The purpose of this Privacy Statement is to outline our position concerning the collection, use, retention, disclosure, and transfer of Personal Data which is gathered and processed by us. This Privacy Statement also sets out our information management practices.
At FDC we respect the privacy of all those individuals whose Personal Data we encounter, which includes the following:
- All users of this Website, Social Media Pages or Apps;
- Employees and contractors (including applicants for employment with FDC);
- All members (including former employees) of FDC on sponsored pension schemes;
- Business contacts and suppliers;
- Customers and their Employees;
- All Customers or prospective customer
For each of these categories of individuals, this Privacy Statement will explain why we collect and how we use the Personal Data we collect. We will ensure that it keeps all Personal Data provided to it in accordance with our obligations under applicable data protection laws. We may update this Privacy Statement from time to time to reflect any material changes in technology, legislation or the data use practices which may materially affect the way in which we process Personal Data.
This is not an exhaustive statement of all our data protection practices and we may apply specific policies within certain environments. We might include a separate privacy notice at the point of capturing data on a new service and any specific consents obtained or information provided in this way will apply specifically to that service and will supplement this Statement.
1. What is Personal Data?
Personal Data is any information relating to a living individual that allows for the identification of that individual. Personal Data can include a name, address, contact details, an identification number, IP address, accesses cards, fobs, audio-visual or audio recordings of a person, details about an individual’s location or any other detail(s) specific to that individual such in certain cases special category data.
Who we are and how to contact us?
Where FDC controls Personal Data by deciding why and how that Personal Data is processed, we will be a “Data Controller”. Any entity that processes Personal Data controlled by us and does so on behalf of FDC, is a “Data Processor”. Data Processors may include third party service providers engaged by us (for example communications providers, payroll, marketing services or recruitment agencies). As required by applicable data protection law, when we appoint a Data Processor, we will ensure that appropriate contractual protections are in place.
In other circumstances where decisions regarding the processing of personal data is made independently of FDC, the third party shall usually be a Data Controller, and as such it will be the privacy statement of such third party’s that will govern the collection, use and processing of personal data. We will comply with all Art 28 obligations set out by the Data Controller when acting in the capacity of a Data Processor These obligations will be agreed in the format of a contractual agreement with the Data Controller.
Where decisions regarding the processing of personal data is co-agreed it may be necessary for FDC to share Personal Data with the third party and vice-versa. These decisions will be agreed in the format of a contractual agreement with another Data Controller.
If you have any questions about this data protection statement, including any request to exercise your legal rights, please contact us by writing to our Designated Privacy Representative, Jessica Perrot, FDC House, Wellington Road, Cork , Ireland or via email email@example.com
2. Categories of personal data and how we use it.
These sections of the Privacy Statement set out the type of Personal Data collected by us, the purposes for which such Personal Data is collected and processed and the lawful justifications for such processing in the context of the FDC Website.
We may collect, store, use, and share aggregate data such as statistical or demographic data. Aggregate data is information gathered and expressed in a summary form for purposes such as statistical or demographic analysis.
Aggregate data may be derived from your personal data but is not data that directly or indirectly reveals your identity. For example, we may aggregate your usage data of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregate data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this data protection statement.
We temporarily store IP addresses of visitors to our website for associated performance metrics (i.e. data related to how well our software performs on our site) and to monitor and track application errors. Please note we will never access IP addresses without any operational or security need.
In the context of our website we do not collect special categories of personal data about you (which include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences. If it is necessary to collect special categories of personal information and/or criminal conviction information, we will only do so with your explicit consent and we will explain the purpose for which the information will be used at the point when we ask for your consent.
3. How we obtain your information?
We may collect your information though our website or social media platforms where you provide it to us, such as filling out forms, requests such as a brochure or contact us communication. We may also collect and store data available to us through our social media platforms, such as age, geo location, gender, interests, page likes. We may also collect information from you via in person meetings or at events such as at conferences etc.
FDC is not responsible for the privacy practices of any external websites or platforms which may be accessed or used in connection with a person’s use of this website or FDC social media pages. They are subject to their own privacy statements which may materially differ from those of FDC so users should review them for further information.
