Account Opening Privacy Policy - Bishopstown Credit Union Ltd

Account Opening Privacy Notice of Bishopstown Credit Union Limited

A credit union is a member-owned financial cooperative, democratically controlled by its members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to its members. In this Privacy Notice ‘we’, ‘our’, ‘us’, ‘credit union’ refers to Bishopstown Credit Union. Data collection, processing and use are conducted for the purpose of facilitating the abovementioned objectives.

This Privacy Notice is to provide you with information regarding the processing of information about you for account related purposes and other general purposes. Please take the time to read this notice carefully. If you are under the age of 16, please refer to our Child Friendly Privacy Notice (https://www.bishopstowncu.ie/cuweb/wp-content/uploads/BCU-Child-Friendly-Privacy-Statement.pdf).

If you apply for a loan with us, you will be provided with our Lending Privacy Notice to take account of further processing that may be necessary.

Our contact details are:

Address: Bishopstown Credit Union, Curraheen Road, Cork. T12 P977

Phone: 021-4800010

Email: info@bishopstowncu.ie

Contact our Data Protection Officer by post at ‘Data Protection Officer, Bishopstown Credit Union, Curraheen Road, Cork’ or by email at dataprotection@bishopstowncu.ie.

Bishopstown Credit Union is committed to protecting the privacy and security of your personal data. This privacy notice describes how we collect and use personal data about you during and after your relationship with us.

What personal data do we use?

We may collect, store, and use the following categories of personal data about you:

Data to identify you, and to meet AML requirements;
Your employment and personal details;
Account, member and contract data;
Interactions with Bishopstown Credit Union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage;
Online identifiers (i.e. cookies).

We need all the categories of information in the list above to allow us to; identify you, contact you, comply with our legal obligations and in order that we perform our contract with you.

Purposes for which we use your personal data:

To open and maintain an account for you;
To meet our obligations under the Credit Union’s Standard Rules
To contact you in respect of your account and any product or service you avail of; and
To comply with our legal and regulatory obligations, for example anti-money laundering, to identify connected borrowers.

How secure is my information with third-party service providers?

All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes unless they are deemed to be controllers in their own right[1]. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Usually, information will be anonymised but this may not always be possible. The recipient of the information will also be bound by confidentiality obligations.

[1] As a data controller, the organisations will be required to have provided you with a separate privacy notice setting out what it does with its data.

If you fail to provide personal data

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.

Change of purpose

You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Profiling

We sometimes use systems to make decisions based on personal data we have (or are allowed to collect from others) about you. This information is used for anti-money laundering purposes and compliance with our legal duties in those regard.

Data Retention Periods

We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Once the retention period has expired, the respective data will be permanently deleted.

Planned data transmission to third countries

There are no plans to transfer personal information outside the European Economic Area (EEA).

Updates to this notice

We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of this notice on our website at www.bishopstowncu.ie or you can ask us for a copy.

Our use and sharing of your information

We will collect and use relevant information about you, your transactions, your use of our products and services, and your relationships with us. We will typically collect and use this information for the

following purposes:

Fulfilling contract -This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services to you.

Administrative Purposes: We will use the information provided by you, either contained in this form or any other form or application, for the purpose of assessing this application, processing applications you make and to maintain and administer any accounts you have with Bishopstown Credit Union.

Third parties: We may appoint external third parties to undertake operational functions on our behalf. We will ensure that any information passed to third parties conducting operational functions on our behalf will be done with respect for the security of your data and will be protected in line with data protection law.

Irish League of Credit Unions (ILCU) Affiliation: The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us.

The Privacy Notice of ILCU can be found at www.creditunion.ie

The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.

Electronic Payments: For the processing of electronic payments services on your account (such as credit transfers, standing orders and direct debits), Bishopstown Credit Union is a participant of CUSOP (Payments) DAC (“CUSOP”). CUSOP is a credit union owned, independent, not-for-profit company that provides an electronic payments service platform for the credit union movement in Ireland. CUSOP is an outsourced model engaging third party companies, such as a Partner Bank, to assist with the processing of payment data.

Insurance: As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. To administer these insurances we may pass your information to ECCU and it may be necessary to process ‘special category’ personal data about you. This includes information about your health which will be shared with ECCU for the purposes of our life assurance policy to allow ECCU to deal with insurance underwriting, administration and claims on our behalf. Further information can be found in our lending privacy notice.

Debit Card Services: If we issue you a debit card, Transact Payments Malta Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available at: http://currentaccount.ie/files/tpl-privacy-policy.pdf

Other Services: For the provision of other services, such as foreign exchange, we may use information about you in order to supply you with such services.

Member Service: We may use information about your account to help us improve our services to you.

Legal Duty -This basis is appropriate when we are processing personal data to comply with an Irish or EU Law.

Tax liability: We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” Bishopstown Credit Union is obliged to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.

