Quick Links
The Legal Basis for Retaining and/or Processing Your Personal Data
Keeping Your Personal Data Secure
Implications of Not Providing Information
Personal Data We Collect
We collect certain personal information depending on how you engage with us and what services you avail of. Information may include:
- General: name, address, date of birth, email, telephone numbers, photo.
- Financial data: bank account details, financial status and history, banking details and transactions, borrowings.
- Contract data: details of the credit union products member hold with us, signatures, identification documents, salary, occupation, payslips, source of wealth, source of funds, Politically Exposed Status, accommodation status, mortgage details, previous addresses, spouse, partners, nominations, Tax Identification/PPS numbers, passport details, driver license details, tax residency, beneficial owners information, medical information, tax clearance access number,.
- Data collected through interactions with credit union staff and officers: CCTV footage, email correspondence, records of current or past complaints,
- Other Data: photo or videos of prize winners, IP addresses, tracking information from cookies.
- Special Category Data: Health data relevant to the provision of insurance, biometric data if a member joins our credit union through our App.
- Any other transactions we undertake to which you are a party, whether through our website, or otherwise (this information may be provided by others e.g. joint account applications, to which you are a signatory, accounts to which you are a nominated beneficiary)
In certain instances, an individual may supply us with information relating to another individual. This may occur in the following cases:
- Bank statements provided where the account is in joint names,
- Utility bills in joint names
- Completing a nomination on an account.
In these instances, it is the responsibility of the individual providing the data to ensure the other named individual/s are aware their data is being shared, and they do not object to this.
We may also collect your personal data from a 3rd party when we:
- conduct background checks, including “know your customer” checks.
- consult credit referencing agencies such as the Central Credit Register (CCR). Please note that from 1st Feb 2025 we are required by law to carry out credit checks on the CCR on loan guarantors as well as loan applicants.
- are recruiting and you have provided your personal data to a recruitment agency for the purpose of sharing it with us.
How We Use Your Personal Data
The personal information we collect is for specified purposes and services we provide to you including:
- Creating and administering all aspects of your account and the services we provide to you.
- Verifying your identity and the information you provide to us.
- Facilitating the provision of additional products and services such as loans and insurance.
- Providing our banking services online and via the App.
- Assessing eligibility for loan applications and determining credit worthiness.
- Enabling us to carry out debt collection activities to collect monies owed to us, we may engage third parties to assist us in this regard.
- Assessing how we can improve the products and services we provide to you with and future services which may be of interest.
- To send you obligatory notices.
- Developing strategy, undertaking statistical analysis, and assessing current and future Credit Union financial performance.
- Meeting legal and regulatory compliance obligations and requirements under the Rules of the Credit Union.
- Carrying out fraud monitoring on outgoing SEPA Instant payments.
- For providing updates about our services by way of direct marketing to you unless you have opted out of receiving such updates.
- Undertaking due diligence exercises including credit searches with credit search agencies, and where required, making submissions to the Central Credit Register, or for fraud and debt recovery purposes; and
- Obtaining information about your general Internet usage when accessing our online website by using a cookie file which is stored on your browser or the hard drive of your computer, if you opt-in to such cookies.
We use your personal information for the purpose it was collected and we do not subsequently use your personal information for any unrelated purpose.
Sharing Your Personal Data
We will only share your information with Credit Union authorised third parties for specific purposes related to the services we are offering you.
In certain circumstances, we may disclose Personal Data to third parties as follows:
- business partners and sub-contractors including payment processors and hosting service providers.
- authorised officers or employees of Credit Union Development Association (CUDA) for the purpose of providing professional and business support services to the Credit Union.
- Credit Union Development Association (CUDA) for the administration of insurance products and services offered to Credit Union members such as Life Savings, Loan Protection, Death Benefit Insurance and Disability Cover.
- domestic and foreign tax authorities to establish your liability to tax in any jurisdiction.
- the regulator and the Central Bank of Ireland for reporting, compliance and auditing purposes.
- internal and external auditors who advise on how we can best meet our obligations and improve our ways of operating.
- to engage external IT providers to ensure the security of our IT systems to protect all personal data.
- to transfer data to another credit union where we have received a request, authorised by you, from another credit union to do so.
- to engage business advisors or consultants, all such parties are bound by a duty of confidentiality.
- The Revenue Commissioners impose certain reporting obligations on Credit Unions under the Common Reporting Standards in relation to tax residency and the in respect of dividend or interest payments to members.
- our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
- if our Credit Union is merged with another Credit Union or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets.
- if we are under a duty to disclose or share your Personal Data to comply with any legal obligation, or to enforce or apply the terms of any agreement.
- to carry out debt collection we may share your information with legal advisors, debt collection agencies or tracing agents.
- we may share relevant personal data with the Decision Support Service where required by law or where necessary to fulfil our legal obligations in relation to supported decision-making arrangements.
- we may share relevant personal data with our fraud monitoring service provider, NEXI, to enable the monitoring of SEPA Instant transactions for suspicious activity and the prevention of fraudulent or unauthorised payments.