4. What Personal Data does FDC collect and use online?
FDC collects various types of Personal Data when a person uses this website or FDC social media. The following are examples of Personal Data collected by us:
- Social Media Pages: Content such as messages and photographs, that are posted on social media pages on which FDC has a presence and may be made publicly available and may be used in connection with the operation and promotion of our social media pages, services, and this website. Data such as the name of your internet service provider, the website you visited us from, the parts of our site that you have visited, the date and duration of your visit, and information from the device (e.g. device type, operating system, screen resolution, language, country location, and web browser type) used during your visit. We may process this usage Data to facilitate access to our website (e.g. to adjust our website to the devices that are used).
- If content is posted that is deemed to be in breach of this Privacy Statement or the policies operated by such websites or social media platforms, such content may be removed by or at the request of FDC or the operators of those social media websites. If such inappropriate content is posted to a social media page that FDC controls, you can report it at the following address firstname.lastname@example.org and FDC will endeavor to ensure that appropriate action is taken in accordance with the FDC policies and the policies of the relevant social media platforms.
5. The purpose and legal basis for processing your information.
FDC collects and processes the Personal Data described below for a variety of purposes. As required by data protection laws, below is a summary of these purposes and the lawful justifications that support them:
- To enter into and perform a contract with you
We may process your information in order to enter into a contract with you or to provide you with a service which you have requested from us. For example, we need to process your personal information to enable you to avail of a Financial Services product, to provide payroll and accounting service or to provide you with a brochure or information about a product or service where you have requested it.
- To comply with our legal obligations
We are required to process your personal information to comply with certain legal and regulatory obligations to which we are subject. For example, we are required to obtain certain records in accordance with central bank obligations, Anti-Money Laundering Law, company, and revenue law which may include your personal information.
- For our legitimate business interests
We may use your personal information for the purposes of carrying out activities that are in our legitimate interests (or those of a third party). Where we process your information for our legitimate interests, we ensure that there is a fair balance between our legitimate interest and your fundamental rights and freedoms.If you are a customer of FDC, we may use your information to send you communications via email, post and or telephone on products and services that may interest you and that you would reasonably expect to receive, you can at any stage easily opt out of these communications by contacting us on email@example.com or by following the unsubscribe/opt-out link in the relevant marketing communication.We may use your personal information to manage our everyday business needs, including accounting, internal reporting needs, and market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud. Our legitimate interest is the effective management of our business.
We may use your personal information to send you notifications or reminders of appointments with our advisors or documentation return deadlines, to provide customer care and to remind customers of actions that may need to be taken in relation to a new or existing product/service. Our legitimate interest is connecting with our customers and keeping them notified of important events.
We may use your personal information in an aggregate form to classify our customers and to acquire an aggregated overview of our customer base in our legitimate interest. Such processing does not assess individual characteristics. Our legitimate interest is to grow our business, understand our customer base and provide products and services of interest to our customer base.
We may use your information which we collect, including personal information we obtain from publicly available sources such as social media, public directories etc. to help us understand our customers and provide products or services which may be of interest to you, in our legitimate interest. You have the right to object to this at any time by contacting us on firstname.lastname@example.orgIf you are a business contact, we may acquire your contact data from reputable marketing agencies, which may include your personal data with the intention to provide you with information on products or services which may be of interest to you, in our legitimate interest. We will notify you of any such acquisition and you have the right to object to this at any time by contacting us on email@example.comWe may also contact you in the event of updates about our business such as opening hours, change in address, updates about our sites etc. We do this in our legitimate interest to keep our customers updated of changes within our organisation.
We may provide your personal information from contact forms collected via our websites to other FDC entities which are listed below. We do this in our legitimate interest to keep our customers supported by directing their requests to their preferred service. You have the right to object to this at any time by contacting us on firstname.lastname@example.org
FDC Financial Services Limited (Regulated by the Central Bank of Ireland) FDC and Associates Limited FDC Accountants-Tax Consultants Limited FDC Accountants-Tax Consultants (Southern Region) Limited FDC Accountants- Tax Consultants (South Western Region) Limited FDC Accountants- Tax Consultants (Midlands Region) Limited FDC Accountants – Tax Consultants (South Eastern Region) Limited FDC (Tax Department) Limited FDC Accountants- Tax Consultants (Western Region) Limited
- With your consent
When you apply for a role within the FDC Group or when you apply to participate in a FDC Training initiative, we may use the personal data provided on your application and any imagery or video applications that you provide to assess your application.
