relation to a financial product | Identification details, relationship, securities and address relating to partners, family, guarantors, beneficiaries, nominees or a director or representative of an entity or person | - Performance of a contract - Legitimate interest of ANSAC* - There is a legal / regulatory obligation - Consent |
Affiliation with the Irish League of Credit Unions (“ILCU”) or Credit Union Development Authority (“CUDA”) | Reporting and use of services provided by representative bodies and to fulfil our obligation in accordance with ILCU/CUDA rules | Member details and information relating to the provision of insurance | - Performance of a contract - There is a legal / regulatory obligation - Credit Union Act and amendments - Legitimate interest of ANSAC* |
Enquiries | To engage with individuals who make an enquiry | Details provided on the enquiry including name, and contact details | - Consent - Legitimate interest of ANSAC* |
Incapacity to Act upon an Account | When a person is unable to transact due to an intellectual incapacity - Appointment of an individual to administer the account or - Board approval of transactions | All personal data | - There is a legal / regulatory obligation - Vital interest of the subject - Legitimate interest of ANSAC* |
Loans | |||
Loan Applications and Loan Management | To manage the loan process and loan agreement including assessing creditworthiness, validating information provided during the application process, determine if you are a connected or related party borrower, assessing credit history with the CCR, effecting a legal charge over an asset and to manage the loan account. | Personal details & proof of identity plus credit history/rating, monthly income/outgoings, payslips, bank statements, connected party status, Marital status, spouse/partner/dependents details, property details, social welfare receipts, Declaration of Health, information relating to connected parties, details of a guarantor to the loan application, records of communication relating to a loan. | - Entering into or the performance of a contract. - There is a legal / regulatory obligation (Credit Union Acts, Anti-Money Laundering legislation and Central Bank regulations) - Legitimate interest of ANSAC* |
Medical Details | For the purpose of insurance | Medical Details | - Performance of a contract (loan agreement insurance) |
Credit Control | To manage the debt recovery process including credit searches and engaging with the Irish credit agencies, the recovery of debt, the transfer of debt and the enforcement of security or guarantee against a loan. | As above (for loan application and loan management) | - Performance of a contract (loan and membership agreements) - There is a legal / regulatory obligation - Legitimate interest of ANSAC* |
Identity Details | To establish the Identity, status, address and proof of identity of the parties to a loan | Identity data relating to the member, guarantors, nominees, family members or advisors | - Performance of a contract (loan and membership agreements) - There is a legal / regulatory obligation - Legitimate interest of ANSAC* |
Connected Borrowers / Related Parties | To establish to full risk exposure associated with a credit application | Relationship information relating to Officers / Directors of the CU | - There is a legal / regulatory obligation - Legitimate interest of ANSAC * |
Spouse / Partner | To assess a loan application, validate data provided on a loan application, perform a credit search with the CCR to establish credit status and comply with law or regulation. | Name, identification and contact details, financial and creditworthiness details, dependents, relationship with applicant | - Performance of a contract (loan and membership agreements) - There is a legal / regulatory obligation - Legitimate interest of ANSAC * |
Guarantors | To evaluate suitability / creditworthiness, inform of changes to performance of a loan, the collection of debt and comply with law or regulation | Name and contact details, financial details and creditworthiness, connected party status | - Performance of a contract (loan and membership agreements) - There is a legal / regulatory obligation - Legitimate interest of ANSAC* |
Insurance & Investments | |||
Life Savings & Loan Protection Insurance provided by ECCU. This is a condition of taking a loan with the CU | To provide loan protection and life savings protection for loans issued | Personal data relating to loan protection insurance. Loan protection insurance personal data may include 'special' personal data including medical records | - The performance of a contract. - There is a legal / regulatory obligation - Legitimate interest of ANSAC* |
Marketing & Other Activities | |||
Direct Marketing to Members | To inform members of the services of the CU and events that you may be interested in | Contact details including postal address, email, text, phone, mobile phone. (You may opt out of any of the above upon request) | - Consent - Legitimate interest of ANSAC* |
