Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

CMCC Financial Solutions is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.

It is the intention of this privacy statement to explain to you the information practices of CMCC Financial Solutions in relation to the information we collect about you. We want you to have a clear understanding of:

1. Who we are.
2. The data we collect about you.
3. When and how we collect data about you.
4. How we use your data.
5. Who we share your data with.
6. How long we hold your information.
7. The impact of not providing data.
8. The Legal Basis for processing your data.
9. Your information rights.
10. How to contact us & exercise your rights
11. Changes to this statement.

1. Who we are

CMCC Financial Solutions is a private limited company, authorised by the Central Bank of Ireland as an Insurance, Investment and Mortgage Intermediary. We are authorised to provide the following products and services:

• Life & Illness Cover
• Income Protection
• Health Insurance
• Pensions
• Savings & Investments
• Mortgages

CMCC Financial Solutions is a data controller in respect of personal information that we process in connection with our business. References to “we” “us” and “our” are references to CMCC Financial Solutions.

Our principle address is; CMCC Financial Solutions, Suite 30, The Mall, Beacon Court, Sandyford, Dublin 18.

Our Data protection representatives can be contacted as follows:
Email: dataprotection@cmcc.ie
Phone: 01 6532260

2. The data we collect about you

2.1 Personal Information
We collect and process various categories of personal information at the start of and for the duration of your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal information may include:

1. basic personal information, including name and address, date of birth and contact details;
2. your Personal Public Service Number (PPSN) where required by law;
3. financial information, including account and transactional information and history;
4. information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
5. information about your financial circumstances, including personal wealth, assets and liabilities, investment experience, proof of income and expenditure, credit and borrowing history and needs and goals;
6. education and employment information;
7. goods and services provided; and
8. visual images (such as copies of passports/driving licences)

2.2 Information you provide to us about others or information provided by others about you.
If you give us information about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Data Privacy Statement.

Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Data Privacy Statement. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Privacy Statement.

2.3 Special category data
We may hold information about you which includes special categories of personal data (such as health, racial, ethnic origin, details of criminal convictions). In these cases we will ensure that we will obtain your explicit consent. We will only hold this data when we need it for the purposes of the product or services we provide to you or where we have a legal obligation to do so.

Examples of when we use this type of data include:

• Medical information - where you apply for life insurance, income protection or mortgage protection products.
• Information about Criminal convictions - we may process this information in the context of compliance with our anti-money laundering obligations.

2.4 Information which you have consented to be used by us
Your agreement to allow us contact you through certain channels to offer you relevant products and services. For Example, information provided via our website contact form.

2.5 Other personal information
Information in relation to data access, correction, restriction, deletion, porting requests and complaints.

2.6 Sometimes we may collect and use your information even though you are not a customer of ours
For example, you may be a beneficiary, director or representative of one of our customers, or you may be in the process of obtaining quotes or making an application for a product or service.

3. When and how we collect data about you

As you use our services, request quotations, apply for products, make enquiries and contact us, information is gathered about you. We may also collect information about you from other people and other parties, for example, when you are named in a joint application.

When we collect information about you:

• When you ask us to provide you with quotations, products and services. For example, protection or insurance products will require us to collect relevant health information from you.
• When you or others give us information verbally or in writing. This information may be on application forms, in records of your e-mails, letters & transactions with us, records of telephone conversations or if you make a complaint.
• When you use our website and visit our office.

If you apply for or hold a financial product in joint names, you should only give personal information about someone else (for example, a joint applicant) with their permission.

4. How we use your data

We will collect, store and use the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.

4.1 In order to provide products and services to you we use your information to:

• Confirm your identity
• Provide quotations
• Establish your eligibility for products and services.
• Manage and administer your policies, benefits or other products and services that we may provide you with.
• Process your applications.
• Contact you by post, phone, text message, email, or other means, but not in a way contrary to your instructions to us or contrary to law.
• Monitor and log our conversations when we speak on the telephone (for example, to check your instructions to us).
• Manage and respond to a complaint or appeal.
• Provide service information, to improve our service quality and for training purposes.
• Conduct marketing activities for example, running competitions and direct marketing (provided that you have not objected to us using your details in this way), and research, including customer surveys.

4.2 To comply with our legal and regulatory obligations

We need to use your information to comply with legal and regulatory obligations including:

• Complying with your information rights.
• Providing you with statutory and regulatory information and statements.
• Establishing your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing.
• Preparing returns to regulators.
• Complying with binding requests from regulatory bodies, including the Central Bank of Ireland.
• For other reasons where a statutory requirement exists we do so, including use of your Personal Public Service (PPS) number.
• Complying with court orders arising in civil or criminal proceedings.
• Performing a task carried out in the public interest

4.3 Where you have given us permission (which you may withdraw at any time) we may:

• Send electronic messages to you about product and service offers.
• Use cookies in accordance with our Cookie Policy.
• Use special categories of data.

