Privacy Notice
This document describes how Mars Acquisition Limited and all of its subsidiaries in the Republic of Ireland (Ireland) (‘we, us, our, Mars Capital’) use and share personal data (also called ‘Account data’) they receive from you or other sources. This fully replaces all previous Fair Processing Notices.
Updated January 2024 (Version 4.1)
In order to do business with Mars Capital Finance Ireland DAC, you share personal data with us. Your privacy is important to us and we manage it in compliance with all relevant Data Protection law, including the General Data Protection Regulation (GDPR) and the Data Protection Act, 2018. The following is a guide to how your personal data is managed by Mars Capital.
1. Introduction
Mars Capital Finance Ireland DAC (‘’Mars Capital’’) is authorized and regulated by the Central Bank of Ireland. Mars Capital is a subsidiary company of Arrow Global Group (AGG/ Arrow), headquartered in the United Kingdom.
Mars Capital are a data controller in respect of loans where we carry out servicing activities on your loan, on behalf of a client, and we are the legal title holder of the loan. We are the data processor in respect of loans where we carry out the servicing activities on your loan, acting on behalf of a client, who is the legal title holder of the loan.
The purpose of this Data Privacy Statement is to provide you details of how personal data is managed by Mars Capital as Data Controller. This statement will provide you with an understanding of how we collect and use your personal data.
2. What do we use Personal Data for?
We process your personal data for various reasons relating to the ongoing management of your account and recruitment. To do this, we must have a legal basis for processing the data. We process your data by relying on a number of legal bases such as;
2.1 Management of Accounts
2.1.1 For the Performance of a Contract
We have a contract with you and in order to meet our obligations to you under this contract we may process your personal data, including in some of the following ways;
· Processing Applications – To process an application for a product or service or to make a decision on contract terms.
· Ongoing Account Management – To manage any product or service you may have with us e.g processing payments, communicating with you in writing or by telephone, reassessment of product terms.
· Loan Acquisitions – When we acquire your loan from another lender/credit servicer they will supply us with your personal data in order for us to continue to fulfil the terms of the contract. Prior to the acquisition date of your loan, we may receive your data for testing, in order to ensure we can meet contract terms and adhere to regulatory requirements.
2.1.2 For Compliance with a Legal Obligation
We have the responsibility of complying with various legal obligations including;
· Managing your account in line with our duty to the Central Bank of Ireland (CBI)
· Communicating with the Central Credit Register (CCR) both to obtain personal information to assess applications and to provide them with information on the performance of your agreement with us.
· Processing statutory documents including Statements, arrears notices and Notices of Default.
· Verifying the personal data provided to us in order to prevent money laundering, terrorist financing, tax evasion or fraud.
· Responding to queries from regulatory, law enforcement or government agencies.
· Investigating and resolving complaints.
· Managing investigations and litigation.
2.1.3 For Our Legitimate Business Interests
Where we process your personal data on the grounds of legitimate interest we ensure that these interests don’t override your interests, fundamental rights and freedoms. There are several ways in which we may process your personal information for our legitimate interests, including;
· Ensuring responsible lending and the prevention of over-indebtedness
· Managing our ongoing relationship with you, the customer.
· Improving, monitoring and maintaining internal processes, technology and communications.
· Securing the information we process and our network.
· Protecting against Fraud.
· Management internal analysis and reporting
·.
· Business continuity and disaster recovery and for responding to information technology and business incidences and emergencies.
· System testing
· Establishment, exercise and safeguarding of our rights.
· Assess the quality of our customer service and provide staff training.
· Analyse customer complaints and correct errors.
· Compliance with regulatory rules, guidance and requests.
2.1.4 Where the Data Subject has provided Consent
In certain situations we will require your consent in order to process your personal data, including;
· For the processing of Special Category Data for which Data Protection Law requires consent. Please note that we don’t collect sensitive or special category data as a matter of course. However, you may choose to disclose health or other sensitive information as part of our interactions with you, such as if you are experiencing a health issue which affects your ability to repay a loan, which we will record in your records.
· To interact with Authorised Third Parties who you nominate to act on your behalf.
Please note that you can withdraw your consent at any time and we will discontinue the processing of this data.
2.2 Recruitment
2.2.1 For the Performance of a Contract
We have a contract with you or are preparing to enter into a contract with you and in order to meet our obligations to you under this contract we may process your personal data, including in the following way;
· In order to consider you for an employment opportunity, confirm your employment with us and communicate with you as needed.
2.2.2 For Compliance with a Legal Obligation
We have the responsibility of complying with various legal obligations including;
· Fitness and Probity Screening for employment applicants to relevant roles.
2.2.3 For Our Legitimate Business Interests
Where we process your personal data on the grounds of legitimate interest we ensure that these interests don’t override your interests, fundamental rights and freedoms. We may process your personal data for our legitimate business interests for the following purpose;
· Manage and progress the recruitment process.
