Our Privacy Promise to you:
- We Promise to be fair and transparent at all times
- We treat the security of our customers` data very seriously
- We believe in integrity and we respect your privacy
What does this mean for you?
Our Data Privacy Notice provides you with information about how we use your personal data. Each section sets out how we collect, process and retain your personal data whilst providing you with a service. Please use the following list to choose which sections of our Data Privacy Notice you want to read:
- Who we are?
- What types of personal data do we collect?
- How do we collect your personal data?
- How we use your personal data
- How long do we retain your personal data?
- Who we share your personal data with?
- How we keep your personal data safe
- Transferring your personal data outside of the European Economic Area (EEA)
- Credit Reference Agencies notice explained
- Your rights in relation to your personal data
- Who can you speak to about this Privacy Notice?
- Updates to this Privacy Notice
You can contact the Cabot Financial (Ireland) Ltd Data Protection Team using the details below.
Writing: Data Protection Team, Block D Cookstown Court, Belgard Road, Tallaght, Dublin 24
Email: [email protected]
1. Who we are
We are Cabot Financial (Ireland) Limited, a member of the Cabot Credit Management Group. Cabot Credit Management Group (CCM) are a market leader in the UK and one of the largest Credit Management Service providers in Europe. Cabot Credit Management Group is authorised and regulated by the UK Financial Conduct Authority (FCA).
Cabot Financial (Ireland) Ltd (“Cabot”, “us”, “we”, “our”) is authorised and regulated by the Central Bank of Ireland (CBI). Our principal activity is the management of Cabot loans or the provision of loan portfolio management/credit servicing to various companies, along with third party servicing activities. The purpose of the Data Privacy Notice is to explain how we collect and use your personal data.
Personal data means data relating to a living individual who can be identified (either from that data itself or when combined with other data).
2. What types of personal data do we collect?
The types of personal data that we collect may include, but is not limited to, the following:
- Contact data/identity data: Including name, date of birth, proof of identification, address, nationality, telephone number and email address.
- Financial details/personal circumstances: Including income and expenditure details, accounts details, financial needs, family details, employment status and marital status.
- Interactions with Cabot staff: Whenever a staff member contacts you or meets you, or you contact our staff member, a note of this interaction is recorded on our management system(s). In addition, we sometimes record telephone conversations to improve services, for training purposes, to resolve complaints and as required by relevant regulations and the Central Bank of Irelands Codes of Conduct. However, we will always let you know when we are recording our calls with you.
- Data that we gather from publicly available sources: This may include the press, the electoral register, company registers, the Central Credit Register,online search engines or entities such as An Post.
- Data from Customer Satisfaction Surveys.
- Data in relation to data access, correction, restriction, deletion, porting requests and complaints.
- Data through companies which we use to validate for financial crime purposes.
- Special categories or sensitive personal data: Some categories of personal data are more sensitive than others. These are known as special category personal data which include:
- Racial or Ethnic origin;
- Biometric data;
- Religious beliefs;
- Data concerning heath, sexual orientation.
If you ever disclose this type of personal data to us, we will only keep this on record if it is necessary for the services we are providing. Where we do need to keep this data on record, we will always request your explicit consent to do so. We will only store this data for as long as it is relevant. You have the right to withdraw your consent and, if you do, we will delete any special category data personal to you from our records.
If you disclose special category personal data to us, whether or not we have requested it, for example, if you send a letter to us detailing your medical situation, your provision of that data will be deemed to confirm your consent for us to process that data.
Where we consider it necessary to record the special category personal data you give to us, we will securely record this data and tell you how we will use it and how you can withdraw your consent.
3. How do we collect your personal data?
We collect your personal data in the following ways:
- From the previous or current owner of your account.
- From clients or other parties who have engaged us to provide credit servicing or third-party servicing.
- We keep records of correspondence between us, including letters, emails and SMS texts.
- We record phone calls between you and our employees for training and monitoring purposes and to improve and enhance the service we offer you.
- When you use our website and online payment application.
- When we conduct customer surveys in order to improve customers’ experience.
- We operate CCTV at our business premises [for security purposes] so if you were to visit one of our offices your image may be captured on CCTV.
- We access third party data sources and combine and process data from those sources with your personal data. Examples of third-party data sources include the Land Registry, registers of court judgments, bankruptcies and telephone number verification databases.
- Third parties that we appoint may collect personal data from you and remit it to us.
- From your family members about you if you become incapacitated.
- From your solicitor, authorised financial advisor or authorised third party.
- Through business interactions between your company and us.
- When you provide us with data about others or others provide us with data about you: If you give us data about someone else, you should be sure that you have their consent to do so and you should show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal data with us.
- From your online activities with third parties where you have given us your consent for example, by consenting to our use of certain cookies or other tracking technologies.
4. How we use your personal data?
We collect and process your personal data for a variety of reasons and we rely on a number of legal basis for doing so including:
To provide services to you and to fulfil our contract with you, we use your data to:
- Establish your eligibility for a service.
