DATA PROTECTION NOTICE

 

GRENKE is committed to full compliance with the requirements of the EU General Data Protection Regulation. GRENKE will therefore follow procedures to ensure that all employees, partners or other servants or agents of GRENKE (collectively known as data users) who have access to any personal data held by on behalf of GRENKE, are fully aware of and abide by their duties under the General Data Protection Regulation.

 

1. OUR LAWFUL BASIS 

GRENKE regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between GRENKE and those with whom it carries out business. We therefore collected and process data for the following lawful basis;

 

a. To fulfil contractual obligations 

Data is processed in order to provide financial services contracts to our customers or in order to take measures at the request of you prior entering into a contract. The purpose of the data processing will be geared in the first instance to the product itself (e.g. leasing and factoring) and may encompass assessment, consultation and the execution of transactions. For further details of the purposes for which data is processed, please refer to the relevant contract documents and terms and conditions. 

 

b. As part of balancing interests 

If necessary, we will not only process your data for the actual fulfilment of the contract, but also to protect our own legitimate interests and those of third parties, especially:

 

  • Consultation and data sharing to determine credit and default risks 

 

For the purposes of checking any credit or default risks, and to defend ourselves against any criminal acts, we provide Experian (Registered Office at Newenham House, Malahide Road, Northern Cross, Dublin 17) with data concerning the request and the applicant. Experian will make the data saved about you available to us through direct electronic mail provided that we have given convincing evidence that our interest in this is legitimate.

The credit agency will process the data received and use this to create a profile (scoring), in order to provide their contractual partners in the European Economic Area and in Switzerland and, where necessary, other third-party countries (provided there is an adequacy decision from the European Commission for this) with information so they can assess the creditworthiness of natural persons, among others. For detailed information as described in Article 14 GDPR regarding activities undertaken by the credit agency, please refer to the information provided about the respective agency using the following link:

For Experian, please visit www.experian.ie  

 

  • Checking business needs for the purposes of direct sales approaches and marketing opportunities
  • Assertion of legal claims and defence during legal disputes
  • Guaranteeing IT security and safeguarding IT operations at our company
  • Prevention and clarification of criminal acts
  • Business management measures and measures to develop products and services

 

c. Based on your consent 

If you have given us your consent to process personal data for certain purposes (e.g. marketing), it will be lawful to do this processing based on the consent you have given. Consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent received before GDPR came into force. Withdrawal of the consent does not affect the legality of the data processed up until the withdrawal.

 

d. Based on statutory provisions or public interest 

If we are required to meet various legal requirements (e.g. in respect of financial services law, anti-money laundering or tax) and banking supervisory regulations (e.g. the European Central Bank, the European Banking Authority or the Central Bank of Ireland).

 

2. DATA COLLECTION

We collect personal data that we receive from individuals through our business relationship. These individuals may include current, past and prospective customers as well as suppliers and our GRENKE employees. We also – if required to provide our service – collect the personal data that we are permitted to obtain from publicly accessible sources (e.g. lists of debtors, land register, the register of companies and associations, the press, the Internet) or data sent to us from our sales partners or other third parties (e.g. a commercial credit agency) with good authorised cause.

 

GRENKE will, through management and the use of appropriate controls, monitoring and review; (i) collect personal data in the most efficient and effective way to deliver services, (ii) collect personal data for such purposes as are described as our lawful basis and (iii) ensure the information collected is accurate.

The personal data of relevance is as follows: 

 

  • Personal details (name, address, date and place of birth)
  • Contact details (telephone number, email address)
  • Authentication data (e.g. specimen signature)
  • Order details (e.g. payment order)
  • Data collected to fulfil our contractual obligations (e.g. sales data from payment transactions)
  • Information about their financial situation (e.g. credit information, scoring/rating data, origin of assets)
  • Sales data (including advertising scores), documentation data (e.g. minutes of consultation)
  • Factoring (not leasing) requires the name and address of the bank, account number and sort code into which payments can be made on receivables.

 

Individuals must provide us with the personal data necessary for us to enter into and maintain a business relationship and to fulfil the requisite contractual obligations associated with this, or when the law requires us to collect it. Without this data, we will usually not be able to enter into a contract.