When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent.

5. Who we share your data with

We may pass your personal data on to third-party service providers contracted to CMCC Financial Solutions in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with CMCC Financial Solutions procedures.

If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.

We only share your data with a select number of individuals and companies, and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:

Your authorised representatives: These include your attorney (under a Power of Attorney) and any other party authorised by you to receive your personal data.

Third parties we need to share your information with in order to facilitate the setting up of a contract of insurance, an investment policy, pension plan etc. and those you ask us to share your information with.

Joint Applicants – If you hold a joint policy, this may mean that your personal data will be shared with the other applicant. For example, transactions made by you will be seen by your joint policy holder, and you will see their transactions.

Companies that provide support services

• Our service providers include life, pension & investment companies, IT service providers, data processors, computer maintenance contractors, printing companies, document storage and destruction companies, archiving services suppliers & legal advisors.
• We may also share information with the following third parties to help us manage our business for our legitimate interests:
• Professional bodies.
• Pension fund administrators and pensions trustees.
• Authorised persons making an enquiry or complaint.

Statutory and regulatory bodies (including central and local government) and law enforcement authorities.

• These include the courts and those appointed by the courts, government departments, statutory and regulatory bodies, the Central Bank of Ireland, the European Central Bank, the Data Protection Commission, Financial Services Ombudsman, An Garda Síochána/police authorities/enforcement agencies, Revenue Commissioners & Criminal Assets Bureau.

6. How long we hold your data?

Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. CMCC Financial Solutions will process personal data in accordance with our retention schedule. This retention schedule has been governed by the Central Bank of Ireland and our internal governance.

As a general rule, we keep your information for a specified period after you cease to be a customer of CMCC Financial Solutions in line with our data retention policy. In most cases this period is 6 years.

7. The impact of not providing data.

We need your information in order to:

• Put in place products and services for you.
• Manage our business for our legitimate interests.
• Comply with our legal and regulatory obligations.

Of course, you can choose not to share information, but doing so may limit the services we are able to provide to you. Not providing information may mean we are not be able to assess your suitability for a product or service, or, where relevant, provide you with a recommendation to proceed with a financial product or service.

8. The Legal Basis for processing your data.

We will use your data and share that data where:

• Its use is necessary in relation to the provision of a service or a contract that you have entered into.
• Its use is necessary because of a legal obligation that applies to us (except an obligation imposed by a contract).
• You have consented or explicitly consented to the using of your data (including special categories of data) in a specific way.
• Its use is necessary to protect your “vital interests”. In exceptional circumstances we may use and/or disclose information (including special categories of data) we hold about you to identify, locate or protect you, for example, if it comes to our attention that you are in imminent physical danger and this information is requested by An Garda Síochána or your relative.
• Where you have made special categories of data about yourself public.
• Where the processing of special categories of data is necessary for the establishment, exercise or defence of legal claims.
• Where authorised by law or regulation, we may undertake processing of special categories of data for a substantial public interest.
• Where the processing of criminal conviction data is authorised by EU or Irish law.

In any event, CMCC Financial Solutions are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

9. Your information rights

CMCC Financial Solutions facilitate your rights in line with our data protection policy and the subject access request procedure. This is available on request.

At any point while we are in possession of or processing your personal data, you, the data subject, have the right to:

• Request a copy of any “personal data” that we hold in relation to you.
• Request that inaccurate information is corrected and incomplete information updated.
• Object to use of your personal data for direct marketing purposes.
• Have your data deleted or its use restricted – under certain circumstances. For example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it.
• Obtain a transferable copy of certain data to which can be transferred to another provider, known as “data portability”.
• Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.
• Object to automated processing, including profiling; you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that CMCC Financial Solutions refuses your request under rights of access, we will provide you with a reason as to why.

We are obliged to respond without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why as soon as possible. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

You have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:

Website: https://www.dataprotection.ie/docs/Contact-us/b/11.html
Telephone: +353 (0)76 1104800 or Lo Call Number 1890 252 231
Fax: +353 (0)57 8684757
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.

10. Changes to this Statement

This Privacy Statement is valid from 25th May 2018. CMCC Financial Solutions may change this privacy statement from time to time. When such a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this privacy policy periodically so you’re aware of any changes. By using our services you agree to this privacy policy.

11. Additional Processing

If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data.

12. Contact Us

Your privacy is important to us. If you have any questions about how your personal data is collected, stored, shared or used, or if you wish to exercise any of your data rights, please contact us as follows:

Telephone: 01 6532260
E-mail: dataprotection@cmcc.ie
Post: Suite 30 The Mall, Beacon Court, Sandyford, Dublin 18

‍