Skip to main content


Halton Credit Union Privacy and Data Protection Statement

In accordance with the Data Protection Act 2018, and the General Data Protection Regulation 2018, Halton Credit Union will ensure that your personal data is processed lawfully, fairly and transparently. All data will be collected for a specific, clear-cut, legitimate purpose and will not be processed in a manner incompatible with those purposes. Any personal data held by HCU will be accurate, kept up to date.

Halton Credit Union Ltd will not pass your personal data on to any third parties except where processing by a third party is necessary for the performance of a task or a contract. We will use your data to process your application and to help manage your account(s) and any service you use. Your personal details will be treated confidentially and will only be shared with other agencies e.g. HM Revenue and Customs for tax regulation and appropriate agencies for the purposes ofcredit referencing, fraud prevention and debt recovery.

A full copy of HCU’s Privacy Policy can be found in your joining pack or on our website. You can ask for a copy of the policy by contacting a local branch.

The General Data Protection Regulation (GDPR) is the legal framework which sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU)and came into force on May 25th, 2018.The Data Protection Act 2018 is the UK’s implementation of the General Protection Regulation (GDPR).

A set of Data Protection Principles underpin the new GDPR which set out obligations for businesses and organisations, like Halton Credit Union, that collect, process and store individuals' personal data.

These principles help customers gain a greater level of control over their data, while offering more transparency throughout the data collection and use process, especially during this digital age we are now living in.

Data is collated, processed, and stored in accordance with HCU’s strict security and safeguarding measures, deeming that all information is kept safe and secure.

To ensures all personal data is kept safe and secure HCU certifies that:

  • Credit Union staff and volunteers receive regular training in GDPR and Data Protection.
  • The software database used is password protected.
  • The database has various authorisation rights and permissions granted for different users/administrators. Once a user has been properly identified and authenticated, authorisation levels determine the extent of system rights the user has access to, such as (but not limited to) being able to manipulate certain data and/or run particular reports.
  • Any confidential paperwork is shredded after use and discarded appropriately.

The GDPR also includes an additional accountability principle which determines that businesses and organisations cannot just claim they follow these principles, to be compliant they now must show how they do. HCU has compiled a Data Protection Control (Impact Assessment) Document which does exactly that.

To ensure compliancy, HCU must adhere to the following six principles ensuring that all personal data collated, processed, and stored must be treated in a way that is:

  1. Lawful, fair, and transparent There must be legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they would not expect.
  2. Limited for its purpose Data should be collected for specified and explicit purposes and not used in a way someone would not expect.
  3. Adequate and necessary It must be clear why the data is being collected and what will be done with it. Unnecessary data or information without any purpose should not be collected.
  4. Accurate Reasonable steps must be taken to keep the information up to date and to change it if it is inaccurate.
  5. Not kept longer than needed Data should not be kept for longer than is needed, and it must be properly destroyed or deleted when it is no longer used or goes out of date.
  6. Integrity and confidentiality Data should be processed in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, loss, damage, or destruction, and kept safe and secure.


Senior Members

Halton Credit Union is committed to protecting its Members’ privacy.

All applications for Membership must whether completed in person or online must be completed IN FULL. The information requested is mandatory for HCU to meet its legal obligations and to enable the Credit Union to carry out its contract with you. If you are not able to provide us with this information, we may not be able to open an account for you. If we request further information about you which is not required for the reasons given, we will ask you for your consent.

How we use your personal information

HCU will process your data in accordance with your rights under the Data Protection Act 2018.

Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • To confirm your identity.
  • To perform activity for the prevention of financial crime.
  • To carry out mandatory internal and external auditing.

To record basic information about you on our Membership Register.

Junior Savers

Halton Credit Union is committed to protecting your child’s privacy and for Children under the age of 16 we require parental consent to process a child’s data.

All applications for Membership must whether completed in person or online must be completed IN FULL. The information requested is mandatory for HCU to meet its legal obligations and to enable the Credit Union to carry out its contract with you and your child. If you are not able to provide us with this information, we may not be able to open an account for you. If we request further information about you which is not required for the reasons given, we will ask you for your consent.

How we use your personal information

Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • Confirm the identity of the child and their parent/guardian.
  • Perform activity for the prevention of financial crime.
  • Carry out internal and external auditing.
  • Record basic information about the child on our Membership Register.

