Data Protection Notice
This is our Data Protection Notice. Here we explain how we do the following:
- Use information relating to you,
- share information relating to you and
- keep the information that we hold about you and that relates to you.
This information is known as personal data and is referred to as “information” in this Data Protection Notice.
We must explain this to you under the General Data Protection Regulation (GDPR) and other data protection laws such as the Irish Data Protection Act 2018 (together Data Protection Law).
Data Protection Law:
- protects your information and
- tells us how we can use your information.
You can ask for more details about how we use your information at your local branch, or by:
- calling us on 0818 303 032
- emailing us at DPO@aib.ie (DPO stands for Data Protection Officer); or
- writing to us at Data Protection Officer, 10 Molesworth Street, Dublin 2, D02 R126.
You are responsible for ensuring the information relating to you that you give us is accurate, complete and up to date. If you give us information relating to another person (for example, a family member), you will need to tell them how to find this notice. You will also need to make sure they do not object to us using information relating to them as described in this notice.
Last updated: September 2025 - What's new with data protection
Who we are
When we talk about ‘us’ or ‘we’, we are talking about Allied Irish Banks, p.l.c. (Public Limited Company) (AIB) of 10 Molesworth Street, Dublin 2, and the following AIB Group companies:
- AIB Mortgage Bank;
- AIB Leasing Limited ;
- AIB Insurance Services Limited; and
- AIB Commercial Finance Limited.
This Data Protection Notice applies to you if your information is processed by any of the above companies. The company making decisions in relation to your information is the controller of your information, and all references to “us” or “we” should be read as relating to that company.
Our Data Protection Officer is involved in and oversees how we collect, use, share and protect your information. You can write to our Data Protection Officer by:
- email: DPO@aib.ie, or
- post: Data Protection Officer, 10 Molesworth Street, Dublin 2, D02 R126.
Our Data Protection Notices for Specific Products and Services
The SAGA Credit Card and Law Society Credit Card services and accounts have their own Data Protection Notices. The notices are available by clicking on the relevant service below.
What information do we process about you?
Data Protection Law sets rules about how personal data can be used. Personal data means any information relating to living persons. As noted above, in this Data Protection Notice we refer to personal data as ‘information’.
Data Protection Law includes rules about how we can ‘process’ your information. When we use the words “process” or “processing”, we mean doing anything with your information, including collecting it, recording it, organising it, structuring it, storing it, sharing it and changing it.
Our products and services include bank accounts, loans, overdrafts, savings, home loans, cards and other financial services. To provide our products and services and to operate our business, we collect and keep information about you.
In some cases, providing your personal data to us is a contractual requirement or is necessary to enter into a contract with you. In some cases, providing your personal data to us is a statutory requirement. Without your information, we may not be able to offer you all our products and services and/or we may not be able to continue providing products and services to you.
The table below lists the categories of information about you that we may use. The table also explains the terms we use in this Data Protection Notice to describe your information:
Category of information |
What type of information this includes |
---|---|
Personal | Information about you personally like your:
|
Contact details | Information about how to contact you:
|
Information on your Identity | Information that identifies you, such as your:
|
Information about your banking transactions | Information about how you use our banking products and services like:
|
Information about your loans with us | When you take out a loan with us, we will process information about this loan, your repayments and other relevant information which tells us:
|
Information about your security for a loan | Information on security you may have given us to use for a loan, for example a property or another asset. |
Information about your personal circumstances | Information which tells us about your personal circumstances relevant to the products and services we are providing you, including:
|
Information about your location | Information which tells us where:
|
Information from your mobile device or computer or use of our digital services | Information which tells us:
|
Market research | We may collect your information and feedback you provide when engaging in market research initiatives. |
User login and access details | We process login details used to access our services via telephone, online platforms, and mobile banking applications. |
Communication records |
|
Special category data
In addition to the above information, we may collect certain information about you that under Data Protection Law is called ‘special category data’.
Special category data includes:
- Race
- Ethnic origins
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Physical or mental health
- Sex life and/or sexual orientation
- Genetic information
- Biometric information where it is used to uniquely identify you (such as your face on your phone’s camera).
