Privacy

Keeping your data safe

1. Introduction

We are committed to protecting our members’ privacy. The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you.

Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.

2. How we use personal information

Churches Mutual Credit Union (Churches Mutual) may process, transfer and/or share your personal information in the following ways:

2.1. For legal obligations

to confirm your identity
to perform activity for the prevention of money laundering and financial crime
to carry out internal and external auditing
to record basic information about you on a register of members

2.2. For performance of our contract with members

to deal with your account(s) or run any other services we provide to you;
to consider any applications made by you;
to carry out credit checks and to obtain and provide credit references
to undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business

2.3. For legitimate interests

to conduct activity for the purposes of debt recovery

2.4. With your consent

to inform your of products and services by direct marketing (unless you specifically objected to this), or to conduct market research.

As a member of the credit union you agree that we can send you statements, new terms & conditions, information about changes to the way your account(s) operate and notification of our annual general meeting.

3. Sharing personal information

3.1 Churches Mutual will disclose information outside the credit union only:

to third parties to help us confirm your identity to comply with anti-money laundering legislation to credit reference agencies and debt recovery agents who may check the information against other databases – private and public – to which they have access
to any authorities or other parties if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations)
to fraud prevention agencies to help prevent crime or where we suspect fraud
to any persons, including, but not limited to, insurers, who provide a service or benefits to our members for us in connection with their account(s)
to our suppliers in order for them to provide services to us and/or to our members on our behalf
to anyone in connection with a reorganisation or merger of the credit union’s business

4. Where we send personal information

4.1. While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

The credit union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending members’ information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer than information to tax authorities in countries where the member or a connected person may be tax resident

5. Retaining Personal Information

Churches Mutual will need to hold information for various lengths of time depending on what we use the data for. In many cases we will hold this information for a period of time after the member leaves the credit union but this must be reasonable and clearly stated.

A summary of our policy for retaining members’ data is available and a full copy is freely available upon request from admin@cmcu.org.uk.

6. Credit Referencing Agencies

In order to process credit applications Churches Mutual supplies personal information to credit reference agencies (CRAs) in exchange for information about the applicant, such as financial history. This is a legitimate interest as it allows Churches Mutual to assess creditworthiness and product suitability, check identity, trace and recover debts and prevent criminal activity.

Churches Mutual will also continue to exchange information about members with CRAs on an ongoing basis, including about settled accounts and any debts not fully repaid on time. CRAs will share information with other organisations. This data will also be linked to the data of a spouse (if applicable), any joint applicants or other financial associates. This may affect an individual’s ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail by:

Transunion at www.transunion.co.uk/crain
Equifax at www.equifax.co.uk/crain
Experian at www.experian.co.uk/crain

For Information – Churches Mutual uses Transunion as its CRA.

7. Your Rights

Your rights under data protection regulations are:

7.1 The right to access

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. Please contact the credit union for more information on how to exercise this right.

7.2 The right of rectification

You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

7.3 The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:

7.3.1 the personal data is no longer needed for the purpose it was originally processed

7.3.2 you withdraw consent you previously provided to process the information

7.3.3 you object to the processing under certain rules of data protection law

7.3.4 the processing is for marketing purposes

7.3.5 the personal data was unlawfully processed

However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims.

7.4 The right to data portability

To the extent that the legal basis for our processing of your personal data is:

7.4.1 consent; or

7.4.2 that the processing is necessary for the performance of our contract with you

You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

7.5 The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data.

Those circumstances are:

7.5.1 you contest the accuracy of the personal data;

7.5.2. processing is unlawful but you oppose erasure;

7.5.3 we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and

7.5.4. you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.

7.5.5 We will only otherwise process it:

with your consent
for the establishment, exercise or defence of legal claims; or
for the protection of the rights of another natural or legal person

7.6 The right to object to data processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

7.7 Rights related to automating decision-making and profiling

Churches Mutual does not use automated processes for processing members’ loan or membership applications. If in future the credit union does use fully automated decision processes then you will have the right to have the decision reviewed by a member of staff, express their point of view, and obtain an explanation of the decision and challenge it.

7.8 Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

7.9 The right to complain to the Information Commissioner’s Office

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK.

You can contact them by:

Going to their website at: https://ico.org.uk

Phone on 0303 123 1113

Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

For more information about how your rights apply to your membership of the credit union or to make a request under your Subject Access Rights you can contact us on admin@cmcu.org.uk or 01452 500 463.

8. Cookies

To provide you with a good online journey, we will store a number of cookies on your machine, to help us associate important information with you.

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies, such as Google Analytics, to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

9. External Links

You may encounter links to external websites when using our website, this policy does not cover these websites and we encourage you to view each website’s privacy policy before submitting any information.

10. How to Contact Us

If you want more information on how we use and hold your data, or if you think we may be holding incorrect information, please get in touch on the details below and we will happily review the information we store. We will keep all the records we have on you unless you tell us otherwise.

If you would like to request a copy of all the personal details we are holding on you then please get in touch on the details below. If you no longer wish us to hold your personal data, please contact us on the details below.

Please note that we may not be able to provide you with our services without access to your data.