Throughout this document, “we”, “us”, “our” and “ours” refer to MacCourt Financial Planning Ltd. and/or MacCourt Trustees Ltd.

MacCourt Financial Planning Ltd. & MacCourt Trustees Ltd. means:

MacCourt Financial Planning Ltd. and/or MacCourt Trustees Ltd. Registered Office: 60 Merrion Square, Dublin 2.

MacCourt Financial Planning Ltd. Registered in Ireland No 180774
MacCourt Trustees Ltd. Registered in Ireland No 207263

There are a number of reasons for gathering information about you. For instance, we need to know how to get in touch with you, we need to be certain of your identity and we need to understand your financial circumstances, so we can offer you products and services and give you the best possible customer experience. The information we collect falls into various categories.

Name, date of birth, copies of ID, contact details, PPS number (or foreign equivalent), security details to protect identity, nationality, home status and address, email address, work and personal phone numbers, marital status, family details, tax residency and tax related information.

Bank account details, credit/debit card details, income details, personal guarantees provided, application processing and administration records, your employment status and employment details of your partner, life assurance, pension and investment details, transaction details, treasury transactions, financial needs/attitudes, contact outcomes, authorised signatories details, information relating to power of attorney arrangements.

If you are married or are financially linked to another person in the context of a particular product or service, a financial association may be created between your records and their records, including any previous and subsequent names used by you (for example, if you apply jointly for a product). This means that we may treat your financial affairs as affecting each other. These links will remain on your and their files until you or they break that link. We may make searches on all joint records, and evidence of that search will be left on all related client records

If you give us information about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Data Privacy Notice.

Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Privacy Notice.

We may hold information about you which includes sensitive personal data, such as health or criminal conviction information. We will only hold this data when we need to for the purposes of the product or services we provide to you or where we have a legal obligation to do so. Examples of when we use this type of data include:

• Medical information, for example, where you apply for life insurance, income protection, mortgage protection or investment products.
• If you have criminal convictions, we may process this information in the context of compliance with our anti-money laundering obligations.

If you give us information about someone else, or someone gives us information about you, (for example, where another person provides your information to us during the course of a joint application), we may add it to any personal information we already hold and use it in the ways described in this Data Privacy Notice.

Your agreement to allow us to contact you through certain channels to offer you relevant products and services.

Information in relation to data access, correction, restriction, deletion, porting requests and complaints.

For example, you may be a beneficiary, guarantor, director, or representative of one of our clients, or you may be in the process of making an application for a product or service. In other cases, your own circumstances may have a material impact on the ability of our client to perform their obligations to us, and we will need to consider these. If so, we will apply the principles outlined in this Data Privacy Notice when dealing with your information.

As you use our services, apply for products, make enquiries and engage with us, information is gathered about you. We may also collect information about you from other people and other parties, for example, when you are named in an insurance policy application, from credit rating agencies and from sources where you have chosen to make your information publicly available, such as social media sites.

• When you ask us to provide you with certain products and services. For example, insurance or investment products may require us to collect relevant health information from you.
• When you visit our office.
• When you or others give us information verbally or in writing. This information may be on application forms, in records of your transactions with us or if you make a complaint.
• When make transactions on your investments / products via our office we gather details about the source of funds and where funds are going, how much the payments are for and when the payments are made.
• From information publicly available about you – for example in trade directories, online forums, websites, Facebook, Twitter, YouTube or other social media. When you make information about yourself publicly available on your social media accounts or where you choose to make information available to us through your social media account, and where it is appropriate for us to use it, this information can help enable us to do things like verify your identity. For a description on how social media services and other third party platforms, plug-ins, integrations or applications use your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings.
• From credit reference agencies, credit registration agencies, fraud prevention agencies or public agencies such as property registration authorities, the Companies Registration Office or judgement registries.

Please note: If you apply for or hold a financial product in joint names, you should only give personal information about someone else (for example, a joint applicant, guarantor or dependant) with their permission.

Whether we’re using it to confirm your identity, to help in the processing of an application for a product or service or to improve your experiences with us, your information is always handled with care and the principles outlined in this Data Privacy Notice are always applied.

We use your information:

To provide products and services to you, and to fulfil our contract with you

To provide products and services to you and perform our contract with you, we use your information to:

• Establish your eligibility for products and services.
• Manage and administer your accounts, policies, benefits or other products and services that we may provide you with.
• Process your applications for insurance / pension or financial services.
• Where it may be applicable, carry out credit reviews, and to search for details of your credit history and information at credit bureaus/agencies, including the Central Credit Register. Where we make these searches, agencies may keep a record of the search.
• Process payments that are paid to you or by you. For example, if you hold a pension scheme with us, we will share transaction details with other parties, i.e. Revenue / Pensions Authority to fulfil our requirements with their offices.
• Contact you by post, phone, text message, email, social media, or other means, but not in a way contrary to your instructions to us or contrary to law.
• Monitor and record (in writing our conversations when we speak on the telephone for example, to check your instructions to us, to analyse, to assess and improve customer service and for training and quality purposes).
• Recover debts you may owe us (in certain circumstances e.g. fees due).
• Manage and respond to a complaint or appeal.

