Finance Ireland’s Privacy Policy

Introduction

This notice explains how we use your personal data.

It is important that you take the time to read this notice so that you understand how we use your personal data and your rights in relation to your personal data.

The Controller

This notice applies to all our products and services. When we refer to “Finance Ireland”, “we”, “us” or “the Group” we are referring to Finance Ireland Credit Solutions DAC t/a Finance Ireland, Finance Ireland Leasing, Finance Ireland Residential Mortgages, Finance Ireland Agri, Finance Ireland Motor & Leasing, Polestar Financial Services, and Finance Ireland Commercial Mortgages.

The controller in respect of your personal data for the purposes of data protection law is:

Finance Ireland Credit Solutions DAC, for leasing, hiring, consumer loans, residential mortgages, or agri finance; and/or
Finance Ireland Agri Funding DAC, if you have a MilkFlex facility; and/or
Fics Holdings (One) DAC, if your product is funded or part funded by the Strategic Banking Corporation of Ireland (SBCI); and/or
Finance Ireland Property Finance DAC, if you have a commercial mortgage.

Please note that Finance Ireland primarily obtains new customers via intermediaries such as car dealers, mortgage brokers, and dairy Co-Ops. In most cases these intermediaries are acting as data controllers and they may process your data for other purposes of their own for which we are not responsible, for example, they may provide your data to more than one lender in order to compare product offerings for you. Please refer to your intermediary’s privacy notice for details.

How you can contact us

Please contact our Data Protection Officer if you have any questions about this privacy notice or personal data we hold about you.

Write to: Privacy, Finance Ireland Ltd, 85 Pembroke Road, Ballsbridge, Dublin 4.

Phone: (01) 642 5380

Email: privacy@financeireland.ie

Please help us to keep your records up to date by notifying us of any changes to your personal details.

Personal data that we collect about you and your associates

Personal data means any information about an identifiable person. It does not include data where the identity has been removed (which is called anonymous data). We collect and use your personal data and where applicable, this may include information related to your spouse/partner, directors, partners and business owners (who are referred to as your “associates”). We are responsible for ensuring that we use all personal data in compliance with data protection law.

We will collect and use the following personal data about you and your associates:

Personal data you give us

This is information about you and your associates that you give us by filling in forms (e.g. an application form) or by communicating with us (by telephone, email etc.). The information you give us may include your and your associates’ name, address, email address, telephone number, date of birth, gender, marital status, financial information, occupation, employment history, health information, credit history, identification records, qualifications and details of your finances (e.g. income, assets, bank accounts, shares and other investments).
If you give us information that does not relate to you (for example, information about your associates), you must provide the person you are identifying with a copy of this Privacy Notice.

Sensitive or special categories of data

We may process information about you which includes sensitive or special categories of personal data. We will only process this data when we need to for the purposes of the product or services we provide to you, where we are processing the data for a substantial public interest, where we have a legal obligation or where we have your consent to do so. Examples of when we use this type of data include:

Medical information, for example, where you choose to discuss your circumstances with us and this includes medical information.
If you have criminal convictions, we may process this information in the context of compliance with our legal obligations.
We may ask you to take a live photo when you apply online, so that we can match your image to your photo ID through facial recognition. This is referred to as biometric information.

Personal data we collect or generate about you and your associates

Website usage Information – Our website uses Google Analytics to automatically gather certain statistical information, such as the number and frequency of visitors and their IP addresses. This information is used as aggregated statistical information about users, providing usage by IP address. This information helps us to measure how individuals use the website and our services, so that we can continually improve them.
Phone information – We may record telephone conversations to process applications; manage facilities; resolve complaints; improve our service; and for training, verification and quality assurance purposes.
We generate data for statistical analysis.

Use of cookies

For full details on what cookies are, what they do, and which cookies are used by us, please see /cookie-policy-finance-ireland/.

To enable you to sign in and personalise your online experience, we use “cookies”. A cookie is a small text file that is stored in your web browser on your computer, tablet or smartphone. We use cookies to store your personal preferences – so that you do not have to enter the same information every time you visit our site. We also use them to display your personalised content and provide you with appropriate adverts. Cookies cannot be used to run programs or deliver viruses.

