Data Protection at Haven Mortgages

Your information, our duty and your rights


To be our customer, you share information with us. To be your mortgage provider, we respect that information.
On this page you will find out how we do that and what your rights are. We think it’s important that you read this page. You can find more details about how you can action your data protection rights here.

You can read our new Data Protection Notice, effective from the 25th May 2018, here.


Overview of Data Protection

--------------------Start of Accordion Container---------------------------

Click on edit button to enter Accordion Header

Frequently Asked Questions

  • --------------------Start of Accordion---------------------------

    What is GDPR?

    GDPR is the General Data Protection Regulation. It comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardise data protection laws for all EU citizens. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Who we are?

    When we talk about “AIB”, or “us” or “we” on our Data Protection Notice and this website, we are talking about Allied Irish Banks, p.l.c. and its subsidiaries, affiliates and their respective parent and subsidiary companies (including AIB, EBS and Haven).


    We share your information within AIB Group to help us provide our services, comply with regulatory and legal requirements, and improve our products.


    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    What does this mean for AIB Group?

    We have always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to


    • develop on our strong risk culture by acting responsibly and putting your security at the front of our priorities;

    • manage our controls, processes and systems to continue improving our level of customer service while providing you with the assurance that your information is safe and secure; and

    • conduct our business in a fair and transparent way and ensure we minimise the risk of unfair outcomes for our customers or impact on their data rights and freedoms.


    Our Data Protection Notice and website explains how we collect personal information about you, how we use it and how you can interact with us about it.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Data Protection Officer

    Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at or by writing to them at Data Protection Officer, AIB, Bankcentre, Dublin 4.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    How we collect information about you

    We collect personal information from you, for example when you:


    • apply for a product; or

    • look for advice.


    Further information on how we collect information online is detailed on our Privacy Policy Statement.


    We will sometimes record phone conversations and we will always let you know when we do this.


    Our websites use 'cookie' technology. A cookie is a little piece of text that our server places on your device when you visit any of our website. They help us make the sites work better for you. Further information is available on our Cookie Policy.


    When you apply to us for a product and during the lifetime of this product, we carry out information searches and verify your identity. We do this by sending and receiving information about you to and from third parties including credit reference agencies, and/or credit registers including the Central Credit Register and Irish Credit Bureau. We and these agencies/registers may keep records of our searches whether or not the product goes ahead.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    What information do we collect about you?

    This is some of the information we collect and hold about you when applying for and using our products:


    Personal Descriptors

    Financial Information

    Full name/Signature

    Personal bank account details

    Home/Business Address

    Statement of net worth

    Email address

    Income and expenditure

    Phone number

    Transactions, purchasing and spending activity


    Credit card account


    Investment account

    Marital status

    Revenue documents e.g. P60

    Date of birth

    Payment instructions

    Proof of identity and proof of address including driving license, passport and utility bills

    Account positions and history

    Tax Identification Number ("TIN")

    Credit records, worthiness, standing or capacity

    PPS Number

    Expected turnover

    Educational details or history 

    Origin/source of funds

    Call recordings


    Country of Birth          


    Purpose of your account




    Partners and dependents


    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Special categories of data

    Under GDPR, there are special categories that require additional safeguards for processing. In some instances, AIB will require this information for processing or it may be volunteered by you. These data types include:


    Special categories of data

    Is this information required?

    Biometric data – Fingerprints, Facial and voice recognition

    No - We do not request you to provide biometric data

    Health data

    Yes - We may collect health data from you when providing our products and services or to support you in times of financial difficulty or bereavement.

    If health data is requested by AIB, we will ask for your consent.

    Racial or ethnic origin

    No - We do not ask you to provide details of racial or ethnic origin to provide our products and services.

    Political opinions

    No - We do not ask you to provide political opinions to provide our products and services.

    Religious or philosophical beliefs

    No - We do not ask you to provide religious or philosophical beliefs to provide our products and services.

    Trade union membership

    No - We do not ask you to provide trade union membership to provide our products and services.

    Genetic data

    No - We do not ask you to provide genetic data to provide our products and services.

    Sexual orientation

    No - We do not ask you to provide sexual orientation to provide our products and services.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    How we use your information

    We use information about you to:


    • provide relevant products;

    • identify ways we can improve our products;

    • maintain and monitor your products;

    • protect your interests; and

    • decide and recommend how our products and services might be suitable for you


    To provide our products under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services.

    We analyse the information that we collect on you through your use of our products. This helps us understand your financial behaviour, how we interact with you and our position in a market place. Examples of how we use this information include helping protect you from financial crime, offering you products and services and personalising your experience.


