Privacy Statement Introduction
(Effective from 25th May 2018)
Members are encouraged to read this notice which sets out essential information about the personal data we collect from you, how we use and safeguard this information, who we share it with and why, and how long we will keep it on file. It also explains your rights, some of which are new, arising from the General Data Protection Regulation (GDPR).
- Who we are
Link Credit Union Limited has been looking after the financial services needs of its members since its foundation in 1966. Link Credit Union is a financial cooperative, democratically owned and controlled by our members, and operated for the purposes of promoting thrift, providing credit and other financial services to members, and providing educational services to members for the promotion of their economic, social and cultural wellbeing. Personal data is processed for these purposes and no others.
- Our approach to Data Protection
We have always appreciated your trust in us to collect, process and protect your personal information and we will continue to look after your information in a way that merits your trust. As a data controller, we are committed to meeting our obligations under the GDPR and have appointed a Data Protection Officer (DPO), who has oversight of our information practices and is responsible for ensuring your rights are fulfilled. The DPO is also a point of contact for members should you have any questions or concerns about your personal information.
You can contact our DPO at firstname.lastname@example.org or write to: Data Protection Officer,
Main Street, Bailieboro, Co Cavan A82 R982
- The information we collect and hold about you
Depending on which of our savings, loans, transaction or other services you use, we will collect different types of information from you or about you. Most of the information we collect is personal, and some of it is very private to you, including information about your financial situation, person(s) you have nominated on your account, and your state of health. Information about health is treated as a “special category”, meaning that we apply additional stringent safeguards against its improper collection, use or disclosure.
We collect and store only the information that we need to look after you as a member and this will include:
Information about you as a member
- Your personal identification and descriptors
- Full name/maiden name/signature
- Current and previous addresses
- Email address; phone number(s) and other contact information
- Age/date of birth
- Marital status
- Partner/spouse; number of dependents
- Names and addresses of person(s) nominated on your account
- Occupation and place of work
- Tax Identification Number/PPS Number
- Proof of identity and address e.g. copy of driving licence/passport and utility bills
- Accommodation status; mortgage or tenancy information
- IP address
- Biometric data including photographic ID, CCTV footage and voice (call) recordings
- Your state of health and related information
- Your bank account or other credit union account details
- Payroll, credit or payment card details
- How we collect this information
We record and file the identification and contact information and other data that you input into our online or printed forms or provide to us over the phone or in person when you join the credit union.
We can only deal with and communicate with the member, so when you contact us we may need to verify your identity, for example by asking you a security question or looking for some additional detail about your account or dealings with us that only you would know.
When we need information about a nominated person on your account we will obtain that information from you, as the member.
We may record and/or make notes about phone conversations and will always tell you when we do so.
Our website makes limited use of ‘cookie’ technology. A cookie is a piece of text that our server places on your device when you visit our website. Linkcu.ie uses Google Analytics, a web analytics service provided by Google, Inc. (‘’Google”) to collect information about how visitors use the website. The Cookies used by this product collect information in an anonymous form and are used by many different websites.
- How we use your information
We use information about you to:
- Set up and operate your credit union accounts on your behalf;
- Meet our obligations to you under the Credit Union’s Registered Rules;
- Provide savings, loan, transaction and other financial and educational services to you as a member;
- Process your Life Saving, Loan Protection or Death Benefit Insurance claims and associated payments;
- Keep our records up to date to contact you when required and provide the best customer service;
- Respond to your requests and provide information;
- Address any complaint you may have about our services;
- Meet our legal obligations and respond to requests from the Central Bank, courts or enforcement authorities;
- Produce internal management information to run our business and identify ways in which we can improve our services;
- Provide relevant information to other financial service providers in the event of you requesting this or when you transfer to another credit union; and;
- Perform any other financial services or co-operative activities which we are obliged to undertake, or which we have gained your consent to perform
To process your information lawfully and fairly, we rely on one or more of the following lawful bases:
- Legal obligation;
- Our legitimate business interests;
- Your consent; and,
- Protecting the vital interests of you or others
Some examples for each lawful basis are given below. Please note that some information is processed under more than one lawful basis:
6. How we keep your information safe
The safety of your information and data is very important to us. We keep our computers, files and buildings secure.
Transit of paper files is strictly limited. Where necessary to have member information available for e.g. Board or Committee meetings, meeting rooms are secure, and no member information is left in the open or on view to external parties.
Incoming post is brought directly to our office and opened by our staff. Outgoing post is either collected from our office by An Post or brought to the Post Office by our staff.
Electronic copy files are stored on our proprietary IT system which requires user authentication to access it. Back-ups of electronic files are stored securely off site. Laptops are encrypted at hard-drive level. Use of memory sticks and other portable drives is limited, restricted to management personnel, and all external drives are encrypted.
All files and hard drives being disposed of are shredded and this is certified by the shredding service provider.
When you contact us by phone to ask about your information, we will ask you to verify your identity.
7. How long we keep your personal information for
To meet our legal and regulatory obligations, we hold your information while you are a member and for a period of time after that. We do not hold it for longer than necessary. To help you understand how long we hold your data for, we have summarised our internal retention schedules below.
Please note that these retention periods are subject to legal, regulatory and business requirements, which may require us to hold the information for a longer period. For example, we must meet minimum retention standards for taxation and audit requirements.
To meet such needs and to protect your interests as well as the credit union’s interests, we may need to hold data for longer than our internal schedules dictate. However, we will not retain data that is no longer needed, and we continuously assess and delete data to ensure it is not held for longer than necessary.
8. Your information and third parties
Sometimes we share your information with third parties. We expect these third parties to have the same levels of information protection that we have, and we expect that they provide sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.
We share your personal information with persons or companies with whom we do business and who provide products or services e.g. IT Services that we use in conducting our business, including managing our relationship with our members. Similarly, we may share or disclose personal data to professional advisers, e.g. legal advisers, accountants, auditors, whom we may engage for any reasonable purpose in connection with our business, including assistance in protecting our rights. We will only share or disclose to these parties the information that they need in order to provide the products or services and will expect those parties to ensure that the information is always adequately protected.
Irish League of Credit Unions (ILCU) Affiliation: The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us.
The Privacy Notice of ILCU can be found at www.creditunion.ie
The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.
For the processing of electronic payments services on your account (such as credit transfers, standing orders and direct debits), the Credit Union is a participant of BNP Paribas. BNP Paribas is a leading bank in the eurozone and a prominent international banking institution providing an electronic payments service platform for Link Credit Union. BNP Paribas is an outsourced model to assist with the processing of payment data.
Insurance: As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. To administer these insurances we may pass your information to ECCU and it may be necessary to process ‘special category’ personal data about you. This includes information about your health which will be shared with ECCU for the purposes of our life assurance policy to allow ECCU to deal with insurance underwriting, administration and claims on our behalf.
We also have to share information with third parties to meet any applicable law, regulation or lawful request including dealing with complaints. For example, we have a legal obligation under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008” to report details to the Revenue in respect of dividend or interest payments to members, which include PPSN where held.
In all such cases, we will only disclose the minimum amount of information required to satisfy our legal obligation.
International transfers of data
The people and organisations that we may share your personal information with may be located in a country that does not have data protection laws which provide the same level of protection as the laws in Ireland. Some countries already have adequate protection for personal information under their applicable laws. In other countries safeguards will be applied to maintain the same level of protection as the country in which the products and services are supplied. These safeguards may be contractual agreements with the overseas recipient or it may require the recipient to subscribe to international data protection frameworks. For more information about the European Commission’s decisions on the adequacy of the protection of personal information in countries outside the EEA, please visit: https://ec.europa.eu/info/law/law-topic/data-protection_en
9. Your personal information rights
This section sets out your rights, when they apply and our responsibility to you. The exercise of your rights might be subject to certain conditions and we might require further information from you before we can respond to your request. You may exercise your rights by contacting our Data Protection Officer at: email@example.com or write to: Data Protection Officer, Main Street, Bailieboro, Co Cavan.
Accessing your personal information
As a member, you can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information. You can request the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Updating and correcting your personal details
You can easily update your personal and contact information by contacting us by email or letter.
If you contact us over the phone to edit or delete any information on your behalf, we will ask you questions in order to verify your identity.
Where we process your data solely on the basis of your consent, i.e. for direct marketing purposes or to obtain feedback from you about our services, you are entitled to withdraw your consent to such processing at any time. You can do this by contacting us by email or letter.
Restriction and objection
You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where:
- The personal data is inaccurate, and you request restriction while we verify the accuracy;
- The processing of your personal data is unlawful;
- You oppose the erasure of the data, requesting restriction of processing instead;
- You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing;
- You disagree with the legitimate interest legal basis and processing is restricted until the legitimate basis is verified.
Deleting your information (right to be forgotten)
You may ask us to delete your personal information or we may delete your personal information under the following conditions:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent where there is no other legal ground for the processing;
- you withdraw your consent for direct marketing purposes;
- you withdraw your consent for processing a child’s data;
- you object to automated decision making;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation.
A request to delete your personal information cannot place this credit union in conflict with existing legislation requiring the retention of the information.
Moving your information (your right to Portability)
Where possible we can share a digital copy of your information directly with you or another organisation. We will provide this information in a structured, commonly used and machine-readable format. Note, we can only share this information where it has been processed electronically (hard copy documents are excluded for portability) and was processed either under your consent or under the lawful basis of provision of a policy of health insurance or health-related insurance. In line with GDPR guidance, information that is processed to satisfy a legal obligation or that we process as part of our legitimate business interests, will not be regarded as portable (see section 5 “how we use your information”).
Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people unless legally obliged to do so.
We generally do not charge you when you contact us to ask about your information. Per regulation, if requests are deemed excessive or manifestly unfounded or unreasonable, we may charge a reasonable fee to cover the additional administrative costs, or we may choose to refuse the requests.
10. Making a complaint
If you are unhappy with how the credit union is using your personal information, please let us know, so that we have the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so in person, by phone, by letter or by email. Please be assured that all complaints received will be fully investigated. You can register a complaint through our DPO and we ask that you provide as much information as possible to help us resolve your complaint quickly.
If you remain unhappy with the outcome of this process, you have the right to complain directly to the Data Protection Commission, and their contact information is:
- Email: firstname.lastname@example.org
- Phone: +353 (0)761 104 800 or LoCall 1890 25 22 31
- Fax: +353 (0)57 868 4757
- Write to: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23
11. Updates to this notice
We will make changes to this notice from time to time, particularly when we change how we use your information, or change our technology and products. You will find an up-to-date version of this notice on our website at www.linkcu.ie or you can request a copy in any of our offices.
Link Credit Union is regulated by the Central Bank of Ireland
Date: May 2018