The Strategic Banking Corporation of Ireland (referred to in this Data Protection Statement as “SBCI”, “us”, “we”, or "our") is committed to protecting your privacy and data protection rights, and complying with our obligations under the GDPR and the Data Protection Act 2018, as amended ("Data Protection Law").
The purpose of this Data Protection Statement ("Statement") is to tell you about how we, as a Data Controller, collect and process personal data about visitors to our website; individuals who we communicate or interact with in the course of our business such as beneficial owners of and/or individuals employed by our on-lenders and other business partners; individuals whose personal data is provided to us in connection with the performance of our statutory functions and/or provision of our services; individuals who apply for jobs via the NTMA recruitment portal; and individuals who are employed or engaged by suppliers of goods or services or parties tendering to provide goods or services. This Statement should be read in conjunction with our Website Privacy and Cookies Policy, which is available here.
This Statement is not an exhaustive statement of our data protection practices. The manner in which we process personal data will evolve over time and we will update this Statement from time to time to reflect changing practices. In addition, we operate a number of internal workplace policies and procedures which interrelate with this Statement. For example, the SBCI has internal policies and procedures governing Personal Data Breaches, Data Subjects’ Rights and Data Retention.
Furthermore, in order to meet our transparency obligations under Data Protection Law, we will incorporate this Statement by reference into various points of data capture used by us such as application forms and/or surveys.
- About the SBCI
The SBCI is a statutory body established by the Strategic Banking Corporation of Ireland Act 2014, as amended (“SBCI Act”). The processing of personal data undertaken by the SBCI is primarily undertaken in fulfilment of our statutory functions.
The objectives of the SBCI include: encouraging the giving of credit in a prudent manner to enterprises and other persons in the State, in particular small and medium sized enterprises (“SMEs”), and facilitating the availability of credit in the State to benefit the economy and the economic well-being of the State.
The SBCI operates in the wholesale market, delivering funding to SMEs and other persons through a range of on-lenders including banks and non-bank finance providers. We avail of national and international sources of funding at competitive rates and procure the benefit of counter-guarantees for risk support. We have received financial support and funding from the European Investment Bank (“EIB”), the European Investment Fund (“EIF”), the Ireland Strategic Investment Fund (“ISIF”), the National Treasury Management Agency (“NTMA”) and certain Government Departments (collectively the “Funders”). Central to the activities of the SBCI is ensuring that the benefit of its support is delivered to the ultimate borrower.
The SBCI has developed three lines of business, details of which are set out below:
(a) Lending
The SBCI serves as a wholesale on-lending financial institution with the aim of providing low cost, long-term wholesale finance to borrowers through suitable on-lenders with the benefit of the lower cost being passed through to the borrowers.
(b) Risk-Sharing
The SBCI’s risk-sharing business provides partial credit guarantees to finance providers (our on-lenders) to facilitate the provision of credit to borrowers. The SBCI avails of and leverages risk capacity (counter-guarantees) from State and European supports to design financial products with the aim of making efficient use of its capital and enhancing access to finance for borrowers.
(c) Service Provision
This line of business is supplementary to the SBCI’s two primary lines of business, Lending and Risk-Sharing. The SBCI is the operator of the schemes created under the Credit Guarantee Acts 2012 to 2020 (“Credit Guarantee Schemes”) on behalf of the Minister for Enterprise, Trade and Employment. The SBCI acts as a Data Processor in its role as an operator of these Credit Guarantee Schemes.
- 2. Information we collect
"Personal data" means any information about an individual from which that person can be identified. We do not collect any personal data about you on our website, except from any information which you volunteer (for example by emailing us) and certain technical data, such as your IP address, as explained in our Website Privacy and Cookie Policy.
For the most part, the personal data processed by the SBCI comprises personal information and financial information relating to a borrower, which the SBCI receives indirectly through your finance provider (our "on-lenders"). The bank and non-bank on-lenders, through which we provide funding to borrowers, collect your personal data and process it.