    All of our processing must be supported by a lawful basis, as discussed in our Meeting our legal and regulatory obligations section below.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Lawful basis for processing

    To use your information lawfully, we rely on one or more of the following legal bases:

    •       performance of a contract;

    •       legal obligation;

    •       our legitimate interests;

    •       your consent;

    •       protecting the vital interests of you or others; and

    •       public interest.


    To help you better understand where these lawful bases may apply, these are some examples for each lawful basis. In some cases, the same information is processed under more than one lawful basis:

    Lawful basis

    Examples of what we use your information for

    Performance of a contract – Processing your information is necessary for us to provide your products

    Providing relevant products and services

    We provide our customers with mortgage products.


    We process your information to identify and authenticate you to use our products.


    Maintaining and monitoring your products and services

    We must continually monitor and update information to ensure your data is safe, accurate and up to date. This ensures we keep your personal details and financial products secure, and give you the best customer service.


    To do this we may share information with third parties such as credit reference agencies, fraud prevention agencies and market research entities.


    Collecting money owed to us

    As part of our credit product agreements, we have the right to collect money owed to us.


    In some instances, we will use third parties to help us obtain additional information and collect the debts owed to us.


    Legal obligation – We must process this information to comply with our legal obligations

    Identify and authenticate our customers

    We process your personal information to identify and authenticate our customers.


    We share your information with third parties when performing these checks.


    Our legitimate interests –Legitimate interest means the interests of AIB Group in conducting and managing our business when providing products and services. The core legitimate interests of AIB Group are to provide the best customer service, introduce innovative products and services, and to protect our customers, employees and shareholders.


    We will always assess whether the legitimate interest of AIB Group will adversely impact the rights and freedoms of the data subject prior to processing. We implement safeguards to ensure that the processing remains fair and balanced.


    Our risk assessments help us understand what information we need, our business requirements, the impact on our customers and employees, alternative options for processing and how long we hold the information for.

    Manage and understand risk

    As a regulated financial institution, we must manage and understand our risk exposure to ensure our customers are protected and maintain a stable financial infrastructure.


    We produce internal management information and models to understand risk across the bank, ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards. We report this regularly to regulatory agencies.


    Perform Credit, Anti-Money Laundering and Know Your Customer checks

    To ensure responsible lending and offer you loans and mortgage products, we must perform a check to authenticate you and assess suitability for lending.


    We may share information with credit reference agencies, fraud prevention agencies and centralised registers for these checks.


    Manage our relationship with you

    We keep our records up to date to contact you when required and provide the best customer service.


    Analyse information and research your experiences dealing with us

    We want to continually improve and better understand our customers. By collecting and analysing data from multiple sources, we can better understand the requirements of our customers and how we can improve products and service offerings.


    This analysis also helps us run our business more efficiently and effectively.


    Identify ways we can improve our products and services

    We are always working to develop new products and innovative ways of bringing these to you.


    We analyse the market and our customer base to better understand what people like and what people want from their mortgage provider.


    Prevent financial crime and cyber attacks

    We continually monitor and analyse transactions, financial behaviour and electronic devices to detect and prevent financial crime and cyber-attacks. This enables us to protect and secure our customers information, our networks and our financial interests.


    We share information with third parties to prevent financial crime, report fraud, manage our risks and protect both our interests.


    Sell whole or part of our business

    On sale of loan books, subsidiaries or parts of our business, we will share the necessary information required by the purchaser to assess valuations, perform due diligence and continue processing of the data.

    This may include transferring your personal information to the purchaser.


    Internal management information

    We produce internal management information to run our business and better understand customer needs. This information enables us to make informed decisions and develop our strategy.


    Your consent – We require your consent for processing certain information such as special category data.


    We ensure your consent is obtained under the following principles

    ·         Positive Action - Clear affirmative action is required. We will no longer use pre-ticked boxes, imply or assume consent in the event of no positive action from you.

    ·         Free will – Your consent must be freely given and not influenced by external factors.

    ·         Specific – We will be clear on what exactly we are asking your consent for.

    ·         Recorded – We will keep a record of your consent and how we got it.  

    ·         Can be withdrawn at any time – We will stop data processing that requires your consent at any time you make a valid request. You can withdraw your consent at any time.


    Special Categories of Personal Data is information relating to:

    a)       Racial or ethical origin, political opinions or religious or philosophical beliefs

    b)      Trade union membership

    c)       Biometric data (We may collect voice, facial or fingerprint information to identify data subjects)

    d)      Physical or mental health

    e)      Sexual Life/Orientation

    f)        Genetic data


    Processing special category data

    We require your consent when processing special category data.


