Website Privacy Notice

Synergy Credit Union Limited collects, processes and stores your personal information in accordance with this privacy notice and our internal policies.

Introduction

Synergy Credit Union Limited collects, processes and stores your personal information in accordance with this privacy notice and our internal policies. This notice provides you with information regarding our obligations and your rights in compliance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This notice is meant as a summary only and should you require further more detailed information, please contact us at any time.

Information That We Collect From You

Information that you provide to us directly might include personal information such as your name, email address, postal address, telephone number, financial information, and other personal details you provide to us through the use of our services.

Telephone calls may be monitored or recorded to ensure that we carry out your instructions correctly and to help improve the quality of our service and in the interests of security. We operate CCTV on our premises to ensure the safety and security of our staff, members and other visitors as well as to investigate incidents or allegations.

We may also collect non personal information that may identify you such as location, IP address, browser type, operating system and other details about the device you are using.

In certain cases, we must collect personal information classed as ‘special category data’ such as health data or biometric data. Health data may be collected in connection with a loan application. Biometric data will be collected from individuals who opt to join the Credit Union through the App, this is for the purpose of verifying the identity of individuals in line with our anti-money laundering obligations under the Criminal Justice Act.

How We Use Your Personal Data

We use your personal data to provide our services to you and process this in performance of the contract or where we are obliged to by law.  Where you have consented, we may also use your information to send you promotional offers and marketing.  You are free to withdraw this consent at any time. In certain cases, we may have a legitimate interest in processing your personal information such as for debt collection purposes, operating our CCTV and call recording systems or carrying out data analytics.

We respect your privacy at all times and will always process your personal information ethically and in line with our obligations under data protection legislation.

Sharing or Disclosing Your Personal Data

We use third party processors to provide certain services; these companies will process or store your information on our behalf and are contractually bound to protect the data they process and are also bound by a duty of confidentiality. Examples of these are, IT service providers, insurers and other professional service providers engaged by us.

In certain circumstances we may be obliged to disclose personal information relating to you to third parties, for example, in order to conform to any requirements of law or to comply with any legal process, as well as to protect and defend the rights of property of the Credit Union, our licensors and/or our other customers.

In line with our regulatory requirements, we must, by law, share your personal information with government departments or bodies such as the Central Bank of Ireland (CBI). For example, we are obliged to submit the following to the CBI for every account holder: name, address, date of birth, IBAN, beneficial owner information and details of persons authorised on your account.

If we issue you a debit card, Transact Payments Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their Privacy Policy which is available here.

Credit Assessment: When assessing your application for a loan, the credit union will take a number of factors into account and will utilise personal data provided from:

  • your application form or as part of your loan supporting documentation,
  • your income and expenditure information,
  • your existing credit union file,
  • credit referencing agencies such as the Central Credit Registrar (CCR) managed by CRIF on behalf the Central Bank of Ireland;

Open Banking, services provided by Plaid B.V. Plaid B.V. is registered in the Netherlands and is regulated by the Dutch Central Bank to provide AISP (Account Information Service Provider)

  • services within member countries in the European Economic Area. Please note that Plaid B.V is a data controller and maintains a controller to controller relationship with the Credit Union. Plaid collects end user data, i.e. member account related information directly from the member’s bank or other account provider based on the explicit consent of such member. Please refer to Plaid’s privacy policy available at this link: https://plaid.com/legal/#end-user-services-agreement-eea

The credit union then utilises this information to assess your loan application in line with the applicable legislation and the credit unions lending policy.

Automated Loan Decisioning: We may use automated decision making as part of our loan/credit decision process, and which involves assessing your application for a loan, taking account of your current circumstances and evaluating your ability to meet the required repayments on the loan. The automated decision process involves different types of information, such as information included in your loan application – as to the amount requested, the repayment period, your income, employment details, other loans or overdrafts etc. – as well as information provided to us with your explicit consent as to any account(s) held by you with any other financial institution, and your credit history with the Central Credit Register. The Credit Union uses this information to apply internal credit assessment rules in a consistent manner and ensures that your application for a loan is treated fairly and efficiently and what is believed to be consistent with your repayment capacity.

