How Glasgow Credit Union uses your personal information

Top 6 Data Privacy Principles we comply with at Glasgow Credit Union

  • We use your personal data as agreed in the membership, product terms and conditions and the details contained in this privacy notice
  • We protect your personal data from data loss and cyber risk
  • We do not share your data outside of the EEA
  • We make sure that you can contact us to manage, amend and modify your personal data held by us, and will gain your consent for any data processing activity that is not included in our agreement with you
  • We strive to comply with all relevant regulations and legislation and monitor compliance with these requirements on an ongoing basis
  • We hold your personal data in line with the relevant regulatory requirements where possible.

This Data Privacy Notice outlines your rights, and how we use your personal data in carrying out our main aim: to help our members and ensure they have access to friendly, professional financial services and products that meet their needs.

Looking after your information

The Data Protection Act requires Glasgow Credit Union to manage personal information in accordance with the Data Protection Principles. In particular, we are required to process your personal information fairly and lawfully. This means that you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide the product or service that you require. All our employees are personally responsible for maintaining member confidentiality. We provide training and education to all employees to remind them about their obligations. In addition, our policies and procedures are regularly audited and reviewed.

Who we are

Your information will be held by Glasgow Credit Union located at 95 Morrison St, Glasgow, G5 8BE.  Glasgow Credit Union is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our FRN is 213558.

Where we obtain your information

We obtain your information from your personal applications through our secure client channels.

Where we store your information

Your personal information will be held securely in Glasgow Credit Union systems so that we can manage your relationship with us. This will include information you provide when you apply to us and any additional information provided by you or others in various ways, including:

  • in applications, emails and letters, during telephone calls and conversations in the credit union offices, when registering for services, in member surveys, when you participate in competitions and promotions and through Glasgow Credit Union’s
  • from analysis (for example, the amount, frequency, location, origin, and recipient) of your payments either to or from you and other transactions, including the creation of profiles used to uniquely identify you when you use our online, mobile and telephony services which are used to help us combat fraud and other illegal activity; and
  • information Glasgow Credit Union receives from or through other organisations (for example credit reference agencies, social networks, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise, and from information we gather from your use of and interaction with our internet and mobile banking services and the devices you use to access

We will not retain your personal information for longer than is necessary except for the maintenance of your account, or for legal or regulatory requirements.

Your personal data rights

We have internal processes that deal with the requests we receive from members that support your personal data rights, including the following:

Your RightsOur Response
Right to be InformedWe have provided a full outline of how we process your data in this privacy notice and ongoing member communications.
Right to ErasureWe have a process in place that will make sure that your personal data is removed from our systems subject to the legal record retention requirements.
Right to RectificationWe make sure that your data is kept up to date and allow you to contact us to make changes, or to manage your data.
Right to Restrict ProcessingWhere you think we are processing your personal data, in certain circumstances, you can contact us to request a restriction.
Data breachesIn the event of a data breach, we are required to inform affected customers, regulators and the ICO and follow the relevant processes in this regard.
WhistleblowingIf you are aware of any activities that contravene any of these requirements, you can contact the ICO directly.

For more information or to exercise your data protection rights, please contact us using the contact details contained herein, on the website or on the member portal.

You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data. Glasgow Credit Union is registered with the Information Commissioner’s Office under registration reference Z6604434.

Lawful basis for processing your personal data

Article 6(1)(b) states a lawful basis for processing is where: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.

Glasgow Credit Union have a lawful basis for processing your personal data as we have an agreement or contract with you of which we need to process your personal data to comply with the obligations under the contract.

In addition, by joining the Glasgow Credit Union, you become part of a local, mutual organisation that puts members and the Glasgow community first.  Based on our mission to help our members and ensure they have access to friendly, professional financial services that meet their needs, we will process your information in line with the Credit Unions goals of delivering on this objective for our member database.

Where we process your data outside of the member and/or product terms and conditions, we will obtain your specific consent to do so.

Central member database

Glasgow Credit Union maintain a centralised register of member information. Individual account statements and communications will always be sent to the address of the first named account holder associated to the account in question.

We only hold one email address and one of each type of phone number per member and these apply to any accounts held with Glasgow Credit Union. Any changes to these details, applied as part of account or policy opening processes, will update details we already hold for you.

If you hold a product with Glasgow Credit Union and you notify us of changes to your personal details, we will update all your Glasgow Credit Union records.

How we process your information within Glasgow Credit Union

We may share the personal information we hold about you within Glasgow Credit Union for the following member processing and related data administrative activities:

  1. providing you with products and services and notifying you about either important changes or developments to the features and operation of those products and services;
  2. responding to your enquiries and complaints;
  3. administering membership offers, competitions, and promotions;
  4. facilitating the secure access to online platforms; and for the following data sharing activities:
    • updating, consolidating, and improving the accuracy of our records;
    • undertaking transactional analysis;
    • arrears and debt recovery activities;
  5. crime detection, prevention, and prosecution in line with regulations and enforcement agencies;
  6. evaluating the effectiveness of marketing, and for market research and training;
  7. member modelling, statistical and trend analysis, with the aim of developing and improving products and services;
  8. assessing lending and insurance risks across Glasgow Credit Union

By sharing this information, it enables us to better understand your needs and run your accounts in the efficient way that you expect.

Your data may also be used for other purposes for which you give your specific consent when required by law or where permitted under the terms of the Data Protection Act 2018.

