Find a branch

Data Protection Notice

 

 

This is our Data Protection Notice. Here we explain how we do the following:

-         Use information relating to you,

-         share information relating to you and

-         keep the information that we hold about you and that relates to you.

This information is known as personal data and is referred to as “information” in this Data Protection Notice.

We must explain this to you under the General Data Protection Regulation (GDPR) and other data protection laws such as the Irish Data Protection Act 2018 (together Data Protection Law).

Data Protection Law:

  • protects your information and
  • tells us how we can use your information.

You can ask for more details about how we use your information at your local branch, or by:

You are responsible for ensuring the information relating to you that you give us is accurate, complete and up to date. If you give us information relating to another person (for example, a family member), you will need to tell them how to find this notice. You will also need to make sure they do not object to us using information relating to them as described in this notice.

Last updated: September 2025 -  What's new with data protection

Who we are
 

Our Data Protection Notices for Specific Products and Services

What information do we process about you?

(including what is ‘personal data’, ‘information’ and category of information we collect)

How we collect your information directly from you

How we collect your information from others

Why we use your information 

How we share your information within AIB Group

How we share information with third parties

Your rights
 

Contact us
 

If you want to make a complaint

Updates to this notice

Who we are

When we talk about ‘us’ or ‘we’, we are talking about Allied Irish Banks, p.l.c. (Public Limited Company) (AIB) of 10 Molesworth Street, Dublin 2, and the following AIB Group companies:

This Data Protection Notice applies to you if your information is processed by any of the above companies. The company making decisions in relation to your information is the controller of your information, and all references to “us” or “we” should be read as relating to that company.

Our Data Protection Officer is involved in and oversees how we collect, use, share and protect your information. You can write to our Data Protection Officer by:

  • email: DPO@aib.ie, or
  • post: Data Protection Officer, 10 Molesworth Street, Dublin 2, D02 R126.

Back to top

Our Data Protection Notices for Specific Products and Services

 

The SAGA Credit Card and Law Society Credit Card services and accounts have their own Data Protection Notices. The notices are available by clicking on the relevant service below.

Back to top

What information do we process about you?

Data Protection Law sets rules about how personal data can be used. Personal data means any information relating to living persons. As noted above, in this Data Protection Notice we refer to personal data as ‘information’.

Data Protection Law includes rules about how we can ‘process’ your information. When we use the words “process” or “processing”, we mean doing anything with your information, including collecting it, recording it, organising it, structuring it, storing it, sharing it and changing it. 

Our products and services include bank accounts, loans, overdrafts, savings, home loans, cards and other financial services. To provide our products and services and to operate our business, we collect and keep information about you.

In some cases, providing your personal data to us is a contractual requirement or is necessary to enter into a contract with you. In some cases, providing your personal data to us is a statutory requirement. Without your information, we may not be able to offer you all our products and services and/or we may not be able to continue providing products and services to you.

The table below lists the categories of information about you that we may use. The table also explains the terms we use in this Data Protection Notice to describe your information:

Category of information

What type of information this includes
Personal
 
Information about you personally like your:
 
  • Name
  • Date of birth
  • Place of birth
  • Address
  • Gender
  • Marital status
  • Country of residence
  • Tax residency information
  • Tax identification number
Contact details
 
Information about how to contact you:
 
  • Postal address
  • Email address
  • Telephone number(s)
Information on your Identity
 
Information that identifies you, such as your:
 
  • Photo identification (e.g. passport or driver’s licence)
  • Date of birth
  • PPS number
  • Nationality
Information about your banking transactions
Information about how you use our banking products and services like:
     
  • Account Number
  • IBAN
  • Sort Code
  • Debit card number
  • Debit card expiry date
  • Debit card CVV
  • Credit card number
  • Credit card expiry date
  • Credit card CVV
  • The payments you have made or received
  • The amounts of the payments
  • Who you paid 
  • What you spend your money on, including your spending trends
  • The status of your account
  • The amount in your accounts
  • The amounts you borrow
  • When you use a bank card (such as a debit, credit or lodgement card)
Information about your loans with us
 
When you take out a loan with us, we will process information about this loan, your repayments and other relevant information which tells us:
 
  • How much you have borrowed
  • What you borrowed it for
  • The status of your account
  • How much we think you can afford to repay
  • Your Central Credit Register report, which tells us how many loans you have and if you have missed any loan repayments
  • Assets you might have
You can read more about your Central Credit Register report in the section ‘How we collect your information from others’.
Information about your security for a loan Information on security you may have given us to use for a loan, for example a property or another asset.
Information about your personal circumstances Information which tells us about your personal circumstances relevant to the products and services we are providing you, including:

  • If you are working, unemployed, retired or in further education
  • Your income and source of funds
  • Your interactions in relation to any relevant insurance policies
  • Details that might mean you need help from us, for example if you are elderly or have a medical condition
Information about your location  Information which tells us where:

  • You are located when you are using our products and services
  • A transaction was carried out
  • A device you use for our digital services is located
Information from your mobile device or computer or use of our digital services Information which tells us:

  • What device you are using
  • If it has been tampered with
  • How you use our websites and apps and what pages or features you visit. We may also use this information to deliver relevant messages through the Mobile App — for example, to let you know about new features or products and services.
  • Your preferences regarding cookies. Some cookies are strictly necessary for our website or Mobile App to work. Other cookies are not strictly necessary, and we will only deploy them where you give your permission to the use of such cookies. You can read more about our cookies on our Cookies Policy.
Market research We may collect your information and feedback you provide when engaging in market research initiatives.
User login and access details We process login details used to access our services via telephone, online platforms, and mobile banking applications.
Communication records
  • In person conversations
  • Telephone calls
  • Email
  • Website messages
  • Social media communications
  • Application form details
  • Other written correspondence


Special category data

In addition to the above information, we may collect certain information about you that under Data Protection Law is called ‘special category data’. 