All Members

How HCU will fulfil our contract with you

  • Deal with your account(s) or run any other services we provide to you.
  • Consider any applications made by you.
  • Collect information which will enable staff to tailor a service suited to your individual needs. This will be recorded so you do not have to repeat yourself every time you make contact with us.We will only use this information to assist you and ensure that you are given the right information to make an informed choice.
  • Undertake statistical analysis, to help evaluate the future needs of our Members and to help manage our business.
  • Send out annual account statements.
  • Inform Members of any new terms &conditions, including changes to this privacy statement.
  • Provide information about changes to the way your account(s) operate.
  • Notify Members of HCU’s Annual General Meeting (AGM) or any other relevant meetings that are convened.

For our legitimate interests

  • Debt tracing so that HCU can recover any debts owed to us.
  • The prevention of fraud.

With your consent

  • If you opted to receive Direct Marketing on your Membership Application Form, HCU will maintain our relationship with you including marketing and market research as well asany promotional information about HCU products, services and ongoing campaigns.
  • Under the General Data Protection Regulations (GDPR) you can withdraw your given consent at any time simply by completing a Halton Credit Union Direct Marketing Withdrawal Form.

Please Note:Opting in to receive direct marketing is not a condition of Membership.

Sharing your personal information

We will disclose information outside the Credit Union:

  • To third parties to help HCU confirm your identity and comply with money laundering legislation, to cover PEPs and sanctions checking.
  • To credit reference agencies and debt recovery agents who may check the information against other databases - private and public - to which they have access to.
  • For compliance and regulatory reporting - to any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations).
  • To fraud prevention agencies to help prevent crime or where we suspect fraud.
  • To any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account.
  • To anyone in connection with a reorganisation or merger of the Credit Unionbusiness.
  • Other parties for marketing purposes (only if you agree/d to this).

Please Note:The provision of false information is fraud and HCU may act if a Member is found to have deliberately provided false or misleading information on their application. This could entail notifying the appropriate regulators and authorities, includingpolice notification.

Your Nominee(s)

Under the new General Data Protection Regulations (GDPR) your nominee now has the right to be informed and must give their permission for HCU to hold their personal data (name, address and telephone number). However, if your nominee is already a member of HCU we will already have their permission to hold their information.

Providing a nominee is not a requirement to open an account with HCU, however in the event of your untimely death, if there is no nominee and we are unaware of your next of kin, any insurance payment or surplus shares may be paid to the UK Government.

Please Note:It is your responsibility to keep your nominee details up to date. A nominee form is to be completed and returned (not required if Nominee is a Member of HCU) with your application for Membership. You can change your nominee at any time using the appropriate forms.

Employees and Volunteers(also see HCU’s Individual Employee Privacy Notice)

We are committed to protecting our employees’ and volunteers’ privacy. Halton Credit Union requires any information marked as mandatory to either meet legal obligations or to perform our contract with you. Where you are not able to provide us with this information, we may not be able to offer you a role within the Credit Union. Where we request further information about you not required for these reasons, we will ask your consent.

How we use your personal information

As your employer Halton Credit Union needs to keep and process information about you for normal employment management and administrative purposes.Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • Confirm your identity.
  • Perform activity for the prevention of financial crime.
  • For performance of our contract with you.
  • Information gathered during the recruitment process.
  • Information obtained to ensure suitability for the role, including obtaining references and where necessary, disclosure and financial checks to ensure fitness and propriety.
  • Provide terms and conditions of employment.
  • Ensure payments of wages, pensions, or expenses.
  • Manage training records, review meetings and appraisals.
  • Manage details of grievances or disciplinary matters.
  • Undertake statistical analysis, to help evaluate the future needs of our staff and to help manage our business.
  • To manage absence including holidays, sickness,, maternity leave etc.

For vital purposes

  • Information on next of kin, health conditions and medication, in case of emergency.


Where we send your information

While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

Halton Credit Union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer that information to tax authorities in countries where you or a connected person may be tax resident.

Retaining your information

Halton Credit Union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period after you have left the Credit Union.

To read our policy for retaining members data please contact the Finance Manager direct on 01928 790571 check out our website for details.

Recording Telephone Calls

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help and prevent fraud or other crimes. We also operate CCTV in our offices.