To manage our business we may use your information to:

• Conduct marketing activities research, including customer surveys, analytics and related activities.

• Carry out strategic planning and business portfolio management.
• Compile and process your information for audit, statistical or research purposes (including, in some instances, making your data anonymous) in order to help us understand trends in our customer behaviour and to understand our risks better, including for providing management information, operational and data risk management.
• Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity).
• Manage and administer our legal and compliance affairs, including complying with our obligations to product providers, compliance with regulatory guidance and voluntary codes of practice to which we have committed.
• Enable our companies to share or access your information for internal administrative purposes, audit, prudential, statistical or research purposes (including making your data anonymous) to help us understand trends in customer behaviour, for helping us to understand our risks better and for the purposes set out in this Data Privacy Notice (but not for the purposes of direct marketing where you have objected to this).

• MacCourt Financial Planning Ltd. and /or MacCourt Trustees Ltd ., may in the future wish to sell, transfer or merge part or all of its business or assets or to buy a new business or the assets of another business or enter into a merger with another business. If so, we may disclose your personal information under strict duties of confidentiality to a potential buyer, transferee, merger partner or seller and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the buyers, transferee or merger partner may use or disclose your personal information in the same way as set out in this Data Privacy Notice.
• Facilitate a potential or actual transfer of any product provided to you or in connection with a financial / insurance / pension arrangement.

We need to use your information to comply with legal and regulatory obligations including:

• Complying with your information rights.
• Providing you with statutory and regulatory information and statements.
• Establishing your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing.
• We are required by law to screen applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result, we may need to disclose information to government and other statutory bodies.
• Preparing returns to regulators and relevant authorities which may include revenue returns.
• Reporting to and, where relevant, conducting searches on the Central Credit Register and other industry registers.
• Complying with binding requests from regulatory bodies, including the Central Bank of Ireland.
• Complying with binding production orders or search warrants, and orders relating to requests for mutual legal assistance in criminal matters received from foreign law enforcement agencies/prosecutors.
• For other reasons where a statutory reason exists we do so, including use of your Personal Public Service (PPS) number (or foreign equivalent).
• Complying with court orders arising in civil or criminal proceedings.
• Performing a task carried out in the public interest.

• Send an electronic message to you about product and service offers from our providers and/or our selected and trusted institutions with home we hold agency agreements.
• Share your data with third parties so that they may send you electronic messaging about their products and offers.

When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent, including in relation to third parties we would like your consent to share your data with.

We only share your information with a select number of individuals and companies, and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:

• These include your accountant/solicitor/other broker/, attorney (under a Power of Attorney) and any other party authorised by you to receive your personal data.

• Your bank
• When you apply for a life / pension / investment insurance / investment product

o We will pass your details to the insurer and reinsurer.

o We may request information relating to your health for underwriting and claims administration purposes.

o If you make a claim, any information you give us, or to the insurer, may be put onto a register of claims and shared with other parties to prevent fraudulent claims. A list of the participants is available from the insurer.

o We may disclose your information within our companies, to our agents and other insurers and third parties for administration, regulatory, customer care and service purposes, and to investigate or prevent fraud.

• When you open or use a joint account or product.

o If you open or hold a joint product, this may mean that your personal data will be shared with the other applicant. For example, transactions made by you will be seen by your joint account holder, and you will see their transactions.

• Companies that provide support services for the purposes of protecting our legitimate interests.

o Your personal information remains protected when our service providers use it. We only permit service providers to use your information in accordance with our instructions, and we ensure that they have appropriate measures in place to protect your information.

o Our service providers include marketing and market research companies, analytics companies, investment companies, IT and telecommunication service providers, software development contractors, data processors, computer maintenance contractors, printing companies, property contractors, document storage and destruction companies, custodians and providers of administration services, archiving services suppliers, auditors, and legal advisors.

• We may also share information with the following third parties to help us manage our business for our legitimate interests:

o Trade associations and professional bodies, non-statutory bodies and members of trade associations such as International Factors Group and the Irish Finance Houses Association.

o Pension fund administrators, trustees of collective investment undertakings and pensions trustees.

o Insurers/re-insurers and insurance bureaus.

o Healthcare professionals and medical consultants.

o Statutory and regulatory bodies (including central and local government) and law enforcement authorities. These include the courts and those appointed by the courts, government departments, statutory and regulatory bodies in all jurisdictions where we operate including: the Central Bank of Ireland, the European Central Bank, the Data Protection Commission, Financial Services Ombudsman, Credit Review Office, An Garda Siochana / police authorities/enforcement agencies, Revenue Commissioners, Criminal Assets Bureau, US, EU and other designated authorities in connection with combating financial and other serious crime, NAMA and its agents or other parties designated by or agreed with NAMA or designated under the relevant legislation, police forces and security organisations, ombudsmen and regulatory authorities, as well as fraud prevention agencies.