Where a member is tax resident in another jurisdiction Bishopstown Credit Union has certain reporting obligations to Revenue under the Common Reporting Standard. Revenue will then exchange this information with the jurisdiction of tax residence of the member. We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions.

Regulatory and statutory requirements: To meet our duties to the Regulator, the Central Bank of Ireland, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. An example of this is our legal obligation to file reports on the Central Credit Register in accordance with the Credit Reporting Act 2013. For the same reason, we will also hold the information about you when you are no longer a member. We may also share personal data with certain statutory bodies such as the Department of Finance, the Department of Social Protection, the Financial Services and Pensions Ombudsman Bureau of Ireland, and the appropriate Supervisory Authority if required under law.

Compliance with our anti-money laundering and combating terrorist financing obligations: The information provided by you will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under The Money Laundering provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 , as amended by Part 2 of the Criminal Justice Act 2013, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2018 and the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the latter two were introduced under the 4th and 5th AML/CTF EU Directives).

Audit, Risk & Compliance: To meet our legislative and regulatory duties to maintain audited financial accounts, Bishopstown Credit Union appoint an external auditor, an internal auditor, Risk Management Officer and Compliance Officer. We will allow the external auditor, internal auditor, Risk Management Officer and Compliance Officer access to our records (which may include information about you) for these purposes.

Nominations: The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. Where a member wishes to make a nomination, Bishopstown Credit Union must record personal data of nominees in this event.

Incapacity to Act on your account: The Credit Union Act 1997 (as amended) provides, in the circumstances where you become unable to transact on your account, due to a mental incapability and no person has been legally appointed to administer your account, that the Board may allow payment to another who it deems proper to receive it, where it is just and expedient to do so, in order that the money be applied in your best interests. In order to facilitate this, medical evidence of your incapacity will be required which will include data about your mental health. This information will be treated in the strictest confidentiality.

Legitimate interests -A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

CCTV: We have CCTV footage installed on the premises with clearly marked signage. The purpose of this is for security, public safety and the prevention and detection of fraud.

Our Legitimate interest: With regard to the nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to Bishopstown Credit Union and to prevent and detect fraud.

Your consent -We will only carry out the below processing when we have obtained your consent and will cease processing once you withdraw such consent.

Marketing and Market Research

We will only market goods and services to you where we have obtained your consent for same. Where you have consented to receiving marketing material you can withdraw your consent for this at any time by contacting Bishopstown Credit Union.

To help us improve and measure the quality of our products and services we undertake market research from time to time. This may include using the Irish League of Credit Unions and/ specialist market research companies. See section on Your Marketing Preferences.

Collection and use of technical information (Cookies)

We may obtain information about your general Internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service.

Some of the cookies we use are essential for the operation of our Website or strictly necessary. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. For all other types of cookies we need your permission. Our Website uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Please read our Cookies Policy for more information, https://www.bishopstowncu.ie/cookies-policy/ A Cookies Policy specific to your Online Banking is available on the Online Log In screen,

https://live.cuonline-ebanking.com/screens/login.aspx?cuid=1

You may disable or block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit the website.

Information about your computer may be collected, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. To learn more about cookies, visit http://www.allaboutcookies.org .

Your Rights in connection with your personal data are to:

To find out whether we hold any of your personal data and if we do to request access to that data that to be furnished a copy of that data. You are also entitled to request further information about the processing.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.

Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal information. You can ask us to suspend processing personal data about you, in certain circumstances.

Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.

Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer your relevant personal data to another controller where it’s technically feasible to do so. ‘Relevant personal data is personal data that: ‘You have provided to us or which is generated by your use of our service. Which is processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us’.

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing of your data by:

Telephone: +353 57 8684800 +353 (0)761 104 800

Lo Call Number: 1890 252 231

Web Form: https://forms.dataprotection.ie/contact

Postal Address: Data Protection Commissioner

21 Fitzwilliam Square South,

Dublin 2, Ireland. D02 RD28

Please note that the above rights are not always absolute and there may be some limitations.

If you wish to exercise any of these rights; access and/ or copies of any of your personal data or if you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we send you or a third party a copy your relevant personal data in a reusable format please contact Data Protection Officer in writing using their contact details set out at the beginning of this Notice below.

Post: Data Protection Officer, Bishopstown Credit Union, Curraheen Road, Cork

Email: dataprotection@bishopstowncu.ie

There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. We also reserve the right to refuse to comply with the request in such circumstances.

We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Ensuring our information is up to date and accurate. We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any changes to your personal information.

Cookie	Duration	Description
	session	Description is currently not available.
zte2095	session	Description is currently not available.

Cookie	Duration	Description
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__zlcmid	1 year	Zopim sets this cookie to store a unique user ID.
__zlcstore	never	Zopim sets this cookie to store information about the current status of the chat.
yt-player-bandwidth	never	The yt-player-bandwidth cookie is used to store the user's video player preferences and settings, particularly related to bandwidth and streaming quality on YouTube.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.