Examples of the types of special category data that we may process about you includes:
- Your physical or mental health information, where we are aware of a decision-making arrangement which relates to you.
- Your health information, where you have advised us that you need additional assistance or support and we may need to take this information into account to provide you with our products and services.
- Your biometric information, to securely identify you when you log on to our online banking products and services.
When we process your special category data, we will rely on one of the following exemptions as set out in Data Protection Law:
- Your explicit consent: In some circumstances, we will ask for your explicit consent to process your special category data. For example, where we process your biometric data to securely identify you when you log on to our online banking services, or where you provide us with information relating to your health as part of your engagement with us to support us in providing you with a product or service.
- Your vital interests or another person’s vital interests: In some circumstances, we may process your special category data where it is necessary to protect your vital interests or the vital interests of another person, where you are physically or legally incapable of giving your explicit consent.
- Substantial public interests: We may process your special category data where it is necessary for reasons of substantial interest, based on the laws of the EU or Ireland. For example, we may process information about your physical or mental health in the context of decision-making arrangements under the Assisted Decision-Making (Capacity) Act 2015.
- Legal claims or proceedings: We may process your special category data where necessary for the establishment, exercise or defence of legal claims.
How we collect your information directly from you
We collect information directly from you, such as when you interact with us online or in person and when you use our products and services and website/mobile applications. The following table lists information we collect directly from you:
Source | Further Information |
Account information | We collect information you give us when you apply for an account or a service with us, for example:
We also collect information when you use our products and services, for example when you:
|
Phone Conversations | We sometimes record phone conversations to train our people, manage our records, improve services and offerings, and/or follow laws and regulations. If we are recording a phone conversation we have with you, we will let you know in advance, for example at the start of the telephone call. |
CCTV | We collect information through CCTV cameras at our branches and offices. We use CCTV for the safety and security of our people, customers, members of the public, assets and buildings. |
Websites, Apps and Cookies | We collect information about your use of our website and apps. We also collect information through ‘cookies’ and similar technologies each time you visit our website or our mobile banking app (the ‘Mobile App’). A ‘cookie’ (or other similar technology) is a text file that is placed on your device or accessed from your device and collects information about you and your device (such as remembering what you do on our website). Some cookies are strictly necessary for our website or Mobile App to work. Other cookies are not strictly necessary, and we will only deploy them where you give your permission to the use of such cookies. You can read more about our cookies on our Cookies Policy |
Other information you provide us | When you contact us through social media sites, we sometimes ask you for your phone number so we can contact you back if you have a problem or want to make a complaint. If you contact us and provide us with additional information (for example, when making a complaint), we will collect and process this information. In some situations, you may provide us with information about other people (for example, where you apply for a mortgage with another person, or in the context of a complaint). You should inform the other person that you are going to provide us with this information before you share the information with us, and you should make them aware of this Data Protection Notice. |
How we collect your information from others
We collect information about you from others. The following is how we collect such information about you:
Information about how you use your bank card | When you use your card to shop online, the following information may be shared with us:
We use this information to help to make sure it is you using your card. This can assist us to identify fraud and scams. We use a security system that helps in our efforts to reduce fraud and scams. This security system also makes it safer for you to shop online. |
Central Credit Register | When you apply for, take out or guarantee a loan (including an overdraft or a credit card), we collect information on you that we get from the Central Credit Register or a credit reference agency. This information, which we get as a credit report, includes your name, date of birth, address, PPSN and details of your past or present credit facilities which are recorded on the register. This information is obtained before offering you a loan to assess your ability to repay and for ongoing credit review, where permitted. We search the Central Credit Register when you apply for a loan to comply with our legal obligations under the Credit Reporting Act 2013. Likewise, where required we share this information about you with the Central Credit Register – refer to ‘How we share information with third parties’ below for more detail. You can find more information on the Central Credit Register:
|
Social media sites and other publicly available sources | We collect information through social media sites, discussion forums, and market research to find out what people are saying about us and other banks. We do not monitor specific persons on social media, and we can only see information that has been made publicly available on social media. The information we collect is used to provide a better service. We do not use the information we may see about you on social media to find out if you are a customer, or to decide to give you a loan. |
Other third parties | We may collect information about you from third parties in the context of the provision of our products and services, for example:
|
When you instruct us to deal with a third party on your behalf | Open Banking
Authorised Third Parties
|
How we collect information about you if you are not a customer
Sometimes we collect and use your information even though you are not a customer of ours. Examples of this include when you are in the process of applying for an account or service with us, or when an account of yours moves from another bank to us before you become a customer.
