GRENKE is committed to full compliance with the requirements of the EU General Data Protection Regulation. GRENKE will therefore follow procedures to ensure that all employees, partners or other servants or agents of GRENKE (collectively known as data users) who have access to any personal data held by on behalf of GRENKE, are fully aware of and abide by their duties under the General Data Protection Regulation.
GRENKE regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between GRENKE and those with whom it carries out business. We therefore collected and process data for the following lawful basis;
a. To fulfil contractual obligations
Data is processed in order to provide financial services contracts to our customers or in order to take measures at the request of you prior entering into a contract. The purpose of the data processing will be geared in the first instance to the product itself (e.g. leasing and factoring) and may encompass assessment, consultation and the execution of transactions. For further details of the purposes for which data is processed, please refer to the relevant contract documents and terms and conditions.
b. As part of balancing interests
If necessary, we will not only process your data for the actual fulfilment of the contract, but also to protect our own legitimate interests and those of third parties, especially:
For the purposes of checking any credit or default risks, and to defend ourselves against any criminal acts, we provide Experian (Registered Office at Newenham House, Malahide Road, Northern Cross, Dublin 17) with data concerning the request and the applicant. Experian will make the data saved about you available to us through direct electronic mail provided that we have given convincing evidence that our interest in this is legitimate.
The credit agency will process the data received and use this to create a profile (scoring), in order to provide their contractual partners in the European Economic Area and in Switzerland and, where necessary, other third-party countries (provided there is an adequacy decision from the European Commission for this) with information so they can assess the creditworthiness of natural persons, among others. For detailed information as described in Article 14 GDPR regarding activities undertaken by the credit agency, please refer to the information provided about the respective agency using the following link:
For Experian, please visit www.experian.ie
c. Based on your consent
If you have given us your consent to process personal data for certain purposes (e.g. marketing), it will be lawful to do this processing based on the consent you have given. Consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent received before GDPR came into force. Withdrawal of the consent does not affect the legality of the data processed up until the withdrawal.
d. Based on statutory provisions or public interest
If we are required to meet various legal requirements (e.g. in respect of financial services law, anti-money laundering or tax) and banking supervisory regulations (e.g. the European Central Bank, the European Banking Authority or the Central Bank of Ireland).
We collect personal data that we receive from individuals through our business relationship. These individuals may include current, past and prospective customers as well as suppliers and our GRENKE employees. We also – if required to provide our service – collect the personal data that we are permitted to obtain from publicly accessible sources (e.g. lists of debtors, land register, the register of companies and associations, the press, the Internet) or data sent to us from our sales partners or other third parties (e.g. a commercial credit agency) with good authorised cause.
GRENKE will, through management and the use of appropriate controls, monitoring and review; (i) collect personal data in the most efficient and effective way to deliver services, (ii) collect personal data for such purposes as are described as our lawful basis and (iii) ensure the information collected is accurate.
The personal data of relevance is as follows:
Individuals must provide us with the personal data necessary for us to enter into and maintain a business relationship and to fulfil the requisite contractual obligations associated with this, or when the law requires us to collect it. Without this data, we will usually not be able to enter into a contract.
More specifically, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 requires us to verify an ID document before we enter into a business relationship, and to find out and record an individual's name, place and date of birth and address when doing so. Individuals have to notify us immediately of any changes occurring during our business relationship.
GRENKE will need to process and use information about individuals with whom it is in a business relationship in order to operate and carry out its business function. Reasons for processing data includes to check the creditworthiness, to confirm identity and age, to prevent fraud and money laundering, to fulfil requirements set by tax law, and to assess and manage risks. In addition:
a. Automated decision-making
To establish and maintain the business relationship, we do not use fully automated decision-making. If we use this procedure in individual cases, we will provide separate information about this, if required by law.
We automate the processing of data in some cases with the purpose of evaluating certain aspects of personality (profiling). We use profiling in the following cases (for example):
Unless indicated otherwise, we only process your data on our website in order to process your request or because of legitimate interests we have:
a. Usage data
Anytime you access a page or a file, generic data is saved automatically in a log file via this procedure. The data is saved for system-related and statistical purposes only, or as an indicator of criminal acts in certain exceptional cases.
We use this data to improve our websites and to present you with content reflecting your interests. No usage data is combined with personal data as part of this process. If you decide to send us your data, this data will be recorded during the input process.
For security reasons, we will save your IP address. This can be retrieved if there is a legitimate interest for this.
We do not create a browser history. Data is not forwarded to third parties or otherwise evaluated unless there is a legal obligation to do so.
