CoreTrack

Coretrack
Login
Book a Demo

Privacy Policy

Last updated: 14th Oct 2024

About Us

CoreTrack, a service provided by, offers a comprehensive Anti-Money Laundering (AML) transaction monitoring software platform designed specifically for credit unions.

 

Who We Are

CoreTrack is a service offered by Financial Modelling Services Ireland Ltd t/a O’Dwyer Power. You can find us at:

Post:                     1st Floor, 9 Adelphi Quay, Waterford. Ireland.

Email:                   info@odwyerpower.ie

Website:              www.odwyerpower.ie or www.coretrack.ie

Tel:                       051 364034        

 

Objective of this Notice

This Notice explains how we manage your personal data and the ways in which we process any data you provide to us or that we collect, where we are the data controllers as defined by law. We encourage you to read this statement thoroughly to gain a clear understanding of how we handle your personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (“data protection legislation”). This Privacy Notice explains how we collect, use, and protect your personal data when using the CoreTrack platform and visiting our website www.coretrack.ie.

 

How We Collect Personal Data

We may collect certain personal data directly from business contacts to manage business relationships or provide you with information you request about our products and services. This may be collected:

·        Directly from you if you contact us through our website, by phone or email,

·        Through referrals from other clients or business contacts,

·        From public sources such as LinkedIn,

·        At events, such as conferences,

·        Through your use of our website.

 

Data We Collect

Category of Data

Details

Contact data

name, address, phone number, profession

Identification data

passport, driving licence, profile information (eg. social media, online meetings)

Financial data

bank account details to collect payment for services

Communication data

content of emails, online meetings (if recorded)

Web data

if you contact us through our website, device data (eg. IP address)

Other

marketing preferences

 

How We Process Your Data

Processing Purpose

Data Categories

Lawful Basis

Provision of Services

Contact data, Identification data, Financial data

Contract, legitimate interest

 

Billing and Invoicing

Contact data, Financial data

Contract

 

Customer Support

Contact data, Communication data

Contract, legitimate interest

 

Marketing and Promotions

Contact data, Communication data

Consent

 

Account Setup and Management

Contact data, Identification data, Financial data

Contract

 

Information Security

Identification data, Web data, Financial data

Legitimate interest

 

Regulatory Compliance

Identification data, Financial data

Legal obligation

 

Website Analytics

Web data

Legitimate interest, consent

 

Recruitment and Hiring

Contact data, Identification data

Legitimate interest, contract

 

Internal Record Keeping

Contact data, Financial data, Communication data

Legitimate interest, legal obligation

 

Handling complaints

Identification data, Communication data

Legitimate interest

 

 

Details relating to the lawful basis outlined above:

Contractual Necessity (Article 6(1)(b)):
This lawful basis applies when the processing is necessary to perform a contract with the data subject or to take steps at the request of the data subject before entering into a contract. Examples include processing data to provide a service, manage accounts, or fulfil payment obligations.

 

Legal Obligation (Article 6(1)(c)):
Processing is necessary for compliance with a legal obligation to which the data controller is subject. This includes obligations under laws, regulations, or regulatory requirements, such as tax reporting, anti-money laundering, or health and safety laws.

 

Consent (Article 6(1)(a)):
Consent must be freely given, specific, informed, and unambiguous. It applies where the individual has provided clear affirmative action indicating their agreement to the processing of their data for a specific purpose, such as marketing or website analytics.

 

Legitimate Interest (Article 6(1)(f)):
Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the data subject’s rights and freedoms. Examples include fraud prevention, internal record-keeping, or service improvement.

 

Your Rights

You have a number of rights around the personal data relating to you that we collect, process and store. Please note that the above rights are not absolute, and some restrictions and limitations may apply. These rights are to:

·        Be informed.

This includes details on how your data is collected, used and secured. We hope this Privacy Notice helps but you can contact us if you want to know more.

·        Access your data

Request a copy of your personal data by way of a subject access request and we will provide you with what you request within one month unless an extension is warranted. There may be exceptions to this right, but we will communicate with you if there are so as you understand.

·        Rectify and update your personal data

If any of your information is incorrect you can contact us to amend it.