Competitions or Quizzes | To hold a competition or draw for Members or members of the public | Name and contact details | - Consent - Legitimate interest of ANSAC* |
Surveys | To understand the requirements or views of subjects | Name and contact details | - Consent - Legitimate interest of ANSAC* |
Website | To promote the activities of the CU and to inform Members | IP address, web tracking data | - Consent - Legitimate interest of ANSAC* |
CCTV & Voice Recording | |||
CCTV recordings on all premises, both internally and externally | For safety and security | Motion images from cameras (not including voice) | - Legitimate interest of ANSAC* or another party - To protect the Credit Union in the event of security or safety incident or other unlawful event - Vital interest of subjects |
Internal Cameras | For safety, security and the monitoring of transactions and cash handling | Motion images from cameras (not including voice) | - Legitimate interest of ANSAC* or another party - To protect the Credit Union in the event of security or safety incident or other unlawful event and to monitor transactions and resolve disputes |
Voice Recording | For safety, security, operational, training, regulatory or conversation validation purposes | Voice recordings of telephone conversations or messages | - Consent - There is a legal or regulatory obligation - Legitimate interest of ANSAC* or another party - To protect the Credit Union in the event of security or safety incident or other unlawful event - Vital interest of subjects |
General Legal / Regulatory Obligations | |||
Revenue | To comply with the requirements of Revenue, to pay all applicable taxes, enable tax audits and provide tax reports | Identity, PPS number, dividend or interest payments, tax residency, details relating to tax rules and income | - There is a legal / regulatory obligation |
Regulatory Authorities | To enable processes that are compliant with law and regulation, and to facilitate audits and compliance reporting to the Central Bank of Ireland relating to Credit Unions, and any other mandatory requirements relating to the Credit Union | - There is a legal / regulatory obligation - Legitimate interest of ANSAC* | |
AML | To comply with the Criminal Justice (money laundering and terrorist financing) Act and Amendments | Name, Identification, proof of address, date of birth, PEP statue, Photographic ID including passport or driving license, other form of identification, PPS number, details of transactions, AML or Fraud reports | - There is a legal / regulatory obligation |
Auditors & Compliance | To audit the activities of the Credit Union in line with regulation and best practice | All data | - There is a legal / regulatory obligation - Legitimate interest of ANSAC* |
4. PROVISION OF CONSENT
Where we are processing data based on your consent you may withdraw that consent at any time.
5. SHARING PERSONAL DATA
We take all reasonable measures to protect your personal information while it is in our possession, however, it may be transferred to others where there is a legitimate and lawful reason. This section lists the categories and types of organisations that we may transfer personal data to.
5.1
Individuals whom you name, such as guarantors, nominees or partners, professional advisors, industry representation, current account service providers, referral partners such as insurance or investment companies upon your expression of interest, Insurers, accountants, auditors, payroll bureau and oversight authorities.
If we issue you a current account debit card, Transact Payments Malta Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available at https://currentaccount.ie/files/tpl-privacy-policy.pdf.
If you transfer money using SEPA payments, Intesa Sanpaolo Bank is a controller of your personal data, and you can find their privacy notice at https://group.intesasanpaolo.com/en/
5.2 Legal / Regulatory Requirements
Central Bank of Ireland: Credit Union Regulator and Anti-Money Laundering regulator, Department of Finance, Department of Social Protection, Revenue Commissioners, Financial Services and Pensions Ombudsman, State Anti-Fraud / criminal investigators (An Garda Síochana, Criminal Assets Bureau (CAB)), Central Credit Register (CCR), Irish League of Credit Unions (ILCU), Credit Union Development Authority (CUDA), Audit & Compliance, Solicitors and Advisors representing the Credit Union, Banks.
5.3 Credit Assessment, Credit Control, and Loan in Arrears or Debt Recovery
Guarantors, debt collection agencies or others legitimately involved in this process, a solicitor to effect a legal charge over an asset, a third party who has purchased debt, Irish credit organisations including the CCR.
5.4 Insurance
ECCU Assurance DAC for the purposes of insurance relating to Credit Union products.
