Individuals applying to the Central Bank for approval to perform a pre-approval controlled function (PCF) within a regulated financial service provider are required to submit an Individual Questionnaire (IQ) to the Central Bank. Completion of the IQ requires submission of personal data to the Central Bank, including the following:

• Name, address, contact details and passport number
• Details of professional experience and educational qualifications
• Information relating to criminal convictions and disciplinary proceedings
• Details of applicants’ shareholdings and business interests
• Details of applicants’ directorships and other senior positions.

The Central Bank processes this information and any other information relating to PCF role holders/applicants to perform its fitness and probity functions under Part 3 of the Central Bank Reform Act 2010 and, in particular, to assess the suitability of the applicant to perform the PCF role. If a PCF applicant does not provide the required information, the Central Bank will not be able to assess his or her application. Per the Central Bank (Supervision and Enforcement) Act 2013 the Central Bank has the power to gather other relevant personal data, where it is deemed necessary and proportionate to do so.

The Central Bank retain fitness and probity-related information for 30 years after the individual in question has vacated a PCF role.

The European Central Bank (ECB) is responsible for assessing the fitness and probity of the management board of, and key function holders with, significant credit institutions, as well as the management board of all credit institutions applying for authorisation. The Central Bank transmits such applications onwards to the ECB for assessment in accordance with Council Regulation (EU) No 1024/2013 (the SSM Regulation).

The Central Bank processes personal data of individuals such as staff members, shareholders and customers of financial service providers in connection with its regulation of financial service providers and markets. Where necessary and proportionate this may include special category and/or criminal data. We process such personal data for numerous reasons, including the authorisation and ongoing supervision of regulated financial service providers, the regulation of financial markets and the investigation of the activities of unauthorised providers of financial services.

Individuals such as proposed acquirers of qualifying holdings in authorised entities or persons discharging managerial responsibilities (PDMRs) within an issuer are also obliged to provide certain personal data to the Central Bank under statute. Staff members of regulated financial service providers may also provide limited personal data to the Central Bank in connection with the submission of regulatory returns or other information on behalf of their employer e.g. for the purpose of uploading documents to the Central Bank’s Online Reporting System (ONR).

The Central Bank may also process personal data relating to controlled function (CF) role holders for purposes related to the supervision of the regulated financial service providers by which those CF role-holders are employed.

The Central Bank retains such data for as long as needed for the specific supervisory purposes for which it is collected. On request, we can provide information relating to the retention period for specific personal data.

Pursuant to Article 30(3) of 4AMLD (as amended by 5AMLD), which requires that the beneficial ownership of certain financial vehicles (CFV) are held on a central register in each Member State, the Central Bank processes personal data on any natural person(s) who are beneficial owners of  Irish Collective Asset-Management Vehicles (ICAV),  Unit Trusts, Credit Unions, Investment Limited Partnerships and Common Contractual Funds.

The purpose of the Beneficial Ownership Register is to deter Money Laundering and Terrorist Financing and to identify those that seek to hide their ownership and control of corporate or legal entities by ensuring that the ultimate owners/controllers of CFV are identified and that this information is readily accessible to law enforcement, regulators and obliged entities.

CFV are obliged to submit personal information and information on the nature and extent of the beneficial interest held or control exercised by each beneficial owner. Personal information includes:

1. Forename and surname
2. Date of birth
3. Current residential address including country of residence
4. Nationality

This information is stored securely in the Beneficial Ownership Register and is released only when a request for beneficial ownership information is made to the Beneficial Ownership Register.

In addition, and solely for the purpose of verification of the above information, Regulation 21 of SI 110 of 2019 obliges CFV to provide a PPS number (or CBI Reference Number for non-PPS number holders) to facilitate the Central Bank verifying the Forename, Surname and Date of Birth of each beneficial owner.