In some instances, we may collect such personal data directly from you, including through the SBCI Hub, and we may also obtain it indirectly from other sources, including from other third parties involved in the administration of the relevant scheme.
If you or our on-lenders or other third party sources do not provide the personal data we request about you, we may not be able to provide you with our services or permit your participation in a relevant scheme. We or our on-lenders or other sources will tell you when we ask for your personal data whether it is a contractual requirement or needed to comply with our statutory functions or other legal requirement.
The SBCI processes special categories of personal data (such as health data) in limited circumstances. We do not usually seek this information from borrowers nor do we obtain it from third party sources. However, on an exceptional basis, we may receive this type of personal data where it is provided to us or our on-lenders on a voluntary basis by borrowers. For example, a borrower may advise us that they are unable to make repayments because of a health condition.
The SBCI will also process data relating to criminal convictions and offence details on an exceptional basis, if, for example, customer due diligence checks reveal such information in relation to a relevant SBCI scheme.
- 3. How we use personal data we collect
We will only use your personal data for the purposes and on the legal bases set out below:
Personal Data |
Purpose for Processing |
Legal Basis for Processing |
Your contact details (including name, email address, telephone number(s), postal address, Eircode, and registration number) |
To obtain your contact details and use them to contact you to determine your eligibility for a SBCI supported scheme and/or product The SBCI may also use your contact details to contact you in order to assist you with completing your application for a SBCI supported scheme and/or product |
Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 |
Your personal data (including name, date of birth, contact details, postal address, Eircode, email address, telephone number(s), MPRN, Account Number or other relevant SBCI scheme related data*) (*Further details of the categories of personal data processed by SBCI in respect of each relevant scheme can be obtained by contacting us. (See "Contact Us" below) |
To collect and process personal data received either directly from you and/or from other third parties through the SBCI Hub, to determine your eligibility for a SBCI supported scheme and/or product |
Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 |
Special category data such as health data |
To determine your eligibility to continue to participate in a SBCI scheme. For example, where you or an on-lender or other third party informs us you are unable to make repayments in relation to a SBCI supported scheme and/or product for health-related reasons |
Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 Processing is necessary for the establishment, exercise or defence of legal claims under Art. 9(2)(f) GDPR |
Criminal convictions data |
Criminal convictions and offence details will be processed in exceptional circumstances, such as where fraud prevention checks reveal a fraud in relation to your application for a SBCI scheme |
Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 Processing is authorised by Irish law under Article 10 GDPR, section 55(1)(b)(v) of the Data Protection Act 2018, and section 33 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended and related Sanctions legislation |
Your contact details (including name, email address, telephone number(s) and postal address) |
To send communications to you for the purposes of: (i) direct marketing of SBCI supported schemes and/or products (which said SBCI supported schemes and/or products shall be similar to SBCI supported schemes and/or products which applicants have previously applied for); (ii) to conduct market analysis and surveys related to applications for SBCI supported schemes and/or products |
Your consent (under Art. 6(1)(a) GDPR) – which you can withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 - you have the right to object to any direct marketing communications which we send to you |
Your personal data (including name, date of birth, contact details, postal address, Eircode, email address and telephone number(s), MPRN, Account Number, offical identity documentation and/or other relevant SBCI scheme related data*) (*Further details of the categories of personal data processed by SBCI in respect of each relevant SBCI scheme can be obtained by contacting us. (See "Contact Us" below) |
(a) For compliance with legal and regulatory requirements, including certain requirements to retain records (b) For establishment and defence of legal rights (c) For preventing, detecting, investigating, and reporting crime (d) To verify your identity for anti-money laundering purposes (e) To submit information to, and reports to Government Departments and/or EU institutions (f) To respond to a binding request from a regulatory authority or court |
To comply with our legal and regulatory obligations under Art.6(1)(c) GDPR, and section 33 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended and related Sanctions legislation To support our legitimate interests under Article 6(1)(f) GDPR (and those of third parties such as on-lenders) in preventing, detecting and investigating fraud, money-laundering or other crimes To support our legitimate interests in establishing or defending legal claims under Art. 6(1)(f) GDPR and Art. 9(2)(f) GDPR (where applicable) |