Special category data includes:

  • Race
  • Ethnic origins
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Physical or mental health
  • Sex life and/or sexual orientation
  • Genetic information
  • Biometric information where it is used to uniquely identify you (such as your face on your phone’s camera).

Examples of the types of special category data that we may process about you includes:

  • Your physical or mental health information, where we are aware of a decision-making arrangement which relates to you.
  • Your health information, where you have advised us that you need additional assistance or support and we may need to take this information into account to provide you with our products and services.
  • Your biometric information, to securely identify you when you log on to our online banking products and services.

When we process your special category data, we will rely on one of the following exemptions as set out in Data Protection Law:

  • Your explicit consent: In some circumstances, we will ask for your explicit consent to process your special category data. For example, where we process your biometric data to securely identify you when you log on to our online banking services, or where you provide us with information relating to your health as part of your engagement with us to support us in providing you with a product or service.
  • Your vital interests or another person’s vital interests: In some circumstances, we may process your special category data where it is necessary to protect your vital interests or the vital interests of another person, where you are physically or legally incapable of giving your explicit consent.
  • Substantial public interests: We may process your special category data where it is necessary for reasons of substantial interest, based on the laws of the EU or Ireland. For example, we may process information about your physical or mental health in the context of decision-making arrangements under the Assisted Decision-Making (Capacity) Act 2015.
  • Legal claims or proceedings:  We may process your special category data where necessary for the establishment, exercise or defence of legal claims.

Back to top

How we collect your information directly from you

We collect information directly from you, such as when you interact with us online or in person and when you use our products and services and website/mobile applications. The following table lists information we collect directly from you:

Source Further Information
Account information

We collect information you give us when you apply for an account or a service with us, for example:

  • A current account;
  • A deposit account; or
  • A loan.

We also collect information when you use our products and services, for example when you:

  • Use your bank card;
  • Ask us for advice;
  • Carry out transactions; and/or
  • Pay back a loan.
Phone Conversations We sometimes record phone conversations to train our people, manage our records, improve services and offerings, and/or follow laws and regulations. If we are recording a phone conversation we have with you, we will let you know in advance, for example at the start of the telephone call. 
CCTV We collect information through CCTV cameras at our branches and offices. We use CCTV for the safety and security of our people, customers, members of the public, assets and buildings.
Websites, Apps and Cookies We collect information about your use of our website and apps. We also collect information through ‘cookies’ and similar technologies each time you visit our website or our mobile banking app (the ‘Mobile App’). A ‘cookie’ (or other similar technology) is a text file that is placed on your device or accessed from your device and collects information about you and your device (such as remembering what you do on our website). Some cookies are strictly necessary for our website or Mobile App to work. Other cookies are not strictly necessary, and we will only deploy them where you give your permission to the use of such cookies. You can read more about our cookies on our Cookies Policy
Other information you provide us

When you contact us through social media sites, we sometimes ask you for your phone number so we can contact you back if you have a problem or want to make a complaint.   

If you contact us and provide us with additional information (for example, when making a complaint), we will collect and process this information.

In some situations, you may provide us with information about other people (for example, where you apply for a mortgage with another person, or in the context of a complaint). You should inform the other person that you are going to provide us with this information before you share the information with us, and you should make them aware of this Data Protection Notice. 

 

Back to top

How we collect your information from others

We collect information about you from others.  The following is how we collect such information about you:

Information about how you use your bank card
 

When you use your card to shop online, the following information may be shared with us:

  • Your email address
  • Your billing address
  • Your browser address
  • Whether you used the site before

We use this information to help to make sure it is you using your card. This can assist us to identify fraud and scams. We use a security system that helps in our efforts to reduce fraud and scams. This security system also makes it safer for you to shop online. 
Central Credit Register

When you apply for, take out or guarantee a loan (including an overdraft or a credit card), we collect information on you that we get from the Central Credit Register or a credit reference agency. This information, which we get as a credit report, includes your name, date of birth, address, PPSN and details of your past or present credit facilities which are recorded on the register.

This information is obtained before offering you a loan to assess your ability to repay and for ongoing credit review, where permitted. We search the Central Credit Register when you apply for a loan to comply with our legal obligations under the Credit Reporting Act 2013. 

Likewise, where required we share this information about you with the Central Credit Register – refer to ‘How we share information with third parties’ below for more detail.

You can find more information on the Central Credit Register:

 
Social media sites and other publicly available sources 

We collect information through social media sites, discussion forums, and market research to find out what people are saying about us and other banks.

We do not monitor specific persons on social media, and we can only see information that has been made publicly available on social media. The information we collect is used to provide a better service. We do not use the information we may see about you on social media to find out if you are a customer, or to decide to give you a loan.

 
Other third parties 

We may collect information about you from third parties in the context of the provision of our products and services, for example:

  • If you are a company director, sole trader, or a business in partnership, we may collect information about you, and your company, from the Companies Registration Office (CRO).

