Privacy policy.
This Privacy Policy explains how we use the personal information that Onate collects or generates both in relation to this website and our online products and services. The list below sets out what is covered in this Privacy Policy.
BACKGROUND
THE PRODUCTS AND SERVICES WE PROVIDE
THE TYPES OF PERSONAL DATA WE COLLECT
HOW WE USE YOUR INFORMATION
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
INTERNATIONAL TRANSFERS OF PERSONAL DATA
HOW WE SAFEGUARD YOUR INFORMATION
HOW LONG WE KEEP YOUR PERSONAL DATA
YOUR RIGHTS
ONATE DESIGNATED REPRESENTATIVE
QUESTIONS AND CONCERNS
MARKETING
CHANGES TO THIS NOTICE
CENTRAL CREDIT REGISTER (CCR) AND CREDIT REFERENCE AGENCIES
1. BACKGROUND
1.1 Onate DAC, registered in Dublin, Ireland, company number 675486, with its registered office at 26/27 Upper Pembroke Street, Dublin 2, D02 X361 and other companies in the Onate group (including Onate Capital Limited, Onate Finance Lending Limited, Onate Finance No 1 DAC, Onate Finance No 2 Limited, Onate Finance No 3 Limited, Onate Finance No 4 DAC) collect and use certain Personal Data. Onate is responsible for ensuring that it uses that Personal Data in compliance with data protection laws.
1.2 At Onate we respect the privacy of our clients and we are committed to keeping all your Personal Data secure. This Privacy Policy governs the handling of Personal Data by Onate in the course of carrying on commercial activities.
1.3 We use the following definitions in this Privacy Policy:
“Onate”, “we or “us” means Onate DAC and other companies in the Onate Group.
“Onate Group” means us, our subsidiaries, our holding companies and any subsidiaries of those holding companies.
“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information, which is in the possession of, or is likely to come into the possession of, Onate (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Onate or any other person in respect of an individual.
2. THE PRODUCTS AND SERVICES WE PROVIDE
2.1 Onate lends against investment property all across Ireland. The borrower must always be a corporate vehicle, such as a limited company. We are willing to lend to newly incorporated companies. Our loans are fast and flexible, allowing the borrower to seize the opportunity. Exit is typically either by selling the property or refinancing. The loans are typically from €150,000 to €4,000,000 and interest only, secured always by a first charge mortgage. Our loans are structured flexibly, typically with a term of less than one year but can be repaid early without penalty after 90 days. We typically lend up to 75% loan-to-value in and around Dublin, Cork, reducing then across the country based on the liquidity of the area.
2.2 This Privacy Policy concerns the following categories of information that we collect about you when providing the following products and services:
(a) Information we receive through our websites (Onate Websites);
(b) Information we receive through our products (Onate Products);
(c) Information we receive through our support services (Onate Services).
3. THE TYPES OF PERSONAL DATA WE COLLECT
3.1. There are a number of reasons for gathering personal data about you. For instance, we need to know how to get in touch with you, we need to be certain of your identity and we need to understand your financial circumstances, so we can offer you products and services and give you the best possible customer experience. The personal data we collect falls into various categories, such as:
Identity & contact information:
Name, date of birth, copies of ID, contact details, PPS number (or foreign equivalent), online user identities (such as your internet protocol addresses and cookie identifiers), security details to protect identity, nationality, home status and address, email address, work and personal phone numbers, marital status, family details, tax residency and tax related information.
Financial details/circumstances:
Bank account details (including Account number, sort code), any International Bank Account Number (IBAN), currency information, payments information including, payment reference information (this may identify precisely who makes payments to you and who you make payments to and possibly include special category data e.g. a payment to a trade union) transaction credits, transaction debits, credit/debit card details, income and asset details, personal guarantees provided, application processing and administration records, your employment status and employment details of your partner, credit history, credit assessment records, credit data from credit registers, credit reference agency performance data, life assurance, pension and investment details, transaction details, treasury transactions, financial needs/attitudes, contact outcomes, authorised signatories details, details relating to accounts transferred to National Asset Management Agency, information relating to power of attorney arrangements.
Marital status and/or financial associations:
If you are married or are financially linked to another person in the context of a particular product or service, a financial association may be created between your records and their records, including any previous and subsequent names used by you (for example, if you apply jointly or one is guaranteeing the debts of another). This means that we may treat your financial affairs as affecting each other. These links will remain on your and their files until you or they break that link. We may make searches on all joint applicants, and evidence of that search will be left on all applicants’ records.
Information you provide us about others or others provide us about you:
If you give us information about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Data Privacy Notice. Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Privacy Notice.
