t: 01633 214913

e: info@newportcreditunion.co.uk

Privacy Policy

DATA PRIVACY NOTICE (Newport Credit Union Ltd)

Your personal data

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the "GDPR")

Who are we

Newport Credit Union Ltd is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.

How do we process your personal data

Newport Credit Union Ltd complies with its obligations under GDPR by keeping personal data up to date;

by storing and destroying it securely; by not collecting or retaining excessive amounts of data;

by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes;

· To enable us to provide products and services to our members.

· To administer membership accounts and records.

· To manage our employees and volunteers.

· To maintain our own accounts and records.

· Our processing also includes the use of CCTV systems for the prevention of crime.

· To operate the Newport Credit Union Ltd website and deliver the services that individuals have requested.

· To inform individuals of news, events, activities or services running at Newport Credit Union Ltd.

· To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.

· To recover debts owed to Newport Credit Union Ltd.

What is the legal basis for processing your personal data

Account management (operating your account and requests)

Legal obligation (Article 6): the processing of your personal data is necessary to comply with the law.

Example1; we are legally required to store your personal data for the life of your membership, plus 10 years, under Money Laundering regulations (provided a minimum of one transaction has been processed on your account).

Legitimate interests (Article 6): we possess a legitimate interest to process your personal data for the benefit of yourself and Newport Credit Union Ltd.

Example2; we need to securely hold your personal data to help identify you and process your requests.

Keeping you informed (relevant product & service updates)

Legal obligation (Article 6): the processing of your personal data is necessary to comply with the law.

Example3; we have a legal obligation to send you notice of the AGM (annual general meeting) and a statement of account once a year.

Legitimate interests (Article 6): we possess a legitimate interest to process your personal data for the benefit of yourself and Newport Credit Union Ltd.

Example4; we may send an update on your current loan status from time-to-time, advising on the availability of a loan 'top-up' (increase).

Marketing (new or unrelated product & service updates)

Consent (Article 6): you have provided clear consent for us to process your personal data for marketing products and services which are new to Newport Credit Union Ltd or yourself.

Example5; we may market savings products to you when previously you have only borrowed from Newport Credit Union Ltd.

Market research (making improvements to our products & services)

Legitimate interests (Article 6): we possess a legitimate interest to process your personal data for the benefit of yourself and Newport Credit Union Ltd.

Example6; we may send out the occasional survey to better understand our members and improve our products and services.

Member wellbeing (awareness of health issues to support your membership)

Consent (Article 6): you have provided clear consent for us to process personal data on your health for the purpose of supporting your membership.

Explicit Consent (Article 9): you have provided explicit consent for us to process personal data on your health for the purpose of supporting your membership.

Example7; we provide you with the option to inform us of any particular needs or requirements regarding disability, health or otherwise. This information is voluntary and consent can be withdrawn at any time.

Loan insurance (utilising health data to assess suitability of your loan application)

Legitimate interests (Article 6): we possess a legitimate interest to process personal data on your health for attaining the suitability of your loan application for insurance purposes.

Explicit Consent (Article 9): you have provided explicit consent for us to process personal data on your health for attaining the suitability of your loan application for insurance purposes.

Example8; when completing a loan application, you are required to confirm you are 'in good health' and 'not suffering from a life-threatening condition'. This information is for insurance purposes and integral to the loan application.

Sharing your personal data

Your personal data will be treated as strictly confidential, and may be shared only with the following third parties;

· IT support & back-up

· Software providers

· Department of Work and Pensions

· Debt recovery agencies

· Court and legal services

· Credit reference agencies

· HMRC

Unless listed or categorised above, we will only share your data with third parties outside of the organisation with your consent.

How long do we keep your personal data

We keep your personal data for no longer than reasonably necessary for a period of;

· The life of your membership, plus 6 years, in order to comply with financial reporting processes.

OR

· The life of your membership, plus 10 years in order to comply with Money Laundering regulations. This will take precedence over the condition above, provided one or more transactions have been processed on your account.

Your rights and your personal data

Unless subject to an exemption (under GDPR), you have the following rights with respect to your personal data;

· The right to request a copy of your personal data which Newport Credit Union Ltd holds about you;

· The right to request that Newport Credit Union Ltd corrects any personal data if it is found to be inaccurate or out of date;

· The right to request your personal data is erased where it is no longer necessary for Newport Credit Union Ltd to retain such data;

· The right to withdraw your consent to the processing at any time, when not in conflict with a contract or legal requirement;

· The right to request that Newport Credit Union Ltd provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).

· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

· The right to object to the processing of personal data, (where applicable)

· The right to lodge a complaint with the Information Commissioners Office.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

To exercise all relevant rights, queries of complaints please in the first instance, contact;

Data Protection Team

data@newportcreditunion.co.uk | 01633 214913

Newport Credit Union Ltd, Indoor Market, Upper Dock Street, Newport, NP20 1DD


Newport Credit Union, The Indoor Market, Upper Dock Street, Newport, South Wales, NP20 1DD Telephone 01633 214913
Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority

fscs cu cymru