Under data protection legislation, you have the right to obtain human intervention in relation to any decision made solely by automated means. In practice this means you have the right to have your loan application reviewed by a member of credit union staff in the event that a loan is refused used automated decision making.

SBCI Loans

If you take out a Loan through the SBCI process, then your data will be shared with the Strategic Banking Corporation of Ireland (SBCI). The SBCI is a joint data controller for this process and their privacy policy is available on https://sbci.gov.ie/information-access/data-protection-statement

Merger, acquisition or sale of all or a portion of company

If the Company is involved in a merger, acquisition or sale of all or a portion of its assets, the Company reserves the right to transfer personal and non-personal data to a party involved in the merger, acquisition or sale, to the extent such information is necessary to carry out the merger, acquisition or sale or in performance of due diligence prior to the merger, acquisition or sale taking place.

Your Rights

Under the GDPR you have the right to access personal information that Synergy Credit Union Limited processes about you.

You can request from us information about -

  • The personal data we hold about you.
  • The categories of personal data concerned.
  • The purposes of the processing
  • Details to whom your personal data has/will be disclosed.
  • How long we retain your personal data.
  • If we did not collect the data directly from you, information about the source.

You may also request from us the following-

  • That we update any incomplete or inaccurate data about you
  • Request that we delete your personal data in accordance with GDPR.

You may request we action your rights by contacting us at Synergy Credit Union Limited, 27/29 Patrick Street, Fermoy, Co Cork Or by emailing us at dpo@synergycu.ie.

To ensure your data is protected, if we receive a request from you to exercise your rights, we will ask you to verify your identity before acting on the request. In certain case there may be limitations or exemptions which apply to your request, and we will inform you of any that may apply on a case-by-case basis.

Other rights include:

  • The right to have your data rectified.
  • The right to have your data erased.
  • The right to restrict processing of your data.
  • The right to data portability
  • The right to object
  • The right not to be subject to automated decision-making including profiling.
  • The right to complain to the Data Protection Commission

Please be aware that these rights are not absolute, and restrictions may apply. For more information on the above rights please contact our Data Protection Officer on dpo@synergycu.ie.

International Transfers

Whilst we try to process all your data within the EU, your personal data may be processed outside the EU by us or the third parties we use.

Where these transfers take place, we will ensure the same high standard of protection for your personal data at all times and that there are adequate safeguards in place as required by the GDPR. In most cases, we will rely on Standard Contractual Clauses or Binding Corporate Rules for transferring personal data to third countries.

Security & Safeguarding Measures

All personal data collected is transferred and stored securely, using industry standard encryption protocols, and approved transfer mechanisms. Please note however, that we cannot guarantee that the measures we maintain will guarantee the security of the information.
Our team is trained on the importance of Privacy and Data Protection and will adhere to our internal policies. We have policies and procedures in place governing our IT security measures and we contract IT experts to carry out regular testing on the resilience of our systems to ensure the highest level of protections.

How Long We Retain Your Data

Synergy Credit Union Limited only retains personal information for as long as is necessary.  For further details on our data retention periods please contact us.

Where you have consented to us to use your details for direct marketing, we will keep this data until you notify us or otherwise withdraw your consent.

Links to Other Web Sites

Our services may contain links to other websites not controlled or operated by Synergy Credit Union Limited. These links do not imply that we endorse these third party sites. We recommend reviewing those sites directly for information on their privacy policies.

Amendments

The Credit Union reserves the right at its sole discretion to amend this privacy notice at any time, and you should regularly check this privacy notice for any amendments.

Please contact us for more information on any of the above. Tel: 1800 272927. Email: info@synergycu.ie.

Privacy Notice last updated: 28.02.2023