The following data set is stored from every processing request:
b. Contact us/requests
If you contact us, using contact forms, we will save your data for the purposes of processing your request and for when further correspondence is necessary. All data is deleted after your request has been processed. This does not include data for which there is a legal requirement to keep the data.
We only use the data given to us during registration to gain access to our portal. An email address, username and password is collected during the registration process.
Cookies do not make it possible to access other files on your computer, or discover your email address.
Most browsers have settings that mean they accept cookies automatically. If the standard settings are saved for cookies in your browser, all processes will run unnoticed for you in the background. You can change these settings, however. You can adjust your browser so that you are informed when cookies are set and can make individual decisions about accepting them, or generally rule out cookies in certain cases. If you restrict cookies, some individual features of our website may be restricted too.
e. Range analysis using Piwik
We have a legitimate interest (i.e. an interest in the analysis, optimisation and cost-effective operation of our website) in the use of Piwik, open-source software designed to statistically evaluate user access.
We share your personal data with third parties who provide services to GRENKE so we can effectively operate and manage our business. These companies fall into the categories of credit-lending services, debt collection and enforcement services, IT services, logistics, printing services, telecommunications, advice and consultation, plus sales and marketing.
We also share your information with marketing and referral partners who promote products on our behalf, including GC Factoring Ireland Limited T/A Grenke Invoice Finance.
We also share information if statutory provisions demand this, we can prove there would be a legitimate interest or we have consent for this or are specifically authorised. Potential recipients of personal data under these conditions include:
Public bodies and institutions (e.g. Financial Supervisory Authority, the European Banking Authority, the European Central Bank, tax authorities) if there is a statutory or official obligation to do so
Other credit and financial service providers or similar institutions to whom we send personal data in order to maintain the business relationship with you (e.g. correspondent banks, credit agencies)
Other companies within our Group conducting a risk controlling process because of a statutory or official requirement to do so
Other companies within our Group from which information can be provided that are suitable to the company's interests and are confirmed as a legitimate interests
Data will be sent to locations in states outside of the European Union (third countries) if:
GRENKE will take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data). We will process and store personal data until the later of (i) the date on which you cease to be our client; or (ii) when our respective contractual and legal obligations to each other are fulfilled; or (iii) the end of the period for which we are legally obliged to retain the personal data.
If the data is no longer required to fulfil contractual or legal obligations, it will be deleted periodically unless temporary further processing is required for the following purposes:
Fulfilment of a duty to preserve the data under commercial and tax laws
Retaining evidence in accordance with the statutory periods of limitation that apply
GRENKE are responsible for data processing and safeguarding. We have appointed a Data Protection Officer, who can be contacted via post at
Grenke Limited, FAO the Data Protection Officer, Q House 306, Furze Road, Sandyford Business District, Dublin D18 CP83.
Any breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data will be reported within 72 hours of its discovery to the Data Protection Officer who will ensure a full investigation takes place and notify those involved, where the breach is likely to result in a high risk to the rights and freedoms of the individual involved.
PERSONAL DATA RIGHTS
Each individual we deal with has a right
Each individual also has a right to complain to the
Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois, Ireland
You may withdraw your consent to your personal data being processed by us at any time. This also applies to the withdrawal of declarations of consent received before GDPR comes into force. Please note that this withdrawal will apply going forward. It will not apply to any data processed before the withdrawal.
You have the right, at any time, to opt out of any processing of your personal data for example relating to your own particular situation.
If you unsubscribe, we will not process your personal data anymore, unless we are able to prove that there are legitimate compelling reasons for the processing that prevail over your interests, rights and freedoms, or the purpose of the processing is to assert, exercise or defend legal claims.
In individual cases, we will process your personal data for direct marketing and profiling connected to marketing purposes. You have the right to opt out at any time, after which we will no longer process your personal data for these purposes.
The unsubscribe option will be available to you on every communication or you can contact firstname.lastname@example.org directly.
To make a data request, individuals must contact GRENKE at:
FAO the Data Protection Officer
Q House 306, Furze Road,
Sandyford Business District, Dublin D18 CP83
Tel.: +353 1 292 3400
Information will be provided as soon as possible (1 month at the latest). This may be extended if the request is complex or numerous, in which GRENKE will notify the individual of this extension.
GRENKE will provide a description of the personal data, the purpose for which it is processed, recipients, the retention period and rights of rectification, erasure, restrictions and objections, plus the source of the data.
Any rectifications will be carried out without undue delay and investigations will be taken into how the error occurred.