The mechanism to verify this information is to check the PPS number, Forename, Surname and Date of Birth of the beneficial owner against the Department of Social Protection (DSP) database of PPS numbers. To do so the Central Bank shares the PPS number, the forename, surname and DOB of the beneficial owner to the DSP via electronic and secure means.  The Central Bank has entered into a data sharing agreement with the DSP for the purposes of governing and monitoring this arrangement.

Where a beneficial owner(s) has/have not been assigned an Irish PPS number, but the individual(s) has/have been previously obtained a CBI reference number from the Central Bank, the corresponding CBI Reference Number obtained may be provided for this purpose.

In the case of beneficial owners who have not been assigned a PPS number, nor a CBI Reference Number, a Declaration as to Verification of Identity must be provided to the Central Bank in order for the Central Bank to provide the beneficial owner with a CBI Reference Number.

Personal information collected as part of this process includes:

1. Forename and Surname
2. Date of Birth
3. Nationality
4. Current Residential Address
5. Email

The mechanism to verify this information is to check the CBI Reference number, Forename, Surname and Date of Birth of the beneficial owner against other personal data collected by the Central Bank of Ireland in the course of performing its statutory functions and described elsewhere in the Data Privacy Statement.

Regulations 24 and 25 of SI 110 of 2019 provides for two types of access to the beneficial ownership information in the Beneficial Ownership Register – “unrestricted” and “restricted” access.

Only certain information contained in the Beneficial Ownership Register is available to the general public and designated persons in accordance with Regulation 25 of SI 110 of 2019.

A designated person is defined in Section 25 of the Criminal Justice (Money Laundering and Terrorism Financing) Act 2010, as amended by the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018. They include financial institutions, accountants, auditors, tax advisers, legal professionals, and dealers in expensive goods (such as houses, cars, jewellery, etc.). Designated persons are required to conduct background information checks on individuals or entities they enter into a financial transaction or a business relationship with under Anti-Money laundering legislation. SI 110 of 2019 requires, inter alia, that when a designated person enters into an occasional transaction with a CFV, the CFV shall provide certain beneficial ownership information to the designated person (Regulation 5(8) of SI 110 of 2019) and the designated person may access beneficial ownership information in the Beneficial Ownership Register (Regulation 25 of SI 110 of 2019).

This information is ‘restricted’ or limited to:

• The name of the CFV
• Beneficial Owner(s) - Name; Nationality; Country of Residence; Month and Year of Birth; Nature of Beneficial Ownership held

Where the beneficial owner is a minor (i.e. under 18 years of age) their details are exempt in normal course from access by designated persons and members of the public. In accordance with Regulation 25(5) of SI 110 of 2019, access may be provided where a summary of the grounds on which the requestor considers it is in the public interest that that information be disclosed to him or her, is provided to the Registrar. The Registrar in their role can decide to disclose the information or not based on these grounds.

All information (‘unrestricted’ information) in the Beneficial Ownership Register is available to certain competent authorities, including information in respect of minors. The competent authorities include:

• an Garda Síochána
• the Financial Intelligence Unit (FIU) Ireland
• the Revenue Commissioners
• the Criminal Assets Bureau (CAB)
• the Central Bank of Ireland
• the Department of Justice & Equality
• the Property Services Regulatory Authority (PSRA)
• the Law Society of Ireland
• the General Council of the Bar of Ireland
• a designated accountancy body (within the meaning of Part 4 of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 and
• an inspector appointed by the Director of Corporate Enforcement under section 764(1) of the Companies Act 2014.

Competent authorities may disclose the information in the Beneficial Ownership Register to any corresponding competent authority of another Member State when requested by the corresponding competent authority.

PPS numbers or CBI Reference numbers are not provided to the public, designated persons or competent authorities. The purpose of their collection is solely as an information verification mechanism. Once the identity of the beneficial owner has been verified, the PPSN will be retained securely in an irreversible hashed format and the original submitted PPSN will be deleted within 24 hours of being received.

CFV also provide limited personal data to the Beneficial Ownership Register in connection with the person submitting information to the Beneficial Ownership Register on behalf of the CFV.