  • From another bank or financial institution, for example if you move your banking products and services to us from another bank or financial institution.

  • Where we buy a business, or part of a business, or a loan from a third party.

  • As part of a joint application (for example, a joint current account, mortgage, or other loan) the person applying for the service jointly with you may provide us with your information.

  • When you apply for a loan against a property, we will collect the energy rating information about the property from an online register, such as the Sustainable Energy Authority of Ireland (SEAI).
When you instruct us to deal with a third party on your behalf
 

Open Banking

  • Under Open Banking you can choose to let what is called a ‘third-party provider’ (TPP) see your account and use information from it. For example, you might allow a budgeting service to see your account online and use some or all of the information if you are in financial difficulty. If you allow a TPP to see your account, you will also need to tell the people with whom you share the account. Once the TPP has access to your account, the TPP may share information with us such as information about your banking transactions.

  • Learn more information on Open Banking

  • It is important to remember that if you have a joint or multi-party account, the other account holders you share an account with can also share the account information with a TPP.

Authorised Third Parties

  • If you engage with us through a broker or other agent or representative, such as your accountant, or, in circumstances where you may be in financial difficulty, through a Personal Insolvency Practitioner (for example with the Money Advice and Budgeting Service (MABS)), we may share information with, and receive your information from, your representative.

 

How we collect information about you if you are not a customer

Sometimes we collect and use your information even though you are not a customer of ours. Examples of this include when you are in the process of applying for an account or service with us, or when an account of yours moves from another bank to us before you become a customer. 

We also collect and use your information if you are connected to a customer, for example if you are:

  • Receiving payments from their account with us
  • Guaranteeing their loan
  • Their business partner
  • A director of their company
  • Part of a joint account and your account statements, with your information, are sent to us by our customer as part of a loan application referenced in a document (such as a lease agreement, or utility bill) or other information, provided by our customer as part of their application for a product or service.

Back to top

Why we use your information

In this section, we tell you about why we use your information and the type of information we use in each case. Under Data Protection Law, we need a legal basis to use your information. This means that we must have a legal justification or reason to use your information. We rely on the following legal bases to process your information:

  • Because we are entering into or have a contract with you and need to use your information to carry out that contract;
  • To comply with laws and regulations;
  • Where the processing is necessary for the performance of a task carried out in the public interest;
  • Where you have given us your consent to do so;
  • To protect the vital interests of you or another person; and/or
  • For our legitimate interests, or the legitimate interests of a third party.

Further detail on Legitimate Interests

Legitimate interests mean our interests (or the interests of a third party, such as a shareholder) which we or the third party wish to achieve when we process your information. Before we process your information based on legitimate interests, we will assess whether the processing in question will adversely impact your rights and freedoms. Examples of legitimate interests include:

  • To operate and run our business;
  • Providing our services and products to you and our other customers;
  • improving our products, services and our customer service, introducing new products and services; and
  • Protecting our customers, employees and shareholders.

Further detail on Consent

We may ask you for your consent to use your information:

Sometimes we will ask you for your consent (permission) to process your information (including to send you marketing emails through channels such as email or push notification). Some marketing messages, such as those in the Mobile App, may be delivered based on our legitimate interests. You can manage your preferences at any time through in our Mobile App or by contacting us . You will find more about this in the “Your rights” section of this Data Protection Notice. 

If our processing of your information is based on consent that you give to us, you can change your mind about this any time and withdraw your consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before you withdrew it.

If we ever contact you to ask about ways to improve our products and services, it is up to you to decide if you want to answer or not.

Subject to applicable law, you can withdraw your consent at any time by:

  • Contacting the AIB staff member you have been dealing with;

  • Emailing the Data Protection Officer at DPO@aib.ie;

  • Writing to us at Data Protection Officer, 10 Molesworth Street, Dublin 2, D02 R126;

  • Updating your preferences in the AIB Mobile App; or by

  • Following the instructions in any message you receive.

You can read about the terms we use to describe your information here.

The table below provides more detail on why we use your information, the legal basis for doing so and information we use:

Why we use your information

Legal basis for using your information

What information we use

To comply with laws and regulations.

We use your information when required in order to comply with laws and regulations that apply to us. For example, we must comply with consumer protection laws (such as the Consumer Protection Code 2012), anti-money laundering laws (such as the Criminal Justice (Money Laundering) and Terrorist Financing) Act 2010), and assisted decision-making laws (the Assisted Decision Making (Capacity) Act 2015).

We may in limited circumstances process criminal conviction data, where we are required or permitted to do so by EU or Irish law or regulation.  This could arise, for example, for compliance with our anti-money laundering or countering the financing of terrorism obligations.
  • To comply with laws that apply to us (legal obligation).
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances

To check your identity and other details with the aim of preventing fraud.

We will use your information to conduct various checks in connection with your use of our products and services, such as to verify your identity, address, and where your money comes from. This may include:

  • analysing and investigating account and transactional activity to identify potential fraudulent transactions or patterns; and

  • processing information to complete transactions securely.

     
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in helping to protect our business and customers. These checks help to maintain the safety, integrity, and lawful use of our products and services.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us

To assess your eligibility for products and services.

We will use your information to assess your suitability / eligibility for, and to provide, products and services that are suitable for you. For example:

  • to give you an indication regarding whether you are eligible for a product or service.

