Blues & Twos Credit Union

Privacy Notice

Blues and Twos Credit Union Privacy Notice

When you join Blues and Twos Credit Union we ask for information about you for our records. This makes us a data controller and as such, we are subject to all of the regulation surrounding Data Protection.

The data you provide will be held securely and will be treated with the highest standard of confidentiality. It will be used only to provide the services we offer and will not be sold on to third parties for marketing purposes.

The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.

 

How we use your personal information

Blues & Twos credit union may process, transfer and/or share personal information in the following ways:

For legal reasons

  • confirm your identity
  • perform activity for the prevention of financial crime
  • carry out internal and external auditing
  • record basic information about you on a register of members

For performance of our contract with you

  • deal with your account(s) or run any other services we provide to you;
  • consider any applications made by you;
  • carry out credit checks and to obtain and provide credit references
  • undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business
  • To send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account(s) operate and notification of our annual general meeting.

For our legitimate interests

  • recover any debts owed to us

With your consent

  • maintain our relationship with you including marketing and market research (if you agree to them).

Sharing your personal information
We will disclose information outside the credit union:

  • to third parties to help us confirm your identity to comply with money laundering legislation
  • to credit reference agencies and debt recovery agents who may check the information against other databases – private and public – to which they have access to
  • to any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations)
  • to fraud prevention agencies to help prevent crime or where we suspect fraud;
  • to any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s)
  • to our recommended prepaid card provider upon receipt of your completed application for a prepaid card
  • To our suppliers in order for them to provide services to us and/or to you on our behalf
  • to anyone in connection with a reorganisation or merger of the credit union’s business
  • other parties for marketing purposes (if you agree to this)

 

Where we send your information

While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

The credit union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer than information to tax authorities in countries where you or a connected person may be tax resident.

 

Retaining your information

The credit union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period of time after you have left the credit union.

For a copy of our Policy for Data Retention please contact the Members Services Team Tel: 01772 618833

 

Credit rating agencies

In order to process any credit applications, you may make, we will supply your personal information to credit reference agencies (CRAs) and we may seek information through Open Banking to give us information about you, such as details about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We may exchange information about you with CRAs, including details about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail on:

  • Our website at www.bluesandtwos.org.uk
  • TransUnion (Formerly CallCredit):
    https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
  • Equifax at www.equifax.co.uk/crain
  • Open Banking – You give consent via the Truelayer online portal for your data to be shared with the credit union for the purpose of any loan application. The credit union may retain the information required with the loan documents.
  • Nivo text messaging and document upload – You give consent via the NIVO online registration for your data to be controlled and shared with the credit union. The credit union may retain the information for the purpose of membership or a loan.
  • Engage Card – You give consent via the application form for your data to be shared with and controlled by Engage. The credit union may retain the information for the purpose of your membership.

 

Your rights under data protection regulations are:
(a) The right to access
(b) The right of rectification
(c) The right to erasure
(d) The right to restrict processing
(e) The right to data portability
(f) The right to object to data processing
(g) Rights related to automating decision-making and profiling
(h) Right to withdraw consent
(i) The right to complain to the Information Commissioner’s Office

 

Your rights explained

Right to Access

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you, on request, a copy of your personal data.

The right to rectification

You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay.

Those circumstances include:

  • the personal data is no longer needed for the purpose it was originally processed
  • you withdraw consent you previously provided to process the information
  • you object to the processing under certain rules of data protection law
  • the processing is for marketing purposes
  • the personal data was unlawfully processed

However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims.

The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:

  • you contest the accuracy of the personal data;
  • processing is unlawful but you oppose erasure;
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and
  • you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.

We will only otherwise process it:

  • with your consent;
  • for the establishment, exercise or defence of legal claims; or
  • for the protection of the rights of another natural or legal person;

The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to data portability

To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of our contract with you
You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

Rights related to automatic processing

This credit union may from time to time use an automated decision making process for processing members’ loan applications to make sure that our decisions are quick, fair, efficient, and correct based on what we know.

The automated lending decision system looks at your credit score alongside information such as:

  • the amount applied for
  • your income and expenditure
  • your history of repaying debts
  • the number and value of County Court Judgements (CCJs) you have
  • the number of accounts you have that are in default
  • public information such as the insolvency service
  • whether or not you are bankrupt
  • your age

and makes a decision based on either

  • Set policies e.g. the credit union does not lend to those less than 18 years of age, or the credit union does not lend to people with over a certain value of county court judgements.
  • The predicted likelihood of the repayment of the loan based on the statistical analysis of whether individuals who had a similar credit profile repaid their debts in the past.

Members have the right to have the decision reviewed by a member of staff, express their point of view, and obtain an explanation of the decision and challenge it. A copy of our Policy for Lending can be obtained by contacting the Member Services Team.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

Cookies

To provide you with a good online journey, we will store a number of cookies on your machine, to help us associate important information with you.

For more information on cookies, please view our cookie policy.

