At St. Paul’s Garda Credit Union Ltd., we take your privacy seriously and we are fully committed to keeping your information private. Providing and holding personal information comes with significant rights on your part and significant responsibilities on ours.

This Data Privacy Notice is provided to fulfil our obligations under the General Data Protection Regulation (GDPR), effective from 25 May 2018. GDPR requires greater accountability and transparency from organisations such as ours with regard to the treatment of your personal information, and provides data subjects with enhanced rights and greater control over how we process it.

This data privacy notice summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information and how you can exercise such rights.

  1. Who are we?

Throughout this document, “we”, “us’, “our” and “ours’ refer to St. Paul’s Garda Credit Union Ltd. Established in 1967 we are an industrial based credit union primarily focused on our members and pride ourselves on offering quality services to serving and retired members of An Garda Síochána, and members’ of their families, within the common bond.

  1. The information we collect about you

We will hold:

  • Identity & contact information
  • Financial details
  • Marital status and/or financial associations
  • Other personal information
  • Sensitive categories of data e.g health information for insurance purposes
  • Information which you have consented to us using
  • Information about you provided by others e.g. joint account/group account applications or guarantor details
  • Other personal information such as: telephone recordings, CCTV images at our office and information provided when exercising your rights under Section 9 below
  1. When we collect your information

We collect information: (i) you give us; (ii) information from your use of our products, services or our websites and mobile apps, and; (iii) information provided to us by third parties.

  1. How we use your information

We use, and share, your data in the following cases:

  • to assess eligibility and credibility for the services, products and facilities we offer
  • to provide credit union and other related services, products and facilities to you
  • to implement any contracts we have entered into with you
  • to conduct credit searches with credit reference agencies in order to provide credit facilities and, where necessary, for fraud prevention and debt recovery.
  • use is necessary because we have to comply with a legal obligation (e.g reporting to the Central Credit Register, regulatory authorities and law enforcement)
  • use for our legitimate interests (which you may object to) such as managing our business on a day to day basis including credit risk management, providing service information, conducting marketing activities, training, quality assurance and strategic planning
  • you have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time)
  1. How we use automated processing of ‘analytics’

We may analyse your information using automated means to:

  • make assessments where you apply for a loan including creditworthiness and affordability. We may make lending decisions based solely on an automated analysis of your information.
  • We may use automated processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing, for example, to screen for suspicious transactions.
  1. Who we share your information with

Sharing can occur in the following circumstances and/or with the following:

  • our systems suppliers who test backup data,
  • our supplier used for checking the names of members against sanctions lists,
  • solicitors used for recovery of outstanding debts
  • members authorised representatives
  • when you open or use a joint account
  • guarantors
  • statutory and regulatory bodies and law enforcement authorities
  • credit reference/rating agencies

If we issue you a debit card, Transact Payments Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their Privacy Policy which is available here http://currentaccount.ie/files/tpl-privacy-policy.pdf

  1. How long we hold your information

Our retention periods are subject to legislation and regulatory rules set by authorities such as the Central Bank of Ireland and the type of financial product provided to you.

  1. Implications of not providing information

If you do not provide information we may not be able to:

  • provide/continue to provide credit union services to you

You will be informed in instances where information which is not a contractual requirement or is not needed to comply with our legal obligations is requested.

  1. How to exercise your information rights including the right to object

GDPR acts to empower data subjects with enhanced rights in relation to how we use your information, including the right, without undue delay, to:

  • find out if we use your information, access your information and receive copies of your information
  • have inaccurate/incomplete information corrected and updated
  • object to particular use of your personal data for our legitimate business interests or direct marketing purposes. Members possess the right to opt out any anytime.
  • in certain circumstances, to have your information deleted or our use of your data restricted
  • in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision
  • exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider)
  • to withdraw consent at any time where processing is based on consent.

If you have any questions as to how we use your information or if you wish to exercise any of your data rights you can contact our Data Protection Officer by post at St. Paul’s Garda Credit Union Ltd., Boreenmanna Road, Cork, T12 TN67 by telephone on 021-4313355 or by email at enquiries@stpaulscu.ie. If you make your request electronically, we will try to provide you with the relevant information electronically.

You also have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:

Telephone: +353 (0)761 104 800 or 1800 437 737

E-mail: info@dataprotection.ie

Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois. R32 AP23