Data Controller
Dilosk DAC trading as ‘Dilosk’ and ‘ICS Mortgages’ (‘the Company’, ‘We’, ‘Us’ or ‘Our’) is a Data Controller within the meaning of the General Data Protection Regulations (697/2016/EU) (‘GDPR’) and applicable Irish data protection legislation (currently the Irish Data Protection Acts 1988 to 2003 as may be amended). As a Data Controller we are obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.
Data Protection Officer
The Company has appointed a designated Data Protection Officer. If you have any queries with respect to how the Company processes your personal data or wish to exercise your rights under GDPR please write to:
Data Protection Officer,
20 Ely Place,
Dublin 2
Alternatively, you can email DPO@Dilosk.com
For general queries, you can call 0818 542 542.
Information we collect
We collect information: (i) you give us; (ii) information generated during the provision of our services or use of our websites, and; (iii) information provided to us by third parties.
Types of information we may collect or hold about you include:
- identity details, including your contact information;
- your financial details/financial circumstances;
- your marital status;
- your financial associations;
- information about you provided by others e.g. joint account applications;
- information which you have consented to us using; and
- other personal information such as: criminal conviction data; telephone recordings; and information provided when exercising your rights set out below.
Sometimes we may use your information even though you are not our customer. For example, you may be a beneficiary, guarantor, director or representative of a customer of ours or be a potential customer applying for one of our products or services.
Information we need
If you do not provide certain information we may not be able to:
- assess your loan application;
- provide requested products or services to you;
- to continue to provide existing products or services;
- assess suitability.
We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.
Purposes of Processing and the Legal Basis for processing
We use, and share, your data where:
- you have agreed or explicitly consented to the using of your data in a specific way (e.g. to receive information on new products or services). If you have provided your consent you may withdraw your consent at any time by making contact with us;
- use is necessary to provide a service or fulfil a contract that you have entered into (e.g. to provide you with credit services or a mortgage) or because you have asked for something to be done so you can enter into a contract with us (e.g. you have asked us to provide you with a loan offer);
This includes:
- Managing or administering your account, policy or other financial product(s);
- Processing your application(s) for credit or financial services;
- Where you apply for or avail of a credit facility, to carry out credit reviews including automated credit decision processes and to obtain details of your credit history from the Irish Credit Bureau (“ICB”) or any other credit rating agency or Central Credit Register;
- Contacting you by post, telephone, text message, electronic mail or other means but not in a way contrary to your instructions to Us or contrary to law or regulation;
- Facilitating a potential or actual transfer of any mortgage loan or product provided to you or in connection with a securitisation.
- use is necessary because we have to comply with a legal obligation (e.g. establishing your identity, residence and tax status in order to comply with law and regulation concerning taxation, complying with our Anti-Money Laundering obligations, providing credit information to the Central Credit Register, and reporting to regulatory authorities and law enforcement);
- use is necessary to protect your “vital interests” in exceptional circumstances;
- use for our legitimate interests such as managing our business and fraud or crime prevention. This may include things like credit risk management, providing service information, conducting business and market research and compiling statistics, training and quality assurance, portfolio management and strategic planning, and the purchase or sale of assets. You may object to your personal information being used for these purposes.
Automated Decision-Making
We may analyse your information using automated means to:
- help us understand your needs and develop our relationship with you;
- to help us to offer you products and service information we believe will be of interest to you;
- to make assessments where you apply for a financial product (e.g. a loan) including creditworthiness and affordability. We may make lending decisions based solely on an automated analysis of your information. The types and sources of the information we process by automated means about you are listed above.
We also use automated processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing, for example, to screen for suspicious transactions.
Recipients of Your Personal Data – Third Parties
In the course of providing its services to you, complying with legal obligations or pursuing our legitimate interests, we may share your personal data with the following categories of recipients:
- third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information;
- our appointed agents
- your authorised representatives;
- service providers who provide us with support services to enable delivery of our services;
- statutory and regulatory bodies (including central and local government) and law enforcement authorities;
- credit reference/rating agencies;
- debt collection agencies, budgeting and advice agencies, tracing agencies, receivers,
liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions, any other party involved in facilitating a potential or actual transfer of any mortgage loan or product provided to you or in connection with a securitisation;
- pension fund administrators, trustees of collective investment undertakings and pensions trustees, insurers/re-insurers;
- business or joint venture partners.
How long we will hold your Data
How long we hold your data for is subject to a number of pieces of legislation and regulations – as a general rule, we will keep your data for 6 years after the end our relationship with you or the last service provided. We will however endeavor not to keep any of your personal data longer than is necessary to fulfil the relevant purpose and/or comply with a specific legal retention period.
Your Rights with Respect to Our Use of Your Data
From 25 May 2018, you have several enhanced rights in relation to how we use your information, including the right, without undue delay, to:
- You can ask us for a copy of the personal information we hold and further details about how we collect, share and use your personal information;
- have inaccurate/incomplete information corrected and updated;
- object to particular use of your personal data for our legitimate business interests or direct marketing purposes;
- to withdraw consent at any time where processing is based on consent.
- in certain circumstances, to have your information deleted or our use of your data restricted;
- in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision;
- exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider);
If you wish to exercise any of your data rights, you can contact Our Data Protection officer by writing to the address above or emailing DPO@Dilosk.com .
If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests) we may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically.
If you are not happy with any aspect of how your data is used, you also have the right to complain to the Data Protection Commission in Ireland. You can contact the Office of the Data Protection Commissioner at:
Telephone: +353 (0)761 104 800 or Lo Call Number 1800 437 737
Fax: +353 57 868 4757
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South
Dublin 2