 

External links

You may encounter links to external websites when using our website, this policy does not cover these websites and we encourage you to view each website’s privacy policy before submitting any information.

The right to complain to the Information Commissioner’s Office

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:
1. Going to their website at: https://ico.org.uk
2. Phone on 0303 123 1113
3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contact us about your rights

If you want more information on how we use and hold your data , or if you think we may be holding incorrect information, please get in touch on the details below and we will happily review the information we store. We will keep all the records we have on you unless you tell us otherwise.

If you would like to request a copy of all the personal details we are holding on you then please get in touch on the details below. If you no longer wish us to hold your personal data, please contact us on the details below. Please note that we may not be able to provide you with our services without access to your data.

 

Changes to this Privacy Notice

We can update this Privacy Notice at any time and ideally you should check it regularly at www.bluesandtwos.org.uk. We won’t alert you for every small change, but if there are any important changes to the Notice and or how we use your information we will let you know and where appropriate ask for your consent.

4.11 Accessing your information

You have the right to request a copy of the personal information which we hold about you. We can receive a Subject Access Request (SAR) in writing by letter, email or other electronic means confirming the data you require. We will seek to ensure you are satisfactorily identified as the person making the request. There is no charge* for a SAR and a time limit of 30 days will be adhered to by the credit union (30 days from receipt of the initial request)

*There may be a charge if the request is multiple or excessive or manifestly unfounded.

To request a copy of some or all of your personal information which we hold please write to us at Blues and Twos Credit Union, Lancashire Police Headquarters, PO Box 77, Hutton, Preston, Lancashire, PR4 5SB.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any information which you think is inaccurate. Please inform us of circumstances which change the personal information which we hold.

4.12 Confidentiality

We will treat all your information as confidential and will not give your information to anyone except where:

  • We are permitted to do so by law;
  • We are permitted under this Privacy Policy;
  • We have a public duty to disclose the information;
  • We need to do so to comply with the requirements, codes or recommendations of any of our regulators;
  • We have your consent (which is not necessarily required to be in writing);
  • It is needed by our agents, advisers or others involved in running accounts and services for you or collecting what you owe to us.
  • It is needed by subcontractors to help us manage your records;
  • It is required by us or others to investigate or prevent crime;
  • It is necessary for the performance of any product or service that we provide to you; or
  • We have transferred any of our rights or obligations to another party.

4.13 Fraud prevention agencies

If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

  • Checking details on applications for credit and credit related or other facilities;
  • Managing credit and credit related accounts or facilities;
  • Recovering debt;
  • Checking details on proposals and claims for all types of insurance; or
  • Checking details of job applicants and employees.

We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

4.14 Credit reference agencies

In order to process any credit applications, you may make, we will supply your personal information to one or more credit reference agencies (CRAs) and they will give us information about you, such as details about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We may exchange information about you with CRAs, including details about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail on:

4.15 Sharing information about you with tax authorities

If we take the view that you may be required to report your income or are otherwise subject to tax in another country, then we may share information about your accounts with the relevant foreign tax authority or with the UK tax authority (which may then share that information with the appropriate foreign tax authority). If, to facilitate this, we need to request information or documents from you then you must supply these to us within 30 days of such request. If you don’t do this, you agree that we may either close your account or, if the law or other regulations requires us to do so, withhold such funds from your account as required and pass those withheld funds to the relevant tax authorities.

4.16 Marketing

We may, where it is in accordance with our record of your marketing preferences, contact you by post, phone, e-mail, SMS text, internet banking, mobile banking or other reasonable means to inform you about products and services supplied by ourselves or selected third parties that we consider may be of interest to you. We will not pass your information to anyone outside of the credit union for their own marketing purposes without your consent. You can inform us at any time if you do not want to receive marketing information enquiries@bluesandtwos.org,uk or 01772618833

4.17 Email addresses

We respect the privacy of personal email accounts and we store your email addresses just as securely as other personal information. Your details will not be passed to any organisation outside of the credit union for marketing purposes without your consent.

We may use email in response to enquiries you make about our services or service issues. If you instruct us to send your Annual Statement by email you should be aware that this document will not be encrypted and contains your personal data. You should only provide an email address that is private to you.

We will NEVER contact customers via email asking to supply any confidential information, telephone or internet banking login details.

4.18 Provision of services and transfer of information

From time to time we will engage service providers, agents and subcontractors to provide services. They will have access to, and will process, your information on our behalf to provide such services.

From time to time we may transfer to and store your information in a country outside of the European Economic Area (EEA). Your personal data may be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data to us you agree to this transfer, storing and/or processing. In such circumstances, we will ensure that your information is processed in accordance with the relevant UK data protection legislation and in accordance with the Privacy Policy.

