This notice applies to any personal data (personal information) we receive from you, that we create or that we obtain from other sources. It also explains how we will use your personal data.
1.1 The Controller
When we refer to “Finance Ireland”, “we”, “us” or “the Group” we are referring to Finance Ireland Credit Solutions DAC t/a Finance Ireland Leasing, Finance Ireland Residential Mortgages, Finance Ireland Agri and Finance Ireland Commercial Mortgages, Finance Ireland Agri Funding DAC (where you have a MilkFlex facility) and Fics Holdings (One) DAC (where your product is funded or part funded by the Strategic Banking Corporation of Ireland).
The controller in respect of your personal data for the purposes of data protection law is:
- Finance Ireland Credit Solutions DAC t/a Finance Ireland Leasing, Finance Ireland Residential Mortgages, Finance Ireland Agri and Finance Ireland Commercial Mortgages; and/or
- Finance Ireland Agri Funding DAC, if you have a MilkFlex facility; and/or
- Fics Holdings (One) DAC, if your product is funded or part funded by the Strategic Banking Corporation of Ireland (SBCI)
Where you have a MilkFlex facility, Finance Ireland Credit Solutions DAC (“FICS”) will initially act as the controller of your personal data for your MilkFlex facility. If and to the extent that FICS sells its rights and interests in your MilkFlex facility, the buyer (who may be Finance Ireland Agri Funding DAC) will become the data controller of your personal data. In such circumstances, FICS may continue to process your personal data on behalf of the buyer when providing loan management services.
We collect and use your personal data and where applicable, this may include information related to your spouse/partner, directors, partners and owners (who are referred to as your “associates”). We are responsible for ensuring that we use all personal data in compliance with data protection law.
1.2 How you can contact us
Please contact us if you have any questions about this privacy notice or personal data we hold about you.
Finance Ireland Ltd,
85 Pembroke Road,
Phone: 01 6425381
Please help us to keep your records up to date by notifying us of any changes to your personal details.
2. Personal data that we collect about you and your associates
Personal data means any information about a person which can identify them. Examples of personal data are given below. It does not include data where the identity has been removed (which is called anonymous data). We will collect and use the following personal data about you and your associates.
2.1 Personal data you give us
- This is information about you and your associates that you give us by filling in forms (e.g. an application form) or by communicating with us (by telephone, email etc.). The information you give us may include your and your associates’ name, address, email address, telephone number, date of birth, gender, marital status, financial information, occupation, employment history, health information, credit history, identification records, qualifications and details of your finances (e.g. income, assets, bank accounts, shares and other investments).
- If you give us information that does not relate to you (for example, information about your associates), you must provide the person you are identifying with a copy of this Privacy Notice. You must also obtain their consent to share their personal data with us.
2.2 Personal data we collect or generate about you and your associates
- Website usage Information – Our website uses Google Analytics to automatically gather certain statistical information, such as the number and frequency of visitors and their IP addresses. This information is used as aggregated statistical information about users, providing usage by IP address. This information helps us to measure how individuals use the website and our services, so that we can continually improve them.
- Phone information – We may record telephone conversations to process applications; manage facilities; resolve complaints improve our service; and for training, verification and quality assurance purposes.
- We generate data for statistical analysis.
For full details on what cookies are, what they do, and which cookies are used by us, please see www.financeireland.ie/cookie-policy/
2.4 Personal data we receive from other sources
- Financial and credit information – We will use information provided by credit reference agencies when we assess your application for finance and to verify your identity and any of your associates’ identities. Such information may include details of other credit you have taken out, any credit arrangements you have met or failed to meet, and any court judgments made against you.
- Fraud prevention agencies – When verifying your identity as part of our application process, we may access information recorded by fraud prevention agencies in Ireland and abroad. This may include information about any criminal convictions and any allegations regarding criminal activity that relate to you.
- Intermediaries – We will receive information from dealers, brokers, introducers and Co-ops for the MilkFlex product. This includes your personal details, contact details and relevant asset and financial details for the purposes of entering in to and administering your agreement.
- Public databases – We may obtain information about you and your associates from public databases. We use reputable sources such as the electoral register and the Companies Registration Office. We use appropriate measures to check the quality of the information we collect.
