Data Protection

Central Credit Register – Data Protection Privacy Notice

This privacy statement provides information about the ways in which the Central Credit Register processes personal data supplied to it by lenders in connection with loan applications and loan agreements for €500 or more.

For the purposes of data protection legislation, the data controller for personal data provided to the Central Credit Register is the Central Bank of Ireland, New Wapping Street, North Wall Quay, Dublin 1. All information contained on the Central Credit Register is stored within the European Union.

The Central Credit Register has been established by the Central Bank of Ireland, under the Credit Reporting Act 2013 (the Act). The Central Credit Register is a mandatory database of credit information. The Central Bank has contracted with CRIF Ireland Ltd, 1st floor, Adelphi Plaza, Georges Street Upper, Dun Laoghaire, Co Dublin (a wholly owned subsidiary of CRIF S.p.A) to operate the Central Credit Register.

Collection and use of personal data

Under the Act, lenders are obliged to submit credit information and personal information on individual borrowers (see what's included) to the Central Credit Register. Personal information includes:

       (a) name

       (b) date of birth

       (c) gender

       (d) current and previous addresses

       (e) telephone number

       (f) personal public service number (PPSN)

This information is necessary for the purposes of accurately identifying borrowers and matching their loans, including loans that they may have with more than one lender. This information is stored securely on the Central Credit Register and will be released only when a lender or the borrower to whom the information relates requests access; or when the borrower to whom the information relates, consents to the release of this information to another person. The Central Bank may also use any information held on the Central Credit Register in the performance of any of its functions. This information will be used on an anonymised basis only.

Personal data relating to a credit agreement will be held on the Central Credit Register for a period of 5 years. This 5-year period generally runs from the date of final repayment of the loan in question. It is important for the Central Bank to retain information in order to provide an accurate credit profile of a borrower. This information will be contained in a credit report.

A credit report will also contain information on any credit applications submitted by a borrower, such as the type of loan applied for, and the amount requested. Information on credit applications is retained for a period for six months.

A credit report will also contain a footprint. This is a record of all the dates that a credit report has been requested, by whom and the type and purpose of the enquiry.

Your rights

Under the Credit Reporting Act 2013, borrowers have the following rights in relation to information held on the Central Credit Register:

  • a right to insert an explanatory statement on your credit report;
  • a right to apply to have inaccurate, incomplete or not up-to-date information amended;
  • a right to report suspected impersonation;
  • a right to obtain a copy of your credit report.

Find out further information in relation to these rights. In order to request your credit report or to request a credit report on behalf of another person, you will need to furnish some identification documents.

Under data protection legislation, borrowers have the right to access personal data held in relation to him or her on the Central Credit Register and to apply to have inaccurate, incomplete or not up-to-date personal data rectified. Borrowers also have the right to request that access to his or her personal data be restricted while an amendment requested by that borrower is under consideration by the Central Credit Register.

Queries and complaints

Should you have any queries in respect of the Central Credit Register you can contact us. Alternatively, you can contact the Data Protection Officer of the Central Bank at dataprotection@centralbank.ie or read the Central Bank's Data Protection Privacy Notice.  Individuals also have the right to lodge a complaint with the Data Protection Commission at any time. 

 

Privacy Impact Statement

The Central Bank has completed a Privacy Impact Statement (PIA) and published an executive summary.

The purpose of the PIA is assess the privacy impact that the introduction of the Central Credit Register will have on individual credit information subjects, and assist in the evaluation of potential solutions to those risks.