5.5 Incapacity to Act Upon your Account
Where you have an incapacity to act upon an account due to intellectual incapability, the Board of Directors may access an account for the purpose of transferring of money.
5.6 Information Technology & Support Services
Your personal information may also be transferred to third party service providers who process information on ANSAC's behalf, including providers of information technology, website hosting and management, data analysis, anti-spam services, data back-up, security, email and storage services. ANSAC’s principal operating system is provided by Progress and IT Service Provider is NSSL Ltd.
6. INTERNATIONAL TRANSFER
ANSAC does not currently transfer personal data to any recipients outside of the European Economic Area (“EEA”) unless:
- Members use online identity validation software
- Requested to do so by the subject or,
- In the course to the recovery of a debt where connected parties are outside of the EEA.
In the event that a service provider to ANSAC Union is international in nature, or sub processes with entities that are not within the EEA, we will take steps to ensure that personal data is retained in the EEA and that any further processing that may expose such data to international transfer is subject to the protections provided by a lawful basis of transfer.
7. RESPONSIBILITY OF MEMBERS AND OTHERS WHO PROVIDE PERSONAL DATA TO ANSAC
You warrant that personal information provided to us that relates to third parties (e.g. family, guarantors, nominees etc.) for the administration and delivery of services being provided, or while engaging with us in any other way, has been obtained fairly and lawfully and that such information is accurate. You also warrant that third parties introduced by you are aware of the purpose for which their personal data is being used and that their privacy rights have been upheld.
8. INFORMATION RELATING TO CHILDREN AND VULNERABLE PERSONS
The processing of personal data relating to children and vulnerable persons receives special attention under Data Protection legislation and we shall treat this information with particular care. The digital age of consent is sixteen (16) years of age in Ireland. Information obtained about children shall comply with the requirement for parental consent and shall receive additional consideration while planning an operational process.
9. SPECIAL (Sensitive) DATA
ANSAC recognises special categories of data, specifically personal data revealing racial or ethnic origin, political opinion, religious of philosophical beliefs, trades union membership, genetic or biometric data, or a subject’s health or sexual life. The processing of these categories of information shall typically require consent. We may also process Special Data where there is a legal / regulatory obligation whereby there is a legitimate interest or whereby it is in the public interest.
Health Data may be processed for the processing of an insurance or mortgage product. Such processing will not normally require your consent.
10. NOMINATIONS
Irish legislation enables the nomination of successors to a deceased member's property in their Credit Union account and provides for special treatment independent of the deceased person’s estate. This is a unique facility available to Credit Unions and all members are entitled to nominate a successor(s). A member's nomination together with a record of revocations (the revoking of a nomination) shall be retained confidentially by the Credit Union. Personal data relating to nominations will be retained for up to six (6) years following the completion of the nomination process.
ANSAC will request confirmation of a nominees identity, relationship to the member, and payment details to administer a valid nomination following the death of a member. Nomination information may be transferred to advisors, auditors, administrative staff and with recognised oversight authorities for the administration of this facility and will always be bound by confidentiality obligations.
11. CONFIDENTIALITY & SECURITY
ANSAC have implemented generally accepted standards of technology and operational security to protect personal data from alteration, unauthorised disclosure or destruction, and from use for unauthorised purposes. Furthermore, we have taken measures to ensure that contracts with all third parties that provide technical and processing services include terms that specify appropriate technical and organisational security measures to prevent accidental, unauthorised or unlawful disclosure or processing of personal data.
12. YOUR RIGHTS
Data Subjects have the right to:
- Be informed if we have personal data relating to a subject, the categories of data and the purpose of processing.
- Where information is collected directly from the subject, to be informed of the Controller and Representative, the purpose and legal basis for processing.
- Where we rely on our legitimate interest, we will inform you of that interest, who we may transfer that personal data to, if the data is being transferred internationally, the retention duration or criteria for storage for personal data, the consequences of not providing the data.
- Where data was not provided by you, we will identify the source of that data together with data categories.
- Be informed if a failure to provide the personal data will have any direct and material personal consequences.
