A credit union is a member-owned financial cooperative, democratically controlled by its
members, and operated to provide credit at competitive rates, and providing other financial
services to its members. Data collection, processing and use are conducted solely for the
purpose of carrying out our role as a credit union.
Heartland Credit Union Limited’s Privacy Notice refers to our commitment to our compliance to
data protection legislation including the Irish Data Protection Acts Data Protection Act 1988-
2018, and the EU General Data Protection Regulation (GDPR).
Heartland Credit Union is committed to protecting the privacy and security of your personal
information. This privacy notice describes how we collect and use personal information about
you during and after your customer/member relationship with us.
Throughout this document “we”, “us”, “our”, “ours”, “the Credit Union” and “Heartland Credit
Union” refers to Heartland Credit Union Limited.
This Privacy Notice should be read if any reference is made to any of the following
• Account Opening Privacy Notice
• Lending Privacy Notice
• Guarantor Privacy Notice
• Nominations Privacy Notice
• General Privacy Notice
It is the member’s responsibility to read the Terms & Conditions and Privacy Notice before
entering into a contract with the Credit Union.

There are many ways you can contact us, including by phone, email, and post. More details can
be seen here https://heartlandcu.ie/
Our registered address is
Summerhill, Carrick on Shannon, Co Leitrim N41 TF62
Phone 071 9621828.
Contact Data Protection Lead at dataprotection@heartlandcu.ie .

Where changes to this Privacy notice occur, the updated version will be published on our website and may be communicated directly to individuals through all our communication
channels such as email and/or our social media.

Current version Reference PNM-V1.00 12.2024, effective from 21.12.2024

The purpose of this single source combined privacy notice is to provide members and related
parties with the opportunity to read our privacy information relating to your personal data in one document.

This Privacy Notice should be read if any reference is made to any of the
following
• Account Opening Privacy Notice
• Lending Privacy Notice
• Guarantor Privacy Notice
• Nominations Privacy Notice
• General Privacy Notice

We collect and process your personal data only when such data is necessary in the course of providing our member services to you. This personal data includes any offline physical data or
online data that makes a person identifiable.

We process data for the following groups of individuals where it is necessary:

A Personal Account members (Single, Joint and Minor)
B Club Members
C Guarantors
D Nominees
E School Quiz entrants, winners and co-ordinators within the schools
G Art competition entrants and winners

We are the controller for the personal information we process, unless otherwise stated.

If you apply for or hold an account in joint names or name a guarantor or dependant, you
should only give personal information about someone else with their permission.

You directly provide us with most of the data we collect. We collect data and process data
when you:
• Register online or open a member account in person
• Apply for a loan
• Apply for any other product we offer
• Request support which may require additional information
• Enter our competitions
• Voluntarily complete a customer survey or provide feedback
• Use or view our website via your browser’s cookies
A. Member information collected
As part of our services to you as a member, we may need to obtain and process personal data
as required where necessary to provide our services. A member of our staff will explain the
purpose why any information is required prior to obtaining the data. We may collect the
following:
a. Member [For each member if Joint Account]
Your name, address, Eircode, phone number [landline & mobile], email, previous addresses,
title, Nationality, Gender, Accommodation type, Tax Identification/PPSN numbers or foreign
equivalent, proof via payslip or health card, proof of address, passport or driving licence details,
date of birth, evidence of marital status, signatures, CCTV, Photo ID, Member Account Number, any International Bank Account Number (IBAN), currency information, if using online banking,
user unique identifiers, & IP address, contactless cards, security details to protect identity,
Debit Cards details, beneficial owner details, if applicable political exposed person details,
Source of funds, application processing and administration records, expected monthly
lodgement, confirmation of tax residence, tax identification number, account transaction
details, Stamp 4/5 for non-EU nationals, sanction lists (the Credit Union is required to identify if
any member is listed for sanctions) interactions with Credit Union staff and officers on the
premises, by phone, or email, current or past complaints, inferred details of special categories of
data e.g. payments to trade unions, confirmation of gift letter, occupation, cookie consent and
marketing consent.
We may act on the authority of one joint Account Holder to share or allow a third-party access
to your member account information. This means, unless we have agreed that we need the
consent of each joint Account Holder, or have a legal obligation to get this consent, we will treat
the authority of one Account Holder as authorisation on behalf of any other Account Holder(s)
for a joint Account. If you instruct us to share or allow a third-party access to any Account
information for a joint Account, you are responsible for ensuring the other Account Holder(s)
are aware and permit such access.
Any joint account holder is entitled to access the details and transaction information of the joint
account as a whole.
b. Additional information when applying for a loan
Financial data (including bank & credit card account information), loan repayment status and
credit history, credit assessment records, credit data from credit register, judgements searches,
living expenses including child care costs (if applicable), dependents, disposable income and
analysis of spend, existing loan contract commitments data, details of the Credit Union products
you hold with us, salary, employment status, relationship with joint borrower, , employers name
and address, period of time with employer, proof of employment & salary, any court order
charges, accommodation status, family details [dependencies] mortgage details,
Partners/Spouse banking details & earnings, pension information, health information for the
assessment of eligibility for the insurance on certain loans.
c. Additional information when applying for a loan on Spouse/Partner
Your name, address, email, telephone, Date of Birth, employment details, occupation,
employment details, residential status, relationship status and dependents, financial data, Wage
slips, Bank Statements, financial data, relationship with member and Salary.
d. Additional information when applying for a loan on Dependent individuals
Relationship with member, ages, reason for dependency, financial needs.
e. Additional information captured for vulnerable members
Name of a ward of court and proof of a ward. Name and proof of power of attorney, Proof of ID,
board appoint payment to another if member becomes mentally incapacitated and no person
has been legally appointed to administer your account.