The Central Bank is obliged by Article 30(4) 4AMLD (as amended by 5AMLD), to “ensure that the information held in the central register is adequate, accurate and current”. The Central Bank will delete from the Beneficial Ownership Register information held in relation to a CFV when ten years elapse from the date of dissolution of that CFV, should such dissolution occur.

The Central Bank will retain all records in relation to information obtained through the declaration of verification of identity process for a period of 15 years from when the individual has ceased being a beneficial owner of a CFV(s).

Article 32(A) of 5AMLD, requires the identification of natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN, and safe-deposit boxes held by credit institutions in each Member State.

The purpose is to deter Money Laundering and Terrorist Financing and to identify those that seek to hide their ownership and control of payment accounts and bank accounts identified by IBAN, and safe-deposit boxes held by credit institutions, and that this information is readily accessible to law enforcement, in an unfiltered manner.

The European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022 (S.I. 46 of 2022) assigns responsibility to the Central Bank to establish and maintain a central database of IBAN, and safe-deposit boxes information for Ireland, and a central mechanism to enable this information to be accessed.

In carrying out this responsibility, the Central Bank processes personal data on any natural person(s) party to a safe deposit box, bank or payment account in the context of Ireland Safe Deposit Box, Bank and Payment Accounts Register (ISBAR). This may include minors.

Personal information collected and processed is as follows:

Bank or Payment Account – Customer Account Holder / Person Purporting to Act on Behalf of Customer Account Holder / Beneficial Owner

1. Forename and Surname
2. Date of Birth
3. Address (including Eircode if known)

Safe Deposit Box - Lessee

1. Forename and Surname
2. Date of Birth
3. Address (including Eircode if known)

The European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022 (S.I. 46 of 2022) permits access to information held on ISBAR, through the central mechanism, by the Financial Intelligence Unit (FIU) Ireland, in an unfiltered manner.

The Central Bank is data controller of the personal information held on the ISBAR central database and on the ISBAR central mechanism.

Information is retained on the ISBAR central database for five years after the date of bank/payment account closes or, in the case of a safe-deposit box, the date on which the lease concerned expires.

The Central Bank may investigate regulated financial service providers or individuals within regulated financial service providers, where a concern arises that a breach of financial services law has been, or is being, committed. The purpose of such investigations is to allow the gathering of sufficient information to enable the Central Bank to determine whether any breach of financial services law has occurred and whether the imposition of sanctions may be appropriate. The personal data may include special category data, including health data, and also may include criminal data.

In the course of an enforcement investigation process, the Central Bank may collect personal data under statutory powers including those under the Central Bank Reform Act 2010, the Central Bank (Supervision and Enforcement) Act 2013, assessor regimes or under securities markets legislation (e.g. market abuse legislation). This data may include personal data of individuals who are not the subject of the investigation. The Central Bank retains all information obtained in connection with an investigation for a period of 20 years after any related case is closed. Information collected for the purposes of market abuse investigations will be retained for a maximum period of five years after the case is closed.

Where an investigation is of either a regulatory or civil nature, processing of personal data  is subject to the  General Data Protection Regulation (GDPR). Processing in the context of a criminal investigation or proceeding will be subject to provisions of the Part 5 of the Data Protection Act 2018 (DPA 2018), which implements the Law Enforcement Directive (EU) 2016/680 (the LED) into Irish law. The Central Bank is a competent authority for the purposes of the LED and the DPA 2018.

Members of the public or other individuals may submit queries or provide feedback to the Central Bank. The Central Bank may use the personal data provided by such individuals to respond to their queries and, where appropriate, to investigate any issues raised. Investigation of such issues may require the disclosure of personal data to third parties such as another statutory body or a regulated financial service provider. The Central Bank retains such data for as long as needed for the purpose of investigating the issues that are raised. Information relating to the retention period for specific personal data can be made available on request. We may use feedback provided by members of the public on our facilities to enhance the user experience and improve those facilities (e.g. our visitor centre).

