Data Privacy FAQs


What can we help you find today?

Click on the topics below to jump to the section you have questions about.



How We Handle Data

When you visit our website and/or our Apps we collect information relating to your interactions through these online channels.

In some cases the information we collect will be anonymous and it will simply tell us what pages have received the most activity and are of particular interest to our customers in general.

We will always let you know how we intend to use your information before collecting it, so that you can decide whether or not you wish to provide that information.

We may collect and process information about you such as:

  • What pages you have viewed;
  • Certain interactions you have had on those pages;
  • The number of times you may have visited a particular page; and/or
  • The amount of time you may have spent on certain pages.

This information enables us to provide you with a more efficient and effective customer service by developing a wider understanding and appreciation of our customer base. Where we have identified you specifically we can offer you a more bespoke user experience and assist you with any customer service issues you may have experienced or may be experiencing.

To use your information lawfully, we rely on one or more of the following legal bases:

  • performance of a contract;
  • legal obligation;
  • protecting the vital interests of you or others;
  • public interest;
  • our legitimate interests; and
  • your consent.

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our products and services.

Sometimes we need your consent to use your personal information. With direct marketing for example, we need your consent to make you aware of products and services which may be of interest to you. We may do this by phone, post, email, text or through other digital media. When we use sensitive personal information about you, such as medical or biometric data, we ask for your consent. Before you give your consent, we tell you what information we collect and what we use it for. You can remove your consent at any time by contacting us.

Telephone calls may be monitored or recorded to ensure that we carry out your instructions correctly and to help improve the quality of our service and in the interests of security.

Sometimes we share your information with third parties.

For example to:

  • provide products, services and information;
  • analyse information;
  • research your experiences dealing with us;
  • collect debts;
  • sell your debts;
  • sell whole or part of our business;
  • prevent financial crime;
  • help trace, investigate and recover funds on your behalf;
  • trace information;
  • protection both our interests; and/or
  • meet any applicable law, regulation or lawful request.

Where the third party is a data controller, they have the same obligations under Data Protection law to protect your data, as we do.

Where the third party is a data processor, we require that these third parties provide a sufficient guarantee that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.

We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside Ireland.”

Further information about how we share data is available on our Data Protection Notice here.

We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. We expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.

We know that you care about how your information is used, stored and shared. We appreciate your trust in us to do that. To protect your information we use security measures that comply with Irish Law and meet international standards. This includes computer safeguards and secure files and buildings.

When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

We do not hold your information for longer than necessary to meet our legal and regulatory obligations. We will hold your information while you are a customer and for a period of time after that. We do not hold it for longer than necessary.

Your Rights

You have a number of rights in relation to your information which you have shared with us.

  • Access to your personal information: You can ask us for a copy of the personal information we hold. You can ask us about how we collect, share and use your personal information.
  • Updating and correcting your personal details.
  • Removing consent: You can change your mind wherever you give us your consent, such as for direct marketing, or using your sensitive information, such as medical or biometric data.
  • Restricting and objecting: You may have the right to restrict or object to us using your personal information or using automated decision making.
  • Deleting your information (your right to be forgotten). You may ask us to delete your personal information.
  • Moving your information (your right to Portability). Where possible we can share a digital copy of your information directly with you or another organisation.

If you wish to exercise any of your data rights, refer to our data protection section here to see more detail about how you can action your data protection rights.

If you have a complaint about the use of your personal information, please let a member of staff in your local EBS office know, giving them the opportunity to put things right as quickly as possible.

If you wish to make a complaint you may do so in person, by telephone, in writing and by email. Please be assured that all complaints received will be fully investigated. You can register a complaint through our contact centre, our local offices, our Website, by phone, or by email.

We ask that you supply as much information as possible to help our staff resolve your complaint quickly.

You can also contact the Office of the Data Protection Commission using the below details:

Terms & Conditions

To use your information lawfully, we rely on one or more of the following legal bases:

  • performance of a contract;
  • legal obligation;
  • our legitimate interests;
  • your consent;
  • protecting the vital interests of you or others; and
  • public interest.

To help you better understand where these lawful bases may apply, these are some examples for each lawful basis. In some cases, the same information is processed under more than one lawful basis:


Lawful basis

Examples of what we use your information for

Performance of a contract – Processing your information is necessary for us to provide your products and services 

Providing relevant products and services

We provide our customers with products such as; current accounts, deposit accounts and credit products including mortgages and credit-line.


Our services include online banking and banking through our EBS office network.


We process your information to identify and authenticate you to use our products and services.


Maintaining and monitoring your products and services

We must continually monitor and update information to ensure your data is safe, accurate and up to date. This ensures we keep your personal details and financial products secure, and give you the best customer service.


To do this we may share information with third parties such as credit reference agencies, fraud prevention agencies and market research entities.


Collecting money owed to us

As part of our credit product agreements, we have the right to collect money owed to us.


In some instances, we will use third parties to help us obtain additional information and collect the debts owed to us.