We also collect and use your information if you are connected to a customer, for example if you are:
- Receiving payments from their account with us
- Guaranteeing their loan
- Their business partner
- A director of their company
- Part of a joint account and your account statements, with your information, are sent to us by our customer as part of a loan application referenced in a document (such as a lease agreement, or utility bill) or other information, provided by our customer as part of their application for a product or service.
Why we use your information
In this section, we tell you about why we use your information and the type of information we use in each case. Under Data Protection Law, we need a legal basis to use your information. This means that we must have a legal justification or reason to use your information. We rely on the following legal bases to process your information:
- Because we are entering into or have a contract with you and need to use your information to carry out that contract;
- To comply with laws and regulations;
- Where the processing is necessary for the performance of a task carried out in the public interest;
- Where you have given us your consent to do so;
- To protect the vital interests of you or another person; and/or
- For our legitimate interests, or the legitimate interests of a third party.
Further detail on Legitimate Interests
Legitimate interests mean our interests (or the interests of a third party, such as a shareholder) which we or the third party wish to achieve when we process your information. Before we process your information based on legitimate interests, we will assess whether the processing in question will adversely impact your rights and freedoms. Examples of legitimate interests include:
- To operate and run our business;
- Providing our services and products to you and our other customers;
- improving our products, services and our customer service, introducing new products and services; and
- Protecting our customers, employees and shareholders.
Further detail on Consent
We may ask you for your consent to use your information:
Sometimes we will ask you for your consent (permission) to process your information (including to send you marketing emails through channels such as email or push notification). Some marketing messages, such as those in the Mobile App, may be delivered based on our legitimate interests. You can manage your preferences at any time through in our Mobile App or by contacting us . You will find more about this in the “Your rights” section of this Data Protection Notice.
If our processing of your information is based on consent that you give to us, you can change your mind about this any time and withdraw your consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before you withdrew it.
If we ever contact you to ask about ways to improve our products and services, it is up to you to decide if you want to answer or not.
Subject to applicable law, you can withdraw your consent at any time by:
- Contacting the AIB staff member you have been dealing with;
- Emailing the Data Protection Officer at DPO@aib.ie;
- Writing to us at Data Protection Officer, 10 Molesworth Street, Dublin 2, D02 R126;
- Updating your preferences in the AIB Mobile App; or by
- Following the instructions in any message you receive.
You can read about the terms we use to describe your information here.
The table below provides more detail on why we use your information, the legal basis for doing so and information we use:
Why we use your information |
Legal basis for using your information |
What information we use |
To comply with laws and regulations. We use your information when required in order to comply with laws and regulations that apply to us. For example, we must comply with consumer protection laws (such as the Consumer Protection Code 2012), anti-money laundering laws (such as the Criminal Justice (Money Laundering) and Terrorist Financing) Act 2010), and assisted decision-making laws (the Assisted Decision Making (Capacity) Act 2015). We may in limited circumstances process criminal conviction data, where we are required or permitted to do so by EU or Irish law or regulation. This could arise, for example, for compliance with our anti-money laundering or countering the financing of terrorism obligations. |
|
|
To check your identity and other details with the aim of preventing fraud. We will use your information to conduct various checks in connection with your use of our products and services, such as to verify your identity, address, and where your money comes from. This may include:
|
|
|
To assess your eligibility for products and services. We will use your information to assess your suitability / eligibility for, and to provide, products and services that are suitable for you. For example:
|
|
|
To understand your financial needs and to improve our products and services. We will use your information to understand your financial needs and to improve our products and services to better understand what you like and want from us, including, for example, to carry out surveys. For example:
|
|
|
To manage and maintain your products and services. We will use your information to maintain your products and services and monitor their usage. For example:
|
|
|
To help to protect you and our business against criminal activity such as fraud and scams. We will use your information to help to protect you, your money and our business from financial crime and fraud and scams. For example:
|
|
|
To analyse customer behaviour and service usage for consideration with respect to business decisions. We will use your information to understand trends regarding our products and services. For example:
|
|
|
To personalise your experience and send marketing communications to you. We will use your information to understand how you use our products and services, and how well we meet your expectations.
