Privacy Policy

Last Updated: 27th August 2018

Who we are:

We are Top Mortgages of 32 Parnell Street, Co Waterford. We are a brokerage firm providing financial services and advices in the mortgage, assurance, investment and pension sectors. You can contact us at this address in person, by post or by email via our “Contact Us” form on our website, www.topmortgages.ie. Our Data Protection Representative is Paul Quinlan. Paul can be contacted at paul@topmortgages.ie or (051) 361 040.

Why we process your data, the lawful basis for processing your data and who we share it with:

For people who view and interact with our website, we process data:

  • To respond to your query when sent through our ‘Contact Us’ form.
  • To enhance your browsing experience through the processing of anonymised data through our usage of “Cookies”. This data processing will not identify you personally in any way. More details can be found under our “Cookies” policy below.

The legal basis for this processing is our legitimate interest in the administration and operation of our financial and advisory services as well as our legitimate interest in marketing and promoting such services.

Retention of Data:

We will retain your data for the duration of your policy term plus three years. This is a statutory obligation imposed upon us and we will not retain your data for any longer than is mandated and/or permitted under law. As an example of same, if your policy had a lifespan of forty years, we would retain your data for forty-three years i.e. the lifespan plus three years.

For our potential Clients, we process data:

  • In order to market the services of our business.
  • In order to process any queries you may have about our services.
  • In order to identify your requirements and tailor our advice accordingly.

We do not retain or process your data for any other use.

Destruction of Data:

At the expiration of your policy lifespan (plus three years) we will destroy, or cause to be destroyed, all hard copy data held on record about you in whatever format such records may take. This will be carried out in a manner that ensures your confidentiality and data protection rights are respected. We will also destroy, or cause to be destroyed, any corresponding electronic data held on you in a concurrent manner.

Cookies & Tracking Technologies:

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes

Transfers of Data outside the European Economic Area:

Like many modern databases our Client management system, Applied Systems Software, is cloud-based. We have a “Data Processor Agreement” in place which is a contract between Top Mortgages and ASS that ensures ASS treats your data in accordance with GDPR provisions. ASS’ servers are based within the EEA and also within Canada. We cannot therefore guarantee that your data, partially or fully, is stored within the EEA at any given time.

In these circumstances we safeguard your data through undertaking appropriate checks on the levels of security offered by the cloud provider and entering into a contract with them which applies protections of the same type and level required by data protection laws within the EEA i.e. our contractually binding Data Processing Agreement. Additionally, Canada has, since 2001 been an approved “third-party” country for certain categories of extra-EEA data transfers having been determined by the European Commission as having a sufficient level of data protection. We consider this a robust level of protection but should you have any queries in relation to same, please contact our Data Protection Representative, Paul Quinlan.

Recording of Phone Calls:

We record our phone calls with Clients for quality, training and transparency purposes. These audio records are stored on our network provider’s, “Three/3”, cloud storage. As with Applied Software Systems, we also have a Data Processing Agreement in place with Three/3 that ensures they treat your data in accordance with GDPR provisions. We hold this data for the legitimate interest of providing you with our services.

Third Party Software:

We may use the following third party platforms to contact you:

  1. WhatsApp
  2. Viber
  3. Outlook

We cannot guarantee the security of these systems. When engaging with us in the initial stages of your file, you will be given the opportunity to either opt-in or to refuse these services by not opting-in. This you do in the full knowledge that we cannot control the security measures of such communication platforms.

Marketing Lists:

Annually, or bi-annually, we will email you regarding promotional offers in relation to our services. The basis for processing your data in this regard is our legitimate interest in promoting our business and providing you with our services. We will obtain your consent before adding you to any such mailing list

and retain such consent on record. You can opt-out of this list at any time by emailing Paul Quinlan via the details provided and expressing such wishes.

Your rights relating to Personal Data:

Personal data is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data: • Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data. • Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete. • Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten. • Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes. • Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.

Withdrawing your consent to data processing:

In order to exercise any of the rights set out above, please contact us at the contact details at the start of this privacy notice. If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal. If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation. Paul Quinlan will be available

to assist you in this regard. However, you may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.

Automated decision-making and profiling

We do not use any personal data for the purpose of automated decision-making or profiling.