  • to assess and process your applications for products and services.
  • To comply with laws that apply to us (legal obligation).
  • To take steps prior to entering a contract with you (contractual necessity).
  • For the legitimate interests in offering products and services that are suitable and relevant to you. This helps us to ensure that we provide appropriate and responsible financial products and services to our customers. 
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your security for a loan
  • Information about your personal circumstances
  • Information about your loans with us
  • Communication records

To understand your financial needs and to improve our products and services.

We will use your information to understand your financial needs and to improve our products and services to better understand what you like and want from us, including, for example, to carry out surveys.

For example:

  • Using your information to understand how you are interacting with our digital channels to identify areas for improvement.

  • Using your information to analyse and understand the effectiveness of our customer communications and to help improve our communications.
  • For the legitimate interests in conducting and manage our business and help to ensure that we are delivering suitable and appropriate products and services to our customers. 
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your personal circumstances
  • Communication records
  • Information from your mobile device or computer or use of our digital services 

To manage and maintain your products and services.

We will use your information to maintain your products and services and monitor their usage. For example:

  • to manage and administer your accounts, insurance policies, or other products and services.

  • to manage and maintain our relationship with you as part of ongoing customer service interactions.

  • to monitor and record phone calls between you and any member of our teams.

  • to process payments that are paid to you or by you.
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in understanding your financial needs and improving our products and services. These activities help us to provide products and services and communications that better meet your requirements.
  • To perform the contract we have with you (contractual necessity).
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances
  • Communication records

To help to protect you and our business against criminal activity such as fraud and scams.

We will use your information to help to protect you, your money and our business from financial crime and fraud and scams. For example:

  • Attempting to prevent fraud in instances where you may be vulnerable to such activities and we need to set up the relevant support for you, if necessary.
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in helping to protect you and our business from crime, fraud and scams. These measures are aimed at helping to protect your assets and ensure the integrity of our products and services.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your location
  • Information from your mobile device or computer or use of our digital services
  • Information about your personal circumstances
  • Communication records

To analyse customer behaviour and service usage for consideration with respect to business decisions.

We will use your information to understand trends regarding our products and services.  For example:

  • analysing information to increase our awareness of customer behaviour, understanding changing patterns and trends of activity among our customer base.

  • to gain better insights into our customer base and the products they hold and how they engage with those products on different channels. This will help us to inform future product and service development.

    •  
  • For the legitimate interests in understanding customer behaviour and service usage to support informed business decisions. This helps us improve our existing products and services and assists with preparing future offerings that are relevant and useful to our customers.
  • You give us your permission (consent).
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your personal circumstances
  • Information about your location
  • Information from your mobile device or computer or use of our digital services
  • Your feedback (e.g. in surveys)

To personalise your experience and send marketing communications to you.

We will use your information to understand how you use our products and services, and how well we meet your expectations.

 

 
  • You give us your permission (consent).
  • For the legitimate interests in understanding how you use our products and services and how we meet your needs and expectations. This helps us provide communications and offerings that are relevant and useful to you.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your personal circumstances
  • Information about your location
  • Information from your mobile device or computer or use of our digital services
  • Market research

To manage operational and compliance risks to protect our customers, employees, and shareholders.

We will use your information to identify, manage and mitigate various risks, so we can protect:

  • our customers and their money

  • our employees

  • our shareholders. 

This may include using your information when required to identify, manage and protect against risks that arise for our customers and the bank, including creating management information to allow us to provide assurance in the areas of compliance with regulatory and legal obligations, adherence to operational processes, and to manage our network and information security.
  • For legitimate interests in identifying, managing and mitigating operational and compliance risks. This helps to support the safe and responsible delivery of our products and services to our customers and helps to support the proper functioning of financial services in Ireland.
  • To comply with laws that apply to us (legal obligation).
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances
  • Information from your mobile device or computer or use of our digital services
  • Information about your location
  • Communication records

Marketing our products and services that we think may be relevant and useful to you.

We will use your information to market our products and services that may be interesting and relevant to you. For example, to show you a marketing message within the Mobile App. You can manage your preferences at any time in the Mobile App or by contacting us. 

 

 
  • You give us your permission (consent).
  • For legitimate interests in promoting our products and services to you and offering products and services that we consider are likely to be of relevance and useful to you.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances
  • Information about your location
  • Information from your mobile device or computer or use of our digital services

To detect false or misleading information.

We will use your information to decide if we have been given false or misleading information and if we suspect criminal activity.
  • To comply with laws that apply to us (legal obligation).
  • For legitimate interests to help to ensure and maintain the integrity of our products and services, help to protect our customers and business and comply with legal and regulatory obligations. This also helps to support the proper functioning of financial services in Ireland. 
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your location
  • Information from your mobile device or computer or use of our digital services
  • Communication records

To enable secure access to digital services.

We will use your information to confirm your identity so you can access our services through the technology available on devices more quickly. This may include the processing of biometric data. 
  • You give us your permission (explicit consent).
  • To perform the contract we have with you (contractual necessity).
  • Personal, contact details and information on your identity
  • Information about your location
  • Information from your mobile device or computer or use of our digital services
  • User login and access details

To deliver products and services with partners and joint ventures.

