Bank of Ireland Data Privacy Summary

At Bank of Ireland Group, we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which will come into force on 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, will amend existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR will also introduce changes which will give you greater control over your personal information, including a right to object to processing of your personal information where that processing is carried out for our business purposes.

Please take time to read this notice carefully. If you are under 16 years of age, please read this summary with a parent or guardian and ensure you understand it. If you have any questions about how we use your information, please contact our Data Protection Officer at the details below.

This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information. You can get more detailed information by viewing our full Data Privacy Notice at www.bankofireland.com/privacy, in-branch, by mail to Bank of Ireland, PO Box 12940, Dublin 18 or by contacting 01 688 3674.

  • 1. Who we are

    Throughout this document, 'we', 'us', 'our' and 'ours' refer to Bank of Ireland and Bank of Ireland Group. Your information is held by The Governor and Company of the Bank of Ireland and members of the Bank of Ireland Group. For more information about us, including a full list of members of the Bank of Ireland Group, see our latest annual report at https://investorrelations.bankofireland.com.

    Your product or service terms and conditions will specify which of our businesses is providing the relevant product or service to you. Some of our businesses have their own Data Privacy Notices, including New Ireland Assurance Company plc and Bank of Ireland UK plc. If you are a customer of one of these businesses, you should read their Data Privacy Notice.

  • 2. The information we collect about you

    We will hold:

    • data to identify you, including your contact information;
    • your financial details/financial circumstances;
    • your marital status;
    • your financial associations;
    • information about you provided by others e.g. joint account applications;
    • information which you have consented to us using; and
    • other personal information such as: criminal conviction data; telephone recordings; CCTV images at our branches and ATMs and information provided when exercising your rights under Section 10 below.

    Sometimes we may use your information even though you are not our customer. For example, you may be a beneficiary, guarantor, director, cardholder or representative of a customer of ours or be a potential customer applying for one of our products or services.

  • 3. When we collect your information

    We collect information: (i) you give us; (ii) information from your use of our products, services or our websites and mobile apps, and; (iii) information provided to us by third parties.

  • 4. How we use your information and the legal basis

    We use, and share, your data where:

    • you have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time);
    • use is necessary in relation to a service or a contract that you have entered into (e.g. to provide you with banking services when you open or use a joint account or product) or because you have asked for something to be done so you can enter into a contract with us (e.g. you have asked us to provide you with a loan offer or quote when you apply to us for insurance);
    • use is necessary because we have to comply with a legal obligation (e.g. complying with our “know your client” obligations and reporting to the Central Credit Register, regulatory authorities and law enforcement);
    • use is necessary to protect your “vital interests” in exceptional circumstances;
    • use for our legitimate interests (which you may object to) such as managing our business including credit risk management, providing service information, conducting marketing activities, training and quality assurance, portfolio management and strategic planning and the purchase or sale of assets.
  • 5. How we use automated processing or 'analytics'

    We may analyse your information using automated means to:

    • help us understand your needs and develop our relationship with you;
    • to help us to offer you products and service information we believe will be of interest to you;
    • to make assessments where you apply for a financial product (e.g. a loan) including creditworthiness and affordability. We may make lending decisions based solely on an automated analysis of your information. The types and sources of the information we process by automated means about you are listed above in Sections 2 and 3.

    We also use automated processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing, for example, to screen for suspicious transactions.

  • 6. Who we share your information with

    When providing our services to you, we may share your information with:

    • your authorised representatives;
    • third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information;
    • Bank of Ireland Group companies;
    • service providers who provide us with support services;
    • statutory and regulatory bodies (including central and local government) and law enforcement authorities;
    • credit reference/rating agencies; and
    • third parties in connection with a sale or purchase of assets by us: persons making an enquiry or complaint; debt collection agencies, budgeting and advice agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions;
    • trade associations and professional bodies, non-statutory bodies and members of trade associations;
    • pension fund administrators, trustees of collective investment undertakings and pensions trustees insurers/re-insurers, insurance bureaus;
    • healthcare professionals and medical consultants;
    • business or joint venture partners.
  • 7. How long we hold your information
    How long we hold your data for is subject to legislation and regulatory rules we must follow, set by authorities such as the Central Bank of Ireland and the type of financial product provided to you.
  • 8. Implications of not providing information

    If you do not provide information we may not be able to:

    • provide requested products or services to you;
    • to continue to provide and/or renew existing products or services
    • assess suitability; and
    • where relevant, give you a recommendation for a financial product or service provided by us.

    We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.

  • 9. Using companies to process your information outside the European Economic Area (EEA)

    In some cases, we may transfer information about you and your products and services with us to our service providers and other organisations outside the EEA. We will always take steps to ensure that any transfer of information outside of the EEA is carefully managed to protect your privacy rights. Full details of transfers are available in our Data Privacy Notice which you can get online, in branch or by telephone.

  • 10. How to exercise your information rights including the right to object

    From 25 May 2018, you will have several enhanced rights in relation to how we use your information, including the right, without undue delay, to:

    • find out if we use your information, access your information and receive copies of your information;
    • have inaccurate/incomplete information corrected and updated;
    • object to particular use of your personal data for our legitimate business interests or direct marketing purposes*;
    • in certain circumstances, to have your information deleted or our use of your data restricted*;
    • in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision*;
    • exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider)*; and
    • to withdraw consent at any time where processing is based on consent.

    *These rights will be available from 25 May 2018

    If you wish to exercise any of your data rights, you can contact us at www.bankofireland.com/privacy, in-branch, by mail to Bank of Ireland, PO Box 12940, Dublin 18 or by contacting 01 688 3674.

    If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests) we may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically.

    You also have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:

    Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
    Fax: +353 57 868 4757
    E-mail: info@dataprotection.ie
    Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.

  • 11. How to contact us and/or our Data Protection Officer
    If you have questions about how we use your information, you can reach our Data Protection Officer at www.bankofireland.com/privacy, by mail to Bank of Ireland, PO Box 12940, Dublin 18 or by contacting 01 688 3674.
  • 12. Updates
    We will update our Data Privacy Notice from time to time. Any updates will be made available and, where appropriate, notified to you by SMS, e-mail or when you log onto 365 online or our mobile banking app.