Wirral Credit Union Privacy Notice
We are committed to protecting our members’ privacy. The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.
How we use your personal information
Wirral Credit Union may process, transfer and/or share personal information in the following ways:
For legal reasons
- confirm your identity
- perform activity for the prevention of financial crime
- carry out internal and external auditing
- record basic information about you on a register of members
For performance of our contract with you
- deal with your account(s) or run any other services we provide to you;
- consider any applications made by you;
- carry out credit checks and to obtain and provide credit references
- undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business
- To send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account(s) operate and notification of our annual general meeting.
For our legitimate interests
- recover any debts owed to Wirral Credit Union
With your consent
- maintain our relationship with you including marketing and market research (if you agree to them)
Sharing your personal information
We will disclose information outside the credit union:
- to third parties to help us confirm your identity to comply with money laundering legislation
- to credit reference agencies and debt recovery agents who may check the information against other databases – private and public – to which they have access to
- to any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations)
- to fraud prevention agencies to help prevent crime or where we suspect fraud;
- to any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s)
- To our suppliers for them to provide services to us and/or to you on our behalf
- to anyone in connection with a reorganisation or merger of the credit union’s business
- other parties for marketing purposes (if you agree to this)
Where we send your information
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.
The credit union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK. For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer than information to tax authorities in countries where you or a connected person may be tax resident.
Retaining your information
The credit union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period after you have left the credit union.
To read our policy for retaining members data please see: www.wirralcu.org.uk or contact us at: firstname.lastname@example.org
Recording Telephone Calls
We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help and prevent fraud or other crimes. We also operate CCTV in our offices.
WCU’s DATA RETENTION POLICY
Wirral Credit Union will comply with regulatory and industrial standards in retaining information on its members, employees and volunteers including:
- Permanently retaining records pertaining to:
- Register of Members
- Rules and Amendments (as registered with the Financial Conduct Authority)
- Minutes of annual and special general meetings and the meetings of the Board of Directors.
- Members’ Share and Loan Register
- Copies of Annual Returns
- Health & Safety Consultations
- Retaining for 7 years:
- Employer’s Liability Certificate
- All record appertaining to the accounts of the Credit Union including:
- Receipts and invoices.
- Ledgers and cash books (whether manual or electronic)
- Payroll Information
- Corporation tax records
- Disciplinary, working time and training, redundancy details (after employment ceases)
- Employee details and records
- Financial Promotions
- Senior Management Arrangements Systems and Controls
- Information pertinent to Regulatory References
- Evidence of identity, member transactions, reports of suspicious transactions (internal and external)
- Training records for anti-money laundering regulations
- Loan Applications (after loan has been repaid)
- Investment decisions, including making a subordinated loan to another Credit Union.
- Retaining for 3 years:
- Accident Reports
- Complaints (once resolved)
- Retaining for 1 year:
- Application forms/interview notes for unsuccessful candidates
Credit Referencing Agencies
In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:
- Transunion at www.transunion.co.uk/crain
- Equifax at www.equifax.co.uk/crain
- Experian at www.experian.co.uk/crain
They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.
Credit Reference Agencies also share information about people with many financial organisations.
Their records can tell us:
- whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
- your previous addresses;
- information on any businesses you may own or have owned or directed;
- whether you are financially linked to another person, for example by having a joint account or shared credit;
- whether you have changed your name;
- whether you have been a victim of fraud.
Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.
They also use publicly available information to record information about people, including information from:
- The Royal Mail Postcode Finder and Address Finder;
- The Electoral Register;
- Companies House;
- The Accountant in Bankruptcy and other UK equivalents;
- The Insolvency Service and other UK equivalents;
- County Court Records.
This tells us, among other things:
- Your age, address and whereabouts;
- whether you are on the Electoral Register;
- whether you have been declared bankrupt;
- whether you are insolvent; and
- whether there are any County Court Judgements against you.
Credit Reference Agencies may also be Fraud Prevention Agencies.
We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:
- confirming your identity;
- verifying where you live;
- making sure what you have told us is accurate and true;
- checking whether you have overdue debts or other financial commitments; and
- confirming the number of your credit agreements and the balances outstanding together with your payment history.
We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:
- to identify, prevent and track fraud;
- to combat money laundering and other financial crime; and
- to help recover payment of unpaid debts.
We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.
We may use automated decision making in processing your personal and financial information to make credit decisions.
It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.
The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.
When you apply for a loan and / or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.
Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.
Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.
Fraud Prevention Agencies
We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.
The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.
We will share your:
- date of birth;
- contact details;
- financial information;
- employment details;
- Device identifiers, including IP address; and
- Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.
Your rights under data protection regulations are:
- The right to access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to data processing
- Rights related to automating decision-making and profiling
- Right to withdraw consent
- The right to complain to the Information Commissioner’s Office
Please see our website here:
Your rights explained
Right to Access
You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. You can access your personal data by contacting us email@example.com
The right to rectification
You have the right to have any inaccurate personal data about you corrected and, considering the purposes of the processing, to have any incomplete personal data about you completed.
The right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:
- the personal data is no longer needed for the purpose it was originally processed
- you withdraw consent you previously provided to process the information
- you object to the processing under certain rules of data protection law
- the processing is for marketing purposes
- the personal data was unlawfully processed
However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims.
The right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:
- you contest the accuracy of the personal data;
- processing is unlawful, but you oppose erasure;
- we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and
- you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.
We will only otherwise process it:
- with your consent;
- for the establishment, exercise or defence of legal claims; or
for the protection of the rights of another natural or legal person;
The right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose
The right to data portability
To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of our contract with you
You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.
Right to withdraw consent
To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
The right to complain to the Information Commissioner’s Office
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:
- Going to their website at: https://ico.org.uk
- Phone on 0303 123 1113
- Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Cookies and Privacy
What are cookies and why do we use them?
Consent and changing your cookie settings?
Google cookie details
- Cookie Name == “Google Analytics”
This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets cookies in order to evaluate your use of the website and compile reports for us on activity on the site.
Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
How to reject or delete this cookie: www.google.com/intl/en/privacypolicy.html
Contact us about your rights
For more information about how your rights apply to your membership of the credit union or to make a request under your rights you can contact us firstname.lastname@example.org or 0151 638 4332. We will aim to respond to your request or query within one month or provide an explanation of the reason for our delay.
Contact details of credit union
Name: DATA OFFICER
Address: Wirral Credit Union
403 Poulton Road
Phone: 0151 638 4332
Updated September 2021