Our Privacy Promise to you:
- We Promise to be fair and transparent at all times
- We treat the security of our customers` data very seriously
- We believe in integrity and we respect your privacy
What does this mean for you?
Our Data Privacy Notice provides you with information about how we use your personal data. Each section sets out how we collect, process and retain your personal data whilst providing you with a service. Please use the following list to choose which sections of our Data Privacy Notice you want to read:
- Who we are?
- What types of personal data do we collect?
- How do we collect your personal data?
- How we use your personal data
- How long do we retain your personal data?
- Who we share your personal data with?
- How we keep your personal data safe
- Transferring your personal data outside of the European Economic Area (EEA)
- Credit Reference Agencies notice explained
- Your rights in relation to your personal data
- Cookies
- Who can you speak to about this Privacy Notice?
- Updates to this Privacy Notice
You can contact the Cabot Financial (Ireland) Ltd Data Protection Team using the details below.
Writing: Data Protection Team, Block D Cookstown Court, Belgard Road, Tallaght, Dublin 24
Email: [email protected]
- Who we are
We are Cabot Financial (Ireland) Limited, a member of the Cabot Credit Management Group. Cabot Credit Management Group (CCM) are a market leader in the UK and one of the largest Credit Management Service providers in Europe. Cabot Credit Management Group is authorised and regulated by the UK Financial Conduct Authority (FCA).
Cabot Financial (Ireland) Ltd (“Cabot”, “us”, “we”, “our”) is authorised and regulated by the Central Bank of Ireland (CBI). Our principal activity is the management of Cabot loans or the provision of loan portfolio management/credit servicing to various companies, along with third party servicing activities. The purpose of the Data Privacy Notice is to explain how we collect and use your personal data.
Personal data means data relating to a living individual who can be identified (either from that data itself or when combined with other data).
- What types of personal data do we collect?
The types of personal data that we collect may include, but is not limited to, the following:
- Contact data/identity data: Including name, date of birth, proof of identification, address, nationality, telephone number and email address.
- Financial details/personal circumstances: Including income and expenditure details, accounts details, financial needs, family details, employment status and marital status.
- Interactions with Cabot staff: Whenever a staff member contacts you or meets you, or you contact our staff member, a note of this interaction is recorded on our management system(s). In addition, we sometimes record telephone conversations to improve services, for training purposes, to resolve complaints and as required by relevant regulations and the Central Bank of Irelands Codes of Conduct. However, we will always let you know when we are recording our calls with you.
- Data that we gather from publicly available sources: This may include the press, the electoral register, company registers, the Central Credit Register, online search engines or entities such as An Post.
- Data from Customer Satisfaction Surveys.
- Data in relation to data access, correction, restriction, deletion, porting requests and complaints.
- Data obtained through our use of cookies. You can find out more about this in our cookies policy below.
- Data through companies which we use to validate for financial crime purposes.
- Special categories or sensitive personal data: Some categories of personal data are more sensitive than others. These are known as special category personal data which include:
- Racial or Ethnic origin;
- Biometric data;
- Religious beliefs;
- Data concerning heath, sexual orientation.
If you ever disclose this type of personal data to us, we will only keep this on record if it is necessary for the services we are providing. Where we do need to keep this data on record, we will always request your explicit consent to do so. We will only store this data for as long as it is relevant. You have the right to withdraw your consent and, if you do, we will delete any special category data personal to you from our records.
If you disclose special category personal data to us, whether or not we have requested it, for example, if you send a letter to us detailing your medical situation, your provision of that data will be deemed to confirm your consent for us to process that data.
Where we consider it necessary to record the special category personal data you give to us, we will securely record this data and tell you how we will use it and how you can withdraw your consent.
- How do we collect your personal data?
We collect your personal data in the following ways:
- From the previous or current owner of your account.
- From clients or other parties who have engaged us to provide credit servicing or third-party servicing.