|
|
|
To manage operational and compliance risks to protect our customers, employees, and shareholders. We will use your information to identify, manage and mitigate various risks, so we can protect:
This may include using your information when required to identify, manage and protect against risks that arise for our customers and the bank, including creating management information to allow us to provide assurance in the areas of compliance with regulatory and legal obligations, adherence to operational processes, and to manage our network and information security. |
|
|
Marketing our products and services that we think may be relevant and useful to you. We will use your information to market our products and services that may be interesting and relevant to you. For example, to show you a marketing message within the Mobile App. You can manage your preferences at any time in the Mobile App or by contacting us.
|
|
|
To detect false or misleading information. We will use your information to decide if we have been given false or misleading information and if we suspect criminal activity. |
|
|
To enable secure access to digital services. We will use your information to confirm your identity so you can access our services through the technology available on devices more quickly. This may include the processing of biometric data. |
|
|
To deliver products and services with partners and joint ventures. We will use your information to deliver products or services that we provide with companies with whom we have a joint venture or working agreement, such as insurance providers. For example, we may share information with these companies where there is a joint venture or working agreement to allow us offer our customers certain products and services, to enhance the product offerings we have available, and to support customers with queries and complaints. |
|
|
To facilitate loan sales or business transfers. We will use your information if we are going to sell the whole or part of our business, for example where we sell a loan you have with us, or in connection with the sale, securitisation, merger, liquidation, receivership of all or part of our assets.
|
|
|
To manage legal claims and disputes. We will use your information to protect our legal rights and interests, and the legal rights and interests of others. This includes to prepare and progress litigation claims or proceedings taken (or anticipated) by or against us (including for insurance claims management) or respond to complaints, investigations or other regulatory processes involving AIB. This could be in connection with any legal proceedings, claim or dispute that might arise in connection with our relationship with you, our service(s), people, property or assets and may include sharing information within our Group. |
|
|
To support vulnerable customers or in the case of emergencies. We will use your information to ensure we can provide you with our products and services if you are a vulnerable customer or (in rare circumstances) if we think you or another person needs urgent assistance.
|
|
|
To make decisions using computers (automated decision making). |
|
|
To combine data across AIB Group for credit assessment and compliance (Single Customer View). |
|
|
To manage complaints and respond to regulatory investigations. |
|
|
To audit our business and ensure compliance with legal and regulatory standards. |
|
|
To process data received via Open Banking from third-party providers. |
|
|
To use cookies and similar technologies to personalise your experience and improve our products and services. |
|
|
To send out communications including statements and communications required under financial regulations. |
|
|
To respond to and fulfil requests made by individuals in relation to their data protection rights, such as access, rectification, erasure or data portability. |
|
|
To comply with legally binding court orders or warrants issued in the context of civil or criminal proceedings, which may require us to disclose personal data to relevant authorities or parties. |
|
|
To respond to Verification of Payee queries from other financial institutions (whether there is a match to your name, a close match, or no match) when someone tries to make a payment to you. |
|
|
We share your information within the AIB Group and with others, see the “How we share your information within AIB Group” and “How we share information with third parties” sections below for details.
How long we keep your information for
We keep your information as long as necessary for the purposes for which it is processed. We keep your information while you are a customer with us and after that for as long as required or permitted for legal or regulatory reasons, or for our legitimate business purposes, such as to deal with any claim or dispute. We also keep your information, for as long as required under the Consumer Protection Code, when you engage with us about a product or service, but you do not become our customer.