Personal data we receive from other sources

Intermediaries – When you apply for finance through a third party (e.g. car dealer, broker, introducer, solicitor or Co-op), they may provide us with your personal data for the purposes of assessing, entering into and administering your agreement. This may include your personal details, contact details and relevant asset and financial details.
Financial and credit information – We will use information provided by credit reference agencies when we assess your application for finance and to verify your identity and any of your associates’ identities. Such information may include details of other credit you have taken out, any credit arrangements you have met or failed to meet, and any court judgments made against you.
Fraud prevention agencies – When verifying your identity as part of our application process, we may access information recorded by fraud prevention agencies in Ireland and abroad. This may include information about any criminal convictions and any allegations regarding criminal activity that relate to you.
Public databases – We may obtain information about you and your associates from public databases. We use reputable sources such as the electoral register and the Companies Registration Office. We use appropriate measures to check the quality of the information we collect.
Co-op and accountant – Where your facility involves an agreement with a dairy Co-Op in order to facilitate repayment, we will obtain information relating to the supply of milk (including deductions, payments, milk volumes and revenue realised in relation to milk volumes). We will obtain information about any bad debt history, your facility, and any notifiable disease in any herd owned or operated by you. We will also look for confirmation if you are, or were, a member of a Sustainable Dairy Assurance Scheme or an equivalent scheme.

Purpose and legal basis for processing personal data

We will hold, process and may disclose personal data for the following purposes. If you do not provide us with the information we need, we may not be able to provide our services.

Purpose	Legal basis
To verify your identity and the information in the application form when new customers open an account (including phoning you). To assess your suitability for the products and services that you have requested (including eligibility for the Strategic Banking Corporation of Ireland Scheme) and decide whether to enter into an agreement with you. To share with your Co-op if you have been approved for a MilkFlex facility. To perform a credit check on you. Please see further details in section 4 below. To manage, administer and make decisions regarding your agreement, facility, or guarantee (and to enforce it, when necessary). To carry out our obligations arising from any agreements you enter into with us. To make payments. To recover money or assets. For fraud prevention purposes, including information about any criminal convictions and any allegations regarding criminal activity that relate to you. These are subject to suitable and specific measures being taken to safeguard your fundamental rights and freedoms.	The processing of your personal data is necessary to perform a contract or enter into a contract with you. Where processing is necessary to perform a contract which is not with you but relates to you, e.g. a contract with a company for which you are a Director, owner, or other related party, we process your data on the basis of our legitimate interests.
To allow us to detect and prevent fraudulent, money laundering, or terrorist financing activity, and to allow us to share personal data with crime prevention agencies. For the completion of AML/CFT customer due diligence and ongoing monitoring as required by the Criminal Justice Act 2010 (as amended). To meet our legal and regulatory obligations, including internal compliance reviews, internal and external audits, and external reporting. To ensure the security and privacy of your data under data protection law. To provide information to the Central Credit Register (see section 4). To conduct statistical analysis in order to improve our credit risk profile, tackle fraud, and improve our credit decisions. This may include statistical analysis of your personal data, even if your application is declined by us or if you decide not to complete your application with us.	This use of the data is necessary in order for us to comply with any legal or regulatory obligations.
To provide you with information, products or services that you may request from us. To retain your personal data for decisions on future applications for credit, even if your current application is declined by us or if you decide not to complete your current application with us (where this is allowed by law). To contact you in relation to the administration of your account. To carry out quality control research and internal reporting. To identify and offer you tailored products and services that are suitable for you and improve our service to you. If we sell (or are considering selling) any of our business, assets, or your Milkflex facility, we may disclose your personal data to the prospective buyer for due diligence purposes. This may include potential or actual buyers of your Milkflex facility (and their officers, employees, agents, and advisors). If we are acquired by a third party or a third party is considering acquiring us, personal data held by us about you may be disclosed to potential or actual buyers (and their officers, employees, agents, and advisors). If you are an introducer, agent, dealer, solicitor, or broker working with us, we will process your data and where relevant the data of your employees, in order to process customer applications or purchases.	This use of your data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes (such as improving customer service, market research, quality assurance and training staff). It is also necessary for the prevention and detection of crime, provided our interests are not overridden by your interests. Please note that in certain circumstances, you have a right to object to the processing of your personal data where that processing is carried out for our legitimate interest.
If you are a residential mortgage customer, we (or a mortgage intermediary on our behalf) may require information such as references, and details of your income and existing financial commitments. We may need this in order to confirm the personal data in your application, assess or review lending risks, recover debts, and prevent fraud. To obtain this information, we may – with your consent – contact your current and/or previous employers, accountant, solicitor, landlord, lenders, insurance companies, tax authorities, pension providers and any other person or body we consider necessary. We may need to obtain consent to obtain sensitive information. If you perform our online application process, we may require your consent to process your photograph, which will undergo facial recognition. You may also choose to disclose health and other sensitive information in limited circumstances (such as if you are experiencing a health issue which is affecting your ability to repay a loan). This may be recorded on our systems or the systems of an approved third-party service provider. At your request, and with your written consent, we will liaise with a third party nominated by you to act on your behalf. You have consented to us contacting you at your workplace, where it is not your residence. If you have a MilkFlex or Fund Equip facility, where we are permitted to contact the relevant Co-op and accountant to obtain certain information directly from the specified Co-op and accountant. Where we are permitted to do so, to send promotional information about our products and services via email, post and telephone.	Where you have given consent to the processing of your personal data for direct marketing – which you may withdraw at any time. Please note that where we process your personal data for direct marketing, you have a right to object to the processing.

