Skip to main content

Credit Union Privacy Notice

HALTON CREDIT UNION AND YOUR PRIVACY

Halton Credit Union Privacy and Data Protection Statement

In accordance with the Data Protection Act 2018, and the General Data Protection Regulation 2018, Halton Credit Union will ensure that your personal data is processed lawfully, fairly and transparently. All data will be collected for a specific, clear-cut, legitimate purpose and will not be processed in a manner incompatible with those purposes. Any personal data held by HCU will be accurate, kept up to date.

Halton Credit Union Ltd will not pass your personal data on to any third parties except where processing by a third party is necessary for the performance of a task or a contract. We will use your data to process your application and to help manage your account(s) and any service you use. Your personal details will be treated confidentially and will only be shared with other agencies e.g. HM Revenue and Customs for tax regulation and appropriate agencies for the purposes ofcredit referencing, fraud prevention and debt recovery.

A full copy of HCU’s Privacy Policy can be found in your joining pack or on our website. You can ask for a copy of the policy by contacting a local branch.

The General Data Protection Regulation (GDPR) is the legal framework which sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU)and came into force on May 25th, 2018.The Data Protection Act 2018 is the UK’s implementation of the General Protection Regulation (GDPR).

A set of Data Protection Principles underpin the new GDPR which set out obligations for businesses and organisations, like Halton Credit Union, that collect, process and store individuals' personal data.

These principles help customers gain a greater level of control over their data, while offering more transparency throughout the data collection and use process, especially during this digital age we are now living in.

Data is collated, processed, and stored in accordance with HCU’s strict security and safeguarding measures, deeming that all information is kept safe and secure.

To ensures all personal data is kept safe and secure HCU certifies that:

  • Credit Union staff and volunteers receive regular training in GDPR and Data Protection.
  • The software database used is password protected.
  • The database has various authorisation rights and permissions granted for different users/administrators. Once a user has been properly identified and authenticated, authorisation levels determine the extent of system rights the user has access to, such as (but not limited to) being able to manipulate certain data and/or run particular reports.
  • Any confidential paperwork is shredded after use and discarded appropriately.

The GDPR also includes an additional accountability principle which determines that businesses and organisations cannot just claim they follow these principles, to be compliant they now must show how they do. HCU has compiled a Data Protection Control (Impact Assessment) Document which does exactly that.

To ensure compliancy, HCU must adhere to the following six principles ensuring that all personal data collated, processed, and stored must be treated in a way that is:

  1. Lawful, fair, and transparent There must be legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they would not expect.
  2. Limited for its purpose Data should be collected for specified and explicit purposes and not used in a way someone would not expect.
  3. Adequate and necessary It must be clear why the data is being collected and what will be done with it. Unnecessary data or information without any purpose should not be collected.
  4. Accurate Reasonable steps must be taken to keep the information up to date and to change it if it is inaccurate.
  5. Not kept longer than needed Data should not be kept for longer than is needed, and it must be properly destroyed or deleted when it is no longer used or goes out of date.
  6. Integrity and confidentiality Data should be processed in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, loss, damage, or destruction, and kept safe and secure.

HALTON CREDIT UNION PRIVACY NOTICES

Senior Members

Halton Credit Union is committed to protecting its Members’ privacy.

All applications for Membership must whether completed in person or online must be completed IN FULL. The information requested is mandatory for HCU to meet its legal obligations and to enable the Credit Union to carry out its contract with you. If you are not able to provide us with this information, we may not be able to open an account for you. If we request further information about you which is not required for the reasons given, we will ask you for your consent.

How we use your personal information

HCU will process your data in accordance with your rights under the Data Protection Act 2018.

Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • To confirm your identity.
  • To perform activity for the prevention of financial crime.
  • To carry out mandatory internal and external auditing.

To record basic information about you on our Membership Register.

Junior Savers

Halton Credit Union is committed to protecting your child’s privacy and for Children under the age of 16 we require parental consent to process a child’s data.

All applications for Membership must whether completed in person or online must be completed IN FULL. The information requested is mandatory for HCU to meet its legal obligations and to enable the Credit Union to carry out its contract with you and your child. If you are not able to provide us with this information, we may not be able to open an account for you. If we request further information about you which is not required for the reasons given, we will ask you for your consent.