Sensitive or special categories of data:
We may hold information about you which includes sensitive or special categories personal data, such as but not limited to health or criminal conviction information. We will only hold this data when we need to for the purposes of the product or services we provide to you, where we are processing the data for a substantial public interest, where we have a legal obligation or where we have your consent to do so. Examples of when we use this type of data include: If you have criminal convictions, we may process this information in the context of compliance with our anti-money laundering obligations.
Information which you have consented to us using:
Your contact details and marketing preferences are used to share news about relevant services, products and offers that we think may be of interest to you.
Information from online activities:
We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy, which is available on our website.
We collect information about your internet browser settings and Internet Protocol (IP) address and other relevant information to help us identify your geographic location when providing you with our services.
Other personal information:
Telephone and image recordings.
Information in relation to requests made by you e.g. data access, correction, restriction, deletion, porting and complaints.
Sometimes we may collect and use your information even though you are not a customer of ours:
For example, you may be a beneficiary, guarantor, director, or representative of one of our customers, or you may be in the process of making an application for a product or service. In other cases, your own circumstances may have a material impact on the ability of our customer to perform their obligations to us, and we will need to consider these. If so, we will apply the principles outlined in this Data Privacy Notice when dealing with your information.
4. HOW WE USE YOUR INFORMATION
4.1 To provide our products and services to you and perform our contract with you, we use your information to:
Establish your eligibility for our products and services.
Manage and administer your accounts, policies, benefits or other products and services that we or our partners may provide you with. For example, if you have a secured loan or mortgage with us, we may need to share information with other lenders who also hold a charge on your property.
Process your applications for credit or financial services.
Carry out credit reviews, including automated credit decision processes (which may have a legal or similarly significant effect on you), and to search for details of your credit history and information at credit bureaus/agencies, including the Central Credit Register. Where we make these searches, agencies may keep a record of the search.
Contact you by post, phone, text message, email, social media, fax, digital message, but not in a way contrary to your instructions to us or contrary to law.
Monitor and record our conversations when we speak on the telephone (for example, to check your instructions to us, to analyse, to assess and improve customer service; for training and quality purposes; and for verification, fraud analysis and prevention purposes).
Recover debts you may owe us.
Manage and respond to a complaint or appeal.
4.2 To manage our business for our legitimate interests we may use your information to:
Carry out credit scoring, credit management including collecting and enforcing debts and arrears We may:
Tell credit reference and credit registration agencies about your dealings with us including details of your credit facilities and your credit history with us. We may also search the Central Credit Register where permitted but not obliged to do so.
Engage agencies to trace you (for example, where the address you have provided is no longer accurate and Onate needs to provide you with legal documentation).
Provide service information (including sending you service related messages), to improve our service quality and for training purposes.
Conduct marketing activities: It is in our business interests to understand our customers’ needs and preferences so that we can improve our products and services offerings for our customers and identify suitable new products or services. It is also in both our and our customers’ interests to let you know about those products or services which we believe may be of interest or relevance to you. Where we process your information for this purpose, this allows us to:
send you relevant marketing information. In the case of certain electronic marketing, we may also need your consent to send these messages.
identify where you are eligible for a particular product or service.
conduct market research, including customer surveys, analytics and related activities.
run competitions, promotions and other direct marketing activities.
4.3 To run our business on a day to day basis including to:
Carry out strategic planning and business portfolio management.
Compile and process your information for audit, statistical or research purposes (including, in some instances, making your data anonymous) in order to help us understand trends in our customer behaviour and to understand our risks better, including for providing management information, operational and data risk management.
We also use aggregated information we have about you and our other customers (such as spending patterns or transaction information) to understand general trends and may combine this with data from other sources, such as economic or research data. We may share this analysis with third parties to help them better understand these general trends. When we do this, we combine customers’ data and do not provide information (such as your name, address or account number) that would identify you.
Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity), including using call recordings and CCTV at our premises and using your location data to help identify and protect against fraud.
Manage and administer our Group’s legal and compliance affairs, including complying with our obligations to compliance with regulatory guidance and voluntary codes of practice to which we have committed.
Enable our Group members to share or access your information for internal administrative purposes, fraud prevention, audit, prudential, statistical or research purposes (including making your data anonymous) to help us understand trends in customer behaviour, for helping us to understand our risks better and for the purposes set out in this Data Privacy Notice (but not for the purposes of direct marketing where you have objected to this).
4.4 To buy and/or sell assets of the Group:
Members of the Group may in the future wish to sell, securitise, transfer or merge part or all of its business or assets or to buy a new business or the assets of another business or enter into a merger with another business. If so, we may disclose your personal information under strict duties of confidentiality to a potential buyer, investor, lender, transferee, merger partner or seller and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the buyers, transferee or merger partner may use or disclose your personal information in the same way as set out in this Data Privacy Notice.
