Privacy Policy

General Data Protection Regulation

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.

Download full GDPR information from Aviate Credit Union


Data Protection Statement

This Data Protection Statement is effective as and from 25 May 2018


This statement describes how we process your personal information. Please take the time to read it carefully.  You have a number of rights in relation to your information including the right to object to processing of your personal information where that processing is carried for our legitimate interests and for the purposes of direct marketing. 

It is important that you read this statement together with any other privacy policy, data protection statement or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them. Using this website indicates that you accept this policy.

In this statement we use the terms “we” and “our” to refer to Aviate Credit Union.

This statement applies to all personal information we collect about you when you apply to become a member, when you avail of our products and services, when you use our website or mobile applications.


1.  Who we are and how to contact us.

Aviate Credit Union Limited is a registered credit union which is regulated by the Central Bank of Ireland. We are the controller responsible for your personal data. 

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this data protection statement and our approach to privacy.  If you have any questions about this data protection statement, including any request to exercise your legal rights, please contact the DPO using the details set out below;

Data Protection Officer

Aviate Credit Union

Cloghran House

Corballis Way

Dublin Airport

Co Dublin K67 F3X2


2.  The purpose and legal basis for processing your information.

We collect your information for a number of purposes and rely on a number of different legal bases to use your personal information.



a)  To enter into and perform a contract with you:


Before you can become a member of the credit union we need to collect personal information from you in order to assess your application for membership and enter into a contract of membership with you.

We need to process your personal information in order to manage your accounts, your shares you hold in us, and products you hold with us and to assess your various applications for products and services, such as loans and budget schemes including, where applicable making decisions on your credit worthiness. We may obtain this personal information from you and in some circumstances from third parties.

We may process your personal information in order to arrange insurance for you as an insurance intermediary. 


If you choose to enter into the car draw, we will use your personal information to enter you into the draw and where you are a winner your name will be published on our website as a winner and on our social media and other digital media channels. In addition, under the rules of the car draw your name will be provided to other entrants on request, within a certain period.


b)  To comply with our legal obligations


We are required to process your personal information to comply with certain legal obligations to which we are subject, including:


To meet our obligations under the Credit Union Act 1997 (as amended) and other financial services legislation and codes of practice. This may involve sharing your personal information with the Central Bank, where we are required to do so and contacting you about various matters as required under the Credit Union Act 1997 (as amended) such as annual general meetings and election of officers.

Providing information to An Garda Síochána, the Revenue Commissioners, the Central Bank and other enforcement agencies under various pieces of legislation to which we are subject.

To verify your personal information provided to us and to meet our legal and compliance obligations, including detecting and preventing money laundering, tax avoidance, finance of terrorism.

To supply information to the Central Credit Register as required by law.


c)  For our legitimate business interests


Where we process your information for our legitimate interests, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms.

We may use your personal information to manage our everyday business needs, including accounting, internal reporting needs, and market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud, in our legitimate interest.  Our legitimate interest is the effective management of our business.

We may use your personal information to assess creditworthiness prior to providing any funds to you by way of a loan overdraft facility or otherwise, in our legitimate interest. Our legitimate interest is to ensure financial stability of the credit union and the protection of members funds.

We may use your personal information for direct marketing purposes to advise you of products and services we feel may interest you in our legitimate interest.  Our legitimate interest is to connect with our members and to inform our members of various products and services which we provide. You can opt out of the receipt of marketing communications at any time.


d)   With your consent


We sometimes process sensitive personal information, such as information concerning your health when you apply for certain products or services. Where we do so we will obtain your explicit consent. This consent can be withdrawn at any time by using the contact details of the DPO set out above.


3.  Failure to provide information 

Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide that data when requested we may not be able to perform the contract we have or are trying to enter in to with you (for example we require certain information from you in order to fulfil our requirements under both Irish and European Anti-Money Laundering Legislation before we can allow you to become a member of the Credit Union.  As such we may not be able to complete your application for membership with us but we will notify you of this at the time if this is the case.)


4.  Types of Information we collect and some examples of how we use it

We may collect, use, store and transfer different kinds of personal information about you as follows and use it for a variety of different purposes


Information type

Example of how we use it

Address, email address, telephone numbers

We use this information to send you information about products and services, membership issues such as AGMs and to respond to your queries.

Name, date of birth, PPSN, nationality, driving licence, passport



We use this information to verify your identity and to comply with our obligations under anti-money laundering legislation.

Occupation and income details such as employer name, employment status, your salary, other incomes, expenses.