    In some instances, customers may provide health data. Given that this is a special category of data, we may have to obtain your consent before accepting this information for processing.



    Protecting the vital interests of you or others

    Sharing information to protect you

    In some instances where we are concerned about your health and safety, we may share information to protect you and others. This may include where we suspect that you, or others, may become a victim of financial crime. In these cases, we may share information with third parties to help ensure your safety and the safety of others.


    Public interest

    Prevention of fraud

    We may share personal data under the public interest basis in relation to prevention of fraud. We may share information with third parties to reduce fraud risk and protect the public from financial loss.


    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Meeting our legal and regulatory obligations

    To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. 

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Credit searches

    When you apply to us for products and services, and during the time you use these, we carry out information searches and verify your identity. We share your information with credit reference agencies, such as the Irish Credit Bureau.


    When you enter into a credit agreement us, this data is registered on the ICB database. Each month ICB receives an update for each open account. This builds up a credit history which indicates how you are meeting the repayment terms of any credit agreements you may have.


    When you apply for credit from an ICB member, we may access ICB’s database to get your credit report. You may have loans from more than one member and your credit report will include details of all registered loans, open and closed. Credit agreements are retained on the ICB database for five years after they are completed.

    Equally, you may not have any credit history in the cases where you have not borrowed previously, or any credit agreements have been closed for more than five years.

    Further information on the ICB is available in their full notice on their website Processing Notice.pdf



    As a result of the introduction of the General Data Protection Regulation (‘GDPR’), from 25th May, 2018 ICB will be using Legitimate Interests (GDPR Article 6 (f)) as the legal basis for processing of your personal and credit information. These Legitimate Interests are promoting greater financial stability by supporting a full and accurate assessment of loan applications, aiding in the avoidance of over-indebtedness, assisting in lowering the cost of credit, complying with and supporting compliance with legal and regulatory requirements, enabling more consistent, faster decision-making in the provision of credit and assisting in fraud prevention.


    Please review ICB’s Fair Processing Notice which is available here. It documents who they are, what they do, details of their Data Protection Officer, how they get the data, why they take it, what personal data they hold, what they do with it, how long they retain it, who they share it with, what entitles them to process the data (legitimate interests), what happens if your data is inaccurate and your rights i.e. right to information, right of access, right to complain, right to object, right to restrict, right to request erasure and right to request correction of your personal information.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Fraud Reporting Agencies

    The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.

    If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our products and services.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------


    Sometimes we need your consent to use your personal information. For example, when we use sensitive personal information (known as ‘special category information’ under GDPR) about you, such as medical data, we ask for your explicit consent


    We have controls to ensure that you are informed when making your decision and that you are aware that you can remove your consent at any time by contacting us. Our consent requests are built on the following principles:


    • Positive Action - Clear affirmative action is required. We will no longer use pre-ticked boxes, imply or assume consent in the event of no positive action from you.

    • Free will – Your consent must be freely given and not influenced by external factors.

    • Specific – We will be clear on what exactly we are asking your consent for.

    • Recorded – We will keep a record of your consent and how it was obtained.

    • Can be withdrawn at any time – We will stop data processing requiring your consent at any time you make valid request.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    How we keep your information safe

    We protect your information with security measures under the laws that apply and we meet international standards. We keep our computers, files and buildings secure.


    In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implemented processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meetings our obligation.


    When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    How long we keep your personal information for

    To meet our legal, regulatory and business requirements, we hold your information while you are a customer and for a period of time after that. To help you understand how long we hold some of your data for, we have summarised our internal retention schedules below.

    We hold all data while you are an active customer with us.

    Please note that these retention periods are our policy but are also subject to external considerations, which may require us to hold the information for a longer period. For example, we must meet minimum retention standards for our Anti Money Laundering obligations. External agencies, such as the Financial Service and Pensions Ombudsman, can request we retain data for longer than our internal schedules. We must do this to protect both of our interests.

    We continuously assess and delete data to ensure it is not held for longer than necessary.

