Data Protection Statement
Privacy Notice of Lisnaskea Credit Union Limited - including General, Account Opening, Lending and Guarantors
A credit union is a member-owned financial cooperative, democratically controlled by its members, and operated for the purpose of promoting thrift, providing credit at competitive rates, and providing other financial services to its members. Data collection, processing and use are conducted solely for the purpose of carrying out the abovementioned objectives.
This Privacy Notice is to provide you with information regarding the processing of information about you for account related purposes and other general purposes and to provide you with information on further processing that may be necessary where you apply for a loan with us.
Lisnaskea Credit Union Ltd is committed to protecting the privacy and security of your personal data. This privacy notice describes how we collect and use personal data about you during and after your relationship with us.
What personal data do we use?
We may collect, store, and use the following categories of personal data about you:
- Your name, address, date of birth, email, telephone financial data, status and history, transaction data; contract data, details of the credit union products you hold with us and have held with us, relationship to the borrower, signatures, identification documents, salary, occupation, accommodation status, source of funds, Politically Exposed Status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification Numbers (TIN)/National Insurance numbers, tax residency, passport details, driver licence, interactions with credit union staff and officers on the premises, by phone, or email, current or past complaints, CCTV footage.
General, Account Opening and Lending Privacy Notice
The purposes for which we use your personal data:
The credit union will use your personal data to assist it in carrying out the following:
- To open and maintain an account for you
- To meet our obligations to you under the Credit Union’s Standard Rules
- To contact you in respect of your account and any product or service you avail of
- To comply with our legal obligations for example anti-money laundering, to identify connected borrowers
- Assessing your loan application and determining your creditworthiness for a loan;
- Verifying the information provided by you in the application;
- We are obliged to purchase loan protection and life savings protection from ECCU;
- Conducting credit searches;
- Administering the loan, including where necessary, to take steps to recover the loan or enforce any security taken as part of the loan.
- Meeting legal and compliance obligations and requirements under the rules of the credit union.
- To comply with regulatory requirements to determine whether you are a connected borrower or related party borrower.
- Providing updates on our loan products and services by way of directly marketing to you.
Guarantors
Warning: As a guarantor of this loan, you will have to pay off the loan, the interest and all associated charges if the borrower does not. Before you sign this guarantee you may wish to get independent legal advice.
Purpose for which we process your personal data
- To ensure repayment of the loan and to facilitate the requirements of the contract between you and the credit union;
- To contact you in respect of your guarantee in the event of the change of circumstance of the member/ member getting into arrears;
- To contact you in respect of your guarantee in the event of the member getting into arrears;
- Collection of the debt;
- Conduct due diligence
We may also collect, store and use the following “special categories” of more sensitive personal data:
- Information about your health, including any medical condition, health and sickness (See Insurance for further details)
We need all the categories of information in the list above to allow us to; identify you, to contact you and in order that we perform our contract with you.
We also need your personal identification data to enable us to comply with legal obligations. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
How we use particularly sensitive personal data
”Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We may process special categories of personal data in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our data protection policy.
- Where it is needed in the public interest, and in line with our data protection policy.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
How secure is my information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes unless they are deemed to be controllers in their own right . We only permit them to process your personal data for specified purposes and in accordance with our instructions. Usually, information will be anonymised but this may not always be possible. The recipient of the information will also be bound by confidentiality obligations.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We sometimes use systems to make decisions based on personal data we have (or are allowed to collect from others) about you. This information is used for loan assessment and anti-money laundering purposes and compliance with our legal duties in that regard.
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Where possible we record how long we will keep your data, where that is not possible, we will explain the criteria for the retention period. This information is documented in our Retention Policy.
Guarantors: Your details will be held for six years following the date of demand, discharge, transfer or repayment of the loan
Once the retention period has expired, the respective data will be permanently deleted If you require further information please contact us. Please see our retention periods below.
- Evidence of identity checks to be maintained for 5 years after an individual ceases to be a member of the credit union;
- Details of member transactions are maintained for a period of 10 years after the transaction;
- Loan application information is maintained for a period of 6 years from the discharge, final repayment or transfer of the loan and 12 years where the document is under seal;
- Forms and records will be retained in individual member files for 6 years after the relationship with the member has ended
Planned data transmission to third countries
We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of this notice on our website at www.lisnaskeacu.com, or you can ask for an updated copy at any stage.
Our use and sharing of your information
We will collect and use relevant information about you, your transactions, your use of our products and services, and your relationships with us. We will typically collect and use this information for the following purposes:
This basis is appropriate where the processing is necessary for us to manage your accounts and credit union services to you
We will use the information provided by you, either contained in this form or any other form or application, for the purpose of assessing this application, processing applications you make and to maintaining and administer any accounts you have with the credit union.
We may appoint external third parties to undertake operational functions on our behalf. We will ensure that any information passed to third parties conducting operational functions on our behalf will do so with respect for the security of your data and will be protected in line with data protection law.
In order to secure repayment of the loan, it may be necessary to obtain security such as a charge on your property or other personal assets.
