We, Collaborative Finance Company Ltd T/A Greenify and our subsidiaries (we, us, our) take your privacy seriously, and we are committed to protecting your personal data. This policy sets out how we, as a data controller, collect and process your personal data.
How we collect, use, store and share your personal data
Your privacy and other related rights under the provisions of the Data Protection Act 2018 and the EU General Data Protection Regulation (EU GDPR) which applies across the European Economic Area (EEA).
How to contact the Data Protection Commissioner in the event that you have a complaint.
Please note that this website includes links to third-party websites and applications. Clicking on those links, or enabling those connections, may allow third parties to collect or share data about you. We have no control over these third-party websites and applications and are not responsible for their privacy statements. You must therefore make sure that you understand how those websites and organisations will use your personal data and not rely on this policy.
Please note that this website is not intended for children, and we do not knowingly collect data relating to children.
Who are we?
Greenify is an initiative of a group of Credit Unions that provides short to medium term loan opportunities for the purpose of home retrofitting.
The Collaborative Finance Company T/A Greenify is incorporated under the laws of the Republic of Ireland, Industrial and Provident Society registration number 633776, whose registered office address is at Galway Financial Services Centre, Moneenageisha Road, Galway, Co. Galway, Ireland, H91V2R6.
Our contact details are as follows:
We are the ‘data controller’ for the information that we collect when you visit our website. That means that we decide how to use information about you (referred to as ‘personal data’) and we are responsible for looking after your personal data in accordance with data protection legislation. We will explain below how we collect and use your personal data, and what we mean by the term ‘personal data’. Please note that when we refer to ‘processing’ your personal data, what we mean is using your personal data in connection with this website by acquiring it, using it, storing it, communicating it to other people (with your consent or as part of our service to you) or deleting it.
Should you have any complaints or queries about anything relating to the privacy of your personal data, or any other data protection issues, please let us know using the contact details above and we will do our best to deal with them. However, you also have the right to make a complaint at any time to the Data Protection Commissioner (DPC), Irelands supervisory authority for data protection issues. The DPC may be contacted on their helpline number which is 0761104800 / 0578684800 between 10 am and 12 pm and 14.00 pm and 16.00 pm Monday to Friday, or by other contact methods as set out on their website here:
Personal data we collect about you?
The term personal data means any information about an individual from which that individual may be identified. It does not, therefore, include data where the identity has been removed (anonymised data).
We may collect, store and use some or all of the following categories of data about you. When you use our website, we may record:
technical information, including the type of device you use to access our website, the Internet Protocol (IP) address, your login data, the type and version of your browser, your time zone setting and location, browser plug-in types and versions, operating system, platform and mobile network information; and your usage of our website, including the full Uniform Resource Locators (URL), the pages you viewed, the page response times, any download errors, the length of time you were on a particular page, how you interacted with the page (such as scrolling, clicks and mouse-overs), and how you browsed away from the page.
When you contact us or use any of our services:
your name and contact information, including email address and telephone number;
business/company details if you have contacted us on behalf of a business/company;
your gender information, if you choose to give this to us;
your personal or professional interests;
your professional and/or personal online presence (eg LinkedIn or Facebook profile);
information about how you use our website, IT, communication and other systems;
your responses to surveys, competitions and promotions;
Why we process personal data:
This personal data is needed so that we can provide services to you or your business or your company. If you do not provide the personal data asked for, we may be delayed or prevented from providing those services.
Normally we will not seek to obtain personal data from you that is referred to as ‘Special Category’ personal data. Special category personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
How we collect your data:
We will collect most of your personal data directly from you, whether in person, by telephone, text or email and/or via our website. This might be when you:
create an account on our website;
complete an online form;
subscribe to one of our publications/newsletters;
request that information be sent to you;
enter a competition;
take part in a survey;
write to us with information;
send a postal form to us;
telephone, fax or text us;
send information to us using social media; or
provide feedback on services.
