Please see explanations below of some of the data protection terms used on this website.
Consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data Controller – is a natural or legal person, public authority, agency or other body who determine the purpose and means of the processing - of personal data, where the purposes and means of such processing are determined by Union or Member State law. AIB are considered a data controller, as they process personal data on behalf of both their customers and their employees.
Data Processor – in relation to personal data, means any natural or legal person (other than an employee of the data controller), public authority, agency or another body who processes personal data under the direction of, and on behalf of a data controller. AIB is considered a data processor, as they process personal data on behalf of Third Parties. Additionally, Third Parties engaged by AIB to process personal data are considered data processors.
Data Protection Officer – The Data Protection Officer oversees how we collect, use, share and protect information.
Data Protection Regulation – means all legislation, regulation and applicable codes of practice relating to the processing, protection and privacy of personal data.
General Data Protection Regulation (‘GDPR’) – is a regulation intended to strengthen and unify data protection for all individuals within the European Union (‘EU’). The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data. It applies to all data controllers and processors established in the EU, as well as those established outside the EU that process the data of EU citizens.
Lawful basis - Processing of data is lawful only if and to the extent that at least one of the following applies:
a) Personal data processing is necessary to enter into or perform a contract with a data subject;
b) There is a legal obligation to the data controller for the personal data processing;
c) AIB Group or our Third Parties have a legitimate interest in processing the data. This legitimate interest cannot over-ride the interests or fundamental rights of the data subject;
d) The data subject has provided consent to the processing of his or her personal data for one or more specific purposes;
e) Personal data processing protects the vital interests of the data subject; or
f) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Location Data – means any data processed indicating the geographical position of the terminal equipment of a user, including data relating to:
a) The latitude, longitude or altitude of the terminal equipment;
b) The direction of travel of the user; or
c) The time the location information was ‘recorded’
Personal Data / Data Subject – is any data relating to an identified or identifiable natural person (‘data subject’), who may be identified from the data either on its own (directly) or in conjunction with other data (indirectly), in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing – means obtaining, recording or holding the information or data, whether or not by automated means, or carrying out any operation or set of operations on the information including:
a) Collection of data
b) Organisation, adaption or alteration of the information or data
c) Retrieval, consultation or use of the information or data
d) Disclosure of the information, or data by transmission, dissemination or otherwise making available, or
e) Alignment, combination, blocking, erasure or destruction of the information or data
Recipient – means a natural or legal person, public authority, regulator, agency or another body, to which the personal data are disclosed, whether a Third Party or not. The processing of those data shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Special Categories of Personal Data – is data which relates to:
a) Racial or ethical origin, political opinions or religious or philosophical beliefs
b) Trade union membership
c) Biometric data (We may collect voice, facial or fingerprint information to identify data subjects)
d) Physical or mental health
e) Sexual Life/Orientation
f) Genetic data
Supervisory Authority – means an independent public authority which is established by a Member State. In the Republic of Ireland the Office of the Data Protection Commissioner (‘ODPC’) and in the UK the Information Commissioner’s Office (‘ICO’) are the public authorities established to monitor the application of Data Protection Law.