- Manage and administer your accounts and services that we may provide you with e.g. where we may have acquired your loan from another party, they will pass relevant data to us to allow for the continued performance of your contract.
- Process payments that are paid by or to you (e.g. to take a payment by direct debit from your bank account we have to share your data with our bank).
- Contact you by post, phone, text message, email, fax or other means.
- Monitor and record our conversations when we speak on the telephone.
- Recover debts you may owe us.
- Manage and respond to a complaint or appeal.
To comply with our legal and regulatory obligations including:
- To comply with your information rights.
- Provide you with statutory and regulatory information and statements.
- Establish your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of fraud, money laundering and terrorist financing.
- Report to and where relevant, conduct searches on the Central Credit Register and other industry registers.
- Comply with binding requests from regulatory bodies, including the Central Bank of Ireland, the Data Protection Commission, An Garda Siochana and Revenue Commissioners.
- Comply with search warrants, and Court orders arising in civil or criminal proceedings.
- Investigate and resolve complaints.
- Perform a task carried out in the public interest.
To manage our business for our legitimate interest we may use your personal data to:
- Manage and administer your accounts and services that we may provide to you.
- Assess the quality of our customer service and to provide training to staff.
- Carry out strategic planning and business portfolio management.
- Ensure business continuity, disaster recovery; to respond to information or technology and business incidents and emergencies.
- Carry out credit scoring and credit management including collecting and enforcing debts and arrears. This may include reporting to and searching the Central Credit register and engaging agencies to trace you (for example, where the address you have provided is no longer accurate and we need to provide you with legal documentation).
- Monitor, maintain and improve internal business processes, information, technology and communications that may benefit you or Cabot.
- Compile and process your data for audit, statistical or research purposes in order to help us understand our risks better, including providing management information, operational and risk management.
- Protect our business, reputation, resources and equipment, your data, manage network and information security and prevent and detect fraud, dishonesty and other crimes, including utilising screening/monitoring technology.
- Manage and administer our legal and compliance affairs, including compliance with regulatory guidance and codes (including assisting a previous lender in its compliance with regulatory rules, guidance and requests). Rectifying negative impacts on customers as a result of process or regulatory failures.
Where you have given us consent (which you may withdraw at any time) such as:
- Where we liaise with authorised third parties at your request and with your consent.
- Where you have consented to us contacting you where it is not your residence, for example contacting you at your workplace.
- Where we send text messages to you about a service.
- Using special categories of data or sensitive personal data.
To protect your vital interests:
In exceptional circumstances we may use and/or disclose data (including special categories or sensitive data) we hold about you to identify, locate or protect you including:
- If it comes to our attention that you are in imminent physical danger and this information is requested/provided by or to An Garda Siochana, a member of the emergency services or your relative.
5. How long do we retain your personal data?
Your personal data is retained for different periods of time depending on the purposes for which it is required to be retained. We hold your data while you are a customer and for a period of time after that. We do not hold it for longer than necessary. An example of this is our obligation to hold customer records and files for a period of (7) years after the end of a business relationship depending on the business relationship or (12) years where we had a deed in place. When personal data reaches its maximum retention period, we will ensure that this data is purged from all systems including filing systems and storage units etc. We will then destroy any hard copies of personal data we may hold using our confidential waste disposal providers.
6. Who we share your personal data with?
We only share your personal data with a select number of individuals and companies and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:
- Staff/Companies in the Cabot Credit Management Group – We will share your data with our staff, including staff of other members of the Cabot Credit Management Group in order to fulfil our contract with you or to perform our duties, to protect our legitimate interests, or where legally required to do so.
- Guarantors – We will share your data with any person or entity which guarantees your obligations to us or gives us an indemnity concerning these obligations.
- Suppliers and service providers – We may share your data with service providers engaged by us for example; cloud storage providers, IT system suppliers, software development contractors, printing companies, property contractors, tracing agencies, receivers, liquidators, examiners, official Assignee for Bankruptcy and equivalent in other jurisdictions, auditors, lawyers, insurers, valuers, estate agents, document management providers, advisers, financial crime screening providers and other consultants.
- Your authorised representatives – We will share your data with your authorised representatives which includes for example; a friend, family member, attorney (under a Power of Attorney), legal representative or a Debt Management Company.
- Statutory and regulatory bodies and law enforcement – Such as the Courts and those appointed by the courts, the Central Bank of Ireland, An Gardai Siochana/police, authorities/enforcement agencies, the Data Protection Commission, the Financial Services and Pensions Ombudsman, the Revenue Commissioners, Criminal Assets Bureau or relevant Government departments, where reasonably necessary, for financial crime and sanction prevention purposes.
- Credit reference/rating agencies – We may access, use and/or share your data with the Central Credit Register (CCR).
7. How we keep your personal data safe?
We know that you care about how your data is used, stored and shared. We appreciate your trust in us to do so. To protect your personal data, we use security measures that comply with Irish law and acknowledged best industry practice. This includes computer safeguards and secure files.
