DATA PRIVACY NOTICE Milestone Advisory
DAC t/a Milestone Advisory

Effective 25 May 2018

Milestone Advisory DAC t/a Milestone Advisory is committed to protecting your privacy.

This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you or third parties provide to us, in connection with your relationship with our firm and which relates to you or to any individual connected with you. Please read this Privacy Notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. For the purposes of the General Data Protection Regulation (the “GDPR”) and any related data protection legislation in Ireland, we are the data controller.

Information we collect about you and how we use it.

Information you give us.

We collect and process different types of personal information. Dependant on your choice of product or service, the type of personal information and method of collection will vary. We need to be able to contact you, confirm your identity and gather your personal information to ensure we deliver the best possible customer experience when providing our products and services. You may choose to give us your personal information through various mediums by filling in forms and corresponding with us by phone, email or otherwise.

We also collect information through our website and our CCTV footage. We will sometimes record phone conversations and we will always let you know when we do this at the start of the call so you can decide whether to continue with the call or not. We will take great care of the information provided and we will take steps to keep it secure.

You may decide you do not want to share your personal information with us but doing so may limit the products and services we are able to provide you. However, when we request personal information we will advise you if providing it is a contractual requirement or not, whether we need it to comply with our legal and regulatory obligations and the consequences of failing to provide such personal information.

What types of personal data do we collect about you?

The personal information we may collect about you includes but is not limited to the following:

  • personal details such as your name, gender, age, date of birth, signature, email address, postal address,
    telephone or mobile number, proof of ID, proof of address and identifiers such as PPS No.
  • family details such as details about current marriage and partnerships and marital history, details of family
    and dependents;
  • employment details such as pensionable pay, length of service, employment and career history, job title;
  • financial details such as income details, bank account details, employment status;
  • physical or mental health or medical conditions for the purposes of advising on and providing suitable products;
  • technical information and other information about your visits to our website.

How do we use your information?

We need to collect and use personal information to provide you with our products and services. We will only collect, utilise
and share your personal information in strict adherence with our legal obligations.

We use your personal information to:

  • provide our products and services to you
  • identify ways in which we can improve our products and services
  • maintain and monitor our products and services
  • protect both our interests
  • comply with our legal and regulatory obligations
  • check against international trade / economic or financial sanctions laws or regulations listings;
  • recommend how our products and services might be suitable for you; and
  • manage and respond to your complaints.

If, at any time, we need to use your personal information for a purpose that is different from the original purposes of
collecting the personal information, we will contact you.

To use your personal information lawfully, we rely on one or more of the following legal bases:

  • performance of a contract i.e. processing your personal information is necessary for us to provide you with
    our products and services;
  • we must process your personal information to comply with our legal obligations under, AML law, Pensions
    law, etc.;
  • processing of special categories of personal data for insurance and pension purposes;
  • our legitimate interests i.e. the interests of Milestone Advisory DAC in conducting and managing our business
    when providing products and services; and
  • your consent.

Who we share your personal data with?

For the purposes of providing our products to you we may provide relevant personal information to:

  • your authorised representatives
  • third parties we need to share your personal information with to facilitate the provision of products and
    services on your behalf e.g. insurance companies
  • joint applicants when you apply for our services on a joint basis your employer (if applicable)
  • our parent company, CPAS with your consent
  • other companies within the CPAS group with your consent
  • cloud and other data storage providers
  • IT service providers
  • external printing and office support providers
  • payment providers
  • legal and other professional advisers
  • actuarial, administration and consultancy service providers
  • regulatory bodies such as the Revenue Commissioners, the Pensions Authority, the Central Bank of Ireland,An Garda Siochana and the Financial Services and Pensions Ombudsman etc.

We may also disclose personal information if required to do so by law and believe that such action is necessary to conform
with the law.

If we provide your personal information to the above-mentioned third parties, we will take all reasonable precautions
regarding the practices utilised by them in protecting your personal information. Those third parties will be required to:

(i) keep your information safe and secure; and

(ii) handle your information on our behalf and in accordance with our

Where do we store your personal data?

The information that we collect from you will be transferred to, and stored at/processed in the EEA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice.

We will only transfer your information outside of the EEA where we have adequate measures in place to provide appropriate safeguards such as the Privacy Shield (where recipients comply with the US Department of Commerce’s EU-US Privacy Shield) or use of contracts approved by the European Commission.

How long will we keep your personal data?

We do not hold your personal information for longer than is necessary. We hold your personal information while you are our customer and for a period after that relationship ceases, as permitted by law e.g. 6 years under the Statute of Limitations Act 1957.

Your rights

You have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out below. Please note that we will require you to verify your identity before we respond to any of your requests. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances).

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from
    our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation
  • Right to object – you have the right to object to certain types of processing such as direct marketing where applicable.
  • Right to object – to automated processing, including profiling (where applicable).

Automated use of data

Milestone Advisory DAC t/a Milestone Advisory use various processes to establish your attitude to risk and the affordability of suggested products to you as follows:

  • Risk – In order to establish your attitude to investment risk (as it relates to pensions and investments) advisors have automated calculators which determine your attitude to various levels of risk having answered a series of questions. This process assists us in understanding your attitude to risk. The outcome of this process will be discussed with you to consider how it might influence your decision making.
  • Establishing affordability and providing quotations for financial services products.

Direct Marketing

Milestone Advisory DAC t/a Milestone Advisory and other companies within the CPAS group i.e. CIRT, CERS, CIF, and construction related and trusted partner charities may contact you about products and services they provide where you have consented to receiving same. If you do not wish us to use your data for this reason please telephone us on (01) 4068020 or email us at You will be given an opportunity to opt-out of receiving such messages and information on each occasion.

Technical information (including cookies) that we collect about you

When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.

We use cookies to collect information about your browsing activities over time following your use of our services. They allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the services we provide to you and the way our website works.


In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance via email ( and we will endeavour to deal with your request as soon as possible. This does not interfere with your right to raise a complaint to the Office of the Data Protection Commissioner, details of which can be found at or by contacting their office on 1890 252 231.

Changes to our Privacy Notice

We may update this privacy notice from time to time. You will be able to see when we last updated the notice because we will include a revision date. Updates are effective from the date on which they are notified to clients or posted on this page.