    Document type

    Example documents

    Retention Period

    Account and service information

    • Account Opening documents
    • Account Records
    • Opening Customer/Business Relationship documentation
    • Signed Terms of Business/Engagement documents
    • Customer Information –non Criminal Justice Act documents.
    • Adherence to Law/Regulation documents – AML Report.
    • Credit Committee – Customer related decisions
    • Customer Complaints
    • Customer Instructions & Communications
    • Deceased Accounts
    • Security information


    7 years after the account closes

    Transactional information – Once off 
    • Customer Orders/Instructions
    • Dockets
    • Cheques
    • Once-Off Transactions


    7 years after the  transaction

    Transactional information – Recurring
    • Standing Order & Direct Debit Mandates
    • Continuing Transactions

    7 years after the  cancellation or closure of account

    Revenue/Tax documentation
    • Tax Returns
    • Backup in relation to Special Tax Accounts and encashment tax
    • Correspondence files for Dividend Withholding Tax, Revenue Contracts Tax
    • Tax Relief at Source information
    • Special Tax Accounts
    • Special Savings Accounts
    • Qualifying Intermediaries
    • VAT correspondence dealing with VAT queries including VAT Audit files and information provided to Revenue
    • VAT recovery calculations, back up schedules and reconciliation files.

    11 years after the date of the document

    Reportable Accidents and Health and Safety reports
    • Health and safety reports

    10 years after the  incident


    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Your information and third parties

    Sometimes we share your information with third parties.


    For example to:


    • provide products;

    • analyse information;

    • research your experiences dealing with us;

    • collect debts;

    • sell your debts;

    • sell whole or part of our business;

    • prevent financial crime;

    • help trace, investigate and recover funds on your behalf;

    • trace information; and

    • protect both our interests.


    Third parties we share information with can include:


    • Estate agencies

    • Credit reference agencies including the Irish Credit Bureau

    • Central Credit Register
    • Fraud prevention agencies

    • Company search databases

    • Regulatory bodies including the Data Protection Commissioner and the Central Bank of Ireland.

    • Companies we have a joint venture or agreement to work with

    • Insurance companies

    • Government bodies including Revenue (Further information on tax reporting is available on our Group website)

    • Businesses that introduce you to us or we introduce you to

    • Transaction processing

    • Market research companies

    • Financial advisors

    • Investment managers

    • Debt collection agencies

    • External consultancy firms including Legal, Accountancy, Compliance and other Professional Services

    • Any entity you request your data to be shared with


    We require that these third parties provide sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.


    We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside Ireland.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    International transfers of data

    We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services such as where we share information with service providers in the United States or India. We will only transfer your information outside of the EEA where expect the same standard of data protection applies or appropriate safeguards are in placeis applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected. This may include;


    • transfers to countries approved by the European Commission as having an adequate level of protection
    • use of appropriate safeguards such as Binding Corporate Rules or Model Contractual Clauses 
    • transfers in line with the derogations for specific situations set out in Article 49 of the GDPR.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Your personal information rights

    You can exercise your rights by contacting us on 1850 565 500.

    Whenever you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

    Your right to obtain information cannot adversely affect the rights and freedoms of others. Therefore, we cannot provide information on other people without consent.

    We generally do not charge you when you contact us to ask about your information. Under GDPR, if a request is deemed excessive or manifestly unfounded, we may charge a reasonable fee to cover the additional administrative costs or choose to refuse the request.

    The following sections detail your information rights and how we can help ensure that you are aware of these rights, how you can exercise these rights and how we intend to deliver on your requests.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Accessing your personal information

    You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information. You can request the following information:


    • the purposes of the processing;

    • the categories of personal data concerned;

    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

    • where the personal data are not collected from the data subject, any available information as to their source.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Updating and correcting your personal details

    If you want to update or correct any of your personal details, please contact us at 1850 565 500.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Removing consent

    You can change your mind wherever you have given us your consent, such as for processing your sensitive information, e.g. medical data. By contacting us at 1850 565 500, you can request that we no longer process data we require your consent for.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Restriction and objection

    You may have the right to restrict or object to us processing your personal information. We will require your consent to further process this information once restricted. You can request restriction of processing where;


    • The personal data is inaccurate and you request restriction while we verify the accuracy;

    • The processing of your personal data is unlawful;

    • You oppose the erasure of the data, requesting restriction of processing instead;

    • You require the data for the establishment, exercise or defence of legal claims but we no longer require the data for processing;

    • You disagree with the legitimate interest legal basis and processing is restricted until the legitimate basis is verified.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Deleting your information (Right to be forgotten) – New GDPR right introduced from May 25th 2018

    You may ask us to delete your personal information or we may delete your personal information under the following conditions:

    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you withdraw your consent where there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Moving your information (your right to Portability) – New GDPR right introduced from May 25th 2018

    Where possible we can share a digital copy of your information directly with you or another organisation. We will provide this information in a structured, commonly used and machine-readable format. Note, we can only share this information where it has been processed automatically (hard copy documents are excluded for portability) and was processed under your consent or performance of a contract (further details on this are available in our Lawful basis section)

    We do not share information processed under legal obligation or our legitimate interest for portability, in line with GDPR guidance.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    The right to lodge a complaint with a supervisory authority

    If you have a complaint about the use of your personal information, please let a member of staff know, giving them the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so by phone, in writing and by email. We will fully investigate all the complaints we receive. You may complain through our contact centre, our website, by phone, or by email. We ask that you supply as much information as possible to help us resolve your complaint quickly.