4.19 How we protect your data

When you register details and are logged into the secure Members Area of our website we use a secure server. Any data you give us when you are logged into the site is encrypted using a ‘Secure Socket Layer’ (SSL) session. SSL is an industry standard and is one of the best ways to ensure internet messages are not intercepted. You should be aware, however, that some older browsers cannot use SSL. If your browser does not support 128-bit encryption (or higher) you will not be able to log into our website.

Apart from things we do to protect you there are things that you can also do to protect yourself whilst using the internet. There is a lot of information on the internet to help you keep up-to-date with protection from online fraud and how to spot and avoid scams.

Our general email enquiry forms sent from enquires@bluesandtwos.org.uk are not sent via an encrypted channel and for this reason we ask that you do not include confidential information when using them (such as bank account details).

Messages and Online forms sent and received via the Secure Members Area, when you are logged into your account, are encrypted and therefore secure.

While we use SSL encryption to protect online communication via the Members Secure Area, we will use all reasonable endeavours to protect user information off-line. However, any personal details or other information entered onto or submitted through the Site or by email to us is entered or transmitted at the user’s risk and we shall not be liable for any such information being intercepted or accessed by any third party without our knowledge.

4.20 Right to be forgotten

We are aware that you may wish to be removed from our systems following the closure of your credit union account. Detailed in our Policy for Data Retention, the credit union will remove data that is not specifically or lawfully required following your account closure.

4.21 In the event of a Data Breach

In the event of a Data Breach identified by us or brought to our attention, we will investigate the information / breach details provided. A Data Breach Notification form (See Appendix B) will be completed internally and the Data Breach record completed (held by CEO). If there is any uncertainty about the verity of the breach this link takes you through an online ICO guide: https://ico.org.uk/for-organisations/report-a-breach/pdb-assessment/

If the Blues and Twos Data Protection Officer decides the breach is of sufficient verity, as directed by the Information Commissioners Office (ICO) latest guidance, the ICO will be notified within the 72-hour deadline and given details of the Breach, action taken. Details will be recorded and held by us on a Data Breach record.

4.22 Use of cookies

We may work with third parties to research certain usage and activities on our Site on our behalf. No personal information about you is shared except to the extent it is required to be used by a third party or parties for providing such research, and in the course of conducting this research we, and/or these third parties may place a unique “cookie” on your browser. Cookies are small text files, sent to your browser that web servers can store on your computer’s hard drive when you visit a website. They understand and track your use of the Site and where it can improve the information and services provided. We use cookies solely to gather information on IP addresses, to analyse trends, administer the Site, track users’ movements on the Site and gather broad demographic information for aggregate use. IP addresses are not linked to other personally identifiable information and will not be used to deliver targeted marketing messages. For information about blocking the use of cookies, please refer to the instructions/help screen on your internet browser. Please note that you may not be able to use or access certain parts of the Site or online services if you block the use of cookies.

There are two main types:

Transient (or per-session) cookies
These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.

Persistent (or permanent) cookies
These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive doesn’t get overloaded. These cookies often store and re-enter your log-in information, so you don’t need to remember membership details.

Additionally, cookies can be first or third party cookies. First party cookies are owned & created by the website you’re viewing- in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third party cookies provided from this Site are still subject to the provisions set out below.

What we use cookies for?
Internet cookies help you do things online, like remembering logon details so you don’t have to re-enter them when revisiting a site.
What we use cookies to…

  • Gather customer journey information across our sites
  • Ensure your privacy in our secure sites
  • Temporarily store details input into our calculators, tools, illustrations and demonstrations
  • We use both our own (first party) and partner companies’ (third party) cookies to support these activities. We don’t use cookies to track people’s Internet usage after leaving our sites.

Services requiring enabled cookies
Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.

Changing your cookie settings
You are not obliged to accept cookies that we send to you and you can in fact modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the Help, Tools or Edit facility). Alternatively, an external resource is available, providing specific information about cookies and how to manage them to suit your preferences.

Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example any online accounts you may hold.

Changes
As a result of improvements we make to our services, amendments to laws or regulation or developments in the technology or processes we use, we may change the information we hold about you and/or the way in which or the purposes for which we process such information. Where we require your consent to such change we will notify you of the change. However, unless you inform us otherwise, we will deem your continued receipt of products and services to which the change relates to constitute your consent to the relevant change.

When we update this policy and make any changes, the revised Privacy Policy will be available on our website. Please check the site regularly. www.bluesandtwos.org.uk

 

Queries

If you would like any further information you can also contact The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or visit www.ico.org.uk.

 

Contact – Our Contact information:

In person at – Lancashire Police Headquarters, Saunders Lane, Hutton, Preston (Post code for Sat Nav: PR4 5TJ).

By email: enquiries@bluesandtwos.org.uk / By telephone: 01772618833

In writing to: Blues & Twos Credit Union, Lancashire Police Headquarters, PO Box 77, Hutton, Preston, Lancashire, PR4 5SB
Please contact us with any questions or comments about this Privacy Policy, your personally identifiable information, our use and disclosure practices, or your consent choices by email at enquiries@bluesandtwos.org.uk