Credit Referencing Agencies
In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:
- Transunion at transunion.co.uk/crain
- Equifax at equifax.co.uk/crain
- Experian at experian.co.uk/crain
They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.
Credit Reference Agencies also share information about people with many financial organisations.
Their records can tell us:
- whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
- your previous addresses;
- information on any businesses you may own or have owned or directed;
- whether you are financially linked to another person, for example by having a joint account or shared credit;
- whether you have changed your name;
- whether you have been a victim of fraud.
Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.
They also use publicly available information to record information about people, including information from:
- The Royal Mail Postcode Finder and Address Finder;
- The Electoral Register;
- Companies House;
- The Accountant in Bankruptcy and other UK equivalents;
- The Insolvency Service and other UK equivalents;
- County Court Records.
This tells us, among other things:
- Your age, address and whereabouts;
- whether you are on the Electoral Register;
- whether you have been declared bankrupt;
- whether you are insolvent; and
- whether there are any County Court Judgements against you.
Credit Reference Agencies may also be Fraud Prevention Agencies.
We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:
- confirming your identity;
- verifying where you live;
- making sure what you have told us is accurate and true;
- checking whether you have overdue debts or other financial commitments; and
- confirming the number of your credit agreements and the balances outstanding together with your payment history.
We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:
- to identify, prevent and track fraud;
- to combat money laundering and other financial crime; and
- to help recover payment of unpaid debts.
We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.
We may use automated decision making in processing your personal and financial information to make credit decisions.
It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.
The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.
When you apply for a loan and / or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.
Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.
Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.
We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.
The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.
We will share your:
- name;
- address;
- date of birth;
- contact details;
- financial information;
- employment details;
- Device identifiers, including IP address; and
- Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.
As part of your loan conditions, we may make the requirement for the appointment of a guarantor a condition of your loan agreement in order that credit union ensures the repayment of your loan. Should your account go into arrears, we may need to call upon the guarantor to repay the debt in which case we will give them details of the outstanding indebtedness. If your circumstances change it may be necessary to contact the guarantor.
The ILCU (a trade and representative body for credit unions in Ireland and Northern Ireland) provides professional and business support services such as marketing and public affairs representation, monitoring, financial, compliance, risk, learning and development, and insurance services to affiliated credit unions. As this credit union is affiliated to the ILCU, the credit union must also operate in line with the ILCU Standard Rules (which members of the credit union are bound to the credit union by) and the League Rules (which the credit union is bound to the ILCU by). We may disclose information in your application or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services to us.
We may disclose information in any application from you or in respect of any account or transaction of yours from the date of your original membership to authorised officers or employees of the ILCU for the purpose of the ILCU providing these services and fulfilling requirements under our affiliation to the ILCU, and the SPS.
The Privacy Notice of ILCU can be found at www.creditunion.ie
As part of our affiliation with the ILCU, we purchase insurance from ECCU Assurance DAC (ECCU), a life insurance company, wholly owned by the ILCU. This includes Life Savings (LS), Loan Protection (LP), and optional related riders (where applicable).
If you choose to take out a loan with us, it is a term of your membership, by virtue of our affiliation with the ILCU that the credit union will apply to ECCU for Loan Protection (LP). In order that we apply for LP it may be necessary to process ‘special category’ data, which includes information about your health. This information will be shared with ECCU to allow it deal with insurance underwriting, administration and claims on our behalf.
To help us improve our service to you, we may use information about your account to help us improve our services to you.
The Credit Unions (Northern Ireland) Order 1985 (as amended) provides, in the circumstances where you become unable to transact on your account, due to a mental incapability and no person has been legally appointed to administer your account, that the Board of Director may allow payment to another who it deems proper to receive it, in order that the money be applied in your best interests. In order to facilitate this, medical evidence of your incapacity will be required which will include data about your mental health. This information will be treated in the strictest confidentiality.
Our legal duty
This basis is appropriate when we are processing personal data to comply with UK or Northern Ireland Law
We may share information and documentation with domestic and foreign tax authorities to establish your liability to tax in any jurisdiction. Where a member is tax resident in another jurisdiction the credit union has certain reporting obligations to HM Revenue and Customs (HMRC) under the Common Reporting Standard. HMRC will then exchange this information with the jurisdiction of tax residence of the member. We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions. The legal basis upon which we do this is compliance with HM Revenue and Custom’s Automatic Exchange of Information standard. We may also share information in respect of dividends and interest payments to members to HMRC where required by law.
To meet our duties to regulators (the Financial Conduct Authority (FCA) and the Prudential Regulation Authority ((PRA), we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a member. We may also share information with certain statutory bodies such as Department for the Economy (DfE), the Financial Services Compensation Scheme (FSCS) and Financial Ombudsman Service (FOS) if required by law.
The information provided by you will be used for compliance with our customer due diligence and screening obligations under anti-money laundering and combating terrorist financing obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and associated legislation.
To meet our legislative and regulatory duties to maintain audited financial accounts, we appoint an external auditor. We will allow the external auditor to see our records (which may include information about you) for these purposes.
We are obliged further to regulatory obligations to identify where borrowers are connected in order to establish whether borrowers are acting to together to achieve an aggregate loan that exceeds the limits set out in our lending policy.