2.2.4 Where the Data Subject Has Provided Consent
In certain situations we will require your consent in order to process your personal data, including;
· For the advancement of the recruitment process – in order to consider you for an employment opportunity and communicate with you as necessary.
Please note that you can withdraw your consent at any time and we will discontinue the processing of this data.
2.3 For the purpose of protecting your Vital Interests
In rare circumstances we may need to process your personal data in order to protect your Vital Interests for example to seek medical treatment or assist you in an emergency situation.
3. The Kinds of Personal Data we Collect and How it is Used
Mars Capital collects and processes various categories of personal data at the beginning of and throughout our relationship with you. We collect this data from the loan originator/service provider or directly from you. We limit the personal data we collect and process to that which is necessary for the purposes laid out in Section 2.
Personal information that we collect and process about you may include the following;
· Identity Information – Name, Date of Birth, Proof of identification such as passport or driving license. We use this data for various reasons including to identify you and to comply with legal and regulatory obligations.
· Contact Information – Address, telephone number, email address. We use this information to administer your account with us, to provide you information you request and to respond to queries and complaints.
· Personal Circumstances – Employment information, employment history, financial circumstances, legal residency status, employment referees and lifestyle needs. We use this information in order to provide you with the products and services suitable to your needs and requests and during the recruitment process.
· Health Information – Over the course of our relationship, you may choose to share medical information with us. With your consent, we may process this information. Examples of when this may occur is if you are in ill health and it is affecting your ability to make payments.
· Personal Information collected during our Communications – When we communicate with you, a note of all our interactions is recorded in the loan management system. Additionally, calls may be recorded for quality improvement and training, complaint resolution or as required by regulation or the Central Bank of Ireland Code of Conduct. We will always inform you when a call is being recorded.
· Third Party – We may collect and process personal data made available from third parties, for example credit reference agencies such as the Central Credit Register.
4. Who Do We Share Personal Data With?
This section will describe the types of recipients we share data with. In some cases, we are compelled to share certain data with them, by law, for certain purposes.
4.1 Central Credit Register (CCR)
We share information with the CCR as part of our obligation to ensure appropriate lending for consumers and help ensure the health of the Irish financial services industry.
Each organisation that shares financial data with the CCR is also entitled to receive similar kinds of financial data contributed by other organisations. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone networks.
We may access and use your personal information from the CCR in the following circumstances;
· To manage and make decisions about your accounts.
· To assist our decision making if you apply for loan restructuring.
· To amend the records held on the CCR.
· For the prevention of money laundering, fraud or criminal activity.
· To trace debtors and recover debt.
For further details on how your information may be used by the CCR, you can visit their website or contact them directly at;
Central Credit Register
Post:
Central Credit Register, Adelphi Plaza, George’s Street Upper, Dun Laoghaire, Co. Dublin, Ireland
Phone:
01 2245500
Email:
myrequest@centralcreditregister.ie
Website:
4.2 Third Parties within the European Economic Area (EEA)
· In some circumstances we will share your data with third party processors, acting on our instruction and in compliance with all data protection principles, in relation to the processing of your personal data.
· We may share your data with service providers, engaged by us to help run our business such as Solicitors, Valuers, our Insurers etc.
· We may share your data with third party Information Technology processors, acting on our instruction, who assist us in running our business. For example IT service providers and call centre providers.
· In the event of proceedings being issued against you or enforcement activity taken, we will provide your information to the relevant Court Services.
· We may provide your information to Payment Processors in the event you make your payments via Debit or Credit Card in order to facilitate the transaction.
· We may share your data with any law enforcement agency, regulator, court, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
· We may share your data with consultants who act on your behalf such as accountants, solicitors, insurers, estate agents, advisors etc.
· We may share your data with the original lender/credit servicer, a beneficial owner or other parties with an interest in your loan.
4.3 Third Parties outside the European Economic Area (EEA)
We may transfer your personal data to organisations, including Mars Capital Parent and other Group companies, in countries outside the EEA. We only share personal data with others outside of the EEA when we are legally permitted to do so, namely where:
the EU Commission has decided that the relevant country has adequate protective rules in relation to data protection in place (an “adequacy decision”);
we have entered into the relevant “standard contractual clauses” with the recipient of your personal data (these are a set of obligations about how your data is protected and used); or
the transfer has been authorised by a relevant data protection authority.
4.4 Loan Acquisitions
We may disclose, under the strictest of confidentiality, your personal information to prospective purchasers of loans or any party to whom we may transfer our rights under the loan in connection with a securitisation or other funding arrangement.
5. For How Long is Personal Data Retained
When we form a relationship with you, we will create records that contain your personal information.
We will retain your personal data for as long as is necessary for the purposes for which it was collected and is required to be retained. In general, we will retain your data for the length of time the account is active, including for as long as funds are owed to us.