Facilitate a potential or actual transfer of any loan or product provided to you or in connection with a securitisation or other funding arrangement.
4.5 To comply with our legal and regulatory obligations:
We need to use your information to comply with legal and regulatory obligations including:
Complying with your information and privacy rights.
Providing you with statutory and regulatory information and statements.
Establishing your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing.
We are required by law to screen applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result, we may need to disclose information to government and other statutory bodies.
Preparing returns to regulators and relevant authorities including preparing income tax, capital gains tax, capital acquisition tax, Deposit Interest Retention Tax and other revenue returns.
Reporting to and, where relevant, conducting searches on the Central Credit Register, State registers (such as the Register of Beneficial Owners), and other industry registers.
Complying with binding requests from regulatory bodies, including the Central Bank of Ireland.
Complying with binding requests for information about you from other payment service providers from whom you may have received payments in error so that the payer’s financial service provider may contact you directly. This information will include your name, address and relevant transaction information.
Complying with binding production orders or search warrants, and orders relating to requests for mutual legal assistance in criminal matters received from foreign law enforcement agencies/ prosecutors.
For other reasons where a statutory reason exists, including use of your Personal Public Service (PPS) number (or foreign equivalent).
Complying with court orders arising in civil or criminal proceedings.
Performing a task carried out in the public interest.
4.6 Where you have given us permission (which you may withdraw at any time):
Where you have given us permission (which you can withdraw at any time) to process your information we may:
Send electronic messages to you about products, services and offers from Onate as well as from specially selected trusted partners but only if we think they may be suitable or of interest to you.
Share your data with third parties so that they may send you electronic messaging about their products and offers.
Use image recognition software to verify your identity and documentation when opening or operating an account. This process may also include using that technology to scan and copy information from the documents you provide and using that information for your application.
Use cookies in accordance with our Cookie Policy.
Use special categories of data, or sensitive data.
Use information you have made public and combine this with the activities outlined above.
4.7 When we ask for your consent, we will provide you with more information on how we will use your personal data in reliance on that consent, including in relation to third parties we would like your consent to share your data with.
4.8 We will take steps to ensure that the Personal Data is accessed only by employees of Onate that have a need to do so for the purposes described in this Privacy Policy.
5. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
We only share your information with a select number of individuals and companies, and only as necessary. Sharing can occur in the following circumstances and/or with the following persons:
Your authorised representatives:
These include your broker/retail intermediary, attorney (under a Power of Attorney) and any other party authorised by you to receive your personal data.
Third parties we need to share your information with in order to facilitate payments you have requested.
for example, banks or payment service providers such as SWIFT; and
those you ask us to share your information with.
5.1 Companies in the Onate Group:
We share your information with members of the Onate Group to protect our legitimate interests or where legally required to do so.
5.2 Guarantors:
We will share your information with any person or entity which guarantees your obligations to us (for example, if an entity provides a guarantee as part of a statutory scheme) or gives us an indemnity concerning these obligations.
5.3 Companies that provide support services for the purposes of protecting our legitimate interests:
Your personal information remains protected when our service providers use it. We only permit service providers to use your information in accordance with our instructions, and we ensure that they have appropriate measures in place to protect your information.
Our service providers include providers of marketing services such as advertising agencies or social media companies (so they can present messages from us to you) and market research companies, analytics companies, investment companies, IT and telecommunication service providers, software development contractors, data processors, debit/credit card producers, computer maintenance contractors, printing companies, property contractors, document storage and destruction companies, custodians and providers of administration services, archiving services suppliers, debt collection agencies, budgeting and advice agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions, auditors, and consultants, including legal advisors.
5.4 We may also share information with the following third parties to help us manage our business for our legitimate interests:
Trade associations and professional bodies, non-statutory bodies and members of trade associations.
Pension fund administrators, trustees of collective investment undertakings and pensions trustees.
Insurers/re-insurers and insurance bureaus.
5.5 Statutory and regulatory bodies (including central and local government) and law enforcement authorities:
These include the courts and those appointed by the courts, government departments, statutory and regulatory bodies in all jurisdictions where the Onate Group operates including: the Central Bank of Ireland, the European Central Bank, the Data Protection Commission, Financial Services Ombudsman, Credit Review Office, An Garda Síochána/police authorities/enforcement agencies, Revenue Commissioners, Criminal Assets Bureau, US, EU and other designated authorities in connection with combating financial and other serious crime, NAMA and its agents or other parties designated by or agreed with NAMA or designated under the relevant legislation, police forces and security organisations, ombudsmen and regulatory authorities, as well as fraud prevention agencies.