We will use your information to deliver products or services that we provide with companies with whom we have a joint venture or working agreement, such as insurance providers. For example, we may share information with these companies where there is a joint venture or working agreement to allow us offer our customers certain products and services, to enhance the product offerings we have available, and to support customers with queries and complaints.
  • To perform the contract we have with you (contractual necessity).
  • For legitimate interests in delivering products and services through our partners and joint ventures. These collaborations help us to better serve our customers through enhanced services, support, customer dealings and enhanced product offerings.
  • You give us your permission (explicit consent). 
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your personal circumstances
  • Information about your loans with us
  • Information about your security for a loan

To facilitate loan sales or business transfers.

We will use your information if we are going to sell the whole or part of our business, for example where we sell a loan you have with us, or in connection with the sale, securitisation, merger, liquidation, receivership of all or part of our assets. 

 
  • For legitimate interests in ensuring the facilitation of business changes such as loan sales or other transfers.

 
  • Personal, contact details and information on your identity
  • information about your loans with us
  • information about your security for a loan

 

To manage legal claims and disputes.

We will use your information to protect our legal rights and interests, and the legal rights and interests of others.  This includes to prepare and progress litigation claims or proceedings taken (or anticipated) by or against us (including for insurance claims management) or respond to complaints, investigations or other regulatory processes involving AIB. This could be in connection with any legal proceedings, claim or dispute that might arise in connection with our relationship with you, our service(s), people, property or assets and may include sharing information within our Group.
  • To comply with laws that apply to us (legal obligation).
  • For legitimate interests in managing legal claims and disputes to protect our rights and interests and those of others.
  • Where necessary for the establishment, exercise or defence of legal claims.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances (including, where necessary, your special category data)
  • Information from your mobile device or computer or use of our digital services
  • Information about your location
  • Communication records

To support vulnerable customers or in the case of emergencies.

We will use your information to ensure we can provide you with our products and services if you are a vulnerable customer or (in rare circumstances) if we think you or another person needs urgent assistance.  

 
  • To comply with laws that apply to us (legal obligation).
  • To protect the vital interests of you or another person
  • Substantial public interest.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your personal circumstances (including, where necessary, your special category data)
  • Information about your location

To make decisions using computers (automated decision making).
  • To perform the contract we have with you (contractual necessity).
  • You give us your permission (consent).
  • Personal, contact details and information on your identit
  • Loan information
  • Information about your banking transactions

 

To combine data across AIB Group for credit assessment and compliance (Single Customer View).
  • To comply with laws that apply to us (legal obligation) (e.g. European Banking Authority requirements in relation to loan origination and monitoring).
  • For legitimate interests, so that we can conduct and manage our business effectively and efficiently which in turn helps to ensure that we can provide our products and services in a timely and appropriate manner.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions

To manage complaints and respond to regulatory investigations.
  • To comply with laws that apply to us (legal obligation).
  • For legitimate interests in managing complaints, responding to regulatory investigations and defending our rights and interests. This includes using your information to handle customer concerns, cooperate with regulators and support any necessary inquiries or reviews. These activities help us maintain transparency, accountability and compliance with legal obligations. 
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Communication records

To audit our business and ensure compliance with legal and regulatory standards. 
  • For legitimate interests, so that we can conduct and manage our business effectively and efficiently and ensure that resources are allocated appropriately. These activities help us operate responsibly and protect our customers, employees and stakeholders.
  • To comply with laws that apply to us (legal obligation).
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Communication records

To process data received via Open Banking from third-party providers.
  • To perform the contract we have with you (contractual necessity).
  • You give us your permission (consent).
  • To comply with laws that apply to us (legal obligation) (the Payment Services Regulations).
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Communication records
  • Information about your personal circumstances

To use cookies and similar technologies to personalise your experience and improve our products and services.
  • You give us your permission (consent).
  • Information from your mobile device or computer or use of our digital services

To send out communications including statements and communications required under financial regulations.
  • To comply with laws that apply to us (legal obligation).
  • For our legitimate interests in maintaining transparent and compliant customer communications and ensuring that our customers are appropriately informed. 
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans with us

To respond to and fulfil requests made by individuals in relation to their data protection rights, such as access, rectification, erasure or data portability.
  • To comply with the laws that apply to us (legal obligation).
  • Personal, contact and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Communication records
  • Any other data that is relevant in respect of the request

To comply with legally binding court orders or warrants issued in the context of civil or criminal proceedings, which may require us to disclose personal data to relevant authorities or parties.
  • To comply with the laws that apply to us (legal obligation).
  • Personal, contact and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Communication records
  • Any other data that is relevant in respect of the order

To respond to Verification of Payee queries from other financial institutions (whether there is a match to your name, a close match, or no match) when someone tries to make a payment to you. 
  • To comply with the laws that apply to us (legal obligation) ((SEPA) Instant Payment Regulations).
  • Personal, contact and information on your identity

 

We share your information within the AIB Group and with others, see the “How we share your information within AIB Group” and “How we share information with third parties” sections below for details.

How long we keep your information for

We keep your information as long as necessary for the purposes for which it is processed. We keep your information while you are a customer with us and after that for as long as required or permitted for legal or regulatory reasons, or for our legitimate business purposes, such as to deal with any claim or dispute. We also keep your information, for as long as required under the Consumer Protection Code, when you engage with us about a product or service, but you do not become our customer.

The length of time we keep your information for depends on factors such as:

  • the type of service or accounts we have provided to you;
  • our need to comply with legislation, for example to comply with anti-money laundering laws;
  • our need to comply with other regulatory rules, for example, the rules contained in Consumer Protection Regulations or rules of the Financial Service and Pensions Ombudsman;
  • to resolve complaints;
  • to prevent fraud or scams;
  • to protect our business;
  • our need to comply with regulatory investigations;
  • if there are or may be ongoing or prospective legal proceedings between us, or with third parties.