How we use your personal information

Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • Confirm the identity of the child and their parent/guardian.
  • Perform activity for the prevention of financial crime.
  • Carry out internal and external auditing.
  • Record basic information about the child on our Membership Register.

All Members

How HCU will fulfil our contract with you

  • Deal with your account(s) or run any other services we provide to you.
  • Consider any applications made by you.
  • Collect information which will enable staff to tailor a service suited to your individual needs. This will be recorded so you do not have to repeat yourself every time you make contact with us.We will only use this information to assist you and ensure that you are given the right information to make an informed choice.
  • Undertake statistical analysis, to help evaluate the future needs of our Members and to help manage our business.
  • Send out annual account statements.
  • Inform Members of any new terms &conditions, including changes to this privacy statement.
  • Provide information about changes to the way your account(s) operate.
  • Notify Members of HCU’s Annual General Meeting (AGM) or any other relevant meetings that are convened.

For our legitimate interests

  • Debt tracing so that HCU can recover any debts owed to us.
  • The prevention of fraud.

With your consent

  • If you opted to receive Direct Marketing on your Membership Application Form, HCU will maintain our relationship with you including marketing and market research as well asany promotional information about HCU products, services and ongoing campaigns.
  • Under the General Data Protection Regulations (GDPR) you can withdraw your given consent at any time simply by completing a Halton Credit Union Direct Marketing Withdrawal Form.

Please Note:Opting in to receive direct marketing is not a condition of Membership.

Sharing your personal information

We will disclose information outside the Credit Union:

  • To third parties to help HCU confirm your identity and comply with money laundering legislation, to cover PEPs and sanctions checking.
  • To credit reference agencies and debt recovery agents who may check the information against other databases - private and public - to which they have access to.
  • For compliance and regulatory reporting - to any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations).
  • To fraud prevention agencies to help prevent crime or where we suspect fraud.
  • To any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account.
  • To anyone in connection with a reorganisation or merger of the Credit Unionbusiness.
  • Other parties for marketing purposes (only if you agree/d to this).

Please Note:The provision of false information is fraud and HCU may act if a Member is found to have deliberately provided false or misleading information on their application. This could entail notifying the appropriate regulators and authorities, includingpolice notification.

Your Nominee(s)

Under the new General Data Protection Regulations (GDPR) your nominee now has the right to be informed and must give their permission for HCU to hold their personal data (name, address and telephone number). However, if your nominee is already a member of HCU we will already have their permission to hold their information.

Providing a nominee is not a requirement to open an account with HCU, however in the event of your untimely death, if there is no nominee and we are unaware of your next of kin, any insurance payment or surplus shares may be paid to the UK Government.

Please Note:It is your responsibility to keep your nominee details up to date. A nominee form is to be completed and returned (not required if Nominee is a Member of HCU) with your application for Membership. You can change your nominee at any time using the appropriate forms.

Employees and Volunteers(also see HCU’s Individual Employee Privacy Notice)

We are committed to protecting our employees’ and volunteers’ privacy. Halton Credit Union requires any information marked as mandatory to either meet legal obligations or to perform our contract with you. Where you are not able to provide us with this information, we may not be able to offer you a role within the Credit Union. Where we request further information about you not required for these reasons, we will ask your consent.

How we use your personal information

As your employer Halton Credit Union needs to keep and process information about you for normal employment management and administrative purposes.Your information may be processed, transferred and/or shared by this Credit Union in any form and on any database used by us for the following purposes:

For legal reasons

  • Confirm your identity.
  • Perform activity for the prevention of financial crime.
  • For performance of our contract with you.
  • Information gathered during the recruitment process.
  • Information obtained to ensure suitability for the role, including obtaining references and where necessary, disclosure and financial checks to ensure fitness and propriety.
  • Provide terms and conditions of employment.
  • Ensure payments of wages, pensions, or expenses.
  • Manage training records, review meetings and appraisals.
  • Manage details of grievances or disciplinary matters.
  • Undertake statistical analysis, to help evaluate the future needs of our staff and to help manage our business.
  • To manage absence including holidays, sickness,, maternity leave etc.