The Credit Unions (Northern Ireland) Order 1985 (as amended) allows members to nominate a person(s) to receive a certain amount from their account on their death, subject to a statutory maximum. The credit union must record personal data of nominees in this event.
Legitimate interests
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Credit Assessment and Credit Reference Agencies:
We may share information you have provided to us with credit reference agencies to verify your identity and suitability for a loan, using information from the Electoral Register and other public sources. When you apply to us for a loan, we may check the following records about you:
- our own records;
- records at credit reference agencies. When credit reference agencies receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information; and
- Those at fraud prevention agencies.
Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. When using the service of a credit referencing agency we will pass them your personal details and details of your credit performance.
The searches may also assess your application for the purpose of verifying identities, to prevent and detect crime and money laundering. We may also make periodic searches at credit reference agencies and fraud prevention agencies to manage your account with us a part of our ongoing customer due diligence.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together so you must be sure that you have their agreement to disclose information about them. Credit reference agencies also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the credit reference agencies to break that link.
If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention. Further information about credit reference agencies, and financial connections and how they may be ended, can be obtained from the Credit Reference Agency Information Notice (CRAIN) which sets outs how the three main credit reference agencies Callcredit, Equifax and Experian, each use and share personal they receive about you and/or your business that is part of or derived from or used in credit activity. CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit www.callcredit.co.uk/crain; Equifax; www.equifax.co.uk/crain; Experian www.experian.co.uk/crain
Where you breach the loan agreement we may use the service of a debt collection agency, solicitors or other third parties to recover the debt. We will pass them details of the loan application in order that they make contact with you and details of the indebtedness in order that they recover the outstanding sums Our legitimate interest: The credit union, where appropriate will necessary take steps to recover a debt to protect the assets and equity of the credit union
We may carry out searches in Stubbs Gazette in order to assess your credit worthiness to repay a loan Our legitimate interest: The credit union, for its own benefit and therefore the benefit of its members, must lend responsibly and will use your credit scoring information in order to determine your suitability for the loan applied for. In carrying out such a search we can better determine your overall financial position in order to lend to you.
We have CCTV footage installed on the premises with clearly marked signage. The purpose of this is for security. Our legitimate interest: With regard to the nature of our business, it is necessary to secure the premises, property herein and any staff /volunteers/members or visitors to the credit union.
Your consent
To help us improve and measure the quality of our products and services we undertake market research from time to time. This may include using the Irish League of Credit Unions and/ specialist market research companies. See section on Your Marketing Preferences.
[This credit union is involved with the Art competition in liaison with the ILCU. Upon entry you will be given further information and asked for your consent to the processing of personal data. Your information is processed only where you have given consent. Where the person providing consent is below 16* then we ask that the parent/legal guardian provide the appropriate consent. A separate privacy notice is included in all Art Competition entry forms.
This credit union is involved in the Schools Quiz in liaison with the ILCU. The Schools Quiz is open to entrants aged 4 to 13. Upon entry parent/legal guardians will be given further information and asked for their consent to the processing of their child’s personal data. This information is processed only where consent has been given. Where the person providing consent is below 16* then we ask that the parent/legal guardian provide the appropriate consent. A separate privacy notice is included in all School Quiz entry forms.
To find out whether we hold any of your personal data and if we do to request access to that data that to be furnished a copy of that data. You are also entitled to request further information about the processing.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified.
Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Request the restriction of processing of your personal information. You can ask us to suspend processing personal data about you, in certain circumstances.
Where we are processing your data based solely on your consent you have a right to withdraw that consent at any time and free of charge.
Request that we: a) provide you with a copy of any relevant personal data in a reusable format; or b) request that we transfer your relevant personal data to another controller where it’s technically feasible to do so. ‘Relevant personal data is personal data that: You have provided to us or which is generated by your use of our service. Which is processed by automated means and where the basis that we process it is on your consent or on a contract that you have entered into with us
You have a right to complain to the Information Commissioners Office (ICO) in respect of any processing of your data by;
If you have further questions, please get in touch with us at You have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR.
The contact details for the Data Protection Commission (DPC) in Ireland are:
We will communicate any material changes to our Data Protection Statement.
Lisnaskea Credit Union – Updated
**Please note that the above rights are not always absolute and there may be some limitations.
If you want access and or copies of any of your personal data or if you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we send you a copy/a third party a copy your relevant personal data in a reusable format please contact the manager in writing using their contact details above.
There is no fee in using any of your above rights, unless your request for access is clearly unfounded or excessive. We also reserve the right to refuse to comply with the request in such circumstances.
We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Ensuring our information is up to date and accurate
We want the service provided by us to meet your expectations at all times. Please help us by telling us straightaway if there are any changes to your personal information. If you wish to avail of either of these rights, please contact us at 02867742888.
We are Lisnaskea Credit Union.
You can find us at:
Data Protection Officer
Queries relating to Data Protection or relating to exercising any of your Data Privacy rights should be directed to our Data Protection Officer:
Name : John Nealon
Phone : 00353872436872