5.6 Credit reference/rating agencies, including the Central Credit Register and The Irish Credit Bureau:
We may search the Central Credit Register where permitted but we are not obliged to do so to protect our legitimate interests.
5.7 Third parties in connection with a sale or purchase of assets by a member of our Group:
Those who are interested in or participating in buying or selling assets of our Group or in connection with a funding arrangement for our Group.
5.8 Correspondent banks and other financial institutions engaged to supply status opinions in accordance with banking practice.
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA
6.1 Onate is a global business. Our customers and our operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
6.2 Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of Europe, for example, this may be done in one of the following ways:
Model Clauses (also known as Standard Contractual Clauses) are standard clauses in our contracts with our service providers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law.
Transfers to countries outside the EEA which have an adequate level of protection as approved by the European Commission.
Binding Corporate Rules.
Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the GDPR. For example, where it is necessary to transfer information to a non-EEA country to perform our contract with you.
6.3 You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 11 below.
7. HOW WE SAFEGUARD YOUR INFORMATION
7.1 We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.
7.2 As a condition of employment, Onate employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to it to perform their roles. Unauthorised use or disclosure of confidential client information by an Onate employee is prohibited and may result in disciplinary measures.
7.3 When you contact an Onate employee about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.
8. HOW LONG WE KEEP YOUR PERSONAL DATA
8.1 How long we will hold your Personal Data for will vary and will be determined by the following criteria:
The purpose for which we are using it Onate will need to keep the data for as long as is necessary for that purpose;
The type of financial product we have provided to you. For example, we may keep data relating to a mortgage product for a longer period compared to data regarding a single payment transaction;
Whether you and we are in a legal or some other type of dispute with another person or each other;
The type of data we hold about you;
Whether you or a regulatory authority asks us to keep it for a valid reason; and
Legal obligations laws or regulation may set a minimum period for which we have to keep your Personal Data.
9. YOUR RIGHTS
9.1 In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to Onate;
the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
9.2 You can exercise your rights by contacting us using the details listed in paragraph 10 below.
10. ONATE DESIGNATED REPRESENTATIVE
Onate’s Data Protection Officer may be contacted using the following contact information:
Address: 26/27 Upper Pembroke Street, Dublin 2, D02 X361 Email Address: info@onate.com
11. QUESTIONS AND CONCERNS
If you have any questions or concerns about Onate’s handling of your Personal Data, or about this Policy, please contact our Compliance team using the following contact information:
Address: Onate DAC, Compliance Team, 26/27 Upper Pembroke Street, Dublin 2, D02 X361
Email Address: info@onate.com
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns you have to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at http://dataprotection.ie/docs/Contact-us/b/11.html/ . Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231. E-mail: info@dataprotection.ie . Postal Address: Data Protection Commission, 21 Fitzwilliam Square North, Dublin 2, D02 RD28.
12. MARKETING
You, or someone acting on your behalf, have the right to opt out of receiving some or all of the marketing communications we may send you at any time and can do so by emailing us at info@onate.com.
13. CHANGES TO THIS NOTICE
We will update this Data Privacy Notice from time to time on our website at https://onate.com/privacy-policy/ . Any material changes to this Data Privacy Notice, where appropriate, will be notified to you.
14. CENTRAL CREDIT REGISTER (CCR) AND CREDIT REFERENCE AGENCIES
We may access and use your personal information from the CCR and other credit reference agencies when you apply for a loan with us, or where you provide a personal guarantee for a loan given by us, and periodically thereafter:
To manage and take decisions about your accounts, including assessing creditworthiness when you are applying for a new product, and checks to avoid indebtedness.
If you apply to have your existing loan restructured.
If an amendment is required to the records held on the CCR.
For prevention of fraud, money laundering or criminal activity.
To trace debtors and recover debt.
While you have a loan with us, or a personal guarantee guaranteeing a loan with us, we will continue to share your personal information, including information about the performance of your loan, with the CCR. This will include the outstanding balance on your loan, the regularity of repayments, number of overdue repayments, any arrears and the date of the next payment. This information will be made available to other organisations, including financial services providers, so they can make decisions about you (such as considering any application for credit and credit related services), to trace debtors, recover debts, prevent or detect money laundering and fraud, and to manage your account. If you want further details of how your information will be used by the CCR, please visit its website or contact them directly at:
CCR, Website: www.centralcreditregister.ie Email: consumerinfo@centralcreditregister.ie Phone: +353 (0)1 224 5500