The length of time we hold your data depends on a number of factors, such as regulatory rules and the type of financial product we have provided to you.

Those factors include:

• The regulatory rules contained in laws and regulations or set by authorities like the Central Bank of Ireland, for example, in the Consumer Protection Code.
• The type of financial product we have provided to you. For example, we may keep data relating to a pension product for a longer period compared to data regarding a specific short term deposit product.
• Whether you and us are in a legal or some other type of dispute with another person or each other.
• The type of data we hold about you.
• Whether you or a regulatory authority asks us to keep it for a valid reason.
• Whether we use your data for long-term statistical modelling, provided that such modelling does not affect any decision we make about you.

As a general rule, we keep your information for a specified period after the date on which a transaction has completed or you cease to be a customer. In most cases this period is seven (7) years, but may be longer in certain circumstances

Sharing information with us is in both your interest and ours.

• We need your information in order to: o Provide our products and services to you and fulfil our contract with you.

o Manage our business for our legitimate interests.

o Comply with our legal obligations.

• Of course, you can choose not to share information, but doing so may limit the services we are able to provide to you.

o We may not be able to provide you with certain products and services that you request. We may not be able to continue to provide you with or renew existing products and services.

o We may not be able to assess your suitability for a product or service, or, where relevant, give you a recommendation to provide you with a financial product or service.

• When we request information, we will tell you if providing it is a contractual requirement or not, and whether or not we need it to comply with our legal obligations.

We will use your data and share that data where:

• Its use is necessary in relation to a service or a contract that you have entered into or because you have asked for something to be done so you can enter into a contract with us.
• Its use is in accordance with our legitimate interests outlined in this notice.
• Its use is necessary because of a legal obligation that applies to us (except an obligation imposed by a contract).
• You have consented or explicitly consented to the using of your data (including special categories of data) in a specific way.
• Its use is necessary to protect your “vital interests”.

o In exceptional circumstances we may use and/or disclose information (including special categories of data) we hold about you to identify, locate or protect you, for example, if it comes to our attention that you are in imminent physical danger and this information is requested by An Garda Siochana or your relative.

• Where you have made clearly sensitive categories of data about yourself public.
• Where the processing of special categories of data is necessary for the establishment, exercise or defence of legal claims.
• Where authorised by law or regulation, we may undertake processing of special categories of data for a substantial public interest.
• Where the processing of criminal conviction data is authorised by EU or local law.

Your information is stored on secure systems within our premises and with providers of secure information storage.

We may transfer or allow the transfer of information about you and your products and services with us to our service providers and other organisations outside the European Economic Area (EEA), but only if they agree to act solely on our instructions and protect your information to the same standard that applies in the EEA.

For example, we may process payments using third parties (including other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation) if, for example, you make a CHAPS payment or a foreign payment. Those external organisations may process and store your personal information abroad and may disclose it to foreign authorities to help them in their fight against crime and terrorism.

Some of our service and product providers, for example IT, telecommunications, custodians and providers of administration services etc. may be based outside of the EEA. Where we authorise the processing/ transfer of your personal information outside of the EEA, we require your personal information to be protected to at least Irish standards.

If we transfer personal data to a third party or outside the EU we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.

Providing and holding personal information comes with significant rights on your part and significant obligations on ours. You have several rights in relation to how we use your information. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

You have the right to:

• Find out if we use your information, to access your information and to receive copies of the information we have about you.
• Request that inaccurate information is corrected and incomplete information updated.
• Object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interests (for example, profiling we carry out for our legitimate business interests) or the performance of a task in the public interest. However, doing so may have an impact on the services and products we can / are willing to provide.
• Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
• Have your data deleted or its use restricted – you have a right to this under certain circumstances. For example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or where you object to our use of your personal information for particular legitimate business interests.
• Obtain a transferable copy of certain data to which can be transferred to another provider, known as “the right to data portability”.

o This right applies where personal information is being processed based on consent or for performance of a contract and the processing is carried out by automated means. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access. The right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive personal data transferred to us and we will not be responsible for the accuracy of same.

• Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.

We are obliged to respond without undue delay. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

You have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:

E-mail: info@dataprotection.ie https://www.dataprotection.ie/docs/Contact-us/b/11.html Telephone: +353 (0)761 104800 or Lo Call Number 1890252231 Fax: +353 57 868 4757

Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.

If you have any questions about how your personal data is gathered, stored, shared or used, or if you wish to exercise any of your data rights, please contact our Data Protection Representative at

Telephone: +353 (0)1 6614800

E-mail: info@maccourt.ie / zoe@maccourt.ie

Postal Address: MacCourt Financial Planning Ltd. Or MacCourt Trustees Ltd. 60 Merrion Square South, Dublin 2, D02 NT04

We may change this privacy policy from time to time. When such a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this privacy policy periodically so you’re aware of any changes. By using our services you agree to this privacy policy.

www.maccourt.ie MacCourt Financial Planning Ltd is regulated by the Central Bank of Ireland. This document was last updated 14 th June 2018