- We keep records of correspondence between us, including letters, emails and SMS texts.
- We record phone calls between you and our employees for training and monitoring purposes and to improve and enhance the service we offer you.
- When you use our website and online payment application.
- When we conduct customer surveys in order to improve customers’ experience.
- We operate CCTV at our business premises [for security purposes] so if you were to visit one of our offices your image may be captured on CCTV.
- We access third party data sources and combine and process data from those sources with your personal data. Examples of third-party data sources include the Land Registry, registers of court judgments, bankruptcies and telephone number verification databases.
- Third parties that we appoint may collect personal data from you and remit it to us.
- From your family members about you if you become incapacitated.
- From your solicitor, authorised financial advisor or authorised third party.
- Through business interactions between your company and us.
- When you provide us with data about others or others provide us with data about you: If you give us data about someone else, you should be sure that you have their consent to do so and you should show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal data with us.
- From your online activities with third parties where you have given us your consent for example, by consenting to our use of certain cookies or other tracking technologies.
- How we use your personal data?
We collect and process your personal data for a variety of reasons and we rely on a number of legal basis for doing so including:
To provide services to you and to fulfil our contract with you, we use your data to:
- Establish your eligibility for a service.
- Manage and administer your accounts and services that we may provide you with e.g. where we may have acquired your loan from another party, they will pass relevant data to us to allow for the continued performance of your contract.
- Process payments that are paid by or to you (e.g. to take a payment by direct debit from your bank account we have to share your data with our bank).
- Contact you by post, phone, text message, email, fax or other means.
- Monitor and record our conversations when we speak on the telephone.
- Recover debts you may owe us.
- Manage and respond to a complaint or appeal.
To comply with our legal and regulatory obligations including:
- To comply with your information rights.
- Provide you with statutory and regulatory information and statements.
- Establish your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of fraud, money laundering and terrorist financing.
- Report to and where relevant, conduct searches on the Central Credit Register and other industry registers.
- Comply with binding requests from regulatory bodies, including the Central Bank of Ireland, the Data Protection Commission, An Garda Siochana and Revenue Commissioners.
- Comply with search warrants, and Court orders arising in civil or criminal proceedings.
- Investigate and resolve complaints.
- Perform a task carried out in the public interest.
To manage our business for our legitimate interest we may use your personal data to:
- Manage and administer your accounts and services that we may provide to you.
- Assess the quality of our customer service and to provide training to staff.
- Carry out strategic planning and business portfolio management.
- Ensure business continuity, disaster recovery; to respond to information or technology and business incidents and emergencies.
- Carry out credit scoring and credit management including collecting and enforcing debts and arrears. This may include reporting to and searching the Central Credit register and engaging agencies to trace you (for example, where the address you have provided is no longer accurate and we need to provide you with legal documentation).
- Monitor, maintain and improve internal business processes, information, technology and communications that may benefit you or Cabot.
- Compile and process your data for audit, statistical or research purposes in order to help us understand our risks better, including providing management information, operational and risk management.
- Protect our business, reputation, resources and equipment, your data, manage network and information security and prevent and detect fraud, dishonesty and other crimes, including utilising screening/monitoring technology.
- Manage and administer our legal and compliance affairs, including compliance with regulatory guidance and codes (including assisting a previous lender in its compliance with regulatory rules, guidance and requests). Rectifying negative impacts on customers as a result of process or regulatory failures.
Where you have given us consent (which you may withdraw at any time) such as:
- Where we liaise with authorised third parties at your request and with your consent.
- Where you have consented to us contacting you where it is not your residence, for example contacting you at your workplace.
- Where we send text messages to you about a service.
- Using special categories of data or sensitive personal data.
To protect your vital interests:
In exceptional circumstances we may use and/or disclose data (including special categories or sensitive data) we hold about you to identify, locate or protect you including:
- If it comes to our attention that you are in imminent physical danger and this information is requested/provided by or to An Garda Siochana, a member of the emergency services or your relative.