The length of time we keep your information for depends on factors such as:
- the type of service or accounts we have provided to you;
- our need to comply with legislation, for example to comply with anti-money laundering laws;
- our need to comply with other regulatory rules, for example, the rules contained in Consumer Protection Regulations or rules of the Financial Service and Pensions Ombudsman;
- to resolve complaints;
- to prevent fraud or scams;
- to protect our business;
- our need to comply with regulatory investigations;
- if there are or may be ongoing or prospective legal proceedings between us, or with third parties.
How we make automated decisions
- If we make a solely automated decision (that is, a decision made only by technology, without any human involvement) which affects you in a legal or other significant way, you have the right to appeal our decision. One of our staff members will then review the decision.
- This happens, for example, when you apply for a loan or credit card online. We will use the information listed below to help us to decide whether or not it is responsible for us to lend to you, and how much it is responsible for us to lend to you.
- Information about your banking transactions.
- Information about your loans with us.
- Information about your personal circumstances.
- Your credit report from the Central Credit Register.
How we share your information within AIB Group
We share your information within AIB Group (AIB, Goodbody, EBS, Haven, and AIB Group (UK) p.l.c.) to help us:
- provide our products and services;
- verify your information;
- protect our interests in the context of (or in anticipation of) legal claims or proceedings;
- improve our products and services; and
- follow laws and regulations.
As an example, the European Banking Authority (EBA) sets down certain rules which AIB must follow. One of these rules is that we must have one consistent view of our customer’s assets and liabilities throughout the whole AIB Group. In AIB Group, this is called the ‘Single Customer View’ . If you are a customer of more than one member of the AIB Group, we are required to share your information (including information about your loans with us) across the AIB Group to comply with these rules. We use this Single Customer View to assess applications from you for new credit facilities (such as new loans) and to support our review of your existing credit arrangements.
If this happens, we remain the controller of your information and we will process your information in line with this Data Protection Notice. The members of the AIB Group are joint controllers for the purpose of the Single Customer View. If you have any questions about this, please contact us.
How we share information with third parties
- Click here to read about how we describe your information.
Who we share your information with
|
Why we share it
|
What we share
|
Lawful basis for sharing your information |
---|---|---|---|
Payment service providers, payment schemes or systems, such as, Visa, Mastercard, EBA Clearing, SWIFT, SEPA, and digital wallet services.
|
|
|
|
Asset management firms that manage funds for people and companies. |
|
|
|
Companies who provide support services to us, such as Information Technology (IT), software services and maintenance providers, telecommunications providers, cloud software and storage providers, and document storage and printing providers. |
|
|
|
Claim management companies, debt collection agencies and receivers. |
|
|
|
Third-Party Providers that you allow to access your accounts, such as a budgeting service. |
|
|
|
Market research companies. |
|
|
|
Research and analytic companies that study trends and patterns. |
|
|
|
Financial advisors and service providers, such as other banks. |
|
|
|
Insolvency service providers that help people with debt. |
|
|
|
Insurance companies. |
|
|
|
Law enforcement agencies, government bodies. |
|
|
|
Payment software providers such as card reader companies or online payment providers |
|
|
|
Auditors.
|
|
|
|
Consultants. |
|
|
|
Legal advisors. |
|
|
|
Companies (and their advisors) who express an interest in buying part or all our business, including in connection with the sale, loan portfolio sale, securitisation, merger, liquidation, or receivership of all or part of our assets. |
|
|
|
Property management services such as estate agents that value a property. |
|
|
|
Regulators such as the Data Protection Commission, Central Bank of Ireland, European Central Bank and the European Banking Authority. |
|
|
|
Central Credit Register. |
|
|
|
Security operations providers who provide us with security services for our premises and other facilities. |
|
|
|
Security trustees, for example a person or company that manages property, assets for a third party or pension fund managers. |
|
|
|
Joint venture companies, that we work with. |
|
|
|
Affinity Scheme Operators or trade unions that we provide group schemes to. |
|
|
|
State body funding such as Strategic Banking Corporation of Ireland (SBCI) and the First Home Shared Equity Scheme. |
|
|
|
Tracing agents / agencies. |
|
|
|
How we send your information outside the European Economic Area (EEA)
Sometimes, to provide our products and services (for example, to process foreign payments) we will send your information outside the European Economic Area (EEA). In addition, some of our service providers (such as IT service providers and payment processors), contractors and other third parties used to help us provide your products and services are based outside of the EEA. The EEA means the countries in the European Union, Norway, Iceland and Liechtenstein.