Further details on credit searches, scoring and crime prevention

We may carry out a search with a credit reference agency e.g. the Central Credit Register who will keep a record of our enquiry against your name and which may be linked to your associates (“associated records”). For the purposes of any application for products or services from us, you may be assessed with reference to “associated records”. Where any search or application is completed, or agreement entered into involving joint parties, we may record details at credit reference agencies, as a result an “association” will be created that will link your financial records.

We may also add to your or your business’ credit record with details of your agreement with us, and any payments, default, or breach of terms in relation to the agreement. These records will remain on the credit reference agencies’ files for 5 years. This 5-year period generally runs from the date of final repayment/closure of the loan in question. These credit reference agencies may create or add to their own record about you or your business with details of our search and your application. This and other information about you or your business and those with whom you are linked financially may be used to make credit decisions about you or your business. Where personal data is shared with the Central Credit Register, the Central Credit Register will also share it with the Central Statistics Office (excluding PPSN, Eircode and contact numbers). For more information please see the Central Credit Register frequently asked questions here.

Please note that where your credit search was performed before October 2021, we may hold historical information about you that we obtained from the Irish Credit Bureau.

Sharing your personal data

We may disclose your personal data within the Finance Ireland group of companies and to our sub-processors (e.g. third parties that provide us with services such as software or document storage facilities, or loan servicing) in the following circumstances:

To allow you to apply for our products online
To ensure the delivery or maintenance of products or services you have taken out with us
To ensure the safety and security of our data
As part of our internal research and statistical analysis activity

We will take steps to ensure that the personal data is accessed only by personnel that need to do so for the purposes described in this Privacy Notice. Outside of the Finance Ireland group of companies, we may also share your personal data with:

Where you have a residential mortgage with Finance Ireland your personal data will be shared with Pepper Finance Corporation (Ireland) DAC trading as Pepper Asset Servicing. Pepper Asset Servicing acts as a credit servicer on behalf of Finance Ireland
Your dairy Co-op in the event that you have a MilkFlex or FundEquip facility
Our professional advisers in order to enforce or apply the terms of use and other agreements you have with us
An insurer or insurers for administration
Insurance claims handlers and fraud prevention agencies
Any guarantor
Any funder or potential funder related to your agreement
Any dealer, broker or introducer of an agreement with us
Tracing and repossession agents
Potential or actual buyers of your facility (and their officers, employees, agents and advisors) if we sell, or are considering selling, your facility
Potential or actual buyers (and their officers, employees, agents and advisors) if we sell, or are considering selling, any of our business or assets
Accountants, tax advisors, project monitors, valuers, solicitors, engineers, architects, quantity surveyors, planning consultants, industry specialists and any other parties deemed necessary to assist us in the provision of our services to you – in the event that you are being provided with a residential or commercial mortgage
Fraud prevention and background check agencies
Third-party affiliates who may wish to offer you products and services which may be of interest to you with your consent

These third parties will only use your personal data as described in this Privacy Notice. We may also share your personal data outside of the Finance Ireland Group where we are required to do so by law. For example, we may be legally obliged to share your personal data with third parties such as credit agencies, the Companies Registration Office, the Central Credit Register, Central Register of Beneficial Ownership and the Central Bank of Ireland. We may also share your personal data if it is necessary in order for us to establish, exercise or defend our legal rights. In the event that your funding is supported by the Strategic Banking Corporation of Ireland (“SBCI”), both we and the SBCI may disclose the information for the purposes of: (i) determining eligibility for the particular SBCI Scheme; (ii) anti-money laundering / financing of terrorism or fraud; (iii) Finance Ireland and SBCI’s reporting functions in accordance with the Scheme; and (iv) conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as controller for the purposes of applicable data protection law. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/). For further information on how the SBCI handles personal data, including information about your data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at: https://sbci.gov.ie/.