- as legally required by the European Payments Council’s Verification of Payee Scheme, we share IBAN and Account Names with Banfico, acting as the Routing & Verification Mechanism, to verify payee information and return a match result.
Transfers outside the EEA (European Economic Area)
At present we do not transfer your personal data outside the EEA. Such this change in the future, we will safeguard your data by ensuring a minimum of one of the following safeguards is in place:
- a contract based on “model contractual clauses” (also called Standard Contractual Clauses) approved by the European Commission, obliging them to protect your personal data; or
- with companies located in a third country approved by the European Commission under an adequacy decision, such as the UK; or
- with companies who have an approved set of binding corporate rules in place.
The Legal Basis for Retaining and/or Processing Your Personal Data
We use and share your information where:
- You have provided us with explicit consent to use that information in a specific way, such as for direct marketing. You have the right to withdraw your consent at any time and will we will ensure that it easy for you to do so.
- It is required for us to provide a service to you or in the performance of a contract which you have entered into with us. This may also arise in the context of when we are responding to a request from you, opening an account, you are applying for a loan and entering into a credit agreement with us.
- We are required to do so to comply with a legal obligation (e.g. to comply with the requirements of the Criminal Justice legislation, reporting credit information to the Central Credit Register, reporting to the regulatory authorities and law enforcement, to comply with Common Reporting Standards).
- Its use is required to protect your “vital interests”. This will only apply where we must process certain personal information in order to protect your life or safety in some way.
- It is necessary to process data in the public interest such as in line with Public Heath Authority guidelines in the event of any future pandemics.
- Its use is required for our legitimate interests (which you may object to) in the course of managing our business including credit risk management, debt collection, providing service information, anti-fraud monitoring on SEPA Instant payments, data analytics, training and quality assurance, strategic planning, the purchase or sale of assets and CCTV.
Keeping Your Personal Data Secure
We employ physical, technical and administrative safeguards to protect the confidentiality and security of your personal information. We use industry standard procedures to protect your information from loss, misuse or unauthorised access and our staff receive regular training regarding their obligations to protect your data. Any parties that have access to your data are bound by a duty of confidentiality.
Appropriate technical and organisational measures are taken to protect your data.
Your Rights
You have certain legal rights to control your information and the manner in which we process it. Please note that these are not absolute rights and certain exemptions and restrictions may apply. These rights are to:
- Be kept informed. This includes details on how your data is collected, used and secured,
- Request a copy of your personal data by way of a subject access request,
- Rectify and update your personal data,
- Request the erasure of your personal data,
- Object to the processing of your personal data,
- Restrict the processing of your personal data,
- Port your data to another organisation,
- Not be subject to automated decision-making including profiling, without human intervention being available,
- Lodge a complaint with the Data Protection Commission (dataprotection.ie)
Right of Access: If you wish to exercise your right of access, we ask that you make this request to us in writing using the contact details below and we issue you with a form to be completed. We will respond to the request within one month having first verified the identity of the requester to ensure the request is legitimate. We will assess each request on a case-by-case basis and contact you if we are unable to comply with the request or if we need to clarify the request in any way. Further information will be provided when a request is received by us.
Marketing
We may contact you by mail, email and text about our services and other events involving or relating to products and services which may be of interest to you unless you have opted not to receive such communications. You can opt-out at any time when you receive an email/ text or you can contact us at info@firsttech.ie.
Cookies
First Choice Credit Union uses Cookies on our website. Cookies are files which are transferred to your computer's hard disk by a website. Cookies can store information about your preferences and other information which you need when you visit a website. We use cookies to monitor our website traffic, to ensure better service levels and to provide you with certain features such as the customised delivery of certain information.
Please refer to our Cookie Notice which is available on our website. When using our website, you should note that our site may contain links to other websites not controlled or operated by us. These links do not imply that we endorse these third-party sites. We recommend reviewing those sites directly for information on their privacy policies.
Change of Purpose
You can be assured that we will only use your data for the purpose it was provided and in ways compatible with that stated purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Implications of Not Providing Information
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
How Long We Hold Your Personal Data
Our retention periods are subject to legislation and regulatory rules set by authorities such as the Central Bank of Ireland and the type of financial product provided to you. Where there are no such limitations set, we will retain your data for as long as it is relevant and necessary for the purpose for which it was collected. As a rule, your personal information will be retained for 7 years from the date your credit union account closes. Where you apply for a loan, the documentation required for this will be retained for a minimum of 5 years from the date the loan is completed. However, there may be circumstances where we must retain data for longer than these specified periods, but we will always have a defined legitimate basis for any extended retention.
Updates to the Notice
We keep this Privacy Notice under regular review. This Notice was last updated in November 2025.
How to Contact Us
If you have any questions, concerns or suggestions related to the processing of your personal data, you can contact us using our details below:
Address: 55 Dawson Street, Dublin 2.
Email: data.protection@firsttech.ie
Tel: 01 642 7900
You have a right to complain to the Data Protection Commissioner (DPC) in respect of any processing. This can be done through the DPC website: https://www.dataprotection.ie.