Your contact details (including name, email address, telephone number(s) and postal address), image (including photograph or video, where applicable), voice recording or certain other personal data such as the details of your loan agreement and financial support received |
To send communications to you, and to process your personal data, for the purposes of your participation: (i) in certain promotional activities conducted by us and/or our marketing partners or other specified third parties. Our marketing partners include certain statutory agencies, such as Enterprise Ireland, the Department of Enterprise, Trade and Employment (“DETE”), the Department of Agriculture, Food and the Marine (“DAFM”) and Microfinance Ireland. An up-to-date list of our marketing partners is available at: https://sbci.gov.ie/our-partners/marketing-partners (ii) in surveys or case-studies; and (iii) in publications which may include your image or voice, such as by way of a video testimonial available online, or in press releases or other publications made available on certain of our Funders' website(s) |
Your consent under Art. 6(1)(a) GDPR – which you can withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 - you have the right to object to any direct marketing communications or your participating in any promotional activities conducted by us or by our marketing partners or other specified third parties |
Your personal and/or professional contact details (including name, email address, telephone number(s) and postal address) and/or other relevant SBCI scheme related data*) (*Further details of the categories of personal data processed by SBCI in respect of each relevant SBCI scheme can be obtained by contacting us. (See "Contact Us" below) |
(a) Maintaining records of contact information and correspondence with our business partners, and communicating with our business partners (and other business contacts) for the purposes of performing our contracts with them (including performing our reporting obligations, where applicable) and for the purposes of records management (b) Management and internal audits of our business operations which may necessitate the processing of your personal data (c) Maintaining social media accounts to raise awareness of the SBCI supported schemes and/or products and to explain how they work (d) Market research and analysis including developing statistics (d) Administering your SBCI account and providing customer services and support functions to you including by email, telephone, website or by post |
For the purposes of entering into or performance of a contract with you where you act as a business partner under Art. 6(1)(b) GDPR Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 |
Technical data such as your IP address (see our Website Privacy and Cookies Policy here, for further information on how this data is processed) |
To analyse website user data in order to manage and operate our website, including to keep it updated and relevant, to develop our business and to inform our marketing strategy |
To support our legitimate interests under Article 6(1)(f) GDPR in managing and improving our business and services provided such interests are not overridden by your rights and interests |
CVs and/or job application forms |
We process CVs and/or job applications submitted via the NTMA recruitment portal for the purpose of making a decision as to whether to interview or recruit you. We may disclose such data to third party service providers who assist SBCI with the recruitment process |
For the purpose of entering into or performance of a contract with you under Art. 6(1) (b) GDPR To support our legitimate interests under Art.6(1)(f) GDPR in managing our business and providing our services provided such interests are not overridden by your rights and interests |
Your contact details (including name, email address, telephone number(s) and postal address) and/or other relevant SBCI scheme related data*) (*Further details of the categories of personal data processed by SBCI in respect of each relevant SBCI scheme can be obtained by contacting us. (See “Contact Us” below) |
Managing the goods or services we receive (including contract management, payment of invoices, and assessment of our suppliers or third parties who tender to provide goods or services to us) and disclosing information to our suppliers or other third parties for the receipt of goods or services |
For the purposes of entering into or performance of a contract with you where you act as our supplier under Art. 6(1)(b) GDPR Processing is necessary for the performance of a task carried out in the public interest and pursuant to our statutory functions under Art. 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014 To support our legitimate interests under Art.6(1)(f) GDPR in managing our business and providing our services provided such interests are not overridden by your rights and interests |
Please note you have the right to object to any of the processing of your personal data outlined above where such processing is carried out pursuant to our statutory functions (pursuant to Article 6(1)(e) GDPR, Section 38(1) of the Data Protection Act 2018, and section 8(1) of the SBCI Act 2014), or for the purposes of our legitimate interests or those of third parties, such as on-lenders (pursuant to Article 6(1)(f) GDPR). However, we may continue to process your personal data where: (i) we have compelling legitimate grounds for such processing which override your interests, rights and freedoms or (ii) where such processing is necessary for the establishment, exercise or defence of legal claims.