More specifically, the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 requires us to verify an ID document before we enter into a business relationship, and to find out and record an individual's name, place and date of birth and address when doing so. Individuals have to notify us immediately of any changes occurring during our business relationship. 

 

3. DATA PROCESSING 

GRENKE will need to process and use information about individuals with whom it is in a business relationship in order to operate and carry out its business function. Reasons for processing data includes to check the creditworthiness, to confirm identity and age, to prevent fraud and money laundering, to fulfil requirements set by tax law, and to assess and manage risks. In addition:

 

a. Automated decision-making

To establish and maintain the business relationship, we do not use fully automated decision-making. If we use this procedure in individual cases, we will provide separate information about this, if required by law.

 

b. Profiling 

We automate the processing of data in some cases with the purpose of evaluating certain aspects of personality (profiling). We use profiling in the following cases (for example):

 

  • Due to legal and regulatory requirements, we are duty-bound to fight money laundering, the funding of terrorism and criminal acts putting our assets at risk. Data evaluation (including during payment transactions) is also carried out. These measures have also been put in place to protect you. 
  • We use scoring when we are assessing your creditworthiness. This process calculates the probability of a customer meeting their payment obligations in accordance with the contract. This calculation will consider financial measures (such as revenues, fixed and variable costs, and short and long-term liabilities), experience from previous business relationships, repayment of previous loans, as well as information from credit agencies. Scoring is based on an accredited mathematical statistical procedure that has been tried and tested. The score values calculated help us to make decisions on product sales and are factored into routine risk-management procedures. 
  • We use evaluation tools to provide you with targeted information and advice about products. These make it possible to communicate in a way that meets your needs. 

 

4. DATA PROCESSING ON WEBSITE

Unless indicated otherwise, we only process your data on our website in order to process your request or because of legitimate interests we have:

 

a. Usage data

Anytime you access a page or a file, generic data is saved automatically in a log file via this procedure. The data is saved for system-related and statistical purposes only, or as an indicator of criminal acts in certain exceptional cases.

We use this data to improve our websites and to present you with content reflecting your interests. No usage data is combined with personal data as part of this process. If you decide to send us your data, this data will be recorded during the input process.

For security reasons, we will save your IP address. This can be retrieved if there is a legitimate interest for this.

We do not create a browser history. Data is not forwarded to third parties or otherwise evaluated unless there is a legal obligation to do so.

The following data set is stored from every processing request:

 

  • The end device used
  • The name of the file accessed
  • The date and time of the request
  • The time zone
  • The amount of data transmitted
  • Notification of whether the request was successful
  • Description of the type of web browser used
  • The operating system used
  • The page visited before
  • The provider
  • The user's IP address

 

b. Contact us/requests

If you contact us, using contact forms, we will save your data for the purposes of processing your request and for when further correspondence is necessary. All data is deleted after your request has been processed. This does not include data for which there is a legal requirement to keep the data.

 

c. Registration

We only use the data given to us during registration to gain access to our portal. An email address, username and password is collected during the registration process.

 

d. Use of cookies

To make visiting our websites an appealing experience and to make it possible to use certain features, we use cookies on different pages. Cookies are small text files that are stored on your end device. Some of the cookies that we use are deleted again at the end of the browser session, i.e. after you close your browser (session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser again the next time you visit (persistent cookies).

Cookies do not make it possible to access other files on your computer, or discover your email address.

Most browsers have settings that mean they accept cookies automatically. If the standard settings are saved for cookies in your browser, all processes will run unnoticed for you in the background. You can change these settings, however. You can adjust your browser so that you are informed when cookies are set and can make individual decisions about accepting them, or generally rule out cookies in certain cases. If you restrict cookies, some individual features of our website may be restricted too.

 

e. Range analysis using Piwik

We have a legitimate interest (i.e. an interest in the analysis, optimisation and cost-effective operation of our website) in the use of Piwik, open-source software designed to statistically evaluate user access. 

Your IP address is shortened before it is saved. Piwik uses cookies that are saved on the users' computers and makes it possible to analyse the use of the online service by the users. Pseudonymous user profiles may be created for the users during this. The information generated by the cookie about your use of this online service is stored on our server and not forwarded to third parties. You will be provided with the opportunity to opt out of this process.