 

How we make automated decisions

  • If we make a solely automated decision (that is, a decision made only by technology, without any human involvement) which affects you in a legal or other significant way, you have the right to appeal our decision. One of our staff members will then review the decision. 

  • This happens, for example, when you apply for a loan or credit card online. We will use the information listed below to help us to decide whether or not it is responsible for us to lend to you, and how much it is responsible for us to lend to you.
    • Information about your banking transactions.
    • Information about your loans with us.
    • Information about your personal circumstances.
    • Your credit report from the Central Credit Register.

Back to top

How we share your information within AIB Group

We share your information within AIB Group (AIB, Goodbody, EBS, Haven, and AIB Group (UK) p.l.c.) to help us:

  • provide our products and services;
  • verify your information;
  • protect our interests in the context of (or in anticipation of) legal claims or proceedings;
  • improve our products and services; and
  • follow laws and regulations.

As an example, the European Banking Authority (EBA) sets down certain rules which AIB must follow. One of these rules is that we must have one consistent view of our customer’s assets and liabilities throughout the whole AIB Group. In AIB Group, this is called the ‘Single Customer View’ . If you are a customer of more than one member of the AIB Group, we are required to share your information (including information about your loans with us) across the AIB Group to comply with these rules. We use this Single Customer View to assess applications from you for new credit facilities (such as new loans) and to support our review of your existing credit arrangements.

If this happens, we remain the controller of your information and we will process your information in line with this Data Protection Notice. The members of the AIB Group are joint controllers for the purpose of the Single Customer View. If you have any questions about this, please contact us.

Back to top

How we share information with third parties

We share your information with third parties to help us to provide our products and services to you, to manage our business more efficiently and for legal and regulatory reasons. You can read more about the information we share with third parties in the table on the following section.
 

 

Who we share your information with
Why we share it
What we share
 Lawful basis for sharing your information
Payment service providers, payment schemes or systems, such as, Visa, Mastercard, EBA Clearing, SWIFT, SEPA, and digital wallet services.