- 4. The SBCI as a Joint Controller
In limited circumstances (such as our use of social media), we may act as a Joint Controller with another party. Please note that any other Joint Controller will have its own privacy statement. The SBCI has social media accounts on the Facebook and Instagram platforms (the “SBCI Accounts”). Where you interact with the SBCI Accounts, your personal data will be processed in accordance with the terms and conditions, privacy policies and data protection notices that are provided to you on the relevant social media platforms. To the extent that the SBCI and Meta Platforms Ireland Limited jointly determine the purposes and means of the processing of your personal data in connection with the SBCI Accounts, the SBCI and Meta Platforms Ireland Limited act as Joint Controllers in respect of any such processing. The relevant terms governing this Joint Controller arrangement are available here.
- 5. Disclosure of your personal data
From time to time, we will disclose personal data to third parties, or allow third parties to access personal data which we process, for example, where a law enforcement agency or regulatory authority submits a valid request for access to personal data.
Where we enter into agreements with third parties to process personal data on our behalf, we ensure that the appropriate contractual protections are in place to safeguard such personal data.
Third parties to whom we disclose certain personal data relating to you include:
- (a) Selected third parties including contractors and sub-contractors (as appropriate), such as records management service providers;
- (b) On-lenders through which we provide funding support to borrowers, including for the purpose of confirming your eligibility in a SBCI supported scheme (this may include personal data processed via the SBCI Hub);
- (c) Relevant stakeholders for the purposes of, amongst other things, confirming your eligibility in a relevant SBCI supported scheme and/or for audit purposes. For example, in the case of a borrower who is granted a loan under the Home Energy Upgrade Loan Scheme ("HEULS"), your name, address, email address and other personal data in connection with your loan agreement may be communicated to the European Investment Fund ("EIF"), the European Investment Bank ("EIB"), the Department of Environment, Climate and Communications ("DECC"), the Minister for the Environment, Climate and Communications (the "Minister") and/or any other relevant stakeholders entitled to verify the use of the SBCI and EIF's guarantees in the context of HEULS or authorised to carry out audit or control activities, all acting as independent data controllers. In addition, your personal data (such as the MPRN of your property) may be disclosed to the Sustainable Energy Authority of Ireland ("SEAI") in order to verify your eligibility under HEULS. By way of further example, in the case of an applicant under the Growth and Sustainability Loan Scheme, your personal data (such as your herd number if you are applying on the basis of being certified to the Sustainable Beef and Lamb Assurance Scheme ("SBLAS") or the Sustainable Dairy Assurance Scheme ("SDAS") operated by Bord Bia) may be disclosed to Bord Bia in order to verify your eligibility for the Growth and Sustainability Loan Scheme;
- (d) Government Departments including the Department of Enterprise, Trade and Employment (“DETE”) and the Department of Agriculture, Food and the Marine (“DAFM”), both of which are partners in SBCI supported schemes, including for audit and reporting purposes and in response to parliamentary questions;
- (e) Our funders and their agents including in connection with audits and for the purpose of confirming your eligibility in a SBCI supported scheme. Their agents include the European Court of Auditors, the European Commission (the “Commission”) and its agents, including the European Anti-Fraud Office and other European Union institutions or bodies which are authorised by applicable law to carry out audit and control activities. Such personal data may be held for a period of up to 10 years after the termination of the relevant agreements between the SBCI and its funders;
- (f) Our professional advisors and our auditors;
- (g) Regulatory authorities, government agencies if required to do so by law or where we are required to do so in response to requests from all such bodies;
- (h)Other organisations if we are under a legal obligation to do so. This includes disclosing your personal data for the purposes of fraud prevention or investigation (such as to law enforcement authorities);
- (i)Our service providers (including the NTMA which acts as a Data Processor on our behalf); and
- (j)Social media platforms where you interact with the SBCI Accounts.