There may be instances when providing you with a service we may need to collect and process special category data (this may include details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. ) If we are required to process such data, we will request your consent to do so.
- To protect your vital interests
We will in certain circumstances use your personal information to protect your vital interests or the interests of another.
Below is a summary of these purposes and the lawful justifications that support them:
Purpose Description Lawful Basis for Processing Purchasing a FDC Service We will process your personal data to provide you with the service you requested. The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract to which the data subject is party. Financial Services Product/Service We may assist you in obtaining a Financial Services product or service.
We may seek your consent to share your data for the purpose of reviewing your credit profile when making an application for a financial product.
The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract to which the data subject is party.
The Data Subject has provided consent for the processing.
Notifications and Reminders We may use your personal data to remind you of an appointment scheduled with one of our Advisors or to notify you of documentation deadlines. We rely on our legitimate interest to connect with our customers. Marketing to Potential Customers and Customers Information is collected by our Advisors, and/or Marketing staff when any customer, or potential customer, contacts us. Where you are a Business Prospect or Existing FDC Customer
The processing is in our legitimate interests to develop our business by providing information that is relevant and where the data subject has not opted out of the processing.
Where you are a Consumer Prospect
The Data Subject has provided consent for the processing.
Profiling We may use your personal data that you have provided for profiling purposes which enables us to direct specific products and service that may be of interest to you.
We may also complete profiling through automated decision making which will assist is in establishing affordability and to enable us to provide quotations for Financial Services products.
To establish a customer’s attitude to investment risk. The customer completes a risk questionnaire which calculates the customers attitude to various levels of risk having answered a series of questions.
This profile is then taken into consideration then when recommending products/funds etc.
The Data Subject has provided consent for the processing. Quality Improvement / Staff Training All, written communications, and digital communications received through the web are stored by us. The processing is in our legitimate interests in providing a high standard of services to our customers, by assessing the ongoing development and identifying areas for improvement. Legal obligation We may use your personal information to comply with various legal obligations to which we are subject including.
Managing our Revenue obligations.
Meeting our regulatory obligations under the Central Bank of Ireland such as;
(a) We may use your personal data to comply with anti-money -laundering regulations.
(b) Screening of all customers against Financial Sanctions and Politically Exposed Persons (PEPs) Lists.
COVID 19 Contact Tracing Logs.
COVID 19 Return to work Safely Forms.
The processing is necessary for compliance with a legal obligation to which the controller is subject. Dealing with sales and other enquiries To respond to correspondence, you send to us and fulfil the requests you make to us (for example further information on FDC services or brochure requests. To takes steps prior to the entry into a contract with you and for our Legitimate Business Interests. To understand our customer base We may use your personal information on an aggregate basis for market research purposes to help us understand our customer base. We rely on our legitimate interest to understand our customer base. Business needs We may use your personal information to manage our everyday business needs, including accounting, sharing your information within our company group for administrative purposes, and to prevent fraud. We rely on our legitimate interest in the effective management of our business. Processing of FDC Employee Data Employee data is processed for the following reasons; Payroll, appraisal, and review, monitoring of adherence to FDC policy, employee welfare and health and safety in the workplace employee pension, prospective employee and recruitment, compliance with statutory obligations, contact tracing and return to work safely documentation(Covid 19).
Recruitment and Training Candidate Data, may be processed with consent from applications, curriculum vitae and video applications submitted
We rely on the following purposes.
(a) Necessary to comply with a legal obligation(to comply with employment law).
(b) The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract to which the data subject is party.
(c) Necessary for our legitimate interests and that of a 3rd party.
(d) Where the Data Subject has provided consent (Recruitment & Training).
(e) Necessary in order to protect the vital interests of the data subject or of another natural person.
(f) Necessary for the purpose of establishing, exercising or defending a legal claim.
Website Security To administer and protect our business and FDC website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). (a)Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise).
(b) Necessary to comply with a legal obligation.
Website analytics To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. With your consent where your data has been collected through our website. We use the data to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and marketing strategy.