f. Additional information captured for minor accounts
Parent/Guardian-Name, address, email, signature, phone number [landline & mobile], proof of
ID, consent- authorisation form. Proof of ID for minors- birth certificate or passport.
B. Club Member information collected
As part of our services to you as a club member, we need to obtain and process personal data as
required where necessary to provide our services such as:
a. For trustees and relevant officials in the club
Name, address, Eircode, phone number, email, previous addresses, Tax Identification/PPSN
numbers (or foreign equivalent), proof of address, passport or driving licence details and, date
of birth, signatures, CCTV, Photo ID, , if applicable political exposed person details, account
transaction details, Stamp 4/5 for non-EU nationals, sanction lists (the Credit Union is required
to identify if any member is listed for sanctions), interactions with Credit Union staff and officers
on the premises, by phone, or email, current or past complaints, Inferred details of special
categories of data.
b. Additional information when applying for a loan
Solicitor details including client bank account and affiliated bodies.
C. Guarantor
As part of our loan approval, we may need to appoint a guarantor, in such cases we need to
obtain and process personal data on the guarantor as required where necessary such as:
Your name, address, Eircode, phone number [landline & mobile], email, Tax Identification/PPSN
numbers (or foreign equivalent), proof of address, proof of ID passport or driving licence
(physical verification only) details, date of birth, signatures, CCTV, Member Account Number if
applicable, employer details, period of time with employer, bank statements, income/payslips
details, credit check, list of outstanding debts and repayment amounts.
D. Nominee
The Credit Union Act 1997 (as amended) allows members to nominate a person(s) to receive a
certain amount from their account on their death, subject to a statutory maximum. To fulfil our
role, we will need to obtain and process personal data on the nominee as required where
necessary either at the nomination stage or the payment stage such as:
Nominees name, address, Eircode, phone number [landline & mobile] , county of residency, is
nominee member or not passport or driving licence details, date of birth, signatures, CCTV,
relationship with member who they are being nominated by.
Nominations
• A member may change the details of their nomination as often as they like during the
course of their membership with the credit union. In addition, there may be instances
where a nomination is revoked through marriage or civil partnership, or the death of the
nominee before the nominating member. There is therefore no guarantee that a
nomination will be valid until the member has passed away and the validity of the nomination is confirmed by the credit union. As such, we are unable to contact individuals
directly to advise them that we are processing their information.
• Where a member makes a nomination, we are required under the credit union legislation
by which we operate to keep a record of all persons nominated (along with any revocation
or variation of any nomination).
E. School Quiz, winners and co-ordinators within the schools
Each year around 25,000 school children around Ireland take part in the Credit Union Schools
Quiz. The Quiz is about encouraging learning and teamwork among young schoolchildren.
Applications are received by the credit union. As part of our role in organising the quiz, we need
to obtain and process personal data as required where necessary such as:
School Name, address, school contact name and phone, team names, team members dates of
birth, confirmation of consent from the teacher parents/guardians’ consent, photos of team/
winners.
F. Art competition entrants and winners
The Irish League of Credit Unions (ILCU) and our credit union collects
your information and that relating to your parents or legal guardian for the art competition. We
are primary data controller of the personal information you give us. Chapter will be considered a
data controller for stage 2 (Regional level). The ILCU will be considered a data controller for the
purposes of stage 3 (National level). As part of our role in organising this competition, we may
need to obtain and process personal data as required where necessary such as:
a. General category
Age range, name, date of birth, home address, email address, school/college/club organisation,
consent to use photographic images, signature parents/guardians’ consent.
b. Extra information for Additional needs category
Group team entry, inferred medical data

Sensitive data is known as special categories of data in Data Protection law. Special categories of
data are defined by GDPR as processing of personal data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade union membership, and the
processing of genetic data, biometric data for the purpose of uniquely identifying a natural
person, data concerning health or data concerning a natural person’s sex life or sexual
orientation. We may collect the following special categories of data where necessary
• For loan assessments or insurance products with ECCU we may collect health data
• As part of AML, we are required to capture politically exposed persons and the country of
origin
• Where a member makes payments to an organisation which may infer one of the types of
special category data e.g. trade union or religious subscriptions
We will process special categories of personal data in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations and in line with our data protection policy.
3. Where it is needed in the public interest, and in line with our data protection policy.

In certain instances, we may process this type of information where it is needed in relation to
legal claims or where it is needed to protect your interests (or someone else’s interests) and you
are not capable of giving your consent, or where you have already made the information public.
The Credit Union is required to identify if any member is listed for sanctions and do so using the
Dow Jones.
The Credit Union is required to identify if any applications for membership or existing members
are listed for sanctions and do so using the Dow Jones.

Where is it necessary for the service provided, we may receive your data indirectly from the
following sources:
• Related party information where a member is also an employee
• Loan applications where member is self-employed to confirm tax clearance
• When you are named in an insurance policy application
• Credit reference agencies-- Central Credit Register and other credit registration agencies
• the Companies Registration Office or judgement registries
• Revenue commissions default payers list
• Published media reporting relating to your financial position
• A member provided your data where you are the guarantor, the spouse, the dependent
individual, in such cases the member obtains consent from the adults to capture their
data
• ECCU Assurance DAC
• Judgement searches available
• A member who nominated you to obtain their funds
• Payee to your account
• School on your behalf as an entrant to a competition

We collect your data based on the following legal basis:
Consent
Where you have explicitly agreed to us processing your information for a specific reason such as
• Members
o Collecting your data in the event that you apply for a loan, we may require
certain special categories of data such as your health information where no
other lawful basis exists
o A member provided third party’s data
▪ as a guarantor,
▪ the spouse,
▪ the dependent individual,
in such cases the member obtains consent from the adults to capture their data

o Photograph on your member account for verification
o Member preferences to receive electronic statements and AGM booklets
o Marketing (see section 14)
• School Quiz entries
• Art Competition entries
• Any individual
o Photograph for publication at events
• Cookie (see cookie policy

Electronic AGM information
Where the Credit Union already hold the email address for the members, the credit union will
send the electronic notice by email, along with information on how to object to receiving the
notice electronically. If the member does not object within 10 days from receipt of electronic
AGM Notice, then they will receive the AGM notification electronically.
Objection to Electronic AGM Notice - if the credit union has an email address for the member
and they object to receipt of AGM notice by email within the 10-day deadline, then the credit
union will provide same by post or in person.
You may request, at any time in the future, that the annual accounts be provided to you in
writing by emailing marketing@heartlandcu.ie.
Right to withdraw consent at any time
Where consent is relied upon as a basis for processing of any personal data, you will be
presented with an option to agree or disagree with the collection, use or disclosure of personal
data. Once consent is obtained, it can be withdrawn at any stage.
We will hold a list of all individuals who have withdrawn their consent to ensure there is a
record of their objection to direct marketing. We will hold a minimised amount of Personal Data
in order to uphold this request.
Contract
Processing is necessary for the performance of a contract with you or in order to take steps at
your request prior to entering into a contract. We will collect your data in order to consider your
application for membership of the Credit Union. Where you have opened a member account or
obtained a loan and signed up to the contractual terms in our T&C’s, it is necessary to process
your data for the administration of accounts, payments, deposits, lending and credit decisions.
Processing may be necessary for the performance of a contract such as:

Administrative Purposes
o Opening credit union Account
o Manage and administer members accounts, transactions, policies, benefits or other
products and services that the Credit Union or partners e.g., ECCU may provide the
member with
o Loan assessments
o To manage and respond to a complaint or appeal.
o To help improve service as agreed in the T&C to members
o For the processing of electronic payments services on the member account (such as
SEPA direct debts, credit transfers, standing orders and direct debits), the Credit
Union is a participant of payac (Payments) DAC (“payac”).
o Money Transfers
o Euro drafts
o Complying with binding requests for information from other payment service
providers the member has instructed to act on their behalf
• Guarantors
o As part of member loan conditions, the Credit Union may make the requirement for
the appointment of a guarantor a condition of the member loan agreement in order
for the Credit Union to ensure the repayment of loan.
• Security
o In order to secure repayment of the loan, it may be necessary to obtain security
such as a charge on your property or other personal assets.
• Establish the members eligibility for our products and services
• Credit Assessment
o Carry out credit reviews for loan underwriting
o Utilise this information to assess member loan application in line with the applicable
legislation and Credit Union lending policy.
o to carry out credit reviews and to search for details of your credit history and
information at credit bureaus/agencies, including the Central Credit Register. Where
we make these searches, agencies may keep a record of the search.
• Insurance
o certain loans must apply to ECCU for Loan Protection (LP). It may be necessary to
process ‘special category’ data, which includes information about members health.
• Make essential communication to provide products and services to the member
• Manage and respond to a complaint or appeal
• Recover debts the member may owe.
If you are financially linked to another member in the context of a particular shares or loan
account, a financial association may be created between your records and the other member’s
records, including any previous and subsequent names used by you (for example, if you apply
jointly or one is guaranteeing the debts of another). This means that we may treat your financial
affairs as affecting each other. These links will remain on your and the other member’s account
until you or another member terminate that link. We may make searches on all joint applicants,
and evidence of that search will be left on all applicants’ records.
Compliance
We must meet our duties to the Regulator, the Central Bank of Ireland and comply with our
legal obligations. We may also share personal data with certain statutory bodies such as the
Department of Finance, the Department of Social Protection and the Financial Services and Pensions Ombudsman Bureau of Ireland and the appropriate Supervisory Authority if required
by law.
Where it is necessary and proportionate, we may allow authorised people to see our records
(which may include information about you) for reporting, compliance and auditing purposes. For
the same reason, we will also hold the information about you when you are no longer a
member.
Processing may be necessary for compliance with a legal obligation:
• Retaining member records and details of individual transactions for the time periods as
required by law. For example, the Consumer Protection Code.
• Preparing returns to regulators and relevant authorities.
• Complying with court orders arising in civil or criminal proceedings.
• Where required to comply with our obligations under the Payment Services Regulations
relating to fraud prevention.
• Preparing returns to regulators and relevant authorities including preparing Deposit
Interest Retention Tax, Common reporting standard (Where a member is tax resident in
another jurisdiction), Prudential Return
(https://www.centralbank.ie/regulation/industry-market-sectors/creditunions/reporting-requirements) and other CBI & revenue returns. Under the “Return of
Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations
2008” credit unions are obliged to report details to the Revenue in respect of dividend
or interest payments to members, which include PPSN where held.
• Report on Central Credit Register (CCR) Register
(https://www.centralbank.ie/regulation/industry-market-sectors/creditunions/reporting-requirements) and, where relevant, conducting searches on CCR.
Where a loan is applied for in the sum of €2,000 or more, the credit union is obliged to
make an enquiry of the Central Credit Register (CCR) in respect of the borrower. Where
a loan is granted in the sum of €500 or more, the credit union is obliged to report both
personal details and credit details of the borrower [and guarantor] to the CCR.
• Ireland Safe Deposit Box Bank and Payment Accounts Register (ISBAR)
The information that the Credit Union will be required to send includes the IBAN,
account name, date of account opening, date of account closing; the name, address and
date of birth of the account holder; the name, address and date of birth of the
beneficial owner of the account; and the name, address and date of birth of any person
authorised to act on the account. ISBAR is operated by the Central Bank of Ireland. The
purpose of ISBAR is to hold information on accounts identifiable by IBAN (including
account holders, beneficial owners and signatories), and information on safe deposit
box services provided by credit institutions in Ireland, and to enable legally prescribed
authorities to search and retrieve information. Further information (including the
Central Bank’s Data Privacy Notices) can be found at
https://www.centralbank.ie/regulation/anti-money-laundering-and-countering-thefinancing-of-terrorism/ireland-safe-deposit-box-bank-and-payment-accounts-register-
(isbar)
• Beneficial Ownership Register for Certain Financial Vehicles
The Credit Union must update the Beneficial Ownership Register with relevant
information on the beneficial owners of Certain Financial Vehicles (CFV) held by Central
Bank State where the PPS number as a validation mechanism for the information being delivered to the register https://www.centralbank.ie/regulation/anti-moneylaundering-and-countering-the-financing-of-terrorism/beneficial-ownership-register.
• Report to the European Union Cross-Border Payments Reporting (“CESOP”)
https://www.revenue.ie/en/companies-and-charities/internationaltax/cesop/reporting-payments.aspx,
• Report to the Central Register of Beneficial Ownership of Trusts (“CRBOT”)
https://www.revenue.ie/en/crbot/index.aspx
• legal obligation to file reports on the Central Credit Register in accordance with the
Credit Reporting Act 2013. https://www.irishstatutebook.ie/eli/2013/act/45/enacted
• Connected/Related Party Borrowers
o We are obliged further to Central Bank Regulations to identify where borrowers
are connected in order to establish whether borrowers pose a single risk. We are
also obliged to establish whether a borrower is a related party when lending to
them, i.e., whether they are on the Board/Management Team or a member of
the Board/ Management team’s family or a business in which a member of the
Board /Management Team has a significant shareholding.