- How long do we retain your personal data?
Your personal data is retained for different periods of time depending on the purposes for which it is required to be retained. We hold your data while you are a customer and for a period of time after that. We do not hold it for longer than necessary. An example of this is our obligation to hold customer records and files for a period of (7) years after the end of a business relationship depending on the business relationship or (12) years where we had a deed in place. When personal data reaches its maximum retention period, we will ensure that this data is purged from all systems including filing systems and storage units etc. We will then destroy any hard copies of personal data we may hold using our confidential waste disposal providers.
Please note that in certain circumstances, we may hold your personal data for a longer period, for example, if we are processing an ongoing claim, defending litigation, or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your personal data.
- Who we share your personal data with?
We only share your personal data with a select number of individuals and companies and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:
- Staff/Companies in the Cabot Credit Management Group – We will share your data with our staff, including staff of other members of the Cabot Credit Management Group in order to fulfil our contract with you or to perform our duties, to protect our legitimate interests, or where legally required to do so.
- Guarantors – We will share your data with any person or entity which guarantees your obligations to us or gives us an indemnity concerning these obligations.
- Suppliers and service providers – We may share your data with service providers engaged by us for example; cloud storage providers, IT system suppliers, software development contractors, printing companies, property contractors, tracing agencies, receivers, liquidators, examiners, official Assignee for Bankruptcy and equivalent in other jurisdictions, auditors, lawyers, insurers, valuers, estate agents, document management providers, advisers, financial crime screening providers and other consultants.
- Your authorised representatives – We will share your data with your authorised representatives which includes for example; a friend, family member, attorney (under a Power of Attorney), legal representative or a Debt Management Company.
- Statutory and regulatory bodies and law enforcement – Such as the Courts and those appointed by the courts, the Central Bank of Ireland, An Gardai Siochana/police, authorities/enforcement agencies, the Data Protection Commission, the Financial Services and Pensions Ombudsman, the Revenue Commissioners, Criminal Assets Bureau or relevant Government departments, where reasonably necessary, for financial crime and sanction prevention purposes.
- Credit reference/rating agencies – We may access, use and/or share your data with the Central Credit Register (CCR).
- How we keep your personal data safe?
We know that you care about how your data is used, stored and shared. We appreciate your trust in us to do so. To protect your personal data, we use security measures that comply with Irish law and acknowledged best industry practice. This includes computer safeguards and secure files.
- Transferring your personal data outside of the European Economic Area (EEA)
We may transfer your personal data to our service providers (such as IT service providers, payment processors, providers of administration services and tracing agents) and other organisations that operate outside of the European Economic Area (EEA). Where we authorise the processing/transfer of your personal data outside of the EEA, we require your personal data to be protected to at least Irish standards and include one of the following data protection transfer mechanisms.
- Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers and other organisations.
- Transfers to countries outside the EEA which have adequate level of protection as approved by the European Commission.
- Binding Corporate Rules.
- Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR.
- Credit reference agencies notice explained
We are required by law to share details of your account (including your personal data) with the Central Credit Register (CCR) on a monthly basis to promote responsible lending.
The type of data that may be exchanged is outlined below:
- Full Name;
- Full address;
- Date of Birth;
- Current position of any accounts you have open with us.
The CCR may share the data that we provide to them with other lenders, who can request your credit report in the following circumstances:
- Where you apply for a new loan;
- Where you apply to restructure an existing loan;
- Where you may have arrears on an existing loan;
- If you breach the terms and conditions of a credit card or an overdraft facility.
You can also request your personal credit report from the CCR. You can find out more about the CCR on the websites below:
https://www.centralcreditregister.ie/
10. Your rights in relation to your personal data
You have a number of rights in relation to the personal data which we hold about you. If you choose to exercise any of these rights, we may ask you to verify your identity by providing us with additional information such as an up to date proof of identity or address.