·        Request the erasure of your personal data

There are certain circumstances where you can look for us to erase your data but there will also be instances where we must retain it. Again, we will communicate with you and explain any exceptions to this right.

·        Object to the processing of your personal data

You have the right to object to processing which is based on public interest or legitimate interest. (Note: we do not carry out any processing under “public interest”).  We may have legitimate grounds for continued processing and if we do, we will explain these to you.

·        Restrict the processing of your personal data

You have the right to request that we limit the use of your data under certain circumstances, such as when you have informed us that some of your data is incorrect, and we are in the process of verifying or correcting it. Or, if we no longer have a lawful reason to process your data. We can still continue to store your data for certain reason while its use is restricted.

·        Port your data to another organisation

You have the right to ask us to “port” your data in a commonly used machine readable format to another organisation. There are limitation to this right which, if applicable, will be explained to you.

·        Not be subject to automated decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing without human intervention being available.

·        Lodge a complaint with the Data Protection Commission

This can be done through their website: www.dataprotection.ie

 

Data Sharing and Data Transfers

We do not sell any personal information, nor do we share it with unaffiliated third parties unless we are required to do so by law. We will ensure that any information passed to third parties conducting operational functions on our behalf will be done with respect for the security of personal data and will be protected in line with data protection law.

 

Ways in which we may share personal information include:

·        To engage our software developers who update and support the CoreTrack software platform.

·        To engage external IT providers so as to ensure the security of our IT systems in order to protect all personal data.

·        With our insurers or assessors when providing or reviewing information in the event of an incident occurring.

·        To engage professional services of third parties, such as auditors, solicitors or any other such business advisers. Any such parties are bound by confidentiality.

·        To carry out website analytics that assist us in the improvement and operation of the CoreTrack website.

·        We reserve the right to report to law enforcement any activities that we, in good faith, believe to be illegal.

·        If we are legally obliged to disclose certain data.

·        With any relevant, authorised third parties as part of a merger or acquisition, any such parties will be bound by a duty of confidentiality.

 

At present we do not transfer any personal data outside the EEA (European Economic Area). Should this change in the future, we will safeguard your data by ensuring a minimum of one of the following safeguards is in place:

·        a contract based on “model contractual clauses” (also called Standard Contractual Clauses) approved by the European Commission, obliging them to protect your personal data, or

·        a company you has a set of approved Binding Corporate Rules, or

·        with companies located in a third country approved by the European Commission under an adequacy decision, such as the UK.

 

Data Security

We ensure the confidentiality, integrity, availability, and resilience of personal data when in use, transit and storage.  We are obliged to protect the data from inadvertent destruction, amendment, loss, disclosure, corruption or unlawful processing and we have appropriate technical and organisational measures in place to ensure all data is secure.

 

We carry out regular testing of the resilience of our website and the CoreTrack software platform and any other systems where we store personal data. Any third parties accessing the data are bound by a duty of confidentiality and we ensure regular staff training and the highest level of IT security measures to protect your data.

 

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which it was obtained, taking into account any legal/contractual obligation to keep it. Where possible we record how long we will keep your data, where that is not possible, we will explain the criteria for the retention period. Once the retention period has expired, the respective data will be permanently deleted.

As a general rule, data collected through us providing our services will be retained for 3 years after the cessation of your relationship with us. But data relating to payment will be retained for 7 years.

 

Data Protection by Design and Default & Impact Assessments

The GDPR requires that all our systems and processes are compliant in nature. The use of Data Protection Impact Assessments (DPIA) will be conducted on any new project that involves the collection of personal data or special categories of personal data as well as any changes to existing projects where there are risks to the data. 

Additionally, we ensure that the CoreTrack software platform has been built and will continue to be designed with the concept of data protection by design and default at its core. We are mindful of the principle of data processing and how these are implemented in our software.

 

Other Websites & Cookies

We may provide links to other websites on the CoreTrack site, but these sites operate independently and have their own privacy settings, which we do not oversee or verify. We disclaim any responsibility or liability for the practices or content of these external sites. Before sharing any personal information, we encourage you to carefully review their privacy terms and ensure they meet your standards.

 

 

Remember to check back here regularly for updates to this Notice.