Data Protection Privacy Notice

Last updated: 5 October 2020

This data protection notice provides information about the ways in which the Central Bank collects and uses personal data. For the purposes of data protection legislation, the data controller of your personal data is the Central Bank of Ireland, New Wapping Street, North Wall Quay, Dublin 1.

This notice applies to all personal data collected by the Central Bank in connection with the performance of its statutory functions and related purposes as outlined below. The Central Bank can receive the personal information directly from individuals or indirectly from another party (such as a regulated financial service provider). Supplementary data protection notices, which should be read in conjunction with this one, are included on:

These notices provide information relating to the processing of personal data by the Central Credit Register and the use of personal data provided to the Central Bank in connection with the purchase of collector coins and the deposit guarantee scheme respectively.

Collection and use of Personal Data to Perform Statutory Functions

As a central bank and financial services regulator, the Central Bank processes personal data to perform its functions under the EU Treaties, the ESCB Statute, the Central Bank Acts 1942 to 2015 and other provisions of financial services legislation. These functions include:

  • Monetary policy and financial stability-related functions
  • Collection of information for analysis or statistical purposes
  • Resolution of regulated financial service providers
  • Operation of deposit guarantee schemes or other compensation or customer protection schemes
  • Protection of the best interests of consumers of financial services and regulation of financial service providers and markets
  • Operation of the Central Credit Register.

The types of personal data processed by the Central Bank in order to perform its statutory functions are described in further detail below.

Transfer of Personal Data

The Central Bank may transfer personal data to:

  • Third parties, where required or permitted by law to do so
    Third parties may include our service providers and statutory bodies, including An Garda Síochána, the Director of Corporate Enforcement, the Revenue Commissioners, the Competition and Consumer Protection Commission and the Data Protection Commissioner.
  • The ECB in the context of the Single Supervisory Mechanism (SSM) or for the performance of ESCB-related tasks.
  • Supervisory authorities in other EEA Member States for the purpose of performance of their functions.
  • Supervisory authorities in countries outside of the EEA where permissible under data protection legislation. This includes personal data on individuals obtained by the Central Bank as part of Fitness and Probity applications, authorisation process and personal data on individuals directly or indirectly connected to an enforcement investigation by supervisory authorities in countries outside of the EEA.

Depending on the country and authority, these transfers may be made under (a) an adequacy decision, i.e. where the European Commission had decided that the country or organisation ensures an adequate level of data protection, (b) an Administrative Arrangement such as the IOSCO Administrative Arrangement which has been agreed with the European Data Protection Board and the Data Protection Commission or (c) the Public Interest Derogation under Article 49 of the GDPR.

The Central Bank requires all third parties to respect the security and confidentiality of personal data disclosed to them. Third-party service providers may only process such personal data for specified purposes and in accordance with the Central Bank's instructions.

Your Rights

If your personal data is processed by the Central Bank, you have certain rights in relation to that data, which are outlined in summary form below. The Central Bank may require further information from you before we can respond to your request.

You may exercise your rights by contacting our Data Protection Officer.

E-mail: dataprotection@centralbank.ie

Restrictions of your Data Protection Rights

We, along with all data controllers, are entitled to rely on certain exemptions which may have an impact on any rights request that you may make to us. These general exemptions are set out in the GDPR and the Data Protection Act 2018. However, as a regulator which performs functions in the public interest, we also entitled to a Central Bank specific exemption which may further have an impact on any rights request that you may make to us, per S.I. No. 537/2019 - Data Protection Act 2018 (Section 60(6)) (Central Bank of Ireland) Regulations 2019. For example (this is not an exhaustive list), we can withhold data, where necessary and proportionate, to the extent that its release would cause prejudice to the:

  • The prevention, detection or investigation of breaches of, or enforcement of, financial services laws
  • A process, procedure, investigation, inquiry, assessment, application or settlement being undertaken by the Bank
  • Regulation of financial service providers

If this is the case, we will clearly explain what the exemption is, why it applies and what impact it may have on your rights request. Also, if we are processing personal data for a law enforcement purpose, we may withhold information from you if we believe that doing so is necessary to avoid prejudicing the detection and investigation of criminal offences.

Queries

Should you have any queries on any aspects of this data protection privacy notice, you may contact our Data Protection Officer via dataprotection@centralbank.ie. This notice may be updated from time to time.