Information concerning marital and family status,

the activity and balances on your accounts, your transactions,


Details of the products you hold with us,


Information gathered from applications for our products and services and your application for membership


We use this information for a number of reasons including to assess your application for our products or services, to monitor your transactions with us, to determine if you fall within the common bond of the credit union, to detect anti-money laundering.


Interactions with our staff and officers, including notes of your calls with our staff on our database.


We use this information to keep a record of your interactions with us, to monitor and train our staff


Information on your physical or mental health


With your consent we use this information to assess your application for products or services


Information obtained from other parties such as credit reference agencies, central credit register or joint account holders



We use this information to assess your application for products and services


Images from CCTV camera in and around the credit union premises



We may use these images for security purposes


5.  Your information and Third Party Service Providers

Third Party Service Providers: We may share your personal information with third party service providers that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, debt collection agencies, valuers, lawyers and other business advisors, marketing companies who carry out marketing campaigns on our behalf and providers of security and administrative services.  

Potential sale or merger of the Credit Union: we may also transfer your personal information to companies we plan to merge with or be acquired by.

An Garda Síochána, government bodies, the Central Bank or other government officials: we may share your personal information with an Gardaí, or other government bodies or agencies including but not limited to the Central Bank and the Revenue Commissioners, where required to do so by law. 

Credit referencing agencies; we may disclose your information to credit referencing agencies for the purposes of carrying out a credit history check. We also provide these agencies with details regarding products and services you have with us and your repayment records.

The Central Credit Register; we may transfer your personal information to the Central Credit Register. This is a centralised system that collects and stores information about your loans & budget account. We will provide information about your products and services and details of your repayment history.

Vehicle Provider:Where you win the car draw we will provide your name and contact details to the provider of the vehicle who may contact you directly.

Third PartiesWe may provide your information to third parties to facilitate transactions at your request, such as to make payments to third parties, to obtain foreign currency from our foreign currency provider (who may contact you to advise that your foreign currency is ready for collection). We may disclose your personal information to insurance companies, where we arrange insurance for you in our capacity as an insurance intermediary.

ECCU: Where your loan is insured with ECCU we may provide them with certain information. 

6.  Storage Periods 

We will retain your personal information for the purpose of satisfying any legal, accounting or reporting requirements.  We may hold your personal information for a period of seven years from the date of completion of any contract with you, by reference to the statute of limitations for a legal claim under contract.  We may hold your personal information for longer if required to do so by law.

7.  Transfers outside the European Economic Area

We may transfer your personal data outside the European Economic Area.  These countries do not always afford an equivalent level of privacy protection and in such circumstances, we take specific steps, in accordance with data protection law and to protect your personal information.  In particular, for transfers of personal data, outside the EEA where there is no adequacy decision by the European Commission we may rely on contractual protection approved by the European Commission.

8.  How we use Automated Processing

We may analyse your personal information by automated means to make assessments on your creditworthiness and repayment capacity when you apply for a product or service. We will use this analysis to assist us in making a decision on whether to provide you with credit such as a loan or overdraft facility.

We may also use automated processing to assist in compliance with our legal obligations in connection with prevention of, money laundering, fraud and terrorist financing.

9.  Your Rights.

You have several rights under data protection law in relation to how we use your personal information.  You have the right, free of charge to;

1.  Request a copy of the personal information we hold about you.

2.  Rectify any inaccurate personal data we hold about you.

3.  Erase personal information we hold about you.

4.  Restriction of processing of your personal information.

5.  Object our use of your personal information for our legitimate interests, including profiling.

6.  Receive your personal information in a structured commonly used and machine-readable format, and to have that data transmitted to another data controller.

7.  Where the processing is based on consent, the right to withdraw that consent.

8.  Object to the use of your personal information for direct marketing at any stage

These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact us using the contact details contained in set out above.  We will endeavour to respond to your request within a month.  If we are unable to deal with your request within a month we may extend this period by a further period of two months and we will explain why.

You also have the right to lodge a complaint to the Office of the Data Protection Commission.

9.  Marketing-Opting Out

Where we process your information for direct marketing purposes, we will only do so where you have not opted out. You have the right to opt out of the receipt of marketing communications at any time.

If you do not wish to hear from us about special offers and promotions by way of post, email, phone, text or digital media please contact us at the contact details set out at 1 above or follow any unsubscribe link in any email we send you.

10.  Updates

We will update this data protection statement from time to time. Any updates will be made available on and where appropriate notified to you.

Download a copy of our Privacy Statement

11. Debit Cards

If we issue you a debit card, Transact Malta Payments Ltd (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available HERE