The Central Bank also collects and processes personal data provided by members of the public in connection with the exchange of damaged euro banknotes and coins, or Irish pound banknotes or coins in order to assess the relevant application and provide reimbursement to such persons. All applications for exchange of banknotes or coins are ordinarily retained for a period of one year but may be retained for an additional six years when details are captured incorrectly or in case of a payment settlement failure. The Central Bank may also forward details of such applications, including copies of ID received, to other authorities such as An Garda Síochána or the Revenue Commissioners.

Any information including personal data received by the Central Bank from a person making a protected disclosure (i.e. a whistle-blower) may be used by the Central Bank for the purpose of performing its statutory functions. The Central Bank is legally obliged to protect the identity of a person who makes a protected disclosure and not to disclose any information that might identify that person, subject to certain exceptions. The Central Bank retains information provided by whistle-blowers for a period of 30 years after any related case is closed.

For further detail about how the Central Bank handles information provided by whistle-blowers, see Protected Disclosures including Whistleblowing and Infringement Reports.

The Central Bank collects personal data from candidates for recruitment purposes. The information that the Central Bank may collect and hold about candidates includes:

• Name, address, telephone number(s) and email address
• Details of qualifications, skills, experience and employment history
• Details of current immigration status
• Details of criminal or pending criminal convictions in Ireland or any other jurisdiction
• Any additional information contained in a candidate’s CV such as referee information, disclosed at interview or otherwise provided to the Central Bank during the recruitment process.

The Central Bank needs to process data to decide whether to enter into a contract of employment with a particular candidate and may also process certain data to ensure that it is complying with its legal obligations. The Central Bank has a legitimate interest in processing personal data during the recruitment process and in keeping records of the process in order to manage the recruitment process, to assess and confirm a candidate's suitability for employment and decide to whom to offer a particular role. The Central Bank may also need to process candidates’ data to respond to and defend against legal claims.

For certain managerial positions, the candidate’s information may be provided to a third party service provider for the purpose of assessing the suitability for the role. In all other cases, the Central Bank will not share a candidate’s data with third parties, unless his or her application for employment is successful and an offer of employment is made to him or her. Once an offer of employment has been made to (and been accepted by) a candidate, that candidate’s personal data will be provided to An Gardaí Síochána for the purposes of vetting and the Central Bank may also contact previous employers named by that candidate as referees for the purpose of obtaining employment references. The candidate will also be required to provide medical information to the Central Bank’s occupational health provider for the purposes of assessing his or her capacity to work.

If a candidate’s application is unsuccessful, the Central Bank may keep his or her personal data on file for a period of 12 months.

Individuals accessing non-public areas within the Central Bank buildings will be required to provide their name, and to permit on-site security to view photographic ID for the purposes of identity verification. The Central Bank does not retain a copy of visitors’ photographic ID.

The Central Bank has installed CCTV systems at our premises for the purposes of public and staff safety, crime prevention and detection as well as to comply with standard business and insurance protocols. The increased video surveillance measures in place at our currency-related operations reflect the risks associated with the printing operations at the premises. CCTV cameras are located at access points, general reception areas, areas in front of elevator doors on each floor, car parks, shared areas and the exterior perimeter at Sandyford. Signage advises of areas covered by CCTV equipment. The Central Bank will only disclose CCTV images to others who intend to use the images for the purposes stated above.

Images captured by CCTV will generally be retained for a minimum period of 30 days, but could be retained for up to six months, depending on the level of activity on individual cameras. However, on occasion, there may be a need to keep images for longer, for example for the purposes of investigating a crime.

The Central Bank may process personal data submitted by tenderers to manage procurement award procedures and decide whether to enter into a contract with a particular tenderer. Personal data collected for this purpose may relate to the tenderer, its staff or its sub-contractors. Following finalisation of the procurement procedure in question and the entry into by the Central Bank of a contract with our chosen supplier(s), the Central Bank may process certain personal data in order to perform its obligations under that contract, such as arranging payment. We retain files relating to procurement procedures for a period of the current year plus six years.