For vital purposes

  • Information on next of kin, health conditions and medication, in case of emergency.

FOR ALL

Where we send your information

While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

Halton Credit Union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer that information to tax authorities in countries where you or a connected person may be tax resident.

Retaining your information

Halton Credit Union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period after you have left the Credit Union.

To read our policy for retaining members data please contact the Finance Manager direct on 01928 790571 check out our website for details.

Recording Telephone Calls

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help and prevent fraud or other crimes. We also operate CCTV in our offices.

Your Rights

Your rights (please note that T&C’s may apply) under data protection regulations are:

  • The right to access.
  • The right of rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to data processing.
  • Rights related to automating decision-making and profiling.
  • Right to withdraw consent.
  • The right to complain to the Information Commissioner’s Office.

HCU’s DATA RETENTION POLICY

Halton Credit Union will comply with regulatory and industrial standards in retaining information on its members, employees and volunteers including:

  1. Permanently retaining records pertaining to:
    • Register of Members
    • Rules and Amendments (as registered with the Financial Conduct Authority)
    • Minutes of annual and special general meetings and the meetings of the Board of Directors.
    • Members’ Share and Loan Register
    • Copies of Annual Returns
    • Health & Safety Consultations
  2. Retaining for 7 years:
    • Employer’s Liability Certificate
    • All record appertaining to the accounts of the Credit Union including:
      • Receipts and invoices.
      • Ledgers and cash books (whether manual or electronic)
      • Payroll Information
      • Corporation tax records
    • Disciplinary, working time and training, redundancy details (after employment ceases)
    • Employee details and records
    • Financial Promotions
    • Senior Management Arrangements Systems and Controls
    • Information pertinent to Regulatory References
    • Evidence of identity, member transactions, reports of suspicious transactions (internal and external)
    • Training records for anti-money laundering regulations
    • Loan Applications (after loan has been repaid)
    • Investment decisions, including making a subordinated loan to another Credit Union.
  3. Retaining for 3 years:
    • Accident Reports
    • Complaints (once resolved)
  4. Retaining for 1 year:
    • Application forms/interview notes for unsuccessful candidates

 

Your Rights Explained

The right to access

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.

The right to rectification

You have the right to have any inaccurate personal data about you corrected and, considering the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:

  • the personal data is no longer needed for the purpose it was originally processed.
  • you withdraw consent you previously provided to process the information.
  • you object to the processing under certain rules of data protection law.
  • the processing is for marketing purposes.
  • the personal data was unlawfully processed.

However, you may not erase this data where we need it to meet a legal obligation or where it is necessary for the establishment, exercise or defence of legal claims.

The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:

  • you contest the accuracy of the personal data.
  • processing is unlawful but you oppose erasure.
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims.
  • you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.

We will only otherwise process it:

  • with your consent.
  • for the establishment, exercise or defence of legal claims; or
  • for the protection of the rights of another natural or legal person.

The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to data portability

To the extent that the legal basis for our processing of your personal data is:

  • your consent; or that
  • the processing is necessary for the performance of our contract with you.

You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

Rights related to automatic processing

This Credit Union does not use an automated decision-making process for processing members’ loan applications. All loans are assessed by a member of staff. Members can express their point of view and obtain an explanation of the decision and challenge it.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

The right to complain to the Information Commissioner’s Office

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:

  1. Going to their website at: https://ico.org.uk
  2. Phone on 0303 123 1113
  3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contact us about your rights

If you want more information on how Halton Credit Union and hold your data , or if you think we may be holding incorrect information, please get in touch on the details below and we will happily review the information we store. We will keep all the records we have on you unless you tell us otherwise.

If you would like to request a copy of all the personal details, we are holding on you then please get in touch on the details below. If you no longer wish us to hold your personal data, please contact us on the details below. Please note that we may not be able to provide you with our services without access to your data.

Any Amendments to this Privacy Policy

Halton Credit Union reserves the right at its sole discretion to amend this privacy statement at any time, and you should regularly check this privacy statement for any amendments on our website at www.halton.co.uk/privacynotice for updates.