 
  • To provide products and services to you.
  • Information about your banking transactions
  • Personal and contact details
  • For the performance of the contract we have with you (contractual necessity).
  • For the legitimate interests in providing financial products and services to our customers.
Asset management firms that manage funds for people and companies.
  • To provide products and services to you.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Information about your security for a loan
  • For the legitimate interests in offering financial products and services that are relevant to our customers.
  • For the performance of the contract we have with you (contractual necessity).
Companies who provide support services to us, such as Information Technology (IT), software services and maintenance providers, telecommunications providers, cloud software and storage providers, and document storage and printing providers.   
  • To provide products and services to you.
  • Personal and contact details
  • Information about your accounts with us
  • Information about your banking transactions
  • Information about your loans with us
  • Information about your security for a loan
  • For the legitimate interests in us maintaining secure and efficient business systems, and processes, which in turn helps us to provide our products and services to our customers.
Claim management companies, debt collection agencies and receivers.
  • To service the accounts you have with us.
  • To collect money you may owe us.
  • Information about your banking transactions
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your security for a loan
  • For performance of the contract we have with you (contractual necessity).
  • For the legitimate interest in providing effective products and services to our customers.
Third-Party Providers that you allow to access your accounts, such as a budgeting service.
  • To provide products and services to you.
  • To share information that may help you when you are in financial difficulty or need extra support.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Information about your personal circumstances
  • Any other information you want us to share
  • To comply with laws that apply to us (legal obligation).
  • You give us your permission (explicit consent).
  • For performance of the contract we have with you (contractual necessity).
Market research companies.
  • To find out more about your experiences with us, so that we can improve our products and services.
  • Personal, contact details and information on your identity
  • Market research
  • For the legitimate interests in enhancing customer satisfaction and service quality and to help ensure that customers are provided with relevant products and services that address their needs.
  • You give us your permission (explicit consent).
Research and analytic companies that study trends and patterns.
  • To help us and them to understand trends which we use to improve products and services.
  • Personal and contact details
  • Information about your loans with us
  • Information about your security for a loan
  • Information about your banking transactions
  • For legitimate interests in enhancing customer satisfaction and service quality and to help ensure that customers are provided with relevant products and services that address their needs.
Financial advisors and service providers, such as other banks.
  • To provide products and services to you.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Information about your security for a loan
  • For the legitimate interests in offering financial products and services to our customers.
  • For the performance of the contract we have with you (contractual necessity).
Insolvency service providers that help people with debt.
  • To assist you in managing money you may owe to us.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Information about your security for a loan
  • Information about your personal circumstances
  • For the legitimate interests in offering relevant financial products and services to our customers.
  • To comply with laws that apply to us (legal obligation) (under insolvency legislation).
Insurance companies.
  • To provide products and services to you.
  • To manage claims. 
  • Personal, contact details and information on your identity
  • Details of relevant insurance claims
  • Information about your personal circumstances
  • For the performance of the contract we have with you (contractual necessity).
  • For the legitimate interests in supporting our customers’ financial needs and to help ensure effective claims management. 
Law enforcement agencies, government bodies.
  • To assist with investigations into possible crime and to help recover your money if you are a victim of fraud and scams.
  • To protect you, your money and our interests.
  • To comply with laws and regulations inside and outside Ireland.
  • Personal, contact details and information on your identity
  • Information we reasonably believe is true about you and your money that we must share under law
  • Information that helps to protect your interests and ours.
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in preventing crime and ensuring regulatory compliance, which in turn helps to ensure the proper functioning of financial services in Ireland.
Payment software providers such as card reader companies or online payment providers
  • To provide products and services to you.
  • Personal and contact details
  • Information about your banking transactions
  • For performance of the contract we have with you (contractual necessity).
  • For the legitimate interests in providing effective financial products and services to our customers.
Auditors.
  • To audit the bank.
  • To protect your interests and ours.
  • To provide products and services to you.
  • To comply with laws and regulations inside and outside Ireland.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans and accounts
  • Information about your security for a loan
  • Information about any other agreements you have with us
  • Information about complaints you have made about us
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in offering and providing products and services to our customers, and in ensuring that we can implement efficient and efficient business processes.
  • For the legitimate interests in helping to ensure that your interests and ours are protected and defended where necessary. 
Consultants.
  • To receive expert advice on business strategy, operations, technology, HR matters and/or other matters.
  • Personal, contact details and information on your identity
  • Information about your banking transactions
  • Information about your loans and accounts
  • Information about your security for a loan
  • Information about any other agreements you have with us
  • Information about complaints you have made about us
  • For the legitimate interests in offering and providing products and services to our customers, and in ensuring that we can implement efficient business processes.
  • For the legitimate interests in improving business efficiency. 
Legal advisors.
  • To receive legal advice.
  • To protect your interests and ours.
  • To comply with laws and regulations inside and outside Ireland.
  • To manage disputes.
  • Personal, contact details and information on your identity
  • Information about your loans and accounts
  • Information about complaints you have made about us
  • Information about any other agreements you have with us
  • Information about your personal circumstance (including where necessary, your special category data).
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in helping to ensure that our position and where relevant, the position of others, is compliant and protected and to help ensure we can defend our interests and, where relevant, the interests of others.
  • For the legitimate interests in engaging with and managing complaints and other related matters to ensure that our position is accurately represented and protected.
  • Where necessary for the establishment, exercise or defence of legal claims.
Companies (and their advisors) who express an interest in buying part or all our business, including in connection with the sale, loan portfolio sale, securitisation, merger, liquidation, or receivership of all or part of our assets.
  • To transfer your debts, such as transferring your mortgage, to another lender or provider.
  • To assess value, to perform due diligence.
  • To facilitate the ongoing management of assets
  • Personal and contact details
  • Information about your loans with us
  • Information about your security for a loan
  • For the legitimate interests in supporting the proposed (and actual) transaction including where due diligence is being conducted, as this would be to the benefit of AIB’s business.
  • For the legitimate interests in facilitating the ongoing management of assets which is to the benefit of AIB’s business and, where relevant, our customers.
Property management services such as estate agents that value a property. 
  • To provide products and services to you.
  • Personal, contact details and information on your identity
  • information about your loans with us
  • information about your security for a loan
  • For the legitimate interests in providing products and services that are relevant for and required by our customers. This benefits AIB’s business and AIB’s customers.
  • For the performance of the contract we have with you (contractual necessity).
Regulators such as the Data Protection Commission, Central Bank of Ireland, European Central Bank and the European Banking Authority.
  • To assist in the prevention of crime.
  • To comply with laws and regulations.
  • To manage any complaints from customers or regulators.
  • Personal, contact details and information on your identity
  • Information about your accounts with us
  • Information about your banking transactions
  • Information about complaints you have made
  • To comply with laws that apply to us (legal obligation).
  • For the legitimate interests in ensuring AIB’s position is accurately represented and protected.
Central Credit Register.
  • To provide products and services to you.
  • To comply with laws and regulations, particularly the Credit Reporting Act 2013.
  • Personal, contact details and information on your identity
  • Information about your loans with us, or any loans you provided a guarantee for where the loan is held with us
  • To comply with laws that apply to us (legal obligation).
Security operations providers who provide us with security services for our premises and other facilities.
  • To protect our customers and employees.
  • To assist in crime prevention.
  • Personal, contact details and information on your identity
  • CCTV images
  • For the legitimate interests in helping to provide secure financial services to protect our assets, prevent unauthorised access and maintain operational integrity.
Security trustees, for example a person or company that manages property, assets for a third party or pension fund managers.
  • To provide products and services to you.
  • Personal, contact details and information on your identity
  • Information about your loans with us
  • Information about your banking transactions
  • Information about your security for a loan
  • For legitimate interests in helping to provide secure financial services to protect our assets, prevent unauthorised access and maintain operational integrity.
  • For the performance of the contract we have with you (contractual necessity).
Joint venture companies, that we work with.
  • To provide products and services to you.
  • To help us and them to understand trends which we use to improve products and services.
  • Personal, contact details and information on your identity
  • Information about accounts, products, and services you have applied for, or hold with us
  • For the legitimate interests in offering financial products and services to our customers. This benefits AIB’s business and AIB’s customers.
  • For performance of the contract we have with you (contractual necessity).
Affinity Scheme Operators or trade unions that we provide group schemes to. 
  • To provide products and services to you as a member of those groups.
  • To help us and them to understand trends which we use to improve products and services.
  • Personal and contact details
  • For the legitimate interests in offering financial products and services to our customers. This benefits AIB’s business and AIB’s customers.
  • For performance of the contract we have with you (contractual necessity).
State body funding such as Strategic Banking Corporation of Ireland (SBCI) and the First Home Shared Equity Scheme. 
  • To provide products and services to you.
  • These organisations may combine this information with other information they hold from other companies.
  • This information helps us and them to understand trends which we use to improve products and services.
  • Personal and contact details
  • Relevant information about your loans with us
  • For the legitimate interests in offering financial products and services to our customers. This benefits AIB’s business and AIB’s customers.
  • For performance of the contract we have with you (contractual necessity).
Tracing agents / agencies.
  • To protect our interests and yours (for example, to locate customers where there has been an error or overpayment and money needs to be returned to customers).
  • Our legitimate interests in ensuring loans are repaid or balances refunded.
  • Personal and contact details
  • Information about your accounts with us
  • Information about your loans with us
  • Information about your security for a loan
  • For the legitimate interests in ensuring loans are repaid. This benefits AIB’s business. For the legitimate interests in balances being refunded. 