Transfer of personal data outside the European Economic Area

The information you provide to us will be transferred to and stored on our secure servers in the European Economic Area (EEA). However, from time to time, your personal data may be transferred to, stored in, or accessed from a destination outside the EEA such as the US or the UK. Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data is protected by us inside the EEA. This can be done in a number of ways, for instance:

The country that we send the data to might be approved by the European Commission or a relevant data protection authority (Article 45 GDPR), such as the UK
The recipient might have signed up to a contract based on “standard contractual clauses” approved and published by the European Commission, obliging them to protect your personal data (Article 46 GDPR)

In other circumstances, we may transfer your personal data outside the EEA on the basis that it is necessary for the performance of your contract with us (Article 49 GDPR), for example, in order to report to the funders of your facility to maintain funding.

How long we keep your personal data

How long we hold your personal data will be determined by:

The purpose for which we are using it – We will need to keep the data for as long as is necessary for that purpose
Legal obligations – Laws or regulation may set a minimum period that we have to store your personal data (e.g. Central Bank of Ireland codes and regulations, and anti-money laundering obligations)

In accordance with the Statute of Limitations, if you are a customer, we will retain your personal data for seven years following the end of our relationship with you, unless we are required by law to keep it for a longer period of time (in which case, we will keep it until the expiry of the period required by law).

Your rights

You have specific rights in relation to your personal data under GDPR some of which involve requests from you as listed in the table below. If you wish to exercise any of these rights, please contact us (see section 1.2). We may request proof of identification to verify your request.

We will respond to any valid request within one month, unless it is particularly complicated or you have made repeated requests (in which case we will contact you to advise that we may take up to two further months).

You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive, or excessive (in which case, we will charge a reasonable fee in the circumstances or refuse to act on the request).

Your rights	What this means
Right to withdraw consent	If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, your withdrawal of your consent will not invalidate any previous processing we carried out which was based on your consent.
Right of access	You can request confirmation as to whether your personal data are being processed, and/or a copy of the personal data we hold about you.
Right to rectification	You have the right to request that we correct any inaccuracies in the personal data we hold about you and that we complete any personal data where it is incomplete.
Right to erasure (‘right to be forgotten’)	You have the right to request that your personal data is deleted in certain circumstances, including where: The personal data is no longer needed for the purpose for which it was collected You withdraw your consent (where the processing was based on consent) You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data The personal data has been unlawfully processed The personal data must be erased in order to comply with a legal obligation However, this right does not apply where, for example, the processing is necessary: To comply with a legal obligation For the establishment, exercise, or defence of legal claims
Right to restriction of processing	You can ask that we restrict your personal data (i.e. keep but not use) where: The accuracy of the personal data is contested The processing is unlawful, but you do not want it erased We no longer need the personal data, but you require it for the establishment, exercise, or defence of legal claims You have objected to the processing and verification of our overriding legitimate grounds is pending We can continue to use your personal data: Where we have your consent to do so For the establishment, exercise or defence of legal claims To protect the rights of another For reasons of important public interest
Right to data portability	Where you have provided personal data, you have a right to have it returned in a structured, commonly-used and machine-readable format You also have a right to have the data transmitted to a third-party controller without hindrance but in each case only where: The processing is carried out by automated means The processing is based on your consent or on the performance of a contract with you
Right to object	You have a right to object to the processing of your personal data where we are processing your personal data in reliance on our legitimate interests. In these cases, we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests. You have a right to request information on the balancing test we have carried out. You also have a right to object where we are processing your personal data for direct marketing purposes.
Automated decision-making (Finance Ireland do not perform any automated decision-making)	With certain exceptions, you have a right not to be subjected to decisions based solely on automated processing which produce legal effects concerning you or which significantly affect you. Exceptions are where the automated decision-making is: Necessary for entering into a contract, or for performing a contract with you Based on your explicit consent – which you may withdraw at any time Authorised by EU or Member State law Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision, so that you can contest it and explain your point of view and circumstances.
Right to complain	You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, The Irish Data Protection Commission can be contacted at: 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Phone: +353 (1)765 0100 Website: www.dataprotection.ie

Changes to our Privacy Notice

We keep our Privacy Notice under regular review. If we make any changes, we will post those changes here and update the “Last updated” date at the bottom of this Privacy Notice. However, if we make material changes to our Privacy Notice, we will notify you in writing by email or by means of a prominent notice on our website before the change becomes effective.

Last updated: July 2023