8. Transferring your personal data outside of the European Economic Area (EEA)
We may transfer your personal data to our service providers (such as IT service providers, payment processors, providers of administration services and tracing agents) and other organisations that operate outside of the European Economic Area (EEA). Where we authorise the processing/transfer of your personal data outside of the EEA, we require your personal data to be protected to at least Irish standards and include one of the following data protection transfer mechanisms:
- Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers and other organisations.
- Transfers to countries outside the EEA which have adequate level of protection as approved by the European Commission.
- Binding Corporate Rules.
- Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR.
9. Credit reference agencies notice explained
We are required by law to share details of your account (including your personal data) with the Central Credit Register (CCR) on a monthly basis to promote responsible lending.
The type of data that may be exchanged is outlined below:
- Full Name;
- Full address;
- Date of Birth;
- Current position of any accounts you have open with us.
The CCR may share the data that we provide to them with other lenders, who can request your credit report in the following circumstances:
- Where you apply for a new loan;
- Where you apply to restructure an existing loan;
- Where you may have arrears on an existing loan;
- If you breach the terms and conditions of a credit card or an overdraft facility.
You can also request your personal credit report from the CCR. The CCR may also
share your personal data with the Central Statistics Office. You can find out more about the CCR on the website below:
10. Your rights in relation to your personal data
You have a number of rights in relation to the personal data which we hold about you. If you choose to exercise any of these rights, we may ask you to verify your identity by providing us with additional information such as an up to date proof of identity or address.
Right to object:
You have the right to object to us processing your data if the processing itself is an unwarranted interference with your interests or rights. You can find out more about how and why we process your personal data in section 4, ‘How we use your personal data’.
Right to restrict processing:
If you believe we are processing your personal data unlawfully or if you believe that we no longer need your personal data, you have the right to request that we restrict the processing of your personal data.
Right to Erasure (Right to be forgotten):
You have the right to request that we delete your personal data if you believe we no longer have a lawful basis to process it, provided there are no legal obligations or overriding legitimate grounds that require us to keep it.
Right to rectification (correct your personal data):
Upon obtaining personal data we conduct checks to validate that it is accurate and up to date. We are reliant on you and other third parties to provide us with the correct data at all times. If you believe that any of the personal data we hold for you is incorrect, it is important that you make us aware of this as soon as it is possible, for example if you have a new phone number or you have moved address you will need to update us with your new contact details.
Right to make a complaint to the Data Protection Commission:
You have the right to make a complaint to the Data Protection Commission (DPC) if you are not satisfied with the outcome of your complaint with us. You can contact the Office of the Data Protection Commission at: www.dataprotection.ie
Telephone: +353 (0)761 104 800 & +353 (0)57 868 4800
Email: [email protected]
Writing: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Right to withdraw your consent:
For certain limited uses of your personal data, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal data where the processing is based on your consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.
Right to portability:
You can request that certain personal data which you have provided to us be transferred to you or to another service provider. This applies to data that we are processing for the performance of your contract or based on your consent.
Right to access your personal data:
You have the right to get confirmation about whether we process any of your personal data and, if so, how we use it. We use this Data Privacy Notice to meet this obligation. In addition, if we process your personal data, you have a right to request a copy of the personal data that we process.
We take the security and protection of your personal data very seriously, so we reserve the right to request proof of your identity before supplying you with any personal data.
Once we have validated your identity, we will respond to your request within one calendar month. We will endeavor to send your personal data in the medium requested by you.
In order to make this request please contact us on the below details:
Writing: DSAR Team, Cabot Financial Ireland, PO Box 11151, Tallaght, Dublin 24.
Email: [email protected]
Right to object to a decision based solely on automated processing:
You have the right to object to a decision based solely on automated processing, where such processing produces legal effects or significantly affects you.
Our website operates and collects cookies. A cookie is a small file that is placed on your computer’s hard disk, it may be for several reasons, for example:
- Google analytics, such as analysing the traffic to the website and to speed up access to the website.
- Targeted communications that help us to guide you back to specific pages within our website, or reach you via third party websites
We will always ask you on the homepage whether you want us to place a cookie on your computer. The vast majority of web browsers accept cookies; however, you can manually change your browser settings so that cookies are not accepted. In doing so you may lose some of the functionalities of our website. For more information about cookies and how to disable them please go to: www.aboutcookies.org
We can confirm that any cookies placed by us shall not store or collect any personal data.
12. Who can you speak to about this Privacy Notice?
If you would like to make a complaint or have a query about how we use your personal data, you can contact us at:
In writing: Data Protection Team, Cabot Financial Ireland, PO Box 11151, Tallaght, Dublin 24
Email: [email protected]
If you are unsatisfied about how we have handled your complaint, you have the right to escalate your compliant to the Data Protection Commission. You can contact the Data Protection Commissioner at:
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South Dublin, 2D02 RD28
Email: [email protected]
Telephone: Lo Call 1890 8684800 or +353 (0)761 104 800
Cabot Financial (Ireland) Ltd is regulated by the Central Bank of Ireland
13. Updates to this Privacy Notice?
This Privacy Notice may be updated from time to time. You will always find the most up to date version on our website at www.cabotfinancial.ie