- 6. Your Rights
You have the right to request access to, rectification of, or erasure of your Personal Data, or restriction of Processing, or object to Processing of your Personal Data, as well as the right to data portability. In each case these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
- The right of access enables you to receive a copy of your personal data.
- The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you.
- The right to erasure enables you to seek erasure of personal data we hold about you.
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances.
- The right of data portability enables you to request us to transmit personal data that you provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible. This right only applies to personal data which you have provided to the SBCI (and not to data which is received from third parties).
- The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party) including processing for direct marketing purposes or where we are performing a task in the public interest. Your objection will be upheld, and we will cease processing your personal data, unless the Processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us.
- You have the right not to be subject to solely automated decision making, including profiling, which produces a legal effect or other similarly significant effect on you. This right is subject to certain restrictions and safeguards, and does not apply where the decision is (a) necessary for entering into or performance of a contract with you or (b) authorised by EU or member state law or (c) based on your explicit consent.
- Where we process personal data you provide to us based on your consent, you also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- You have the right to lodge a complaint with the competent Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity of your request. We will inform you of any such extension within one month of receipt of your request. We may request proof of your identification in order to verify your request. We have the right to refuse your request where there is a basis to do so in Data Protection Law, including if it is manifestly unfounded or excessive.
Should you wish to exercise your right to verify, correct, delete or otherwise modify personal data relating to that held by our Funders or their agents, who act as separate and independent controllers, please address your request to the following (as applicable):
- EIF: For the attention of EIF Data Protection Officer, European Investment Fund, 37B avenue J.F. Kennedy, L-2968 Luxembourg, Grand Duchy of Luxembourg. By email: dpo@eif.org. The EIF's Data Protection Statements are available at the following links:
- (i) https://www.eif.org/attachments/final-recipients-monitoring-dataprotection.pdf
- (ii) https://www.eif.org/attachments/eif_data_protection_statement_financial_intermediaries_due_diligence_en.pdf
- EIB: For the attention of EIB Data Protection Officer, European Investment Bank, 88-100, boulevard Konrad Adenauer, L-2950, Luxembourg, Grand Duchy of Luxembourg. By email: dataprotectionofficer@eib.org. The EIB's Data Protection Statement is available at the following link: https://www.eib.org/en/privacy/lending.htm
- European Commission: For the attention of Data Protection Officer, European Data Protection Supervisor, Rue Wiertz 60, B 1047 Brussels, Belgium. By email: edps@edps.europa.eu.
- European Court of Auditors: For the attention of Data Protection Officer, European Court of Auditors, 1615 Luxembourg, Luxembourg. By email: eca-data-protection@eca.europa.eu.
- European Anti-Fraud Office: For the attention of OLAF Data Protection Officer, European Commission - European Anti-Fraud Office, 1049 Brussels, Belgium. By email: OLAF-FMB-DPO@ec.europa.eu.
- DAFM: For the attention of Data Protection Officer, Department of Agriculture, Food and the Marine, Grattan Business Park, Dublin Road, Portlaoise, Co Laois R32 K857. By email: dataprotectionofficer@agriculture.gov.ie.
- DETE: For the attention of Data Protection Officer, Department of Enterprise, Trade and Employment, 23 Kildare Street, Dublin 2, D02 TD30.
- ISIF: For the attention of Data Protection Officer, Treasury Dock, North Wall Quay, Dublin 1, D01 A9T8. By email: dpo@ntma.ie.
- NTMA: For the attention of Data Protection Officer, Treasury Dock, North Wall Quay, Dublin 1, D01 A9T8. By email: dpo@ntma.ie.
- 7. Automated Decision Making
The SBCI does not carry out any solely automated decision making (within the meaning of Article 22 GDPR) in determining your eligibility for SBCI supported schemes and products.
However, SBCI processes personal data (received directly from you or indirectly via our on-lenders or other third parties) relating to your eligibility in regard to HEULS via the SBCI Hub and communicates with our on-lenders through the use of electronic notices issued via the SBCI Hub. These electronic notices trigger a manual investigation by SBCI and/or the on-lender to verify your eligibility for HEULS.
