What is the GDPR?

The GDPR is a piece of EU legislation which will overhaul our current data protection legislation. It aims to strengthen and unify data protection for all EU individuals and in some cases those outside of the EU.

It brings with it further obligations for organisations (like your credit union) who process your personal data in order that your personal data is fully respected. Processing is basically doing anything with, even storing, your personal data.

The Principles of Data Protection

When we process your data we must do so in line with the following principles:
Personal data must be;

• Adequate, relevant and limited to what is needed;
• Accurate and up to date;
• Kept no longer than is necessary.

It must be processed;

• Lawfully, fairly and transparently;
• For specific, explicit and legitimate purpose(s);
• In a secure manner.

Privacy Notice

Under the GDPR, the credit union must provide you with a Privacy Notice where we outline certain information for example what personal data we use, what purpose(s)we use it for, how long we keep it, to whom we disclose it etc.

You are entitled to receive a copy of our Privacy Notice so please ask for your copy today from any member of staff or locate it on our website.

What Lawful Basis Do We Have?

Before we even collect your data we must ensure that we have a ‘lawful basis’ to process it. There are six lawful bases upon which we can rely to process your data:

1. Where you have consented.
2. To fulfil/enter a contract.
3. Where we are legally obliged to.
4. Where we have a legitimate interest in doing so.
5. To protect a person’s vital interests.
6. To complete a public task.

We discuss the relevance of these bases in our Privacy Notice.

What Are Your Rights?

Complaints

You have a right to complain to the Data Protection Commissioner in ROI about any of our processing.

FOR MORE INFORMATION
You can contact us in respect of any of the above on:

T: (061) 317 910
E: privacy@sarsfieldcu.ie