• Establishing members identity, nationality, residence and tax status in order to comply
with law and regulation concerning taxation and the prevention of money laundering,
fraud and terrorist financing. Screening applications that are made to us to ensure we
are complying with the international fight against terrorism and other criminal
activities. As a result, we may need to disclose information to government and other
statutory bodies.
• Providing the member with statutory and regulatory information and statements
• Complying with requests from regulatory bodies, including the Central Bank of Ireland.
• Complying with court orders arising in civil or criminal proceedings
• Complying with Assisted Decision-Making (Capacity) Act where you may be vulnerable
• Comply with all other laws and regulations.
• As this credit union is affiliated to the ILCU, the credit union must also operate in line
with Irish League of Credit Unions (ILCU) Standard Rules (which members of the credit
union are bound to the credit union by) and the League Rules (which the credit union is
bound to the ILCU by)
• To report and respond to queries raised by regulatory authorities, law enforcement and
other government agencies such as the Central Bank of Ireland and An Garda Siochana
• To meet obligations under the Credit Union Standard Rules & The Credit Union Act,
1997 (as amended)
• To maintain a register of members of the Credit Union
• To communicate all mandatory service communications such as providing notice of the
AGM
• Nominate person
o The Credit Union Act 1997 (as amended) allows members to nominate a
person(s) to receive a certain amount from their account on their death, subject
to a statutory maximum.
• Purpose of the loan
o The Credit Union is obliged to ensure that the purpose for the loan falls into one
of the Credit Union categories of lending.
• To meet legislative and regulatory duties to maintain audited financial accounts
• To meet our health and safely compliance
• For the establishment, exercise or defence of legal claims.
Set out below are the main legal instructions, regulations and legislation the credit union must
be compliant with. We will also comply with other legislation as required. A member of our
team will be able to answer a question you may have as to why we need certain data to provide
our member services to you.
• Credit Union handbook https://www.centralbank.ie/regulation/industry-marketsectors/credit-unions/credit-union-handbook
• Credit union act 1997 (regulatory requirements) (amendment) regulations 2020
https://www.irishstatutebook.ie/eli/2020/si/675/made/en/pdf
• Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021
• (Act 3 of 2021) https://www.centralbank.ie/regulation/anti-money-laundering-andcountering-the-financing-of-terrorism
• Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020 (Bill
23 of 2020) https://www.oireachtas.ie/en/bills/bill/2020/23/

• S.I. No. 579/2012 - European Union (Consumer Credit Agreements) (Amendment)
Regulations 2012. https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
• Minimum Competency Code 2017 (MCC 2017) and the Central Bank (Supervision and
Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017 (MCR
2017)https://www.centralbank.ie/regulation/how-weregulate/authorisation/minimumcompetency#:~:text=The%20MCC%202017%20specifies%20certain,Supervision%20and%20Enforcement)%20Act%202013.
• European Union (Consumer Credit Agreements) (Amendment) Regulations 2012.
https://www.irishstatutebook.ie/eli/2012/si/579/made/en/print
• European Union (Payment Services) Regulations 2018,
https://www.irishstatutebook.ie/eli/2018/si/6/made/en/print
• Consumer Protection Code 2012 Guidance
https://www.centralbank.ie/regulation/consumer-protection/consumer-protectioncodes-regulations
• European Union (Payment Services) Regulations, 2018
https://www.centralbank.ie/regulation/psd2-overview/psd2
https://www.irishstatutebook.ie/eli/2015/act/64/enacted/en/html
In the case of a default of a loan, provision of section 71(2) of the Credit Union Act 1997 allows
a credit union to disclose a member’s account information where the Central Bank of Ireland is
of the opinion that doing so is necessary to protect shareholder or depositor funds or to
safeguard the interests of the credit union.
Under the “Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks)
Regulations 2008” credit unions are obliged to report details to the Revenue in respect of dividend
or interest payments to members, which include PPSN where held.
Public interest
The processing of personal data for the purposes of the prevention of money laundering and
terrorist financing is considered to be a matter of public interest https://eurlex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32018L0843
Legitimate interest
Legitimate Interests means the interests of the Credit Union in conducting and managing our
business to enable us to give you the best service and the best and most secure experience.
When we process your personal data based on our legitimate interests, we carefully consider the
impact on you, and uphold your rights under data protection laws to objective where applicable.
Our legitimate business interests do not automatically take precedence over yours. We refrain
from using your Personal Data for activities that would negatively impact you unless we have your
consent or we are legally required or permitted to do so.

Outlined below are the ways we process your data for our legitimate interests. If you have any
concerns about this processing, you have the right to object. For more information on your rights,
please refer to the "Your Rights" section below.
Processing of your personal data may be necessary for the purposes of a legitimate interest
pursued by us in any of the following:
To develop and execute the strategy
• To develop and implement the current and future strategy. Assess the current and
future performance, as this enables the credit union to improve its services to the
members. When we survey our members, Members may provide us with their details or
stay anonymous. When we use the data base to analyse member data we do not use
the members name or members number
• To maintain financial stability and ensure long-term growth.
• By analyzing member data, the credit union can better understand member needs,
optimize product offerings, and enhance operational efficiency. This not only helps
meet regulatory requirements but also supports the credit union’s mission to serve its
members responsibly and sustainably, fostering a strong, member-centric financial
institution.
To offer our loan products
• Use of Credit Assessment and Credit Reference Agencies as Credit Union must lend
responsibly. We will use your credit scoring information in order to determine your
suitability for the loan applied for. When using the service of a credit referencing
agency, we will pass them your personal details and details of your credit performance.
• In carrying out our loan underwriting, we capture and use a range of Personal Data in
order to assess factors affecting those risks, for example age, location and claims
history.
• As part the loan underwriting process we may access third-party databases or
publications as stated in Section 7. We carry out searches in order to assess your credit
worthiness to repay a loan, for our own benefit and therefore the benefit of its
members, we must lend responsibly and will use your credit scoring information in
order to determine your suitability for the loan applied for. In carrying out such a search
we can better determine your overall financial position in order to lend to you.
• Where a member breaches the loan agreement the Credit Union may access third-party
databases as stated in Section 7 and use the service of a debt collection agency,
solicitors or other third parties to obtain updated contact information for you to recover
the debt.
• Where the Credit Union is using a third party to assist with recouping any outstanding
debt due to us by you, the Credit Union may provide your specific personal data held on
file by us, which is necessary, to the third party such as a debt collector, tracing agent,
private investigator, or a solicitor to perform their services. We may provide then with
details of the indebtedness in order that they recover the outstanding sums. We will
take the necessary steps to recover a debt to protect the assets and equity of the Credit
Union.
• Tracing agency, where the address you have provided is no longer accurate and the
Credit Union needs to either contact you or provide you with documentation in relation
to the products or services you have obtained from us.
• Use of a Private Investigator to locate the member in the event that they fail to make
repayments on member loan and/or fail to make contact with the credit union when required. We will first investigate all other less invasive means to make contact with the
member.
• Where a member is not responding to correspondence from the Credit Union at their
most recent verified address, the credit union may send correspondence to any other
address provided by the member, for example, a different address stated on a bank
statement provided as part of the loan assessment. This will only occur if the Credit
Union deems it necessary, such as, default in a loan where the Credit Union has
exhausted other communication channels provided by the member.
General operations
• Use of CCTV on our premises to safeguard the health, safety and security of all
resources
• keep a record of your instructions
• Conduct Member Satisfaction Surveys to provide information on the quality of our
services and products
• Use your member data to operate the Credit Union’s business on a day-to-day basis
• To provide service information (including sending service-related messages),
• To improve the Credit Union service quality
• To enhance the training for our staff.
• To establish, exercise and safeguard our rights, (including where necessary to take
enforcement action) and to respond to claims made against the Credit Union.
• To safeguard the safety and security of the employees, IT systems and devices,
property, and member, buildings, information located or stored on the premises, and
assets, and those of service providers, consultants, and advisors that assist the Credit
Union in carrying out its functions.
• In the prevention and detection of fraud
• To keep members informed about the services the Credit Union are currently providing.
• The Credit Union may in the future wish to sell, transfer or merge part or all of its
business or assets or to buy a new business or the assets of another Credit Union or
enter into a merger with another Credit Union. If so, we may disclose your personal
information under strict duties of confidentiality to a potential Credit Union and their
advisers, so long as they agree to keep it confidential and to use it only to consider the
possible transaction. If the transaction goes ahead, the new Credit Union may use or
disclose your personal information in the same way as set out in this Privacy Notice. You
will be informed about any mergers prior to your data being shared