SBCI will endeavour not to make any solely automated decision to exclude your loan agreement from HEULS due to any apparent failure to meet the applicable eligibility criteria. Rather, any final decision about your eligibility for HEULS will be made by personnel from SBCI and/or our on-lenders, following human review of the electronic notice and associated underlying data (or lack thereof) and engagement with you. However, in circumstances where you fail to engage with either the SBCI and/or the relevant on-lender in regard to any queries concerning your eligibility, your loan agreement may be excluded from HEULS. This exclusion may constitute an automated decision by SBCI and/or the relevant on-lender and is necessary for the purposes of entering into or the performance of the loan agreement with you. If you have been subject to an automated decision, you can contest this decision by contacting SBCI (see "Contact Us" below) and/or the relevant on-lender.
- 8. Data Security and Personal Data Breach
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. However, we have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation.
The NTMA, as Data Processor for the SBCI, provides various supports to the SBCI and has a suite of Information Security Policies and Procedures which are designed to ensure that appropriate technical and organisational measures are in place to protect information. They are overseen by an IT Security Committee and apply to all SBCI staff. These measures protect personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. The SBCI has also implemented complementary policies and procedures in this regard.
Personal data is held securely using a range of security measures including, as appropriate, physical measures such as locked filing cabinets, IT measures such as encryption, and restricted access through approvals and passwords. We will continue to revise policies and implement additional security features as new technologies become available.
Articles 33 and 34 of the GDPR oblige Data Controllers to notify the competent Data Protection Authority and affected individuals in the case of certain types of personal data breaches. The SBCI has implemented a Personal Data Breach Procedure and we will manage any Personal Data Breach (as defined in the GDPR) in accordance with this procedure.
- 9. Data Retention
We will process and retain personal data only for as long as necessary for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject; in accordance with our contractual obligations with third parties who provide us with financial support (i.e. our Funders); for the exercise or defence of legal claims that may be brought by or against us, and in accordance with our Records Management Policy. Our retention practices may be reviewed and updated from time to time in line with legal requirements and best practice.
If you would like further information about our data retention practices, you may ask for this at any time by contacting the SBCI’s Data Protection Officer (see "Contact Us" below).
- 10. Data Transfers outside the EEA
We will not transfer your personal data outside the European Economic Area ("EEA") save in exceptional circumstances and in all such cases, the transfer will occur in accordance with applicable Data Protection Law. We will ensure that appropriate safeguards are in place to protect the transfer of your personal data to any non-EEA country, including, in particular, an Adequacy Decision by the European Commission under Article 45 GDPR, or by putting in place the EU Standard Contractual Clauses ("EU SCCs") under Article 46.2 GDPR, and carrying out a related Transfer Impact Assessments.
You may obtain more information concerning these safeguards by contacting the SBCI’s Data Protection Officer (see "Contact Us" below).
- 11. Changes to this Statement
We reserve the right to change this Statement from time to time at our sole discretion. If we make any changes, we will post these changes here and update the "Last Updated" date at the bottom of this Statement. However, if we make any material changes to this Statement, we will notify you by means of a prominent notice on our website prior to the change becoming effective. Please review this Statement periodically for updates.
- 12. Contact Us
Questions, comments, requests and complaints regarding this Statement and/or the personal data we process about you are welcome and should be addressed to the SBCI Data Protection Officer at dpo@sbci.gov.ie or sent in writing to: SBCI Data Protection Officer, Treasury Dock, 1 North Wall Quay, Dublin 1, D01 A9T8 or email dpo@sbci.gov.ie. All requests will be dealt with promptly and efficiently, and in line with our statutory obligations under Data Protection Law.
While you may make a complaint in respect of our compliance with Data Protection Law to the Data Protection Commission (https://www.dataprotection.ie/), we request that you contact the SBCI Data Protection Officer in the first instance to give us the opportunity to address any concerns that you may have.
Date: Last Updated [24] April 2024