Please Note: HCU will not contact you for every small change, but if there are any important alterations to the Policy on how the Credit Union uses your information we will contact you and where appropriate ask for your consent.

WEBSITE PRIVACY POLICY

Collection and Use of Information

The Credit Union will not collect any personal information about you on this website or mobile app for Android and iOS without your consent. We will let you know what we intend doing with your information before collecting it, so that you can decide whether to furnish that information to us.

Any information which is provided by you will be treated with the highest standards of security and confidentiality and in accordance with the terms of the Data Protection Act 1998, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data, and any implementing and/or amending legislation as may be adopted in the United Kingdom from time to time.

If at any time after giving us personal information you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you are free to notify us, and we will remove or rectify the information within a reasonable time and in accordance with legislative requirements.

You acknowledge and agree that in certain circumstances we may be obliged to disclose personal information relating to you to third parties, for example, in order to conform to any requirements of law or to comply with any legal process, as well as to protect and defend the rights of property of the Credit Union, our licensors and/or our other customers.

Telephone calls may be monitored or recorded to ensure that we carry out your instructions correctly and to help improve the quality of our service and in the interests of security.

Cookies

With regards to the new requirements on Cookies following the revision of the e-Privacy Directive, the Credit Union is working towards implementing the new requirements in line with guidance from the Information Commissioner's Office. To make using our Site as straightforward as possible and to improve the service we offer you, we use cookies.

What are Cookies?

Cookies are text files that web servers can store on your computer's hard drive when you visit a website. There are two main types:

  • Transient (or per-session) cookies - These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.
  • Persistent (or permanent) cookies - These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive does not get overloaded. These cookies often store and re-enter your log-in information, so you do not need to remember membership details. ​

Additionally, cookies can be first- or third-party cookies. First party cookies are owned & created by the website you are viewing - in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third party cookies provided from this Site are still subject to the provisions set out below.

What we use cookies for:

Internet cookies help you do things online, like remembering logon details so you do not have to re-enter them when revisiting a site.

We use cookies to:

  • Gather customer journey information across our sites.
  • Ensure your privacy in our secure sites.
  • Temporarily store details input into our calculators, tools, illustrations and demonstrations.

We use both our own (first party) and partner companies' (third party) cookies to support these activities.

We do not use cookies to track people's Internet usage after leaving our sites.

Services requiring enabled cookies:

Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.

Changing your cookie settings:

You are not obliged to accept cookies that we send to you and you can in fact modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the Help, Tools or Edit facility). Alternatively, an external resource is available, providing specific information about cookies and how to manage them to suit your preferences.

Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example any online accounts you may hold.

Disclaimer​

Halton Credit Union, its Directors, employees, volunteers, agents, affiliates or other representatives, shall not be liable in respect of any claims, emergencies, demands, causes of action, damages, losses, expenses, including without limitation, reasonable legal fees and costs of proceedings arising out of or in connection with the use and/or dissemination of personal information relating to you in accordance with this privacy policy and your consents.

You should be aware that where you link to another website from the Credit Union website, that the Credit Union has no control over that other website. The Credit Union has no responsibility for the privacy practices of other websites.

LINKS TO ADDITIONAL RESOURCES AND INFORMATION

DATA PROTECTION ACT 1998

https://www.legislation.gov.uk/ukpga/1998/29/contents

INFORMATION COMMISSIONERS OFFICE (ICO)Overview of the Guide to the General Data Protection Regulation (GDPR)

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regul ation-gdpr/

THE PRIVACY AND ELECTRONIC COMMUNICATIONS (EC DIRECTIVE)Regulations 2003

https://www.legislation.gov.uk/uksi/2003/2426/contents/made

INFORMATION COMMISSIONERS OFFICE (ICO) Guide to the Privacy and Electronic Communications Regulations

https://ico.org.uk/for-organisations/guide-to-pecr/

FACEBOOK PRIVACY POLICY​

https://www.facebook.com/about/privacy/

TWITTER PRIVACY POLICY

https://twitter.com/en/privacy

GOOGLE PRIVACY POLICY

https://policies.google.com/privacy