Your Rights

Your rights (please note that T&C’s may apply) under data protection regulations are:

  • The right to access.
  • The right of rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to data processing.
  • Rights related to automating decision-making and profiling.
  • Right to withdraw consent.
  • The right to complain to the Information Commissioner’s Office.


Halton Credit Union will comply with regulatory and industrial standards in retaining information on its members, employees and volunteers including:

  1. Permanently retaining records pertaining to:
    • Register of Members
    • Rules and Amendments (as registered with the Financial Conduct Authority)
    • Minutes of annual and special general meetings and the meetings of the Board of Directors.
    • Members’ Share and Loan Register
    • Copies of Annual Returns
    • Health & Safety Consultations
  2. Retaining for 7 years:
    • Employer’s Liability Certificate
    • All record appertaining to the accounts of the Credit Union including:
      • Receipts and invoices.
      • Ledgers and cash books (whether manual or electronic)
      • Payroll Information
      • Corporation tax records
    • Disciplinary, working time and training, redundancy details (after employment ceases)
    • Employee details and records
    • Financial Promotions
    • Senior Management Arrangements Systems and Controls
    • Information pertinent to Regulatory References
    • Evidence of identity, member transactions, reports of suspicious transactions (internal and external)
    • Training records for anti-money laundering regulations
    • Loan Applications (after loan has been repaid)
    • Investment decisions, including making a subordinated loan to another Credit Union.
  3. Retaining for 3 years:
    • Accident Reports
    • Complaints (once resolved)
  4. Retaining for 1 year:
    • Application forms/interview notes for unsuccessful candidates


Your Rights Explained

The right to access

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.

The right to rectification

You have the right to have any inaccurate personal data about you corrected and, considering the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:

  • the personal data is no longer needed for the purpose it was originally processed.
  • you withdraw consent you previously provided to process the information.
  • you object to the processing under certain rules of data protection law.
  • the processing is for marketing purposes.
  • the personal data was unlawfully processed.

However, you may not erase this data where we need it to meet a legal obligation or where it is necessary for the establishment, exercise or defence of legal claims.

The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:

  • you contest the accuracy of the personal data.
  • processing is unlawful but you oppose erasure.
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims.
  • you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.

We will only otherwise process it:

  • with your consent.
  • for the establishment, exercise or defence of legal claims; or
  • for the protection of the rights of another natural or legal person.

The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to data portability

To the extent that the legal basis for our processing of your personal data is:

  • your consent; or that
  • the processing is necessary for the performance of our contract with you.

You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

Rights related to automatic processing

This Credit Union does not use an automated decision-making process for processing members’ loan applications. All loans are assessed by a member of staff. Members can express their point of view and obtain an explanation of the decision and challenge it.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

The right to complain to the Information Commissioner’s Office

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:

  1. Going to their website at:
  2. Phone on 0303 123 1113
  3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contact us about your rights

If you want more information on how Halton Credit Union and hold your data , or if you think we may be holding incorrect information, please get in touch on the details below and we will happily review the information we store. We will keep all the records we have on you unless you tell us otherwise.

If you would like to request a copy of all the personal details, we are holding on you then please get in touch on the details below. If you no longer wish us to hold your personal data, please contact us on the details below. Please note that we may not be able to provide you with our services without access to your data.

Any Amendments to this Privacy Policy

Halton Credit Union reserves the right at its sole discretion to amend this privacy statement at any time, and you should regularly check this privacy statement for any amendments on our website at for updates.

Please Note: HCU will not contact you for every small change, but if there are any important alterations to the Policy on how the Credit Union uses your information we will contact you and where appropriate ask for your consent.


Collection and Use of Information

The Credit Union will not collect any personal information about you on this website or mobile app for Android and iOS without your consent. We will let you know what we intend doing with your information before collecting it, so that you can decide whether to furnish that information to us.

Any information which is provided by you will be treated with the highest standards of security and confidentiality and in accordance with the terms of the Data Protection Act 1998, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data, and any implementing and/or amending legislation as may be adopted in the United Kingdom from time to time.

If at any time after giving us personal information you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you are free to notify us, and we will remove or rectify the information within a reasonable time and in accordance with legislative requirements.