6. Who do we share information with?
Third party service providers
FDC discloses Personal Data to third parties in certain instances. For example, we use third party service providers for the processing of Personal Data for several purposes, including, consultants, advisors, I.T. service providers, printers, debt collection agencies, valuers, marketing companies who carry out marketing campaigns, market research and providers of security and administrative services. These service providers are subject to a contractual obligation to only process Personal Data obtained from us for purposes to which it was obtained and in accordance with our instructions.
We will not provide your Personal Data to third parties who may contact you for direct marketing or promotional purposes unless you have consented to FDC disclosing your Personal Data to such third parties for that purpose.
In certain circumstances we may disclose personal data to other external third parties such as our professional advisors as necessary in the context of the performance of their services. Such recipients may include external legal advisors, external auditors, actuaries, pension and tax advisors, pension administrators and other professional advisors.
Disclosure of such data will take place for a variety of reasons including in order to ensure that we meet our tax and other statutory obligations.
We may also disclose personal data to our insurance providers in connection, with legal claims and prospective legal claims or proceedings.
FDC Group entities: We may convert your information, such as information you provide into statistical or aggregate data in such a way as to ensure that you are not identified or indefinable from it. We may also provide your personal data onto other FDC Group entities with your consent or as requested by you for fulfillment of a service request or to meet contractual obligations.
Insurance Companies: We may disclose personal data to our insurance providers in connection, with legal claims and prospective legal claims or proceedings.
FDC Financial Services: We may pass on your personal data to Insurance Companies or Financial Service Providers to meet our contractual obligations with you and to provide specific services that you have requested . As these are independent Data Controllers their processing activities and decisions regarding the processing of your data may vary to that of FDC, we would suggest that you review their Privacy Statements. You can find further information on the 3rd parties we share data with by following this link.
Potential sale or merger
If we sell any part of our business and/or integrate it with another organisation, your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs, the new owners of the business will only be permitted to use your information in the same or similar way as set out in this data protection statement.
Garda Síochána, Government or Quasi-Government Bodies, Courts and Tribunals: We may share your personal information with these organisations and bodies, where required to do so by law.
7. What type of information is collected?
As a multi-disciplined professional service provider we need to collect many categories of personal data (about you and other parties) for the purposes set out in this Privacy Statement.
The following table is a non-exhaustive list and provides an indication of the categories and types of personal data we use to perform our duties.
|Purpose||Type of Data|
|Sale of Services||Full Name, Contact Details, Bank Details, Gender, SMS communications|
|Customer Care||Full Name, Contact Details, SMS communications|
|Financial Services||Full Names, Email Address, I.P , Contact Details, PPSN, Bank Details, Date of Birth, Home address, Marital Status ,Image of Data Subject, Gender, Income & Occupation details, Financial Portfolio details, health status and history.|
|Payroll||Full Names, Email Address, I.P , Contact Details, PPSN, Bank Details, Date of Birth (Pension Purposes), Home address|
|Marketing||Full Name, Contact Details, Occupation, Company Name, Gender, Purchase History, I.P Address, Cookie Preferences, Contact Forms, SMS communications|
|IT Information||Full Names, Mobile Phone Number (MFA), I.P Address, cookies, cookie preference, device details|
|Tax Planning||Full Names, Email Address, Address, ,Image of Data Subject Contact Details, PPSN, Bank Details|
|Audit & Tax Services||Full Names, Email Address, I.P ,Image of Data Subject Contact Details, PPSN, Bank Details, Date of Birth (Pension Purposes), Home address|
|FDC Employees & Training Candidate||Full Name, Home Address, Email Address, Contact Details, Date of Birth, Educational History, Employment History, Images (from video/photograph) Voice (from video)|
9. Transfers outside the European Economic Area
We may transfer, store, or process your personal information to countries outside the European Economic Area. Where the laws of such countries do not afford an equivalent level of protection of personal information as the laws of Ireland, we take specific steps in accordance with data protection law to protect your personal information.
We will use one of these safeguards:
- Transfer to a non-EEA country with privacy laws that give the same protection as the
- Put in place a contract (in a form that is approved by the European Commission) with the recipient of the personal information that means they must protect it to the same standards as the
- Transfers to organisations that are part of an EU Framework that sets privacy standards for data sent between countries. These frameworks make sure those standards are similar to what is used within the EEA.