Right to object:
You have the right to object to us processing your data if the processing itself is an unwarranted interference with your interests or rights.
Right to restrict processing:
If you believe we are processing your personal data unlawfully or if you believe that we no longer need your personal data, you have the right to request that we restrict the processing of your personal data.
Right to Erasure (Right to be forgotten):
You have the right to request that we delete your personal data if you believe we no longer have a lawful basis to process it, provided there are no legal obligations or overriding legitimate grounds that require us to keep it.
Right to rectification (correct your personal data):
Upon obtaining personal data we conduct checks to validate that it is accurate and up to date. We are reliant on you and other third parties to provide us with the correct data at all times. If you believe that any of the personal data we hold for you is incorrect, it is important that you make us aware of this as soon as it is possible, for example if you have a new phone number or you have moved address you will need to update us with your new contact details.
Right to make a complaint to the Data Protection Commission:
You have the right to make a complaint to the Data Protection Commission (DPC) if you are not satisfied with the outcome of your complaint with us. You can contact the Office of the Data Protection Commission at:
www.dataprotection.ie
Telephone: +353 (0)761 104 800 & 353 (0)57 868 4800
Email: [email protected]
Writing: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Right to withdraw your consent:
For certain limited uses of your personal data, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal data where the processing is based on your consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.
Right to portability:
You can request that certain personal data which you have provided to us be transferred to you or to another service provider. This applies to data that we are processing for the performance of your contract or based on your consent.
Right to access your personal data:
You have the right to get confirmation about whether we process any of your personal data and, if so, how we use it. We use this Data Privacy Notice to meet this obligation. In addition, if we process your personal data, you have a right to request a copy of the personal data that we process.
We take the security and protection of your personal data very seriously, so we reserve the right to request proof of your identity before supplying you with any personal data.
Once we have validated your identity, we will respond to your request within one calendar month. We will endeavor to send your personal data in the medium requested by you.
In order to make this request please contact us on the below details:
Writing: DSAR Team, Cabot Financial Ireland, PO Box 11151, Tallaght, Dublin 24.
Email: [email protected]
Right to object to a decision based solely on automated processing:
You have the right to object to a decision based solely on automated processing, where such processing produces legal effects or significantly affects you.
11. Cookies
Our website operates and collects cookies. A cookie is a small file that is placed on your computer’s hard disk, it may be for several reasons, for example:
- Google analytics, such as analysing the traffic to the website and to speed up access to the website.
- Targeted communications that help us to guide you back to specific pages within our website, or reach you via third party websites.
We will always ask you on the homepage whether you want us to place a cookie on your computer. The vast majority of web browsers accept cookies; however, you can manually change your browser settings so that cookies are not accepted. In doing so you may lose some of the functionalities of our website. For more information about cookies and how to disable them please go to: www.aboutcookies.org
We can confirm that any cookies placed by us shall not store or collect any personal data.
12. Who can you speak to about this Privacy Notice?
If you would like to make a complaint or have a query about how we use your personal data, you can contact us at:
In writing: Data Protection Officer, Data Protection Team, Cabot Financial Ireland, PO Box 11151, Tallaght, Dublin 24
Email: [email protected]
Telephone: 01-4649000
If you are unsatisfied about how we have handled your complaint, you have the right to escalate your compliant to the Data Protection Commission. You can contact the Data Protection Commissioner at:
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South Dublin, 2D02 RD28
Email: [email protected]
Telephone: Lo Call 1890 8684800 or +353 (0)761 104 800
Cabot Financial (Ireland) Ltd is regulated by the Central Bank of Ireland
13. Applicants
This section only applies to personal data which you may provide to us or via third parties, in the following cases:
- You participate in a Cabot or Cabot Credit Management Group (‘CCM’) recruitment initiative
- You voluntarily submit your resume to a representative of Cabot or CCM on an ad-hoc basis
- A recruiter provides your resume or details to Cabot or CCM
- Cabot or CCM finds your resume/details in online searches e.g. LinkedIn
- You are referred to an open position by an employee as part of a Cabot or CCM referral program
This section applies:
- To any and all job applications submitted and recruitment initiative co-ordinated by Cabot or CCM
- Up to the point at which we decide not to continue the recruitment process with you or when you start working for us (if applicable). In this latter case, the way we process your personal data will no longer be dealt with under this Privacy Notice but instead will be governed by our Employee Data Privacy Notice.