- Co-op and accountant – We will obtain information relating to the supply of milk (including deductions, payments, milk volumes and revenue realised in relation to milk volumes). We will obtain information about any bad debt history, your MilkFlex facility, and any notifiable disease in any herd owned or operated by you. We will also look for confirmation if you are, or were, a member of a Sustainable Dairy Assurance Scheme or an equivalent scheme.
2.5 Where you do not provide your personal data
If you do not provide us with your personal data, we may not be able to provide you with our services or respond to your questions or requests. We will tell you when we ask for personal data that is necessary as a contractual requirement or to comply with our legal obligations.
3. Purpose and legal basis for processing personal data
We will hold, process and may disclose personal data for the following purposes:
4. Further details on credit searches, scoring and crime prevention
We may carry out a search with a credit reference agency e.g. the ICB and Central Credit Register who will keep a record of our enquiry against your name and which may be linked to your associates (“associated records”). For the purposes of any application for products or services from us, you may be assessed with reference to “associated records”. Where any search or application is completed, or agreement entered into involving joint parties, we may record details at credit reference agencies, as a result an “association” will be created that will link your financial records. Details of which credit reference agency we have used are available on request. We may also add to your or, if applicable, your business’, record with the credit reference agencies details of your agreement with us, any payments you make under it and any default or failure to keep to its terms. These records will remain on the credit reference agencies’ files for 6 years after our agreement with you is settled or terminated whether settled by you or, if applicable, your business or by way of default. These credit reference agencies may create, or add to, their own record about you, or, if applicable, your business, details of our search and your application. This and other information about you or, if applicable, your business and those with whom you are linked financially may be used to make credit decisions about you or your business.
The ICB of ICB House, Newstead, Clonskeagh, Dublin 14 (firstname.lastname@example.org) shall process the personal data identified in your proposal form. The legal basis upon which ICB relies to process this personal data is its Legitimate Interests (GDPR Article 6 (f)), namely for promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention. Please review ICB’s Fair Processing Notice which is available at www.icb.ie/pdf/fair processing agreement.
5. Sharing your personal data
It documents who they are, what they do, details of their Data Protection Officer, how it gets the data, why they take it, what personal data they hold, what they do with it, how long they retain it, who they share it with, what entitles them to process the data (legitimate interests), what happens if your data is inaccurate and your rights i.e. right to information, right of access, right to complain, right to object, right to restrict, right to request erasure and right to request correction of your personal information.
We may disclose your personal data within the Finance Ireland group of companies and to third-party service providers in the following circumstances:
- To ensure the delivery or maintenance of products or services you have taken out with us
- To ensure the safety and security of our data
- As part of our internal research and statistical analysis activity
We will take steps to ensure that the personal data is accessed only by personnel that need to do so for the purposes described in this Privacy Notice.
Outside of the Finance Ireland group of companies, we may also share your personal data with:
- Your Co-op in the event that you have been approved for a MilkFlex facility
- An insurer or insurers for administration
- Insurance claims handlers and fraud prevention agencies
- Any guarantor
- Any funder or potential funder of Milkflex facilities
- Any funder in the event of securitisation
- Any broker or introducer of an agreement with us
- Tracing and repossession agents
- Potential or actual buyers of your Milkflex facility (and their officers, employees, agents and advisors) if we sell, or are considering selling, your facility
- Potential or actual buyers (and their officers, employees, agents and advisors) if we sell, or are considering selling, any of our business or assets
- Potential or actual buyers (and their officers, employees, agents and advisors) if we are acquired by a third party or if a third party is considering acquiring us
- Accountants, tax advisors, project monitors, valuers, solicitors, engineers, architects, quantity surveyors, planning consultants, industry specialists and any other parties deemed necessary to assist us in the provision of our services to you – in the event that you are being provided with a residential or commercial mortgage
- Third-party agents or contractors (for example, the providers of our electronic data storage services or call centres) for the purposes of providing services to us
- Third-party affiliates who may wish to offer you products and services which may be of interest to you – with your consent
These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Notice.
We may also share your personal data outside of the Finance Ireland Group where we are required to do so by law. For example, we may be legally obliged to share your personal data with third parties such as credit agencies, the Companies Registration Office, the Central Credit Register and the Central Bank of Ireland. We may also share your personal data if it is necessary in order for us to establish, exercise or defend our legal rights.