10. How we use automated processing
We may analyse your personal information by automated means for the purposes of market research, analysing our customer database and for our marketing activities. You have the right to object to this at any time by emailing email@example.com
11. Marketing communications
If you are an existing customer or prospective business contact, we may use your name, address, email address, postal address and/or telephone number for marketing communications. We will ensure that a legitimate interest assessment has been conducted and that there is an appropriate balance between our interests and your rights and freedoms.
If you are prospective consumer contact of FDC we will only send you marketing communications where you have provided your consent.
Customers can opt-out of receiving direct marketing communications from us by following the unsubscribe or opt-out link in the relevant marketing message or by contacting firstname.lastname@example.org
We will not provide any personal information to third parties or partners for direct marketing purposes unless the users have consented to FDC giving their Personal Data to third parties or partners for that purpose.
If a user unsubscribes or opts-out from receiving communications from third parties or partners, we will no longer share user’s contact details with our partners or third parties. However, users will still need to directly opt-out from communications from the partners to whom we have already given their information.
We use third party service providers to help deliver its marketing communications. Those third-party data processors are subject to contractual and legal restrictions in relation to any unauthorised use of your information.
12. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with access to Financial Services Product). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
13. Information Security
In accordance with applicable laws, FDC ensures that all Personal Data controlled by FDC is held securely using appropriate security measures including the following:
- Physical measures such as locked filing cabinets and offices containing Personal Data;
- IT security systems;
- Restricted access to Personal Data subject to approvals;
- Time limits on retention of personal data;
- Provision of targeted data protection training to employees, contractors and other staff who have access to and process Personal Data;
- Password restrictions on access to Personal Data; and Technical measures including:
- Encryption on FDC laptops/portable devices; and
- Logging mechanisms to record certain access to Personal Data and alteration and other processing of Personal Data.
- Secure email services using state of the art encryption technology.
In the event of a personal data breach, we will comply with applicable reporting and notification obligations under data protection law. FDC has in place a Breach Notification Policy and Security Policy.
14. Your Rights
In certain circumstances, you have the following rights under data protection law in relation to your personal data:
A right to access Personal Data held by FDC.
- Any individual has a right to make an access request, in writing, under data protection law for a copy of their Personal Data held by FDC. We may ask for further identification details to confirm your identity before the relevant information is provided.
- It should be noted that there may be specific exemptions relating to accessing Personal Data. If we utilise any of the exemptions, we will provide you with details and our justification for their use.
- Where FDC acts in the capacity of a Processor, we will notify you of same and will also notify the Controller of your request.
Other data protection rights
- Rectification of inaccurate personal data;
- Erasure of personal data (also known as the “right to be forgotten”);
- Restriction of processing of persona data;
- Right to data portability;
- Right to object to processing of personal data.
However, under data protection law, these rights are available only in certain circumstances. If you wish to exercise any of your data protection rights, please contact email@example.com or by us using the contact details below. We will endeavor to respond to your request within a month. If we are unable to deal with your request within a month, we may extend this period by a further period of two months and we will explain why. Please provide as much detail as possible to enable us to respond to your request and to locate relevant personal data about you.
By Post: Jessica Perrott, FDC House, Wellington Road, Cork, Ireland
By Email: firstname.lastname@example.org
By Phone: + 353 (0) 21 4509022
You also have the right to lodge a complaint to the Office of the Data Protection Commission. For further information please see www.dataprotection.ie
This policy [“version 4”] was updated and deemed effective on the 2nd of September 2021. We will update this data protection statement from time to time. Any updates will be made available on our website at https://www.fdc.ie/privacy-policy/ and, we would ask that you check regularly.
Payment Card Services
FDC is a PCI compliant organisation and information from debt and credit card transactions are transmitted from our servers for processing to our payment processors using encryption technologies to verify the credit/debit card and to process the payment. Credit and debit card details are not stored by FDC, for further information on our payment processors and how they process your data please follow the below links;
AIB Merchant Services Privacy Statement https://www.aibms.com/privacy/
Realex Payments Privacy Statement https://www.globalpaymentsinc.com/en-gb/privacy-statement