Cara Credit Union LTD (Cara CU) takes Data Privacy very seriously. As a member of Cara CU, you will share personal information with us throughout the lifetime of our relationship. As your Credit Union, we will respect that information by fulfilling our obligations under the General Data Protection Regulations (GDPR) along with respecting your rights under the legislation.
Purpose of Data Collection, Processing or Use
Cara CU is a member-owned financial cooperative, democratically controlled by our members, and operated for the purpose of promoting thrift (money management), providing credit at competitive rates, and providing other financial services for our members. Data collection, processing and use are conducted solely for the purpose of carrying out these objectives.
How we collect data about you
We collect personal information from you at various stages, for example, when you open an account, lodge or withdraw, apply for a loan, use banking services or look for advice on products or services. Therefore, we may collect, store, and use the following categories of personal information about you:
• Your name, address, date of birth, email, telephone financial data, status and history, transaction data; contract data, details of the credit union products you hold with us, signatures, identification documents, salary, occupation, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPSN numbers, passport details, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage and telephone voice recordings
We may also collect, store and use the following “special categories” of more sensitive personal information:
• Information about your health, including any medical condition, health and sickness, relating to the purpose of insurance cover. We may also collect information from others, such as credit bureau Irish Credit Bureau (ICB) or the Consumer Credit Register (CCR), or through our website, apps, social media sites, community based discussion forums and CCTV footage.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
How we use Information
We use this information to:
1. Make recommendations about the products or services you hold with us
2. Decide how the products and services you don’t yet hold might be suitable for you
3. Decide how we will offer them to you, for example directly or through digital media
To protect your information we use security measures that comply with Irish law and meet international standards. This includes computer safeguards and secure files and buildings. We sometimes use other companies and individuals to work on our behalf or to give us information to help us make decisions. For example, to analyse data, collect debts, process information, and conduct market research. We contract with all third parties to whom we give your information for these purposes to keep your information confidential and to respect the laws on data protection.
Change of Purpose
You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Data Retention Periods
We will only retain your personal information for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. We document the reason(s) for our retention periods and where possible the retention periods themselves in our Retention Policy.
Your Marketing Preferences
As part of improving our service to you, from time to time, we would like to inform you of goods, services, competitions and/or promotional offers available from us. We may wish to use different means when sending such marketing communications. You can indicate by which methods you consent to being contacted, if any, by ticking “Yes” to each method of communication. You will also be given the right to change your preferences and to refuse such marketing by ticking “No” (”opt-out”) in any marketing message we send you. Please contact us directly should you wish to change or withdraw your consent.
Planned Data Transmission to Countries Outside the EEA
There are currently no plans to transmit data to third countries outside the European Economic Area (EEA).
Your Rights in Connection with your Personal Data
Access Request- To find out whether we hold any of your personal data, you can request that a copy of that data be furnished to you. You are also entitled to request further information about the processing.
Request Correction- You can request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.
Request Erasure- You can request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to Processing- You can object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Restriction of Processing- You can request the restriction of processing of your personal information. You can ask us to suspend processing personal information about you, in certain circumstances.
Consent- Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.
Portability of Data- Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that
we transfer your relevant personal data to another controller where it’s technically feasible to do so.
**Please note that the above rights are not always absolute and there may be some limitations**.
There is no fee in exercising any of your above rights, unless your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to verify your identity if we have reasonable doubts as to who you are, at the time of exercising any of the above rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
To help us to ensure that our information is up to date and accurate, please help us by telling us immediately if there are any changes to your personal information.
For queries in relation to any aspect of data protection, please contact the following person at Cara Credit Union:
The Data Protection Officer (DPO),
Cara Credit Union Ltd.
45-47 Ashe Street,
Tel: 066 712 2373
You also have the right to complain to the Supervisory Authority, which in Ireland is the Data Protection Commission (DPC), in respect of any processing of your data:
Data Protection Commission
Tel: 057 868 4800 or 0761 104 800
Lo Call Number: 1890 252 231
Complaints can be verbal or in writing but if verbal, the person shall be asked if (s)he wishes their complaint to be dealt with through the complaints process and where possible, shall complete a complaint form. If the complaint is not in person but over the phone, then a member of staff shall complete the form.
Who can make a complaint –
• A member of the credit union in their capacity as a member;
• Any former member of the credit union (in that capacity) who ceased to be a member of the credit union not more than six months previously;
• Any person claiming through any such member or former member (in their capacity);
• Any person claiming under the rules of the credit union.
Members can make their views known in the following ways-
• Members can place suggestions in the suggestion box provided, if they have any general ideas for improvements in service, additional service(s) or concerns as to the standard of services being provided. These may be signed or unsigned;
• Members can make informal oral complaints to the Complaints Officer or any member of staff. The staff member concerned shall point out the complaints procedure to the member and ask if (s)he would like to make a formal complaint. In the event that a member does not wish to make a formal complaint, the staff member concerned should note the complaint on a complaint form and forward to the Complaints Officer;
• A member may make a written complaint. Such a complaint can be made in writing and received by post, by e-mail or at interview with the Complaints Officer. This complaint shall be signed by the member and state clearly the grounds of complaint i.e. the service, the treatment, delay, decision, etc.
Complaints will be dealt with along the following timelines –
• Written acknowledgement of the complaint – Within 5 business days;
• Regular updates to the complainant – At intervals of not greater than 20 business days;
• Attempt to investigate and resolve a complaint – Within 40 business days; (where the 40 days has elapsed, and the complaint has not been resolved – Inform the complainant of the anticipated timeline in which CCU hopes to resolve the complaint. At the same time, CCU will inform the member that they can refer the matter to the Ombudsman and provide the member with the relevant contact details);
• On completion of the investigation – Inform the complainant within 5 business days of the outcome.
NOTE: Where a complaint relates to the Provision of the Member Current Account Service and where a member’s rights under the Payment Service Regulations 2018/PDS2 may have been affected/infringed, a time-frame of 15 business days must be complied with under PSD2.
Complaint Appeal– If you are not happy with the outcome of your complaint, you have the right to appeal the decision to the CEO. The CEO will issue a final decision on the complaint within 40 working days and the member will be advised of their statutory right to report the matter to the Financial Ombudsman at 3rd Floor Lincoln House, Lincoln Place, Dublin 2 Phone 01 -567 7000 or e-mail firstname.lastname@example.org