    You can also contact the Office of the Data Protection Commissioner in Ireland on the below details:


    • Visit their website

    • Email

    • Phone on +353 (0)57 8684800 or +353 (0)761 104 800

    • Write to Data Protection Office, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23. Or 21 Fitzwilliam Square, Dublin 2, D02 RD28, Ireland.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Updates to this notice

    We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of this notice on this website at, or you can ask us for a copy.

    --------------------End of Accordion---------------------------

  • --------------------Start of Accordion---------------------------

    Key Definitions:

    Please see explanations below of some of the data protection terms used on this website.


    Consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

    Data Controller – is a natural or legal person, public authority, agency or other body who determine the purpose and means of the processing - of personal data, where the purposes and means of such processing are determined by Union or Member State law.  AIB are considered a data controller, as they process personal data on behalf of both their customers and their employees.

    Data Processor – in relation to personal data, means any natural or legal person (other than an employee of the data controller), public authority, agency or another body who processes personal data under the direction of, and on behalf of a data controller. AIB is considered a data processor, as they process personal data on behalf of Third Parties. Additionally, Third Parties engaged by AIB to process personal data are considered data processors.

    Data Protection Officer – The Data Protection Officer oversees how we collect, use, share and protect information.

    Data Protection Regulation – means all legislation, regulation and applicable codes of practice relating to the processing, protection and privacy of personal data.

    General Data Protection Regulation (‘GDPR’) – is a regulation intended to strengthen and unify data protection for all individuals within the European Union (‘EU’). The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data. It applies to all data controllers and processors established in the EU, as well as those established outside the EU that process the data of EU citizens. 

    Lawful basis - Processing of data is lawful only if and to the extent that at least one of the following applies:

    a) Personal data processing is necessary to enter into or perform a contract with a data subject;

    b) There is a legal obligation to the data controller for the personal data processing;

    c) AIB Group or our Third Parties have a legitimate interest in processing the data. This legitimate interest cannot over-ride the interests or fundamental rights of the data subject;

    d) The data subject has provided consent to the processing of his or her personal data for one or more specific purposes;

    e) Personal data processing protects the vital interests of the data subject; or

    f) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    Location Data – means any data processed indicating the geographical position of the terminal equipment of a user, including data relating to:

    a) The latitude, longitude or altitude of the terminal equipment;

    b) The direction of travel of the user; or

    c) The time the location information was ‘recorded’  

    Personal Data/ Data Subject – is any data relating to an identified or identifiable natural person (‘data subject’), who may be identified from the data either on its own (directly) or in conjunction with other data (indirectly), in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Processing – means obtaining, recording or holding the information or data, whether or not by automated means, or carrying out any operation or set of operations on the information including:

    a) Collection of data

    b) Organisation, adaption or alteration of the information or data

    c) Retrieval, consultation or use of the information or data

    d) Disclosure of the information, or data by transmission, dissemination or otherwise making available, or

    e) Alignment, combination, blocking, erasure or destruction of the information or data

    Recipient – means a natural or legal person, regulator, agency or another body, to which the personal data are disclosed, whether a Third Party or not. The processing of those data shall be in compliance with the applicable data protection rules according to the purposes of the processing.


    Special Categories of Personal Data – is data which relates to:

    a) Racial or ethical origin, political opinions or religious or philosophical beliefs

    b) Trade union membership

    c) Biometric data (We may collect voice, facial or fingerprint information to identify data subjects)

    d) Physical or mental health

    e) Sexual Life/Orientation

    f) Genetic data

    Supervisory Authority – means an independent public authority which is established by a Member State. In the Republic of Ireland the Office of the Data Protection Commissioner (‘ODPC’) and in the UK the Information Commissioner’s Office (‘ICO’) are the public authorities established to monitor the application of Data Protection Law.


    --------------------End of Accordion---------------------------

-------------------End of Accordion Container---------------------------