Our commitment to data privacy and information security

At Synergy Credit Union, we are fully committed to protecting and respecting our members’ privacy. This statement sets out the basis on which any personal data we collect from and about you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it. This notice is intended as a summary, should you require further details please contact us using the details at the end of this notice.

We are a Data Controller for the purposes of the Data Protection Acts 1988 to 2018 (“the Acts”) and the General Data Protection Regulation (“the GDPR”). As a data controller, we respect and protect the privacy of all individuals whose data we process. We ensure that all processing of personal data is carried out in line with the principles of data processing and our obligations as a data controller.

Personal data we collect

We collect certain personal information depending on how you engage with us and what services you avail of. Information may include:

• General: name, address, date of birth, email, telephone numbers, photo;
• Financial data: bank account details, financial status and history, banking details and transactions, borrowings, debit card details and receipts; 
• Contract data: details of the credit union products member hold with us, signatures, identification documents, salary, occupation, payslips, source of wealth, source of funds, Politically Exposed Status, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPS numbers, passport details, driver license details, tax residency, beneficial owners information, medical information, tax clearance access number, parent/guardian information (for minor accounts)
• Data collected through interactions with credit union staff and officers: CCTV footage, telephone voice recordings, email correspondence, records of current or past complaints, 
• Other data: photo or videos of prize winners, IP addresses, tracking information from cookies.
• Special Category Data: Health data relevant to the provision of insurance, biometric data if a member joins our credit union through our App. 
• Any other transactions we undertake to which you are a party, whether through our website, or otherwise (this information may be provided by others e.g. joint account applications, club or other account(s) to which you are a signatory, accounts to which you are a nominated beneficiary)

In certain instances, an individual may supply us with information relating to another individual. This may occur in the following cases:

• Bank statements provided where the account is in joint names,
• Utility bills in joint names
• Personal information contained in sets of Business Accounts
• Completing a nomination on an account

In these instances, it is the responsibility of the individual providing the data to ensure the other named individual/s are aware their data is being shared and they do not object to this.

How We Use Your Personal Data

The personal information we collect is for specified purposes and services we provide to you including:

• Creating and administering all aspects of your account and the services we provide to you;
• Verifying your identity and the information you provide to us;
• Facilitating the provision of additional products and services such as loans, current accounts and insurance;
• Providing our banking services online and via the App;
• Assessing eligibility for loan applications and determining credit worthiness;
• Enabling us to carry out debt collection activities to collect monies owed to us, we may engage third parties to assist us in this regard; 
• Assessing how we can improve the products and services we provide to you with and future services which may be of interest;
• To send you obligatory notices;
• Developing strategy, undertaking statistical analysis, and assessing current and future Credit Union financial performance;
• Meeting legal and regulatory compliance obligations and requirements under the Rules of the Credit Union;
• For providing updates about our services by way of direct marketing to you unless you have opted out of receiving such updates;
• Undertaking due diligence exercises including credit searches with credit search agencies, and where required, making submissions to the Central Credit Register, or for fraud and debt recovery purposes; and
• Obtaining information about your general Internet usage when accessing our online website by using a cookie file which is stored on your browser or the hard drive of your computer, if you opt-in to such cookies.

We use your personal information for the purpose it was collected and we do not subsequently not use your personal information for any unrelated purpose.

Sharing Your Personal Data

We will only share your information with Credit Union authorised third parties for specific purposes related to the services we are offering you. 

If we issue you a debit card, Transact Payments Limited (which is an authorised e-money institution) will also be a controller of your personal data. In order for you to understand what they do with your personal data, and how to exercise your rights in respect of their processing of your personal data, you should review their privacy policy which is available at http://currentaccount.ie/files/tpl-privacy-policy.pdf 

We may have to share your personal data as required with government departments, regulatory authorities, such as the Central Bank of Ireland, or with law enforcement agencies.

We may share your information with third party agents or subcontractors who work on our behalf and provide us with expertise or assistance in such areas as legal, compliance, auditing, debt collection, IT, insurance or business advisory services. We have contracts in place with these agents or subcontracts to ensure the protection and security of your personal data. Where we outsource the processing of personal data, we do so under a Data Processing Agreement.

We may also share your information as part of merger discussions or during a transfer of engagement.

If you avail of our Open Banking services, these services are provided by Plaid B.V. Plaid B.V. is registered in the Netherlands and is regulated by the Dutch Central Bank to provide AISP (Account Information Service Provider). You should take note that Plaid B.V is a data controller and maintains a controller to controller relationship with the Credit Union. Plaid collects end user data, i.e. member account related information directly from the member’s bank or other account provider based on the explicit consent of such member. Please refer to Plaid’s privacy policy available at this link: https://plaid.com/legal/#end-user-services-agreement-eea. 

If you take out a Loan through the SBCI process, then your data will be shared with the Strategic Banking Corporation of Ireland (SBCI). The SBCI is a joint data controller for this process and their privacy policy is available on https://sbci.gov.ie/information-access/data-protection-statement. 

Transfers outside the EEA (European Economic Area)

There may be circumstances where we transfer your personal data outside the EEA, such as when we use the services of online platforms or where we use a cloud-based IT system to hold your data. We safeguard your data by ensuring a minimum of one of the following safeguards is in place:

• a contract based on “model contractual clauses” (also called Standard Contractual Clauses) approved by the European Commission, obliging them to protect your personal data; or 
• with companies located in a third country approved by the European Commission under an adequacy decision, such as the UK; or
• with companies who have an approved set of binding corporate rules in place.