 

How we send your information outside the European Economic Area (EEA)

Sometimes, to provide our products and services (for example, to process foreign payments) we will send your information outside the European Economic Area (EEA).  In addition, some of our service providers (such as IT service providers and payment processors), contractors and other third parties used to help us provide your products and services are based outside of the EEA. The EEA means the countries in the European Union, Norway, Iceland and Liechtenstein. 

We will only send your information to non-EEA countries (such as the UK, the U.S. and India) where one or more of the following applies:

  • Where the European Commission has decided that the non-EEA country has an adequate level of protection in place to protect your information. ( The European Commission adequacy decisions are available here ).

  • Where the European Commission approved “Standard Contractual Clauses” or “SCCs” are included in our contracts with the organisation in the non-EEA country receiving your information, to ensure that appropriate safeguards are in place to protect your information and your rights in relation to your information. The European Commission SCCs are available for review here with copies of specific SCCs (available on request from our DPO).
  • In limited situations, where an exception permitting the transfer applies under the GDPR, such as:
    • You have given your explicit permission for the transfer of your information to the non-EEA country.
    • The transfer is necessary to perform our contact with you.
    • The transfer is necessary for important reasons of public interest.
    • The transfer is necessary to establish, exercise or defend legal claims.
    • The transfer is necessary to protect your vital interests or the vital interests of another person.

  • In respect of certain transfers of your information to the U.S., we may rely on the EU – U.S. Data Privacy Framework where the recipient in the U.S. is certified under that framework.

  • We also take measures to ensure that further transfers of information (for example from our service provider to its service provider or group company located outside of the EEA) are carried out in compliance with Data Protection Law.

 

Back to top

Your rights

Under Data Protection Law, you have rights about your information. You have the right to:

  • access your information and to receive a copy of your information.
  • object to processing of your information on grounds relating to your particular situation (where we process your information on the basis of “legitimate interest”). For example, you can opt-out of marketing messages delivered based on our legitimate interests, such as in-app messages, within the Mobile App or by contacting us
  • have your information updated and corrected, where it is incorrect.
  • have the processing of your information restricted.
  • have your information that is stored electronically transferred to you.
  • have your information deleted.
  • withdraw your consent where we are using your information on the basis of your consent (for example, you can tell us not to send you marketing emails or push notifications). Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal of consent.
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (subject to certain exceptions).
  • complain to the Data Protection Commission. Details in respect of this are set out in the ‘If you want to make a complaint’ section below.

Please note that the exercise of the above rights is subject to applicable law. Data Protection Law includes exceptions to the above rights.  For example, the rights available to you may depend on our legal basis relied upon for processing your information. More detail on your rights and how to exercise them can be found on the Data Protection Rights page, or by referring to the ‘Contact us’ section below.

We are obliged to respond without undue delay, in most cases within one month of your request.  In certain circumstances this period may be extended by a further two months, for example if we cannot fully respond within one month due to the complexity or number of requests.

Marketing Preferences

Please be aware that changes to your marketing preferences may take a short time to process. During this period, you might still receive marketing messages.

Additionally, opting out of marketing will not affect our ability to send you essential service updates, such as changes to your account terms or notifications that we are required to send by law.

Back to top

Contact us

You can exercise your rights through forms available on our website Data Protection Rights.

In addition, if you have any queries on any aspects of this Data Protection Notice, you may contact us:

  • by contacting a branch in person, by phone, post or e-mail
  • by emailing us at DPO@aib.ie

Back to top

If you want to make a complaint

If you are unhappy with the way we process your information including how we collect, use, keep and share it, you have the right to lodge a complaint with our supervisory authority, the Data Protection Commission through its Data Protection website or by writing to the Data Protection Commission at 6 Pembroke Row, Dublin 2, D02 X963, Ireland. We ask that you contact us in the first instance to give us the opportunity to address your concerns.

You can file a complaint with us via our website AIB Help & Guidance Make a Complaint, under the heading ‘Help and guidance’.  From here, click on ‘Complaint Form’. You will find instructions on that page on how to make a complaint. 

Back to top

Updates to this notice

We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and services. The ‘Last Updated’ section at beginning of this notice sets out information on when this notice was last updated.

You can always find an up-to-date version of this notice:

Back to top

Your Data Protection Rights

 

More details about how you can action your data protection rights.