- Access your personal data. Where the format is not reasonably understood, this shall be delivered in an intelligible format.
- Have inaccurate, incomplete or out-of-date personal data that we hold about you corrected or deleted.
- Withdraw consent for your personal data to be processed where it was obtained from you on the basis of consent.
- Make a submission on any automated decisions making processes or profiling of you.
- Transfer your data to another controller.
- Have your personal data excluded from certain categories of processing.
- Lodge a complaint with the Data Protection Commissioner. Contact details for the DPC can be found at www.dataprotection.ie
Note:
- There are some limitations to these rights.
- You can contact us to exercise these rights by e-mail at dataprotection@ansaccu.ie. We will ask for additional information to verify your identity prior to acting upon such requests.
13. REMOVAL FROM MAILING LISTS
You may unsubscribe from our mailing list(s) at any time by using the ‘unsubscribe’ button on marketing communications, or by contacting us at info@ansaccu.ie.
14. REPORTING OF DATA BREACHES
Where a data breach occurs that poses a risk to the subject it shall be reported to the Data Protection Commission. Where such a breach occurs and poses a high risk to you, we will also inform you. All breaches will be managed in accordance with Irish law and the GDPR.
15. PROFILING
We may profile personal data in certain instances. This will typically be in the context of applying for a loan, fulfilling our obligations under Anti-Money Laundering legislation or for the purpose of marketing. Such processing shall not be fully automated and shall always be subject to the intervention of an officer of the Credit Union.
16. DATA RETENTION
We retain personal data that you submit to us only for as long as is necessary and for the purposes for which it was obtained, or as required by law. We have detailed retention periods for which personal data shall be retained for particular purposes below. The Credit Union reserves the right to delete personal data prior to the conclusion of the retention period or where such retention is not absolutely necessary for the provision of service to a subject.
Purpose of Processing | Duration | Criteria for the Storage of Personal Data |
Membership Information | 7 years | From closing of the account, or greater where regulation mandates |
Identity Verification Data | 2 years | Upon expiry of use (and it has been replaced) |
Loan Application Denied - Application and Supporting Documents | 1 year | From final loan denial |
Issued Loan - Supporting Documents | 2 years | From the repayment of the loan, or, in conjunction with deletion of the loan file |
Loan Related Data (Agreement and Transaction Details) | 7 years | From closing of the account, or greater where regulation mandates |
Death Benefit | 1 year | From closure of membership account |
Loan Protection Insurance | 1 year | From closure of a membership account |
Employment / Volunteer Data | Generally, for the duration of employment plus 7 years. Where categories of data have: - Regulatory limitations to possible liability, or - Mandatory retention periods, we will retain for these periods plus one year. | |
CCTV and Voice Recordings | 1 month | From recording. Up to 6 years In the event of an incident where a material risk of a liability exists |
Incidents or Complaint Reports | Permanent | |
Small Balance Write-Offs / Un-cashed Cheque Details | Permanent | Mandatory requirement |
Documentation Relating to Revenue | Stored as mandated by law plus 12 months | |
AML and Fraud Prevention Documentation | Stored as mandated by law plus 12 months As mandated by the CU Handbook published by the Central Bank of Ireland plus 12 months | |
Records and Explanation of Transactions, and of the Provision of Service | ||
Notes: Nothing in this section creates an obligation upon the Credit Union to retain personal data on behalf of a data subject | ||
17. COOKIES
While using our web site we use cookies, small text files, which are placed on your hard drives to provide a more intuitive website experience. Cookies are a typical part of operating procedure for most websites, and most browsers permit users to opt-out of receiving them if the user would prefer.
You can opt out of the use of certain categories of cookies on the cookie notice tool that is always visible while you use the ANSAC website. This may reduce some of the functionality of the site.
Cookies can also be deleted by you from your browser at any time.
18. UPDATES
This notice may be updated to comply with precedent that has been established or to provide further clarification. The most up to date version is available upon request from ANSAC Credit Union Ltd. We advise you to use a current version of this document when considering your rights.