Mars Capital will continue to hold your personal data for a period of time after your account has closed. We will remain Data Controllers of this data for up to seven years after your account is closed for the purposes of compliance with our regulatory obligations.
There may be times we need to retain your personal data for longer periods such as in the case of actual or prospective legal proceedings, a court order or an investigation by the regulators or law enforcement.
6. What Rights do I have under Data Protection Regulation?
You have the following rights in relation to the personal data we hold about you;
6.1 The Right to be Informed
You have the right to be informed about how we collect and use your personal data. This has been described within this Privacy Statement.
6.2 Right of Access
Where we process your personal data, you have the right to confirmation as to whether we process your personal data and to request a copy of that data. Please note the following;
· You may request that a copy of your data is provided to you orally, in hard copy or electronically.
· There are generally no fees charged for a copy of your personal data. However, we have the right to charge a reasonable fee in circumstances where your request is excessive or manifestly unfounded.
· If we have provided you with a copy of your personal data in the previous 12 months we will not provide the same data to you again but will provide a copy of any additional personal data we have collected since the last request.
· There is personal data that is exempt from the right of access such as privileged information, data that is not available from a reasonable and proportionate search, confidential opinions and data that would adversely affect the rights and freedoms of others.
In order to exercise your right of access, contact us at DSAR_Requests@marscapital.ie
6.3 Right to Rectification
We aim to ensure the data we hold on you is accurate and up to date. To do this, we may ask you to verify your data from time to time. If you feel that the data we hold on you is incorrect or incomplete, you have the right to contact us and have this corrected.
6.4 Right to Erasure (Right to be Forgotten)
You may request the deletion of your personal data in some circumstances. This is not an absolute right and will depend on whether we have a legal obligation or overriding legitimate grounds to keep processing the data.
You may request deletion in the following circumstances;
· The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
· Where you withdraw the consent for which the processing is reliant.
6.5 Right to Restrict Processing
You have the right to request us to restrict the processing of your personal data in the following circumstances;
· Where the accuracy of the personal data is being contested, you may request us to restrict processing until such times as the data can be verified.
· Where you have requested deletion of your personal data you may ask us to restrict processing while we consider the request.
· When we no longer need the data for the purposes of the processing but you require the data for the establishment, exercise or defence of a legal claim.
6.6 Right to Data Portability
You have the right to request that certain personal data that we process be transferred to you or to another service provider. This right applies in situations where we are processing your data based on the receipt of your consent or for the performance of a contract.
6.7 Right to Withdraw Consent
Where we have collected your consent for the purposes of processing your personal data, you have the right to withdraw that consent at any time.
6.8 Right to Object
You have the right to object to having your personal data processed for the purposes of our legitimate interest if you don’t feel there is a fair balance between our legitimate interests and your rights and freedoms.
6.9 Right not to be subject to Automated Decision Making, including Profiling
You have the right not to be subject to a decision based solely on automated decision making, including profiling. However, there are the following exceptions;
· Where the automated processing is necessary to enter into, or for the performance of, a contract.
· Where the automated processing is based on your explicit consent.
It is important to note that Mars Capital do not use automated decision making or profiling to make decisions about you or your account.
6.10 Points to Note
In order to exercise these rights there are a number of points you should be aware of;
Proof of Identity: In order to process your request we may need to ask you for additional, up to date, proof of your identity.
Timelines: In compliance with regulation, we will process your request within 1 month of receipt of your request and verification of your identity, where applicable. This timeline may, in exceptional circumstances, be extended by up to two months. In the case of an extension, you will be informed about the extension and the reasons for same.
How to make a request: If you wish to exercise any of these rights, please contact us at info@marscapital.ie or alternatively, using our contact details in section 9.
7. Use of Artificial Intelligence (AI)
Across our business, we utilise large language Artificial Intelligence (AI) technologies to create efficiencies in our operations and improve our services to you. This may include using AI technologies and/or algorithms to analyse your personal data and generate automated outputs. Where these automated outputs may impact the services we provide you, they will be manually reviewed before decisions are made. Where automated decisions are made, we will ensure these comply with applicable legal requirements, and you have the right to have them manually reviewed.
8. Updates to this Privacy Statement
This Privacy Statement will be reviewed and updated at regular intervals. You will always find the most up to date version on our website at www.marscapital.ie
9. Contact Us
If you have any queries or wish to exercise any of your data protection rights you can contact us in the following ways;
By Post:
Data Protection Officer
Mars Capital Finance DAC
One Warrington Place
Dublin 2
D02 HH27
By Email:
For Data Subject Access Requests: DSAR_Requests@marscapital.ie
For all other Rights requests, queries or complaints: info@marscapital.ie
If you are not satisfied with how we have handled your query or complaint you may be entitled to contact the Data Protection Commission. You can contact them in the following ways;
By Post:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
By Telephone:
01 7650100 / 1800437 737
Website: