Skip to main content Skip to main content

The Davy Group Privacy Notice

Effective from: 19th May 2023

As a valued client or potential client of a member of the Davy Group (“Davy”, “we”, “us” or “our”) we are committed to respecting and protecting your privacy. This privacy notice (“Notice”) explains how and why we collect, use, share, and store your personal information when you engage with Davy Group and use our products and services. It also provides information about the rights and choices that you have in relation to your personal data.  

For the purposes of this Notice, the controller of your personal data as set out in the General Data Protection Regulation (“GDPR”) is J&E Davy Unlimited Company, J&E Davy (UK) Limited, Davy Corporate Finance Unlimited Company and/or Davy Securities Unlimited Company, incorporated in Ireland and having a registered office at Davy House, 49 Dawson Street, Dublin 2, Ireland. This Notice applies to all Davy clients and potential clients, and to the use of all Davy products and services. Davy Group is part of the Bank of Ireland Group of companies, whose holding company is Bank of Ireland Group plc (“BOI Group”) which is incorporated in Ireland with limited liability having its registered office at 40 Mespil Road, Dublin 4 with Registered Number: 593672.

If you have any questions, comments or concerns about the way your personal data is being used or processed by us, please contact our Head of Data Protection at dataprotection@davy.ie. 

Personal data we collect from you

IMPORTANT: Please note that the below list of Personal Data we may collect about you, while intended to be as complete and accurate as reasonably possible, is not exhaustive, and may be updated from time to time in accordance with section “Changes to this Notice & Questions” of this Notice.  

“Personal Data” is any information about you as an identified or identifiable individual. We may collect and process some or all of the following personal data about you:

Category of Personal Data Details
Identity & Contact Data
  • Name and title
  • Home address
  • E-mail address
  • Home, Work and Mobile phone number
  • Date and country of birth
  • Country of citizenship and nationality
  • Country of residence
  • Occupation and business name (if relevant)
  • Family and related circumstances (such as marital status, dependents, next of kin and contact details)
  • Vulnerability status (collected due to the requirement under consumer protection provisions)
  • Politically exposed person status (collected due to the requirement under anti-money laundering and sanctions legislation)
  • Work/residency permit
  • PPSN
  • A copy of your ID
  • Tax residency and tax related information (e.g. tax identity number(s))
Financial & Account Data
  • Source of wealth & funds
  • Bank details  
  • Share certificates / cheques
  • Account details
  • Transaction details, transaction credits and debits
  • Administration records
  • Credit history
  • Pension and investment details
  • Financial needs/attitudes
  • Suitability assessments and product holdings
  • Authorised signatories’ details
  • Information relating to power of attorneys, beneficial ownership and executors (where necessary)
  • Telephone recordings  
  • Email correspondence
IT Data
  • IP Address
  • Cookie identifiers 
Marketing & Communications Data
  • Personal Data that you voluntarily give for marketing purposes (which might include name, address, date of birth, telephone number, email address, job title, marital status, lifestyle details, hobbies and interests)
Other/Special Category Data
  • Data concerning your health/medical information where you apply for financial or investment products (Health Data)
  • Criminal convictions processed in the context of compliance with our anti-money laundering obligations (Criminal Convictions Data)

If you give us someone else’s personal data (for example, personal data about a spouse or financial associate provided during the course of a joint application), or someone gives us personal data about you, we may add it to any Personal Data we already hold, and we will use it in the ways described in this Notice.  

Before you disclose information to us about another person, you should ensure that you have their consent to do so. You should also show them this Notice and make sure they confirm that they are aware that you are sharing their personal data with us for the purposes described in this Notice. 

How and why we process your personal data 

The following table details the key grounds upon which ("Legal Basis") we collect your Personal Data. It also gives examples of how ("Nature of Processing") and why ("Purposes") we obtain and otherwise process your Personal Data:

Legal Basis Nature of Processing and Purposes Categories of Personal Data

Performance of a Contract

It is necessary to process your Personal Data in order to perform the agreed level of service to you under your contract with a member of the Davy Group.  

IMPORTANT: it is a contractual requirement for us to collect your Personal Data. In the event that you do not provide us with your Personal Data for the purposes set out here, we will not be able to open or maintain your account, or provide you with the products or services requested.

  • To establish your eligibility for our products and services;
  • To process your application for our products and services;
  • To determine, agree, document, perform and execute the terms on which we will be performing the agreed level of service under the contract;
  • To assess the suitability of a product or service for your specific risk profile or needs;
  • To provide you with information in relation to Davy products and services;
  • To send you communications which form part of the service we provide (e.g. investment market performance updates, economic updates, event / webinar invitations, etc.);
  • To onboard you as a client when you are introduced to us from within the Bank of Ireland Group;
  • To manage and administer your accounts, benefits or other products and services that we provide you with;
  • To contact you by post, phone, text message, email and digital message through our myDavy portal regarding your account, but not in a way contrary to your instructions to us or contrary to law;
  • To monitor and keep a record of our conversations when we speak on the phone.

Identity & Contact Data

Financial & Account Data

Legitimate Interests

Depending on our business needs, it is necessary to process your Personal Data where we have legitimate business interests to do so.

IMPORTANT: Before we process your Personal Data to pursue our legitimate interests for the above purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms. 

  • To administer your client or potential client relationship with us;
  • To provide service information, to improve our service quality and for training purposes;
  • To conduct internal audits and reporting based on regulatory or managerial requests;
  • To support the internal business units on transactional matters;
  • To compile and process information for statistical or research purposes to help Davy understand trends in our client behaviour and to understand our risks better, including for providing management information, operational and data risk management;
  • To protect our clients, business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraudulent activity, dishonesty and other crimes (for example, to prevent someone trying to steal your identity);
  • To improve our website and myDavy portal functionality and efficiency;
  • To understand our clients’ needs and preferences, so we can improve our products and service offerings and identify suitable new products or services;
  • To conduct client satisfaction surveys;
  • To manage and respond to a complaint or appeal;
  • To facilitate the acquisition or sale of some or all of our company assets in the event such is contemplated. 

Identity & Contact Data

Financial & Account Data

IT Data

Compliance with Legal and Regulatory Obligations

It is necessary for us to collect and process your Personal Data in order to comply with the legal and regulatory obligations imposed on us under Irish, European Union, UK or other applicable laws (as implemented or amended from time to time), including in the field of anti-money laundering requirements.

To comply with Irish, European Union and other applicable laws namely (but not limited to):  

  • Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 – 2018;  
  • Client Asset Regulations;
  • Consumer Protection Code 2012;
  • Markets in Financial Instruments Directive II (and associated MiFID II Regulations);
  • Irish and European Union tax law (e.g. Taxes Consolidation Acts);
  • US Foreign Account Tax Compliance Act;  
  • GDPR and Irish Data Protection Acts 1988 to 2018; and UK GDPR and Data Protection Act 2018; and
  • Other applicable laws to which we may be subject.

Identity & Contact Data

Financial & Account Data

Criminal Convictions Data

Consent

We rely on consent as a legal basis for processing your Personal Data only in certain limited circumstances. 

We will only process your Health Data with your explicit consent.  

Where we conduct any direct marketing activities we will obtain your consent.  

You have the right to withdraw your consent by contacting us at any time. 

  • To be able to onboard you for specific financial products requiring a health assessment;
  • To send you direct marketing about Davy’s products and services, subject to receiving your consent to these communications.

Health Data

Marketing & Communications Data

To Defend Legal Claims

It is necessary for us to collect and process your Personal Data to investigate, establish, exercise or defend legal claims.

  • To file legal proceedings
  • To investigate, establish, exercise or defend a legal claim; and
  • To settle legal claims.
All Data

We will only use your Personal Data for the purposes for which we collect it (as outlined in this section “How and why we process your Personal Data”), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we notify you and will explain the legal basis which allows us to do so.

Marketing and relationship management

We may receive some Personal Data directly from you or from certain trusted third parties (such as the BOI Group or its member companies or subsidiaries) to conduct, where appropriate, certain marketing activities such as exchanging business leads and referrals to enable you to benefit from an enhanced wealth management proposition, but only when you expressly consented to it and opted in prior to any such activities.

Sometimes, where appropriate, we may share some of your Personal Data with our trusted third parties (such as the BOI Group or its member companies or subsidiaries) in accordance with arrangements we have in place with them, for example to:

  • Provide you with specific products, services and information;
  • Analyse information (where possible in an anonymised way, so that any of your Personal Data will only be shared where necessary);  
  • Track referrals and conversion rates; and
  • Research your experience dealing with us.  

We will never sell your information for marketing purposes to third parties. 

Automated processing

We sometimes use automated decision-making, such as profiling, to process your Personal Data.

We use automated statistical analysis of the information we collect about you as part of our business:

  • When you apply for a financial product, for example a request to trade complex products, we may evaluate the application using simple scoring rules to determine whether or not the product best meets your needs along with a human review of the application.
  • To decide the type of financial service suitable for you, or to decide other terms – for example, by assessing your risk profile and informing our decision and offering based on that risk profile.

Why we use automated decision-making:

Automated analysis of our customer information (including your information) as a whole helps us to manage our business for our legitimate interests. It enables us to:

  • Make more informed business decisions; including improving the quality of products and services we can offer (including for the purposes of direct marketing, unless you have objected to us using your details in this way). For example, if you give us permission we may use your transaction history/account information to identify your financial habits and offers that are relevant to you based on your account transactions or behaviour.
  • Test and maintain the stability and performance of our systems.
  • Carry out long-term statistical modelling, provided that such modelling does not affect any decision we make about you.

Automated analysis of your information also enables us to form a single view of your relationship with Davy. We use this information for customer service and administrative purposes. This is intended to help us to manage and build our relationship with you and is an important part of managing our business in our legitimate interests.  

  • For example, it enables us to establish your eligibility for certain products or services, to identify opportunities to help you improve your financial wellbeing.

Automated analysis of your information assists us to comply with our legal obligations.

  • For example, in connection with our money laundering, fraud and terrorist financing prevention obligations, we may use automated processing to screen for suspicious transactions, or to identify applicants which may be subject to international sanctions and to monitor calls, transactions and patterns to prevent and investigate fraud.

There are certain automated analyses of your information that we will only carry out where you have given us your consent (which you can withdraw at any time). We will only automatically process your information to enable us to undertake the following activities where we have your consent:

  • Use your biometric information to help identify you when you open or operate an account.
  • Where required, use sensitive or special categories of data, as set out in the GDPR.

Disclosure of your personal data

We only share your Personal Data within Davy and with third parties in limited circumstances (“Recipients”). We may share it with the following Recipients:

Recipient Category  Details
Davy Group Companies and BOI Group
  • Davy Group companies (including J & E Davy Unlimited Company, J & E Davy (UK) Limited, Davy Corporate Finance Unlimited Company, Davy Securities Unlimited Company) (to manage and administer your account, provide you with the specific products or services you request and to pursue our legitimate interests);  
  • BOI Group or its member companies or subsidiaries (to protect and pursue our legitimate interests, in pursuance of our legal obligations and in cases of joint ventures and business cross-referrals). Companies which are members of the Bank of Ireland Group include: Bank of Ireland, Bank of Ireland Mortgage Bank u.c., Bank of Ireland Insurance Services Limited, Bank of Ireland Leasing Limited and New Ireland Assurance Company plc;
  • Our shareholders;
  • Our Board of Directors; and
  • Internal business units (that assist with your requests related to our products and services, for example Compliance, Client Services, Capital Markets, Legal & Risk).
Third Party Service Providers
  • Your authorised representatives (for example, this can include your attorney (under a Power of Attorney) and any other party authorised by you to receive your personal data);  
  • Financial institutions (that facilitate the services or products you request);
  • Pension fund administrators, trustees of collective investments, undertakings and pensions trustees;  
  • Third parties that facilitate or execute investments or transactions you have made (e.g. third party custodians) and those you ask us to share your Personal Data with;
  • IT service providers;
  • Other service providers who provide support services or require your Personal Data to perform the services requested by us; and
  • Training and professional programme providers.
Joint Account or Product Holder
  • If you open or hold a joint account or product, this may mean that your Personal Data will be shared with the other applicant. (For example, transactions made by you will be seen by your joint account holder, and you will see their transactions or we may act on the authority of one joint account holder to share or allow a third party access to your account information for the provision of payment services including transaction details.)  
Third Party Advisors / Professionals
  • External advisors e.g. lawyers, accountants, insurers, insurance brokers and auditors (as necessary to protect our legitimate and legal interests).
Prospective Buyers 
  • Prospective buyers of business assets (to facilitate the acquisition of Davy or part of Davy or a substantial portion of our assets by a third party). 
Legal / Regulatory Bodies
  • Regulatory authorities and law enforcement agencies (where we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request) such as the Central Bank of Ireland, the European Central Bank, Revenue Commissioners, the Data Protection Commission, the Irish Courts, An Garda Síochána, Financial Services and Pensions Ombudsman Bureau of Ireland, Criminal Assets Bureau, US, UK, EU and other designated authorities in connection with combating financial and other serious crime. 

Transfers of your personal data

Please note that, in order to administer your account some of your Personal Data may be transferred outside the European Economic Area or the United Kingdom to other entities within the Davy Group and other Recipients. Certain Recipients who process your Personal Data on our behalf may transfer your Personal Data outside the EEA or the UK to a country that does not provide an adequate level of protection to your Personal Data. In most instances, these transfers are carried out to the United States, India, Colombia or Singapore. Where such transfers occur, it is our policy that: a) they do not occur without our prior written authority; and b) that an appropriate transfer mechanism is put in place to protect your Personal Data such as: (i) Module 1 (controller-to-controller) or Module 2 (controller-to-processor) of the European Commission's Standard Contractual Clauses; (ii) an adequacy decision of the European Commission (namely, the UK adequacy decision); or (iii) any other transfer mechanism approved by the European Commission (e.g. a EU-US data privacy framework). If you would like to find out more about any such transfers, please contact our Head of Data Protection at dataprotection@davy.ie.

 

How long we hold your personal data

The length of time we hold your Personal Data depends on a number of factors, such as regulatory rules and the type of financial product/service we have provided to you.

Those factors include:

  • The regulatory rules contained in laws and regulations set by authorities like the Central Bank of Ireland, for example, in the Consumer Protection Code.
  • The type of financial product/service we have provided to you. For example, we may keep data relating to a pension product for a longer period compared to data regarding an investment product.
  • Whether you and we are in a legal or some other type of dispute with another person or each other.
  • The type of data we hold about you.  
  • Whether you or a regulatory authority asks us to keep it for a valid reason.

Generally, your Personal Data will be retained until the end of your client relationship with Davy or after an investment has matured/encashed plus a reasonable period of time after that (in most cases 7 years) to: a) respond to any client account related enquiries; b) deal with any legal matters (e.g. legal proceedings); or c) comply with applicable Irish or European Union law. 

Your data protection rights

You have a number of rights in relation to your Personal Data, which are set out below. Note that these rights are not absolute and may only apply in certain circumstances.

The table below sets out the rights at your disposal to address any concerns or submit queries to us about our processing of your Personal Data.

Right  Further Information
Right of Access

You have the right to request a copy of the Personal Data held by us about you and to access the following information in relation to the processing of your Personal Data:

  1. the purposes of the processing;
  2. the categories of Personal Data concerned;
  3. the recipients of your Personal Data;
  4. the period for which your Personal Data will be stored;
  5. the existence of your right to lodge a complaint with the Data Protection Commission; and
  6.  the source of your Personal Data;  

We will only charge you for making such an access request where we feel your request is unjustified or excessive.

Right to Object You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.
Right to Rectification

You have the right to request that we amend any inaccurate Personal Data that we have about you.

Right to Withdraw Consent

You have the right to withdraw your consent to the processing of your Personal Data you gave previously by contacting us at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal. 

Right to Erasure

You have the right to ask us to erase your Personal Data where:

  1. it is no longer necessary to perform your contract of employment or engagement;  
  2. you withdraw your consent and there is no other legal basis permitting us to process your Personal Data;  
  3. you object and we have no overriding legitimate interests;  
  4. your Personal Data have been unlawfully processed; and/or
  5. it must be erased to comply with a legal obligation.  

Please note that erasure may not be complete or immediate to the extent that some of your Personal Data is necessary for the performance of the contract you entered into with us. 

Right to Restriction of Processing

You have the right to ask us to restrict processing your Personal Data in the following situations:

  1. where you contest the accuracy of your Personal Data;
  2. where the processing is unlawful and you do not want us to delete your Personal Data;  
  3. where we no longer need your Personal Data for the purposes of processing but you require the Personal Data in relation to a legal claim; and/or
  4. where you have objected to us processing your Personal Data pending verification as to whether or not our legitimate interests override your interests or in connection with legal proceedings.  

When you exercise this right we may only store your Personal Data and may not further process the Personal Data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest. 

Right to Data Portability

You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible.  

This right only arises where:  

  1. we process your Personal Data with your consent or where it is necessary to perform our contract with you; and
  2. the processing is carried out by automated means. 

You can exercise any of these rights by submitting a request to our Head of Data Protection at dataprotection@davy.ie.

We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within one month of receiving your request. We may extend this period of response by up to 2 months if necessary, however we will inform you if the need arises.

You also have the right to lodge a complaint with your local data protection regulator. For further information see www.dataprotection.ie or www.ico.org.uk.

Changes to this Notice & questions

We may amend this Notice on occasion, in whole or part, at our sole discretion. Any changes will be effective upon the date communicated in the revised Notice to you.

If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you and you will have a choice as to whether or not we use your Personal Data in the new manner.

If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Davy, please submit your question, comment or concern in writing to our Head of Data Protection at dataprotection@davy.ie or FREEPOST, The Head of Data Protection, Davy Risk, Davy House, 49 Dawson Street, Dublin 2, Ireland.

 

Privacy Notice

Download the Davy Group Privacy Notice

Download