 

5. DATA SHARING

We share your personal data with third parties who provide services to GRENKE so we can effectively operate and manage our business. These companies fall into the categories of credit-lending services, debt collection and enforcement services, IT services, logistics, printing services, telecommunications, advice and consultation, plus sales and marketing.

We also share your information with marketing and referral partners who promote products on our behalf, including GC Factoring Ireland Limited T/A Grenke Invoice Finance.

We also share information if statutory provisions demand this, we can prove there would be a legitimate interest or we have consent for this or are specifically authorised. Potential recipients of personal data under these conditions include:

 

  • Public bodies and institutions (e.g. Financial Supervisory Authority, the European Banking Authority, the European Central Bank, tax authorities) if there is a statutory or official obligation to do so

  • Other credit and financial service providers or similar institutions to whom we send personal data in order to maintain the business relationship with you (e.g. correspondent banks, credit agencies)

  • Other companies within our Group conducting a risk controlling process because of a statutory or official requirement to do so

  • Other companies within our Group from which information can be provided that are suitable to the company's interests and are confirmed as a legitimate interests

 

6. INTERNATIONAL DATA SHARING

Data will be sent to locations in states outside of the European Union (third countries) if:

 

  • it is necessary for carrying out your orders (e.g. payment orders),
  • you have given us your explicit consent to do so or
  • the conditions of the GDPR are complied with in respect of the transfer of data.

 

7. DATA SAFEGUARDING

GRENKE will take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data). We will process and store personal data until the later of (i) the date on which you cease to be our client; or (ii) when our respective contractual and legal obligations to each other are fulfilled; or (iii) the end of the period for which we are legally obliged to retain the personal data.

If the data is no longer required to fulfil contractual or legal obligations, it will be deleted periodically unless temporary further processing is required for the following purposes:

  • Fulfilment of a duty to preserve the data under commercial and tax laws

  • Retaining evidence in accordance with the statutory periods of limitation that apply

 

GRENKE are responsible for data processing and safeguarding. We have appointed a Data Protection Officer, who can be contacted via post at

Grenke Limited, FAO the Data Protection Officer, Q House 306, Furze Road, Sandyford Business District, Dublin D18 CP83.

Any breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data will be reported within 72 hours of its discovery to the Data Protection Officer who will ensure a full investigation takes place and notify those involved, where the breach is likely to result in a high risk to the rights and freedoms of the individual involved.

 

PERSONAL DATA RIGHTS

Each individual we deal with has a right

  • to be informed
  • to access
  • to rectification
  • to erasure
  • to set restrictions of processing
  • to object
  • to data portability
  • and rights in relation to automated decision-making and profiling.

 

Each individual also has a right to complain to the

Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois, Ireland

www.dataprotection.ie

You may withdraw your consent to your personal data being processed by us at any time. This also applies to the withdrawal of declarations of consent received before GDPR comes into force. Please note that this withdrawal will apply going forward. It will not apply to any data processed before the withdrawal.

You have the right, at any time, to opt out of any processing of your personal data for example relating to your own particular situation.

 

If you unsubscribe, we will not process your personal data anymore, unless we are able to prove that there are legitimate compelling reasons for the processing that prevail over your interests, rights and freedoms, or the purpose of the processing is to assert, exercise or defend legal claims.

 

In individual cases, we will process your personal data for direct marketing and profiling connected to marketing purposes. You have the right to opt out at any time, after which we will no longer process your personal data for these purposes.

 

The unsubscribe option will be available to you on every communication or you can contact dataprotection@grenke.ie directly.

 

To make a data request, individuals must contact GRENKE at:

GRENKE Limited

FAO the Data Protection Officer

Q House 306, Furze Road,

Sandyford Business District, Dublin D18 CP83

Tel.: +353 1 292 3400

Email:  dataprotection@grenke.ie

 

Information will be provided as soon as possible (1 month at the latest). This may be extended if the request is complex or numerous, in which GRENKE will notify the individual of this extension.

GRENKE will provide a description of the personal data, the purpose for which it is processed, recipients, the retention period and rights of rectification, erasure, restrictions and objections, plus the source of the data.

Any rectifications will be carried out without undue delay and investigations will be taken into how the error occurred.