However, we may also collect information:
from publicly-accessible sources (for example the internet, LinkedIn or CRO);
directly from a third party where the issue involves someone else (for example referees for a job);
via our systems (for example door entry systems and reception logs, CCTV and access control systems, communications systems, email and instant messaging).
How we use your data
We will only use your personal data when the law allows us to do so, and where we have a legal basis for doing so. Most often, we will use your personal data in the following circumstances:
Where you give us your consent to using your personal data; for example when you correspond with us or request a newsletter (your consent may be withdrawn by you at any time as set out in this policy).
For the performance of our contract with you, or to take steps at your request before entering into a contract.
Where it is necessary for our legitimate interests (or those of a third party); for example, we have a business or commercial reason for using your personal data and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where it is necessary to use your personal data to perform a task carried out in the public interest.
Where it is necessary to use your personal data to protect your life we will rely on vital interests.
Normally, we will only use your data for the purpose for which we collected it, unless we reasonably consider that we need to use it for another related reason, and that related reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
We have set out, in the list below, details of the ways that we may use your personal data, the legal basis we rely on to do so, and what our legitimate interests are, where relevant.
Note that it may be necessary for us to process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Lawful basis/legitimate interest
Register on our website to receive a newsletter
Provide professional services
Performance of a contract
Performance of a contract
If you require more details about this, please contact us.
Sharing your data
We may need to share your data with third parties where they provide services on our behalf (for example IT software and hosting providers and records-storage companies). We require that all our third-party service providers take necessary security measures to protect your personal data. We do not permit your personal data to be used by those third parties for their own purposes, and they may only process your data for specified purposes, and in accordance with our instructions.
Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are not permitted to use the data for any other purpose.
Consent and Right to Withdraw Consent
If you have given your consent to being sent information or marketing materials you may at any time ask us to stop sending these to you simply by contacting us; or by adjusting your website preferences; or by following the opt-out links on any communication or marketing message sent to you.
Storing your data and International Transfers
Personal data is securely stored by our cloud service provider. Special rules will apply to the protection of your data if it is stored outside the EEA. Special rules will also apply where, for example, we need to contact third parties on your behalf who have offices outside the EEA, where electronic services and resources are based outside the EEA, or where there is an international element to your matter.
We will keep your personal data only for as long as is necessary. In working out how long we need to keep your personal data we take into account the amount, nature and sensitivity of the personal data, the potential for harm to arise from its unauthorised use or disclosure, the purposes for which we process it, and as to whether those purposes may be achieved by other means, and the applicable legal requirements. Since retention periods will differ for different types of personal data please contact us for further details.
In order to ensure that your personal data is kept secure, and to prevent there being any breach of confidentiality or unauthorised use, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.
Data Security Breach
If there is a suspected data security breach you will be notified. Where relevant we will also inform the Data Protection Commissioner of a suspected data security breach where we are legally required to do so.
Please bear in mind that the transmission of information via the internet is not completely secure, and whilst we will do our best to protect your personal data, we cannot guarantee the security of data transmitted via our website, or by email, and any such transmission is at your own risk.
Your legal rights
Under the EU GDPR you have certain legal rights which apply in certain circumstances. These include the right to:
Request access to your data: sometimes called a ‘subject access request’; this allows you to receive, from us, confirmation as to whether or not your personal data is being processed, and if so to gain access to that personal data and various other information about it, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights.
Request correction of your data: sometimes called a ‘right to rectification’, this is a right to obtain from us, without undue delay, the putting right of inaccurate personal data concerning you.
Request erasure of your data: sometimes referred to as the ‘right to be forgotten’; this is the right for you to request that, in certain circumstances, we delete data relating to you.
Restrict processing of your data: the right to request that, in certain circumstances, we restrict the processing of your data.
Object to the processing of your data where we are relying on our legitimate interests: this is, a right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing supported by the argument of legitimate interest.
Request the transfer of your data to another party: the right, in certain circumstances, to receive that personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.
A right not to be subject to automated decision making: that is to say, a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.
In some circumstances we may not be able to do what you have asked; for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.
You may obtain further information on your rights from the website of the Data Protection Commissioner www.dataprotection.ie