PAYAC SERVICES CLG
GENERAL WEBSITE PRIVACY NOTICE
Payac Services CLG. respect all of our customers’ privacy and work to ensure that we are complying with our obligations under all relevant Data Protection legislation, most specifically Ireland’s Data Protection Act 2018 and the General Data Protection Regulation (GDPR). The purpose of this Website Privacy Notice is to tell you how we use any personal data that you may give to us while visiting our website or availing of our services.
Payac is a company established by Credit Unions to provide current accounts, debit cards and related services to credit union members. The company assists Credit Unions in obtaining regulatory approval and developing, implementing and providing ongoing support for payment account services. This includes setting policies, procedures, operating standards and negotiating third-party services and outsourcing arrangements on behalf of participating Credit Unions. Therefore, Payac are acting as data processors on behalf of the Credit Unions, who are data controllers.
In this Privacy Notice ‘we’, ‘our’, ‘us’, ‘company’ refers to Payac Services CLG. Payac Services CLG. is a company limited by guarantee and incorporated in Ireland with the company number 577938. The registered office address is unit 52b Henry Road, Park West Business Park, Dublin 12, D12 V603.
Please take the time to read this notice carefully. If you are under the age of 16, please read this notice with a parent or guardian to ensure you understand it fully.
What personal data do we use?
We may collect, store and use the following categories of personal data about:
||Physical address, email address, telephone number. Proof of address ( e.g Utility Bill, copy of passport)
||First name, surname, age, gender, PPS number, date of birth, nationality, life status (e.g deceased) customer identification, ID card data.
||Account details, most recent transactions.
||Telephone conversation recordings.
||IP address, cookies, log-in and log-out connection times.
We need all these categories of data in the table above to allow us to; identity you, contact you, comply with our legal obligations and in order to provide our services to you while acting as a data processor on behalf on the Credit Unions.
We collect your technical data as data controllers when you access our website.
How do we collect your personal data?
We use different methods to collect data from you and about you including:
Directly from you: you may give us your personal data (see table above) by corresponding with us by post, phone, and/or email. You may also provide us with Personal Information during the use of our services.
Information provided from you about related persons: For example, if your card is lost or stolen, we may receive information about this lost or stolen card from a member of the public who potentially might have found your card. In these circumstances, we will use personal data given by a related person to action our lost or stolen card process.
Automated technologies or interactions: as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please read our Cookies Policy for more information.
Purposes for which we process your personal data
Payac will process your personal data, while acting on behalf of the Credit Unions as data processors for the following reasons:
- To meet our obligations under the Credit Union’s standard Rules.
- To contact you in respect of your account and the services you avail from us.
- To comply with our legal obligation for example, anti-money laundering obligations.
- Verifying the information provided by you in your application.
- To comply with Central Bank Regulations.
- To provide you with assistance in the event your card is lost or stolen.
- To assist you in answering any queries you may have relating to the service we provide.
- To record telephone conversations for the purposes of quality assurance.
Third party service providers/ Disclosure of your personal data to third parties
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes unless they are deemed to be controllers in their own right. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Usually, information will be anonymised but this may not always be possible. The recipient of the information will also be bound by confidentiality obligations.
Cross Border Transfers
To provide services to you, your personal data may be transferred to, and stored within the UK. It may be processed by UK entities, namely Fidelity National Information Services (FIS), acting as data processors processing data on our behalf. We ensure that any data being transferred to the UK is secured with the appropriate technical and organisational security measures in place.
In the event of the UK leaving the European Union without a negotiated deal, data transfers to this third party will be governed by the appropriate transfer mechanism, by way of Standard Contractual Clauses (Model Clauses).
How we secure your personal data
Where a service is hosted by us, your Personal Data is held on secure servers within the EEA. In cases where a service is not hosted by us, the service provider has provided assurances in respect of the security of their hosting environment.
In the event of the UK leaving the European Union without a negotiated deal, data transfers to this third party will be secured by the appropriate safeguarding measures, by way of Standard Contractual Clauses (Model Clauses).
Where you communicate with us via our website, unfortunately, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
How long we keep your information
Where we are acting as a data processor, we will only retain your personal data for as long as is required by the data controller.
Where we are acting as a data controller, we will only retain your personal data for as long as necessary to fulfil the purpose in which we process your personal data.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use and/or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and also the applicable legal requirements.
You have the following rights in relation to your personal data:
- The right to access your personal data;
- The right to request the rectification and/or erasure of your personal data;
- The right to restrict the use of your personal data;
- The right to object to the processing of your personal data;
- The right to be forgotten in certain circumstances;
- The right to have us transmit your data to another data controller; and
- The right to obtain your personal data that you provided us, in a structured, comprehendible and machine-readable format.
Please note that the above rights are not always absolute and there may be some limitations to these rights.
To enable us to ensure the information we have about you is up to date and accurate at all times, we want to encourage you to notify us as soon as possible if there is any change to any of your personal information which we hold on your file.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
However, if Payac is not the data controller for the information that you wish to access, we will refer you to your relevant Credit Union so you can send a Data Subject Rights Request to them.
We may need to request specific information from you to help us confirm your identity and fulfil your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to response to all legitimate requests within 30 days. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify and keep you updated if our response to your request takes longer than one month.
Data Controller Contact Details
Payac Services CLG,
53b Henry Road,
Park West Business Park
Phone: 01 5241177
Data Protection Officer
We have appointed a Data Protection Officer to enhance and maintain the protection and privacy of all personal data that we process. If you have any queries regarding the use of your personal data you can contact the DPO at any time.
Contacting the Data Protection Commission
You have a right to complain to the Data Protection Commission (DPC) in respect of any processing of your data by:
|Telephone: +353 578 684 800
+353 761 104 800
|Postal Address: 21 Fitzwilliam Square South
The most effective and efficient way to contact the DPC regarding queries or complaints is by means of the webforms that can be access through their website: https://www.dataprotection.ie/en/contact/how-contact-us