Where lawful basis is a statutory or contractual requirement, a member is obliged to provide
the personal data, failure to provide this information may result in us being unable to provide a
member saving account or provide a member a loan or other services.

We are a financial co-operative formed to allow members to save and lend to each other at fair and reasonable rates of interest. We are a not-for-profit organisation with a volunteer ethos
and community focus. We process your data to provide this service.

You agree that any data you provide to us will be true, complete and accurate in all respects and
you agree to notify us immediately of any changes to it. See section 23 if you need to inform us of a change. We will only collect personal information about you which is necessary for the
following purposes:
We will only use your personal information for the purposes for which we collected it unless we
reasonably consider that we need to use it for another purpose and that purpose is compatible
with the original purpose. If we need to use your personal information for an unrelated purpose,
we will notify you and we will explain the basis which allows us to do so.
A. All Members (Joint, Club)
The credit union may contact the member, where it is necessary, regarding services it provides or
to inform the member of relevant changes to the existing service where such changes occur. The
credit union will select the most appropriate method of media such as email, letter, phone, SMS
for each situation. Such communication is deemed "essential" to the terms of the service and
such communication will not constitute marketing.
• To provide and administer our member accounts per the terms of service under contract as
stated in Section 8
• To meet our legal and compliance obligations and requirements under the Rules of the
Credit Union, Central Bank Regulations, Anti money laundering and any other relevant
compliance as stated under compliance in Section 8 for all services provided
• Set up and administer your account with us
• To maintain our relationship with you whilst you are a member and investigate any complaints
or disputes or accidents
• Contact you for direct marketing purposes, subject to restrictions under the relevant laws,
including the right to opt out of such marketing
• Provide you with information relating to all our products
• To provide essential communication with you, including to respond to information requests
submitted
• To obtain your feedback on all our products and services
• To notify you about changes to contracted services relevant to you
• When acting as an insurance intermediary, to meet our obligations.
• We collect spouses’ details where relevant to assess the joint earnings to ensure the member
has the means to meet the repayments
• We collect dependent individuals’ expenditure needs to assess the net disposal income of the
member
a. For loans
• As part of loan assessment, identify dependent individuals to establish net disposal income
available to pay back loan
• To obtain credit references, credit checks and for debt collection, fraud detection and
prevention and risk management purposes and to make submissions to the Central Credit
Register.
• Verifying the information provided by you in the application
• Assessing your loan application and determining your creditworthiness for a loan as stated
under legitimate interest in Section 8.
• To apply to ECCU for your free Loan protection & Life Savings Cover which is only available to
individual members on certain loans.

• We collect information about the guarantor to ensure the loan can be repaid in the event of
default by the member
• We collect dependent individuals’ expenditure needs to assess the net disposal income of the
member
• To establish new contact details where your details have changed and have not been advised
by you to the credit union
• Administering the loan, including where necessary, to take steps to recover the loan or
enforce any security taken as part of the loan.
B. Guarantor
• To have a person(s) undertake to repay the loan in the event that the member for whatever
reason, is unable to repay.
• To assess if you can demonstrate the ability to repay the loan where you will need to
disclose your financial information and agree to a credit check being carried out.
C. Nominee
The ability of a member over the age of 16 to nominate individuals to receive property in their
credit union account on their death is a unique facility available for credit union members under
the credit union legislation by which we operate. The nominated property does not form part of
a deceased person’s estate.
• To record the wishes and instructions of the member
• To pay the nominee of choice your property/savings -presently up to a maximum value of
€23,000 predate of death 21.2.2024, €27,000 affected from 22.2.2024
• To update where necessary as member may change the details of their nomination as often
as they like. The most recent nomination is the valid nomination.
D. All Competitions and School Quiz, winners and co-ordinators within the schools
• To provide the competition per the Terms/Rules signed up to by the entrant
• Administer the competition
• To contact the winner
• To deal with queries
• Capture photographs of the winners to be used in advertising and publicity where consent
obtained
• To meet our requirements to host a stage of one of the national competitions. Entries must
be submitted directly to our credit union only.
• We will inform the Chapter (Regional level) of our winners to be brought forward to Stage 2,
at this point the Chapter becomes an independent data controller. The winners of Stage 2
will progress to the national final Stage 3 where the Irish League of Credit Unions (ILCU)
becomes an independent data controller per the T&C’s of the competition.
E. Delegated authority acting on behalf of a member
• To facilitate a third party to conduct transaction on behalf of a member, where the member
nominates such person to act on their behalf e.g., a member incapacitated or a minor where
the parent nominated an individual to operate the minors account

F. General
• To provide this website to you and respond to your queries
• To comply with all relevant law
• To manage your safety and security while you are on our premises
• To facilitate the prevention, detection and investigation of crime and the apprehension or
prosecution of offenders
• To investigate, exercise or defend legal claims or other claims of a similar nature.
• To obtain consent from any individual for the purposes of publishing photos/video of such
person.