The Central Bank does not collect personal data about you on this website, apart from information which you volunteer. For example, by e-mailing us, by using our online feedback forms or providing us consent to use cookies.

Any information that you provide in this way is not made available to any third parties, and is used by us for the purpose for which you provided it.

It is the policy of the Central Bank of Ireland never to disclose information in respect of individual website visitors to any third party (apart from our internet service provider, which records such data on our behalf and which is bound by confidentiality provisions in this regard), unless obliged to disclose such information by law.

The Central Bank is not responsible for the content or privacy practices of other websites.

Cookies

The Central Bank website uses cookies. Cookies are small text files that can be placed onto your computer, smartphone or other device by this website.

Read our Cookie Policy in full.

Web forms

This website uses online forms. You can use our forms to submit feedback and to request a reply. Any information that you provide in this way is not made available to any third parties, and is used by us for the purpose for which you provided it.

The Central Bank uses third party suppliers to monitor publicly available social media and online platforms. This monitoring identifies complaints, queries and concerns expressed by members of the public in relation to financial products and services and is used to inform and support the Central Bank in exercising its statutory functions. As part of this monitoring, the Central Bank may receive personal data from the third party suppliers, which a member of the public has disclosed in public correspondence with regulated financial service providers or other entities. Such personal data is not retained by the Central Bank unless necessary to further investigate the details of a public posting.

You have the right to receive a copy of the personal data the Central Bank holds about you as well as information about how it is used.

Applicability

This right is applicable at all times when the Central Bank holds your personal data.

You have the right to ask the Central Bank to correct personal data we hold about you where it is incorrect or incomplete.

Applicability

This right is applicable at all times when the Central Bank holds your personal data.

This right entitles you to require the erasure of your personal data from the Central Bank’s systems and records. However, this right applies only in certain circumstances (e.g. where the Central Bank no longer needs the personal data for the purpose for which we collected it or where you withdraw consent to our use of your personal data and where there is no other legal basis for continuing to use it).

Applicability

This right does not apply where personal data is required for the purpose of compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority. Therefore, this right is not applicable in respect of much of the personal data held by the Central Bank in the performance of its statutory functions. 

This right entitles you to restrict the processing of your personal data by the Central Bank. Where this right is exercised, the Central Bank is still permitted to store your personal data but other use of the data is prohibited, save in certain limited circumstances.

Applicability

You can exercise this right if one of the following applies:

• You contest the accuracy of the personal data held about you and the Central Bank is verifying the accuracy of the data
• The personal data has been processed unlawfully and you oppose erasure and request restriction instead
• The Central Bank no longer needs the personal data but you need the data in connection with a legal claim
• You have objected to processing and the Central Bank is considering whether its legitimate grounds override your rights and interests.

This right allows you to obtain your personal data in a format that enables you to transfer that personal data to another organisation where the Central Bank is processing your personal data on the basis of consent or on the fulfilment of a contract and if processing is carried out by automated means.  You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.

Applicability

This right does not apply where personal data is required for the purpose of compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority. Therefore, this right is not applicable in respect of much of the personal data held by the Central Bank in the performance of its statutory functions.

You have the right to object to the Central Bank’s use of your personal data in certain circumstances. However, the Central Bank may continue to use your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to use your personal data in connection with any legal claims.

Applicability

This right applies where the Central Bank processes your personal data for the performance of a task carried out in the public interest or in the exercise of official authority or in pursuance of its legitimate interests.

You have the right not to be subject to a decision based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you.

Applicability

As the Central Bank currently does not make any automated decisions, this right is not applicable.

You have the right to withdraw your consent to the processing of your personal data by the Central Bank at any time. This will not affect the lawfulness of our processing before the withdrawal.

Applicability

This right only applies where the sole legal basis for processing your personal data is your consent.

You have the right to lodge a complaint with the Data Protection Commissioner if you think that the Central Bank has not processed your personal data in accordance with data protection legislation.

Applicability

This right applies at any time.