Legal obligation – We must process this information to comply with our legal obligations

Identify and authenticate our customers

We process your personal information to identify and authenticate our customers.


We share your information with third parties when performing these checks.

Our legitimate interests –Legitimate interest means the interests of AIB Group in conducting and managing our business when providing products and services. The core legitimate interests of AIB Group are to provide the best customer service, introduce innovative products and services, and to protect our customers, employees and shareholders.


We will always assess whether the legitimate interest of AIB Group will adversely impact the rights and freedoms of the data subject prior to processing. We implement safeguards to ensure that the processing remains fair and balanced.


Our risk assessments help us understand what information we need, our business requirements, the impact on our customers and employees, alternative options for processing and how long we hold the information for. 

Manage and understand risk

As a regulated financial institution, we must manage and understand our risk exposure to ensure our customers are protected and maintain a stable financial infrastructure.


We produce internal management information and models to understand risk across the bank, ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards. We report this regularly to regulatory agencies.


Perform Credit, Anti-Money Laundering and Know Your Customer checks

To ensure responsible lending and offer you loans and mortgage products, we must perform a check to authenticate you and assess suitability for lending.


We may share information with credit reference agencies, fraud prevention agencies and centralised registers for these checks.


Manage our relationship with you

We keep our records up to date to contact you when required and provide the best customer service.


Analyse information and research your experiences dealing with us

We want to continually improve and better understand our customers. By collecting and analysing data from multiple sources, we can better understand the requirements of our customers and how we can improve products and service offerings.


This analysis also helps us run our business more efficiently and effectively.


We may report trends we see to third parties. These trend reports may include information about activity on devices, for example mobile phones, ATMs, or card spend in particular regions or industries. When we prepare these reports, we group customers’ information and remove any names. We do not share information in these reports that can identify you as a customer, such as your name, or account details.


Identify ways we can improve our products and services

We are always working to develop new products and innovative ways of bringing these to you.


We analyse the market and our customer base to better understand what people like and what people want from their bank. We do this by collecting data on your purchases, transactions, interactions with our website, ATMs, and using customer surveys. We use this information to provide a more personalised service to our customers and improve their experience using our products.


Prevent financial crime and cyber attacks

We continually monitor and analyse transactions, financial behaviour and electronic devices to detect and prevent financial crime and cyber-attacks. This enables us to protect and secure our customers information, our networks and our financial interests.


We share information with third parties to prevent financial crime, report fraud, manage our risks and protect both our interests.


Sell whole or part of our business

We may share information with third parties and their advisors who are interested in or participating in the sale, securitisation, merger, liquidation, receivership of all or part of our assets such as loan portfolios and subsidiary companies. For example, the information shared may be required by the third party to assess value, to perform due diligence and  to facilitate the ongoing management of assets.


Internal management information

We produce internal management information to run our business and better understand customer needs. This information enables us to make informed decisions, develop our strategy and achieve our business strategies.

EBS places a strong focus on sustainability, to support our sustainable communities, so increasingly, we will gather and use Environmental, Social and Governance (ESG) information to help us understand and enable our business to be more sustainable. This includes understanding the purpose of finance we provide so that it can be classified to meet regulatory disclosure requirements.


Your consent – We require your consent for processing certain information such as special category data.


We ensure your consent is obtained under the following principles

  • Positive Action - Clear affirmative action is required. We will no longer use pre-ticked boxes, imply or assume consent in the event of no positive action from you.
  • Free will – Your consent must be freely given and not influenced by external factors.
  • Specific – We will be clear on what exactly we are asking your consent for.
  • Recorded – We will keep a record of your consent and how we got it.  
  • Can be withdrawn at any time – We will stop data processing that requires your consent at any time you make a valid request. You can withdraw your consent at any time.


Special Categories of Personal Data is information relating to:

a)       Racial or ethical origin, political opinions or religious or philosophical beliefs

b)      Trade union membership

c)       Biometric data (We may collect voice, facial or fingerprint information to identify data subjects)

d)      Physical or mental health

e)      Sexual Life/Orientation

f)        Genetic data


Directly contact you about new products and services

With your consent, we will let you know what products or services you might like.  You can select how you prefer to be contacted on our application forms or by contacting us.


Processing special category data

We require your consent when processing special category data, such as fingerprint, facial and voice recognition to identify you.


In some instances, customers may provide health data. Given that this is a special category of data, we may have to obtain your consent before accepting this information for processing.



Protecting the vital interests of you or others

Sharing information to protect you

In some instances where we are concerned about your health and safety, we may share information to protect you and others. This may include where we suspect that you, or others, may become a victim of financial crime. In these cases, we may share information with third parties to help ensure your safety and the safety of others.


Public interest

Prevention of fraud

We may share personal data under the public interest basis in relation to prevention of fraud. We may share information with third parties to reduce fraud risk and protect the public from financial loss.


To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations.

Didn't find what you were looking for?