If you are providing personal information on behalf of a third party, you must ensure that the
third party receives a copy of this Privacy Notice before their personal information is shared
with us (e.g., spouse, minors, guarantor, Related Parties as defined in the Credit Union
handbook).

Before you disclose general information or joint account information (where you are one of the
joint account holders) to us about another person, you should be sure that you have their
agreement to do so.

In the event, you are providing financial information from a third party to be used as part of the
loan assessment application, written authorisation confirming you have provided them with a
copy of this Privacy Notice should be provided to us before we can use the third parties’ data, in
advance of submission of the application .

Where you are providing a name of a nominee to your shares, the nominee does not need to be informed until such time as they will receive the funds.

You do not need to provide this Privacy Notice in the following situations

• the individual already has the information
• obtaining or disclosure such information is expressly laid down in the law to which the
credit union must comply and which provides appropriate measures to protect the
individual’s legitimate interests
• where the personal data must remain confidential subject to an obligation of
professional secrecy regulated by law.

We collect this data in a transparent way and only with the full knowledge of interested parties. Once this information is available to us, the following rules apply.

Our data will be:
• Accurate and kept up-to-date
• Collected fairly and for lawful purposes only
• Processed by us on the basis of either a valid contract, consent, legal compliance or
legitimate interest
• Protected against any unauthorised access or illegal processing by internal or external
parties.

Our data will not be:
• Communicated to any unauthorised internal or external parties
• Stored for longer than required for the purpose obtained
• Transferred to organisations, states or countries outside the European Economic Area
without adequate safeguards being put in place as required under Data Protection Law.
Our commitment to protect your data:
• Restrict and monitor access to sensitive data
• Develop transparent data collection procedures
• Train employees in data protection and security measures
• Build secure networks to protect online data from cyberattacks
• Establish clear procedures for reporting privacy breaches or data misuse
• Establish data protection practices (e.g., document shredding, secure locks, data encryption,
frequent backups either on premise or the cloud), access authorisation etc.).

We only engage with third-party service providers who provide sufficient guarantees to protect
your data following our instructions and are bound by a data processing agreement.

We do not provide marketing to children

Marketing
As part of improving our service to you, from time to time, we would like to inform you of
goods, services, competitions and/or promotional offers available from us. We may wish to use
different means when sending such marketing communications.

We may use your personal information to make you aware of products and services which may
be of interest to you. We can do this by using some of the personal information we hold about you to better understand your needs.

It includes information you tell us and information we collect when you use our products or services. This information helps us to understand which products, services and offers may be relevant for you based on your profile. It is in our and our member’ interests to use personal information this way to better understand our members’ needs and preferences so that we can create more tailored and suitable marketing messages.
We will use the following information about you to enable us to plan our marketing campaigns
for examples:

• Types of loans
• Your spending and saving habits
• Use transaction history/ account information
• Insurance or assurance linked to a product.
We can reach out to you with this information in all sorts of ways:

• through Mobile App,
• by e-mail,
• post
• telephone.
We will share your data with third parties’ software and marketing providers so that they may
send you messaging on our behalf.
Opt in
Where you have consented to marketing by opting in to marketing, we will send you marketing.
You have a right to notify us free of charge at any time that you wish to refuse such marketing
by writing to us at our address at the top of this document or by using the "opt-out" options in
any marketing message we send you.

We would like the opportunity to understand your experiences with us and to monitor the performance and effectiveness of our delivery of products and services to you. We would like to assess the quality of our member services. We promise to listen to our members and to adapt to
the recommendations provided to ensure our member is receiving the best quality service from your own credit union. From time to time, we may conduct member satisfaction surveys. Where we do so, we rely on the lawful processing of legitimate interest to enhance our service delivery.
A withdrawal option will be provided in all survey communication thereafter.

In the future, we may use credit scoring techniques and other automated decision-making
systems to either partially or fully assess your application. When introduced, we will inform you
in advance.

Your personal information may also be processed by other organisations on our behalf for the purposes outlined above. We may disclose your information where necessary to the following

A. Auditors
To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint
an external and internal auditor. We will allow the internal and external auditor to see our
records (which may include information about you) for these purposes.

B. All categories of individuals
• We have a legitimate interest to share your personal data with our approved
outsourced third-party providers, such as IT Service Providers including Cloud Providers,
legal advisors, business advisors, debt collectors, shredding company, security
company, printing company, CCTV company, administration services, internal and
external auditors, insurers, marketing consultants or subcontractors.

C. Personal Account Members, Guarantor and Club Members
• Where you authorised individuals to act on your behalf for example ward of court/Power of
Attorney
• Third parties we need to share your information with order to facilitate payments or
services you have requested. Examples include: Banks, Credit Unions, An Post or payment
service providers, payment schemes or systems (e.g. MasterCard), merchant acquirers and
providers of payment processing services;
• Those you ask us to share your information with.
• Where you instruct an Account Information Service Provider (AISP) to provide us with your
data. The AIS service change enables the Credit Union to connect directly with the Member
Bank account in order to extract historical transaction and balance information.
• When you apply to us for insurance and receive insurance we will collect and share your
data with ECCU Assurance DAC per the Terms and Conditions of product you signed up to.
• Where we share your joint account details and transactions with the other holder of the
account
• Following your instruction, we will share your information with your guarantor or
nominated person at point of payment
• Electronic Payments If you use our electronic payment services to transfer money into or
out of your credit union account or make payments through your debit card into your credit
union account, we are required to share your personal data with our electronic payment
service provider
• We may share your data with possible successors or merging Credit Unions
• We have a legitimate interest to share your personal data with our approved outsourced
third party providers, such as IT Service Providers, legal advisors, business advisors, debt
collectors, couriers, shredding company, security company, printing company, CCTV
company, administration services, internal and external auditors, insurers, marketing
consultants or subcontractors
• We have a legitimate interest to share your personal data for the processing of electronic
payments services on your account (such as credit transfers, standing orders and direct
debits, card based payments). The Credit Union is a participant of Payac. Payac is a credit
union owned, independent, not-for-profit company that provides an electronic payments
service platform for the credit union movement in Ireland. Payac is an outsourced model
engaging third party companies, such as a Partner Bank, to assist with the processing of
payment data for example as the Card Processor, as Bank Identification Number (BIN)
sponsor.
• We may share your data with possible successors or merging credit unions
• Statutory and regulatory bodies as legally required including but not limited to Regulators
Central Bank Ireland, Enforcement bodies, an Garda Siochana, Data Protection Commission,
the courts, fraud prevention agencies or other bodies; the Department of Social Protection
and the Financial Services and Pensions Ombudsman Bureau of Ireland, Irish Financial
Services Appeals Tribunal, Irish Revenue, debt recovery or fraud prevention agencies,
• We may share your data with Irish League of Credit Unions, Credit Union Development
Association.
D. Irish League of Credit Unions (ILCU) Affiliation
The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland)
provides professional and business support services such as marketing and public affairs
representation, monitoring, financial, guidance, compliance, risk, learning and development, and
insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit
union are bound to the credit union by) and the League Rules (by which the credit union is bound
to the ILCU). We may disclose information in your application or in respect of any account or
transaction of yours from the date of your original membership to authorised officers or
employees of the ILCU for the purpose of the ILCU providing these services to us.
The ILCU Savings Protection Scheme (SPS): We may disclose information in any application from
you or in respect of any account or transaction of yours from the date of your original
membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing
these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.
E. Nominee
The information relating to you as nominee has been provided to us by the member during their
lifetime.
Regulators Central Bank Ireland, Enforcement bodies, An Garda Siochana, Data Protection
Commission, the courts, Financial Services and Pensions Ombudsman Bureau of Ireland, Irish
Revenue, legal and professional advisers such as auditors and external legal counsel; Irish
League of Credit Unions, Credit Union Development Association, IT Provider, outsourced service
providers, potential mergers.
F. School Quiz entrants, winners and co-ordinators within the schools & Art competition
entrants and winners
Regulators Central Bank Ireland, legal and professional advisers such as auditors and external
legal counsel; Irish League of Credit Unions, Regional Chapter, associated named
school/club/organisation IT Provider, outsourced service providers, potential mergers.

The credit union, ECCU and its reinsurer, where applicable, are Joint Controllers of your personal
data which is processed in connection with your credit union’s policy with ECCU. ECCU Privacy Statement is provided when availing of the Loan Protection Insurance.

We will only retain personal data for as long as necessary for the purposes for which it was
collected as required by law or regulatory guidance to which we are subject or to defend any
legal actions. Where possible we record how long we will keep your data. Where that is not
possible, we will explain the criteria for the retention period. Unless required to defend a legal
claim, we hold your personal data based on the following criteria:
• Legal compliance
• Contractual terms and conditions for the products sold
• Regulatory compliance
• Until consent is withdrawn and the data is no longer needed
• Best practice for example CCTV footage is held for one month

Some third parties we share your data with may reside outside the European Economic Area
(which currently comprises the Member states of the European Union plus Norway, Iceland and Liechtenstein). If we do this, your information will be treated to the same standards adopted in
Ireland and include the following data protection transfer mechanisms:
• Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our
contracts with our service providers to ensure that any personal data leaving the EEA will be
transferred in compliance with EU data-protection law. Copies of our current Model Clauses
are available on request.
• Transfers to countries outside the EEA which have an adequate level of protection as
approved by the European Commission (such as the United Kingdom).
https://commission.europa.eu/law/law-topic/data-protection/international-dimensiondata-protection/adequacy-decisions_en. The adequacy decision on the EU-U.S. Data Privacy
Framework covers data transfers from any public or private entity in the EEA to US
companies participating in the EU-U.S. Data Privacy Framework
https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_3752.
• Transfers permitted in specific situations where a derogation applies as set out in Article 49
of the GDPR. For example, where it is necessary to transfer information to a non-EEA
country to perform our contract with you.

Erasure
When have I the right to all my personal data being deleted by the Credit Union?
You have the right to have your personal data deleted without undue delay if:
• The personal data is no longer necessary in relation to the purpose(s) for which it was
collected/processed
• You are withdrawing consent and where there is no other legal ground for the processing
• You object to the processing and there are no overriding legitimate grounds for the
processing
• The personal data has been unlawfully processed
• The personal data must be erased so that we are in compliance with legal obligation
• The personal data has been collected in relation to the offer of information society
services with a child.
What happens if the Credit Union has made my personal data public?
If we have made your personal data public, we, taking account of available technology and the
cost of implementation, will take reasonable steps, including technical measures, to inform
those who are processing your personal data that you have requested the erasure.
What happens if the Credit Union has disclosed my personal data to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them
of your request for erasure where possible. We will also confirm to you details of relevant third
parties to whom the data has been disclosed where appropriate.
Data portability
When can I receive my personal data in machine readable format from the Credit Union?
You have the right to receive your personal data, which you provided to the Credit Union, in a
structured, commonly used and machine-readable format. You have the right to transmit this data to another organisation without hindrance from the Credit Union to which the personal
data have been provided, where:
• processing is based on consent or contract and
• processing is carried out by automated means.
Would the Credit Union transfer the personal data to another service provider if I requested
this?
We can transfer this data to another company selected by you on your written instruction
where it is technically feasible taking account of the available technology and the feasible cost
of transfer proportionate to the service, we provide to you.
Under what circumstances can the Credit Union refuse?
You will not be able to obtain, or have transferred in machine-readable format, your personal
data if we are processing this data in the public interest or in the exercise of official authority
vested in us.
Will the Credit Union provide me with my personal data if the file contains the personal data
of others?
We will only provide you with your personal data, ensuring we protect the rights and freedoms
of others. Where personal data of another person may be on the same files as yours, we will
redact the full details of the other person.
Automated individual decision making
What are my rights in respect of automated decision making?
The Credit Union does not have any automated decision-making processes. Where any such
processes are introduced, we will provide you with the relevant information required under the
“General Data Protection Regulation”.
Object
Have I already been informed about my right to object?
We have informed you of your right to object prior to us collecting any of your personal data as
stated in our privacy statement.
When can I object to the Credit Union processing my personal data?
You can object on grounds relating to your situation at any time to processing of personal data
concerning you which is based on one of the following lawful basis:
• public interest or
• legitimate interest
including profiling based on those provisions.
The Credit Union will stop processing your personal data unless:
• we can demonstrate compelling legitimate grounds for the processing, which override
your interests, rights and freedoms or
• the processing is for the establishment, exercise or defence of legal claims.

What are my rights to object for direct marketing purposes?
Where your personal data is processed for direct marketing purposes, you have the right to
object at any time to processing of personal data concerning you for such marketing, which
includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, we will no longer process this
data for such purposes.
What are my rights to object in the use of information society services?
In the context of the use of information society services, you may exercise your right to object
by automated means using technical specifications.
Restrict processing
When can I restrict processing?
You may have processing of your personal data restricted:
• While we are verifying the accuracy of your personal data which you have contested
• If you choose restricted processing over erasure where processing is unlawful
• If we no longer need the personal data for its original purpose but are required to hold the
personal data for defence of legal claims
• Where you have objected to the processing (where it was necessary for the performance
of a public interest task or purpose of legitimate interests), and we are considering
whether our legitimate grounds override.
What if the Credit Union has provided my personal data to third parties?
Where we have disclosed your personal data in question to third parties, we will inform them
about the restriction on the processing, unless it is impossible or involves disproportionate
effort to do so.
How will I know if the restriction is lifted by the Credit Union and/or relevant third parties?
We will inform on an individual basis when a restriction on processing has been lifted.
Rectification
What can I do if the Credit Union is holding incorrect personal data about me?
Where you suspect that data, we hold about you is inaccurate, we will on demand, in
compliance to central bank rules, rectify any inaccuracies without undue delay and provide
confirmation of same.
What happens if the Credit Union has disclosed my personal data to third parties?
Where we have disclosed inaccurate personal data to third parties, we will inform them and
request confirmation that rectification has occurred. We will also provide you with details of
the third parties to whom your personal data has been disclosed.
Withdraw consent
Under what circumstances could I withdraw consent?
You can withdraw consent if we are processing your personal data based on your consent.

When can I withdraw consent?
You can withdraw consent at any time.
If I withdraw consent what happens to my current data?
Any processing based on your consent will cease upon the withdrawal of that consent. Your
withdrawal will not affect any processing of personal data prior to your withdrawal of consent,
or any processing which is not based on your consent.
Lodge a complaint
Can I lodge a complaint with the Data Protection Commission?
You can lodge a complaint with the Data Protection Commission in respect of any processing by
or on behalf of the Credit Union of personal data relating to you.
How do I lodge a complaint?
Making a complaint is simple and free. All you need to do is write to the Data Protection
Commission giving details about the matter. You should clearly identify the organisation or
individual you are complaining about. You should also outline the steps you have taken to have
your concerns dealt with by the organisation, and what sort of response you received from
them. Please also provide copies of any letters between you and the organisation, as well as
supporting evidence/material.
What happens after I make the complaint?
The Data Protection Commission will then take the matter up with the Credit Union on your
behalf.
Access your data
When do I have the right to access my personal data from the Credit Union?
Where the Credit Union process any personal data relating to you, you have the right to obtain
confirmation of same from us, and to have access to your data.
What information will the Credit Union provide to me?
If we are processing your personal data, you are entitled to access a copy of all such personal
data processed by us subject to a verification process to ensure we are communicating with the
correct person. We will provide any of the following information:
• why we are processing your personal data
• the types of personal data concerned
• the third parties or categories of third parties to whom the personal data have been or
will be disclosed. We will inform you if any of the third parties are outside the European
Economic Area (EEA) or international organisations
• how your personal data is safeguarded where we provide your personal data outside the
European Economic Area or to an international organisation
• the length of time we will hold your data or if not possible, the criteria used to determine
that period
• your rights to:
o request any changes to inaccurate personal data held by us
o have your personal data deleted on all our systems
o restriction of processing of personal data concerning you

o to object to such processing
o data portability
• your right to lodge a complaint with the Data Protection Commission
info@dataprotection.ie
• where we have collected your personal data from a third party, we will provide you with
the information as to our source of your personal data
• any automated decision-making ( which is currently not in place), including profiling which
includes your personal data. We will provide you with meaningful information about the
logic involved, as well as the significance and the envisaged consequences of such
processing for you.
What Information is not provided?
• Business Information pertaining to your role as an employee
• If we do not provide you with your personal data, we have an obligation to give reasons why
this personal data is being withheld.
How long will it take to receive my personal data from the Credit Union?
We will provide you with a copy of the personal data we are currently processing within one
month of request. In rare situations if we are unable to provide you with the data within one
month we will notify you, within one month of your valid request, explaining the reason for the
delay and will commit to delivery within a further two months.
How much will it cost me to receive my personal data?
We will not charge for providing your personal data unless we believe the request is excessive
and the cost of providing your data is disproportionate to your services provided.
Can I request additional copies of my personal data?
If you require additional copies, we will charge €20 to cover our administrative costs.
Can I receive my personal data electronically?
You can request your personal data by electronic means and we will provide your personal data
in a commonly used electronic form if technically feasible.
What will the Credit Union do if another person’s personal data is shared with my personal
data?
We will only provide you with your personal data, ensuring we protect the rights and freedoms
of others. Where personal data of another person may be on the same files as yours, we will
redact the full details of the other person.

If you have changed your name or your address provide the following

• current passport or driving licence,
• Proof of Address (no more than 6 months old) being a household utility bill,
• Statement from another financial institution,
• Social services document (issue by the Government), or documentation issued by the Revenue Commissioners.

Our contact details
071 9621828
info@heartlandcu.ie
www.heartlandcu.ie
Drop into to us

We want to protect your personal data. Please do not send the following information in the body of
an email:
• PPSN
• IBAN
• Health data
• Any special categories of data are defined by GDPR as processing of personal data revealing
racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union
membership, and the processing of genetic data, biometric data for the purpose of uniquely
identifying a natural person, data concerning health or data concerning a natural person’s
sex life or sexual orientation
• Passport copy or details
• Driving License copy of details
• Proof of address details
If you need to send such information, put the information into a Word document and password
protect it, send the password by ringing the Credit Union with the code.
If you send an email with any of the information above, the information will be transferred to our
banking system and the email will be deleted immediately.

The Credit Union scan all paper received from the members and related third parties and only hold
the scanned version of the personal data unless the Credit Union has a legal compliance to hold the
paper version of this data. The credit union may execute agreements with members by any form of
electronic signature. An electronic signature is conclusive evidence of the member’s intent to be
bound by this agreement and shall have the same legal validity and enforceability as a wet signature
for all purposes. If the Credit Union stores a duly executed copy of this agreement in an electronics
format, this constitutes an original of this agreement and may be relied on as evidence of
agreement.