In the event that your funding is supported by the Strategic Banking Corporation of Ireland (“SBCI”), both we and the SBCI may disclose the information for the purposes of: (i) determining eligibility for the particular SBCI Scheme; (ii) anti-money laundering / financing of terrorism or fraud; (iii) Finance Ireland and SBCI’s reporting functions in accordance with the Scheme; and (iv) conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as controller for the purposes of applicable data protection law. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/). For further information on how the SBCI handles personal data, including information about your data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at: https://sbci.gov.ie/.
Transfer of personal data outside the European Economic Area
The information you provide to us will be transferred to and stored on our secure servers in the European Economic Area (EEA). However, from time to time, your personal data may be transferred to, stored in, or accessed from a destination outside the EEA such as the US.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data is protected by us inside the EEA. This can be done in a number of ways, for instance:
- The country that we send the data to might be approved by the European Commission or a relevant data protection authority (Article 45 GDPR)
- The recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data (Article 46 GDPR)
- A recipient located in the US be a certified member of the EU-US Privacy Shield scheme (Article 46 GDPR)
In other circumstances, the law may permit us to transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us. Our contact details are in section 1.2.
6. How long we keep your personal data
How long we hold your personal data will vary. The retention period will be determined by various criteria including:
- The purpose for which we are using it – We will need to keep the data for as long as is necessary for that purpose
- Legal obligations – Laws or regulation may set a minimum period that we have to store your personal data (e.g. Central Bank of Ireland codes and regulations, and anti-money laundering obligations)
In accordance with the Statute of Limitations, if you are a customer, we will retain your personal data for seven years following the end of our relationship with you, unless we are required by law to keep it for a longer period of time (in which case, we will keep it until the expiry of the period required by law).
7. Your rights
You have specific rights in relation to your personal data under GDPR. However, these may be subject to certain limitations and restrictions.
You can make requests to us if you would like exercise your rights, as listed in the table below.
We will respond to any valid request within one month, unless it is particularly complicated, or you have made repeated requests (in which case we will respond within three months, at the latest). We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay.
You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive (in which case, we will charge a reasonable fee in the circumstances or refuse to act on the request).
If you wish to exercise any of these rights, please contact us (see section 1.2). We may request proof of identification to verify your request.
What this means
Right to withdraw consent
If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time (see Contact Us section 1.2). However, your withdrawal of your consent will not invalidate any previous processing we carried out which was based on your consent.
Right of access
You can request a copy of the personal data we hold about you.
Right to rectification
You have the right to request that we correct any inaccuracies in the personal data we hold about you and that we complete any personal data where it is incomplete.
Right to erasure (‘right to be forgotten’)
You have the right to request that your personal data is deleted in certain circumstances, including where:
However, this right does not apply where, for example, the processing is necessary:
Right to restriction of processing
You can ask that we restrict your personal data (i.e. keep but not use) where:
We can continue to use your personal data:
Right to data portability
Where you have provided personal data, you have a right to have it returned in a structured, commonly-used and machine-readable format You also have a right to have the data transmitted to a third-party controller without hindrance but in each case only where:
Right to object
You have a right to object to the processing of your personal data where we are processing your personal data in reliance on our legitimate interests. In these cases, we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests. You have a right to request information on the balancing test we have carried out.
You also have a right to object where we are processing your personal data for direct marketing purposes.
With certain exceptions, you have a right not to be subjected to decisions based solely on automated processing which produce legal effects concerning you or which significantly affect you.
Exceptions are where the automated decision-making is:
Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision, so that you can contest it and explain your point of view and circumstances.
Right to complain
If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement,
Irish Data Protection Commission:
Phone: +353 (0)761 104 800.
8. Changes to our Privacy Notice
We keep our Privacy Notice under regular review. If we make any changes, we will post those changes here and update the “Last updated” date at the bottom of this Privacy Notice. However, if we make material changes to our Privacy Notice, we will notify you in writing by email or by means of a prominent notice on our website before the change becomes effective. Please check back frequently to see any updates or changes to our Privacy Notice.
Last updated: May 2019