You acknowledge and agree that in certain circumstances we may be obliged to disclose personal information relating to you to third parties, for example, in order to conform to any requirements of law or to comply with any legal process, as well as to protect and defend the rights of property of the Credit Union, our licensors and/or our other customers.

Telephone calls may be monitored or recorded to ensure that we carry out your instructions correctly and to help improve the quality of our service and in the interests of security.


With regards to the new requirements on Cookies following the revision of the e-Privacy Directive, the Credit Union is working towards implementing the new requirements in line with guidance from the Information Commissioner's Office. To make using our Site as straightforward as possible and to improve the service we offer you, we use cookies.

What are Cookies?

Cookies are text files that web servers can store on your computer's hard drive when you visit a website. There are two main types:

  • Transient (or per-session) cookies - These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.
  • Persistent (or permanent) cookies - These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive does not get overloaded. These cookies often store and re-enter your log-in information, so you do not need to remember membership details. ​

Additionally, cookies can be first- or third-party cookies. First party cookies are owned & created by the website you are viewing - in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third party cookies provided from this Site are still subject to the provisions set out below.

What we use cookies for:

Internet cookies help you do things online, like remembering logon details so you do not have to re-enter them when revisiting a site.

We use cookies to:

  • Gather customer journey information across our sites.
  • Ensure your privacy in our secure sites.
  • Temporarily store details input into our calculators, tools, illustrations and demonstrations.

We use both our own (first party) and partner companies' (third party) cookies to support these activities.

We do not use cookies to track people's Internet usage after leaving our sites.

Services requiring enabled cookies:

Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.

Changing your cookie settings:

You are not obliged to accept cookies that we send to you and you can in fact modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the Help, Tools or Edit facility). Alternatively, an external resource is available, providing specific information about cookies and how to manage them to suit your preferences.

Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example any online accounts you may hold.


Halton Credit Union, its Directors, employees, volunteers, agents, affiliates or other representatives, shall not be liable in respect of any claims, emergencies, demands, causes of action, damages, losses, expenses, including without limitation, reasonable legal fees and costs of proceedings arising out of or in connection with the use and/or dissemination of personal information relating to you in accordance with this privacy policy and your consents.

You should be aware that where you link to another website from the Credit Union website, that the Credit Union has no control over that other website. The Credit Union has no responsibility for the privacy practices of other websites.



INFORMATION COMMISSIONERS OFFICE (ICO)Overview of the Guide to the General Data Protection Regulation (GDPR) ation-gdpr/


INFORMATION COMMISSIONERS OFFICE (ICO) Guide to the Privacy and Electronic Communications Regulations




Credit Referencing Agencies

In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.


We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.


The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

        Transunion at

        Equifax at

        Experian at


They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.


Credit Reference Agencies also share information about people with many financial organisations.

Their records can tell us:

        whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;

        your previous addresses;

        information on any businesses you may own or have owned or directed;

        whether you are financially linked to another person, for example by having a joint account or shared credit;

        whether you have changed your name;

        whether you have been a victim of fraud.


Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.


They also use publicly available information to record information about people, including information from:

        The Royal Mail Postcode Finder and Address Finder;

        The Electoral Register;

        Companies House;

        The Accountant in Bankruptcy and other UK equivalents;

        The Insolvency Service and other UK equivalents;

        County Court Records.


This tells us, among other things:

        Your age, address and whereabouts;

        whether you are on the Electoral Register;

        whether you have been declared bankrupt;

        whether you are insolvent; and

        whether there are any County Court Judgements against you.


Credit Reference Agencies may also be Fraud Prevention Agencies.


We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:

        confirming your identity;

        verifying where you live;

        making sure what you have told us is accurate and true;

        checking whether you have overdue debts or other financial commitments; and

        confirming the number of your credit agreements and the balances outstanding together with your payment history.


We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:

        to identify, prevent and track fraud;

        to combat money laundering and other financial crime; and

        to help recover payment of unpaid debts.


We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.


Automated assessment

We may use automated decision making in processing your personal and financial information to make credit decisions.


It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.

The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.


When you apply for a loan and / or savings account up to five searches may appear on your credit file.  For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.


Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.


Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.


Fraud Prevention Agencies

We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.

The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.


We will share your:



        date of birth;

        contact details;

        financial information;

        employment details;

        Device identifiers, including IP address; and

        Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.


We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.


We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.


Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.


If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.


A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.