Data Retention Policy
Last Updated: 21 May 2018
Microfinance Ireland is hereinafter referred to as ‘we’, ‘us’, or ‘our’ in this document.
From the 25th of May 2018, the General Data Protection Regulation (the GDPR) impose obligations on us, as a Data Controller, to process personal data in a fair manner which notifies data subjects of the purposes of data processing and to retain the data for no longer than is necessary to achieve those purposes.
Under these rules, individuals have a right to be informed about how their personal data is processed. The GDPR sets out the information that we should supply to individuals and when individuals should be informed of this information. We are obliged to provide individuals with information on our retention periods or criteria used to determine the retention periods.
Processing your information
Under the DPAs and the GDPR, we are required to provide data subjects with the legal grounds or lawful basis that they are relying on for processing personal data.
The legal grounds for processing personal data are as follows:
- Performance of a contract;
- Legal obligation;
- Vital interest;
- Legitimate interests.
If there is no justification for retaining your data, it will routinely be deleted. If we want to retain your data to help us provide a better service to you, we will obtain your consent.
Right of erasure
You have the right to have your personal data erased and no longer processed in the following circumstances:
- Where your personal data is no longer necessary in relation to the purposes for which they are collected or otherwise processed
- Where you have withdrawn your consent or object to the processing of personal data concerning you,
- Where the processing of your data does not otherwise comply with the GDPR.
Reasons for Data Retention
We are required to retain certain records, usually for a specific amount of time. We must balance these requirements with our statutory obligation to only keep records for the period required and to comply with data minimization principles.
We must retain certain records because they contain information that:
- Have enduring business value (for example, they provide a record of a business transaction, protect our legal interests or ensure operational continuity)
- Must be kept in order to satisfy legal, accounting or other regulatory requirements
This section sets out our guidelines for retaining the different types of personal data through our loan process:
Lead Management – Pre Application stage
If you have registered your interest in applying for a loan with us and have provided personal data, we will retain your data on our lead management system until such time as:
- You withdraw your consent to hold your personal data and you request us to delete all information held on our lead management system
- You submit a loan application to us and it is no longer necessary to keep your data on our lead management system
- You provide your data but do not meet the eligibility criteria for a loan
We review lead status of all contact records and will delete personal data based on consent, eligibility and marketing preferences on a quarterly basis.
We will retain documentation relating to a declined or withdrawn application for no longer than one year after a decline decision or the application has been withdrawn. We maintain this information in the event that you may wish to re-apply.
We will maintain your data for no longer than 6 years after your loan has been repaid.
Data destruction is a critical component of our data retention policy. We will ensure that we will keep your data only as long as necessary and for the original basis for which it was intended. When we no longer need your personal data, we will securely delete and destroy it.
Download the Data Retention Policy here: Data Retention Policy 21.05.18