The legal basis for retaining and/or processing your personal data

We use and share your information where:

• You have provided us with explicit consent to use that information in a specific way, such as for direct marketing. You have the right to withdraw your consent at any time and will we will ensure that it easy for you to do so.
• It is required for us to provide a service to you or in the performance of a contract you have entered into with us. This may also arise in the context of when we are responding to a request from you, opening an account, you are applying for a loan and entering into a credit agreement with us.
• We are required to do so to comply with a legal obligation (e.g. to comply with the requirements of the Criminal Justice legislation, reporting credit information to the Central Credit Register, reporting to the regulatory authorities and law enforcement, to comply with Common Reporting Standards).
• Its use is required to protect your “vital interests”. This will only apply where we must process certain personal information in order to protect your life or safety in some way.
• It is necessary to process data in the public interest such as in line with Public Heath Authority guidelines in the event of any future pandemics.
• Its use is required for our legitimate interests (which you may object to) in the course of managing our business including credit risk management, debt collection, providing service information, conducting marketing activities, data analytics*, training and quality assurance, strategic planning, the purchase or sale of assets and CCTV and call recordings.

*Data Analytics: We utilise data analytics to analyse our common bond performance. This analysis, conducted by a trusted third-party provider under contract, ensures that we act in the legitimate interests of our members, who are the ultimate owners of the credit union, and safeguards the financial stability of the credit union into the future. It is important to note that we do not use data in its original state where individuals can be identified, and no analytics are carried out prior to anonymisation of the data. If you are not happy with your data being processed in this manner, you have the right to object by contacting us using the details provided below.

Keeping your personal data Secure

We employ physical, technical and administrative safeguards to protect the confidentiality and security of your personal information. We use industry standard procedures to protect your information from loss, misuse or unauthorised access and our staff receive regular training regarding their obligations to protect your data. Any parties that have access to your data are bound by a duty of confidentiality.

Appropriate technical and organisational measures are taken to protect your data. 

Your Rights

You have certain legal rights to control your information and the manner in which we process it. Please note that these are not absolute rights and certain exemptions and restrictions may apply. These rights are to:

• Be kept informed. This includes details on how your data is collected, used and secured,
• Request a copy of your personal data by way of a subject access request,
• Rectify and update your personal data,
• Request the erasure of your personal data,
• Object to the processing of your personal data,
• Restrict the processing of your personal data,
• Port your data to another organisation,
• Not be subject to automated decision-making including profiling, without human intervention being available,
• Lodge a complaint with the Data Protection Commission (www.dataprotection.ie)  

Right of Access: If you wish to exercise your right of access we ask that you make this request to us in writing using the contact details below and we issue you with a form to be completed. We will respond to the request within one month having first verified the identity of the requester to ensure the request is legitimate. We will assess each request on a case-by-case basis and contact you if we are unable to comply with the request or if we need to clarify the request in any way. Further information will be provided when a request is received by us.

Automated Loan Decisioning: We may use automated decision making as part of our loan/credit decision process, and which involves assessing your application for a loan, taking account of your current circumstances and evaluating your ability to meet the required repayments on the loan. The automated decision process involves assessing the following:

• Amount requested
• Repayment period
• Employment details
• Expenditure
• Income
• Dependents
• Existing loans
• Credit history

We use this information to apply internal credit assessment rules in a consistent manner, and ensure that your application for a loan is treated fairly and efficiently and what is believed to be consistent with your repayment capacity. This process is carried out solely by automated means without any staff involvement but only for loan applications within very specific thresholds.

You have the right to obtain human intervention in relation to any decision made solely by automated means. In practice this means you have the right to have your loan application reviewed by a member of credit union staff in the event that a loan is refused using automated decision making. You will be informed if your loan decision was reached by automated means and you can contact us to challenge or review the decision.

Marketing

We may contact you by mail, email and text about our services and other events involving or relating to products and services which may be of interest to you unless you have opted not to receive such communications. You can opt-out at any time when you receive an email/ text or you can contact us at dpo@synergycu.ie. 

Cookies

Synergy Credit Union uses Cookies on our website. Please refer to our Cookies policy which is available on our website. When using our website, you should not that our services may contain links to other websites not controlled or operated by us. These links do not imply that we endorse these third party sites. We recommend reviewing those sites directly for information on their privacy policies.

Change of purpose

You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Implications of not providing information

Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.

How long we hold your personal data

Our retention periods are subject to legislation and regulatory rules set by authorities such as the Central Bank of Ireland and the type of financial product provided to you. Where there are no such limitations set, we will retain your data for as long as it is relevant and necessary for the purpose for which it was collected. As a general rule, your personal information will be retained for 7 years from the date your credit union account closes. Where you apply for a loan, the documentation required for this will be retained for a minimum of 5 years from the date the loan is completed. However, there may be circumstances where we must retain data for longer than these specified periods, but we will always have a defined legitimate basis for any extended retention.

What if I am 15 years of age or under?

We are committed to protecting the privacy of members aged 15 years or under. If you are aged 15 years or under, your parent’s (guardian’s) permission will be required before you provide us with personal information.

Updates to the Notice

We keep this Privacy Notice under regular review. This Notice was last updated in March 2024.

How to contact us

If you have any questions, concerns or suggestions related to the processing of your personal data, you can contact us using our details below:

Data Protection Officer, Synergy Credit Union Limited, 27/29 Patrick Street, Fermoy, Co Cork. 

Email: dpo@synergycu.ie Tel: 0818 272927

You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing. This can be done through the DPC website: https://www.dataprotection.ie.