This statement informs members of Eden & South Lakeland Credit Union (ESLCU) about how the credit union manages their personal information in the course of providing its services. It has been prepared in response to the General Data Protection Regulation (GDPR) that was issued by the European Union (EU) and adopted in law by the United Kingdom Government. GDPR came into force on 25 May 2018 and will remain in force in the UK after we leave the EU.
What are Personal Data?
Under GDPR, personal data are defined as any items of information relating to an identified or identifiable person and can include such items as name, address, other contact details, date of birth, gender, National Insurance number, financial information, bank details, credit ratings, etc. Some items of information, such as ethnic origin, political affiliations, health data, biometric data (e.g. fingerprints), sexual orientation are termed sensitive personal data.
People about whom personal information or data are collected and stored are known as data subjects under GDPR.
Consent is required for ESLCU to process both types of personal data, and it must be explicitly given by the data subject. Where we are asking you for sensitive personal data we will always tell you at the time why and how that information will be used.
Why does ESLCU need to collect, use and store personal data?
We need to collect, use and store personal data in order for us to provide you with a service and manage your account.
The personal data we collect from you will be used for the following purposes:
- Establishing your identity
- Establishing the type of account that is applicable to you
- Identifying you as a member of ESLCU
- Communicating and corresponding with you as a member
- Performing regulatory checks which include:
- Anti-money laundering checks
- Politically exposed person checks
- HM Treasury sanctions checks.
Your identity information is required to comply with International Tax Regulations and to establish UK residency status.
We are committed to ensuring that all the information we collect and use is appropriate for these purposes, and does not constitute an invasion of your privacy. We may pass your personal data on to our service providers (currently Burnetts Solicitors, Department of Work & Pensions (DWP), Equifax Credit Reference, and Lindley Adams, Auditors) who are contracted to ESLCU. Our contractors and service providers are also subject to GDPR and are obliged to keep your details securely and use them only to fulfil the service they provide on our behalf. Once the service need has been satisfied or your case has been closed, they will dispose of the details in line with GDPR.
ESLCU is registered with the Financial Services Compensation scheme (FSCS). In the event that the credit union is unable to meet its obligations to savers, it will be required to share personal information with the FSCS so that compensation can be paid to members under the scheme.
We will only collect, use and store your personal data with your consent. This is sought at the time that you request us to provide a service, e.g. opening an account or applying for a loan. By consenting to the collection of your personal data, you are giving us permission to perform actions associated with providing that service. If we propose to pass your personal data onto a third party as part of providing the service, we will only do so once we have obtained your consent. In some circumstances we may be required by law to share personal data with a third party in which case we are not required to obtain your consent.
We will only send you marketing communications with your explicit consent such that you ‘opt in’.
You may withdraw consent at any time by making a request to the Data Protection Officer, ESLCU. If withdrawal of consent prevents us from using information that is essential to providing a proper service, it will become necessary to close your account and we will advise you accordingly. Please note that there may be legal or contractual reasons by we are unable to comply with a request to withdraw consent to process information and you will be advised if this is the case.
How ESLCU uses your information
ESLCU will process – that means collect, use and store – the information you provide in a manner that is compatible with the GDPR. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases ESLCU will use its discretion to ensure that we do not keep records outside of our normal business requirements.
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
The legislation under which credit unions operate obliges us to maintain records of members and transactions to satisfy various regulatory requirements. These records will be maintained only for the legally prescribed period and purpose.
Your rights as a data subject
ESLCU members, as data subjects whose personal information is being processed by us, have certain rights under GDPR. These include:
- The right to be informed about the processing of your personal data.
- The right to access personal data of yours that we hold.
- The right to correct errors in the personal data of yours that we hold.
- The right to have all your personal data erased or deleted (please note that exerting this right will mean we can no longer provide you with a service, and there may be legal or contractual reasons why we cannot comply).
- The right to restrict processing of your personal data (applies only in certain circumstances).
More detailed information about how ESLCU manages your personal data can be found in a separate Fair Processing Notice.
If you require further information or advice or you wish to exert a right or withdraw consent, please contact:
The Data Protection Officer
Eden & South Lakeland Credit Union Ltd, 34 Devonshire Arcade, Penrith, CA11 7SX.
Telephone: 01768 890065 - Email: email@example.com