General Data Protection Regulation
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.
Download full GDPR information from Aviate Credit Union
Data Protection Statement
This Data Protection Statement is effective as and from 25 May 2018
This statement describes how we process your personal information. Please take the time to read it carefully. You have a number of rights in relation to your information including the right to object to processing of your personal information where that processing is carried for our legitimate interests and for the purposes of direct marketing.
In this statement we use the terms “we” and “our” to refer to Aviate Credit Union.
This statement applies to all personal information we collect about you when you apply to become a member, when you avail of our products and services, when you use our website or mobile applications.
1. Who we are and how to contact us.
Aviate Credit Union Limited is a registered credit union which is regulated by the Central Bank of Ireland. We are the controller responsible for your personal data.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this data protection statement and our approach to privacy. If you have any questions about this data protection statement, including any request to exercise your legal rights, please contact the DPO using the details set out below;
Data Protection Officer
Aviate Credit Union
Co Dublin K67 F3X2
2. The purpose and legal basis for processing your information.
We collect your information for a number of purposes and rely on a number of different legal bases to use your personal information.
a) To enter into and perform a contract with you:
Before you can become a member of the credit union we need to collect personal information from you in order to assess your application for membership and enter into a contract of membership with you.
We need to process your personal information in order to manage your accounts, your shares you hold in us, and products you hold with us and to assess your various applications for products and services, such as loans and budget schemes including, where applicable making decisions on your credit worthiness. We may obtain this personal information from you and in some circumstances from third parties.
We may process your personal information in order to arrange insurance for you as an insurance intermediary.
If you choose to enter into the car draw, we will use your personal information to enter you into the draw and where you are a winner your name will be published on our website as a winner and on our social media and other digital media channels. In addition, under the rules of the car draw your name will be provided to other entrants on request, within a certain period.
b) To comply with our legal obligations
We are required to process your personal information to comply with certain legal obligations to which we are subject, including:
To meet our obligations under the Credit Union Act 1997 (as amended) and other financial services legislation and codes of practice. This may involve sharing your personal information with the Central Bank, where we are required to do so and contacting you about various matters as required under the Credit Union Act 1997 (as amended) such as annual general meetings and election of officers.
Providing information to An Garda Síochána, the Revenue Commissioners, the Central Bank and other enforcement agencies under various pieces of legislation to which we are subject.
To verify your personal information provided to us and to meet our legal and compliance obligations, including detecting and preventing money laundering, tax avoidance, finance of terrorism.
To supply information to the Central Credit Register as required by law.
c) For our legitimate business interests
Where we process your information for our legitimate interests, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms.
We may use your personal information to manage our everyday business needs, including accounting, internal reporting needs, and market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud, in our legitimate interest. Our legitimate interest is the effective management of our business.
We may use your personal information to assess creditworthiness prior to providing any funds to you by way of a loan overdraft facility or otherwise, in our legitimate interest. Our legitimate interest is to ensure financial stability of the credit union and the protection of members funds.
We may use your personal information for direct marketing purposes to advise you of products and services we feel may interest you in our legitimate interest. Our legitimate interest is to connect with our members and to inform our members of various products and services which we provide. You can opt out of the receipt of marketing communications at any time.
d) With your consent
We sometimes process sensitive personal information, such as information concerning your health when you apply for certain products or services. Where we do so we will obtain your explicit consent. This consent can be withdrawn at any time by using the contact details of the DPO set out above.
3. Failure to provide information
Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide that data when requested we may not be able to perform the contract we have or are trying to enter in to with you (for example we require certain information from you in order to fulfil our requirements under both Irish and European Anti-Money Laundering Legislation before we can allow you to become a member of the Credit Union. As such we may not be able to complete your application for membership with us but we will notify you of this at the time if this is the case.)
4. Types of Information we collect and some examples of how we use it
We may collect, use, store and transfer different kinds of personal information about you as follows and use it for a variety of different purposes
Example of how we use it
Address, email address, telephone numbers
We use this information to send you information about products and services, membership issues such as AGMs and to respond to your queries.
Name, date of birth, PPSN, nationality, driving licence, passport
We use this information to verify your identity and to comply with our obligations under anti-money laundering legislation.