IMPORTANT: sections 7, 8, 10, 11,12 and 14 of this Privacy Statement apply to applicants.
13.1 The types of personal data that we collect may include, but is not limited to, the following:
- Contact data/identity data: Including name, date of birth, address, gender, nationality, marital status, telephone number and email address.
- Details about your previous employment: Including current/former employer name, length of service, business titles, details of your role(s) and references.
- Qualifications: Including skills, education, continuous professional development (‘CPD’) compliance (if applicable), the languages you speak, your eligibility to work in a particular country, your experience in the job you apply for and other industries.
- Preferences: Including positions you may be interest in, information about when you may be available to interview and/or start data, whether you are open to relocation or working remotely, whether you are willing to travel to work and whether you have your own transport.
- Publicly available information: Details about you we gather from publicly available sources where such sources are relevant to the job you have applied for within Cabot or CCM
- Other information: Details you may provide us in response to our queries or questions at interview stage, at reference check stage or details required where mandatory (e.g. Fitness & Probity eligibility).
13.2 How we use your personal data
We collect and process your personal data for a variety of reasons, and we rely on a number of legal basis for doing so including:
To manage our business for our legitimate interest we may use your personal data to:
- Process your job application, including contacting you in relation to interviews and/or offer you a job after the interview stage
- Assess your personal data against vacancies we think may be suitable for you
- Request information from third parties such as qualifications and references
- Carry our background checks which aim to verify details you have provided to us
- Retain your information in order to contact you in relation to future vacancies within Cabot and/or CCM that may be of interest to you
- Collect feedback and evaluate the recruitment process
To comply with our legal and regulatory obligations including:
- To comply with employment, equality and health and safety law
- To comply with tax law
- To comply with Fitness and Probity requirements
13.3 How long do we retain your personal data
Where you are a successful job applicant, the personal data generated by us and provided by you/third party on behalf of you over the course of the job application/recruitment process will be retained by us for the purpose of your contract employment. Such personal data will be retained in accordance with our Employee Data Privacy Notice (which will be available to you when you commence employment).
Where you are an unsuccessful job applicant, we will retain your personal data for a period of up to 12 months after it is determined that your application has been unsuccessful for the purposes of both contacting you in relation to future vacancies which we think may be of interest to you and for the purpose of defending any potential employment equality claims.
Please note that in certain circumstances, we may hold your data for a longer period, for example, if we are processing an ongoing claim, defending it or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your personal data.
When personal data reaches its maximum retention period, we will ensure that this data is purged from all systems including filing systems and storage units etc. We will then destroy any hard copies of personal data we may hold using our confidential waste disposal providers.
13.4 Who do we share your personal data with?
We only share your personal data with a select number of individuals and companies and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:
- Staff/Companies in the Cabot and CCM – business units such as Human Resources (Irish and/or UK), IT, Finance/Payroll Managers, system administrators, our trusted third-party service providers and our IT providers
- Your previous employer - Your previous employers when you have provided them as a reference third parties that may be contacted to provide additional information related to your previous work experiences
- Recruitment agencies
- Regulatory authorities
- Outsource service providers who assist Cabot/CCM with recruitment and campaigns such as recruitment agencies, background check companies, etc.
- Professional advisors such as legal advisors, consultants, and accountants.
14. Updates to this Privacy Notice?
This Privacy Notice may be updated from time to time. You will always find the most up to date version on our website at www.cabotfinancial.ie