We will only send your information to non-EEA countries (such as the UK, the U.S. and India) where one or more of the following applies:
- Where the European Commission has decided that the non-EEA country has an adequate level of protection in place to protect your information. ( The European Commission adequacy decisions are available here ).
- Where the European Commission approved “Standard Contractual Clauses” or “SCCs” are included in our contracts with the organisation in the non-EEA country receiving your information, to ensure that appropriate safeguards are in place to protect your information and your rights in relation to your information. The European Commission SCCs are available for review here with copies of specific SCCs (available on request from our DPO).
- In limited situations, where an exception permitting the transfer applies under the GDPR, such as:
- You have given your explicit permission for the transfer of your information to the non-EEA country.
- The transfer is necessary to perform our contact with you.
- The transfer is necessary for important reasons of public interest.
- The transfer is necessary to establish, exercise or defend legal claims.
- The transfer is necessary to protect your vital interests or the vital interests of another person.
- In respect of certain transfers of your information to the U.S., we may rely on the EU – U.S. Data Privacy Framework where the recipient in the U.S. is certified under that framework.
- We also take measures to ensure that further transfers of information (for example from our service provider to its service provider or group company located outside of the EEA) are carried out in compliance with Data Protection Law.
Your rights
Under Data Protection Law, you have rights about your information. You have the right to:
- access your information and to receive a copy of your information.
- object to processing of your information on grounds relating to your particular situation (where we process your information on the basis of “legitimate interest”). For example, you can opt-out of marketing messages delivered based on our legitimate interests, such as in-app messages, within the Mobile App or by contacting us
- have your information updated and corrected, where it is incorrect.
- have the processing of your information restricted.
- have your information that is stored electronically transferred to you.
- have your information deleted.
- withdraw your consent where we are using your information on the basis of your consent (for example, you can tell us not to send you marketing emails or push notifications). Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal of consent.
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (subject to certain exceptions).
- complain to the Data Protection Commission. Details in respect of this are set out in the ‘If you want to make a complaint’ section below.
Please note that the exercise of the above rights is subject to applicable law. Data Protection Law includes exceptions to the above rights. For example, the rights available to you may depend on our legal basis relied upon for processing your information. More detail on your rights and how to exercise them can be found on the Data Protection Rights page, or by referring to the ‘Contact us’ section below.
We are obliged to respond without undue delay, in most cases within one month of your request. In certain circumstances this period may be extended by a further two months, for example if we cannot fully respond within one month due to the complexity or number of requests.
Marketing Preferences
Please be aware that changes to your marketing preferences may take a short time to process. During this period, you might still receive marketing messages.
Additionally, opting out of marketing will not affect our ability to send you essential service updates, such as changes to your account terms or notifications that we are required to send by law.
Contact us
You can exercise your rights through forms available on our website Data Protection Rights.
In addition, if you have any queries on any aspects of this Data Protection Notice, you may contact us:
- by contacting a branch in person, by phone, post or e-mail
- by emailing us at DPO@aib.ie
If you want to make a complaint
If you are unhappy with the way we process your information including how we collect, use, keep and share it, you have the right to lodge a complaint with our supervisory authority, the Data Protection Commission through its Data Protection website or by writing to the Data Protection Commission at 6 Pembroke Row, Dublin 2, D02 X963, Ireland. We ask that you contact us in the first instance to give us the opportunity to address your concerns.
You can file a complaint with us via our website AIB Help & Guidance Make a Complaint, under the heading ‘Help and guidance’. From here, click on ‘Complaint Form’. You will find instructions on that page on how to make a complaint.
Updates to this notice
We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and services. The ‘Last Updated’ section at beginning of this notice sets out information on when this notice was last updated.
You can always find an up-to-date version of this notice:
- on this website at AIB's Data Protection page.
- at your local branch, or
- by asking us for a copy.