Occupation and income details such as employer name, employment status, your salary, other incomes, expenses.
Information concerning marital and family status,
the activity and balances on your accounts, your transactions,
Details of the products you hold with us,
Information gathered from applications for our products and services and your application for membership
We use this information for a number of reasons including to assess your application for our products or services, to monitor your transactions with us, to determine if you fall within the common bond of the credit union, to detect anti-money laundering.
Interactions with our staff and officers, including notes of your calls with our staff on our database.
We use this information to keep a record of your interactions with us, to monitor and train our staff
Information on your physical or mental health
With your consent we use this information to assess your application for products or services
Information obtained from other parties such as credit reference agencies, central credit register or joint account holders
We use this information to assess your application for products and services
Images from CCTV camera in and around the credit union premises
We may use these images for security purposes
5. Your information and Third Party Service Providers
Third Party Service Providers: We may share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, debt collection agencies, valuers, lawyers and other business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administrative services.
Potential sale or merger of the Credit Union: we may also transfer your personal information to companies we plan to merge with or be acquired by.
An Garda Síochána, government bodies, the Central Bank or other government officials: we may share your personal information with an Gardaí, or other government bodies or agencies including but not limited to the Central Bank and the Revenue Commissioners, where required to do so by law.
Credit referencing agencies; we may disclose your information to credit referencing agencies for the purposes of carrying out a credit history check. We also provide these agencies with details regarding products and services you have with us and your repayment records.
The Central Credit Register; we may transfer your personal information to the Central Credit Register. This is a centralised system that collects and stores information about your loans & budget account. We will provide information about your products and services and details of your repayment history.
Vehicle Provider:Where you win the car draw we will provide your name and contact details to the provider of the vehicle who may contact you directly.
Third Parties: We may provide your information to third parties to facilitate transactions at your request, such as to make payments to third parties, to obtain foreign currency from our foreign currency provider (who may contact you to advise that your foreign currency is ready for collection). We may disclose your personal information to insurance companies, where we arrange insurance for you in our capacity as an insurance intermediary.
ECCU: Where your loan is insured with ECCU we may provide them with certain information.
6. Storage Periods
We will retain your personal information for the purpose of satisfying any legal, accounting or reporting requirements. We may hold your personal information for a period of seven years from the date of completion of any contract with you, by reference to the statute of limitations for a legal claim under contract. We may hold your personal information for longer if required to do so by law.
7. Transfers outside the European Economic Area
We may transfer your personal data outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection and in such circumstances, we take specific steps, in accordance with data protection law and to protect your personal information. In particular, for transfers of personal data, outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protection approved by the European Commission.
8. How we use Automated Processing
We may analyse your personal information by automated means to make assessments on your creditworthiness and repayment capacity when you apply for a product or service. We will use this analysis to assist us in making a decision on whether to provide you with credit such as a loan or overdraft facility.
We may also use automated processing to assist in compliance with our legal obligations in connection with prevention of, money laundering, fraud and terrorist financing.
9. Your Rights.
You have several rights under data protection law in relation to how we use your personal information. You have the right, free of charge to;
1. Request a copy of the personal information we hold about you.
2. Rectify any inaccurate personal data we hold about you.
3. Erase personal information we hold about you.
4. Restriction of processing of your personal information.
5. Object our use of your personal information for our legitimate interests, including profiling.
6. Receive your personal information in a structured commonly used and machine-readable format, and to have that data transmitted to another data controller.
7. Where the processing is based on consent, the right to withdraw that consent.
8. Object to the use of your personal information for direct marketing at any stage
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details contained in set out above. We will endeavour to respond to your request within a month. If we are unable to deal with your request within a month we may extend this period by a further period of two months and we will explain why.
You also have the right to lodge a complaint to the Office of the Data Protection Commission.
9. Marketing-Opting Out
Where we process your information for direct marketing purposes, we will only do so where you have not opted out. You have the right to opt out of the receipt of marketing communications at any time.
If you do not wish to hear from us about special offers and promotions by way of post, email, phone, text or digital media please contact us at the contact details set out at 1 above or follow any unsubscribe link in any email we send you.
We will update this data protection statement from time to time. Any updates will be made available on www.aviatecu.ie and where appropriate notified to you.