When we may share your information externally

We will treat your personal information as private and confidential but may share it securely outside the Glasgow Credit Union if there is a legitimate requirement to do so, including:

  1. allowed by our agreement with our members;
  2. you provide explicit consent to do so;
  3. needed by our suppliers to help us manage your records;
  4. HM Revenue & Customs or other authorities require it;
  5. the law, regulatory bodies (including for research purposes), or the public interest permits or requires it;
  6. required by us or others to investigate or prevent crime;
  7. any other parties connected with your account (including guarantors) need it;
  8. required as part of our duty to protect your accounts, for example, we are required to disclose your information to the UK Financial Services Compensation Scheme (FSCS).

How we share your information with other organisations

Glasgow Credit Union may disclose your personal information to other people or organisations if any of the following applies:

  •  we have your consent; or
  • for the purposes of them providing products, services or research in association with or on behalf of Glasgow Credit Union; or
  • for the purpose of them providing administrative, processing, analytical or other similar services to Glasgow Credit Union to assist Glasgow Credit Union in the provision of products and services to our members; or
  • for the purpose of verifying the information you have given us, for example, verifying your income when assessing you for credit; or
  • for the purposes of improving our products, services and marketing communications, with specialist market research organisations who may contact you on our behalf and invite you to take part in market research, but who will not be allowed to use your information for anything else; or
  • where we may transfer rights and obligations under any contract with you; or
  • where we are required or permitted to do so by law or regulation.

Glasgow Credit Union does not share or give any information to external companies for their own marketing purposes.

Using your information to prevent terrorism and crime

The Government also requires us to screen applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities, such as the Proceeds of Crime Act 2002.  Because of this, we may need to disclose information to government bodies.

Sharing your personal information between 1st and 2nd charge lenders

If you have a secured loan or mortgage with us, we may need to share information with other lenders who also hold a charge on your property.

Joint applicants

If you give personal information about someone else (such as a joint applicant) then you should not do so without their permission. Where information is provided by you about someone else, or someone discloses information about you, it may be added to any personal information that is already held by us and it will be used in the ways described in this privacy notice.

Sometimes, when you open a joint account or product, this may mean that your personal data will be shared with the other applicant. For example, transactions made by you will be seen by your joint account holder and vice versa.

How we manage sensitive personal information

The Data Protection Act defines certain information as ‘sensitive’ (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal proceedings and offences). We will only use this information to provide the service you require, and we will ask for your explicit consent. As a member, there may be times when you give us sensitive information.

Using companies to process your information outside the EEA

Glasgow Credit Union will not use any companies outside the European Economic Area (EEA) to process your information.

Using credit scoring

When you apply for credit, an automated system known as credit scoring may be used when considering whether to agree to the borrowing. It is a method of assessing your likely conduct of an account based on a range of data, including the conduct of previous similar accounts. It is a system widely used by credit providers to help make fair and informed decisions on lending.

Credit scoring takes account of information from three sources – the information you provide on your application, information provided by credit reference agencies and information that may already be held about you by Glasgow Credit Union. A credit scoring system will consider information from these sources, to make an overall assessment of your application.

The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased. Using a credit scoring system helps us to lend responsibly.

If you submit an application and it is declined through this automated process, you can contact us within 21 days to have the decision reconsidered. You also have the right to ask that the decision is not made based solely using a credit scoring system.

How Credit Reference Agencies (CRAs) use your data

Credit Reference Agencies (CRAs) collect and maintain information about consumers’ and businesses’ credit behaviour. This includes Electoral Register, fraud prevention, and credit information – including details of previous applications and the conduct of your accounts – and public information such as County Court Judgements, decrees, and bankruptcies.

The information that Glasgow Credit Union and other organisations provide to credit reference agencies about you, or your financial associates, may be provided to other organisations and used by them and us to:

  1. help make decisions, for example, when:
    • checking details on applications for credit and credit-related or other facilities;
    • managing credit and credit-related accounts or facilities;
    • recovering debt;
    • checking details of job applicants and employees;
  2. detect and prevent crime, fraud and money laundering;
  3. check your credit history;
  4. verify your identity if you, or someone financially linked to you, apply for services;
  5. trace your whereabouts; and
  6. undertake research, statistical analysis and systems

If Glasgow Credit Union needs to make a credit decision when you apply for a credit-based product or service (e.g. mortgage, personal loan), your records will be searched, along with those of anyone who is financially associated with you such as your spouse or partner. The CRA will keep a record of this search and place a “footprint” on your credit file, whether or not the application proceeds.

Debt Recovery process

We may give details of your account and how you conduct it to credit reference agencies, including if you borrow and do not repay in full and on time. If you fall behind with your payments and a full payment or satisfactory proposals are not received within 28 days of a formal demand being issued, then a default notice may be recorded with the CRAs.

Any records shared with CRAs will remain on file for 6 years after your account is closed, whether or not it has been settled by you or as a result of a default. Other organisations may see these searches and updates if you apply for credit in the future, and these may affect your ability to borrow from other lenders.

In addition, we may authorise a third party such as a debt collection agent or a solicitor to act on our behalf in the recovery of the debt. If we decide to take this action, we will inform you before we disclose your details to them.

If we are unable to locate you to discuss the situation, we may pass your details to a tracing agency.

Joint Accounts and credit reference agencies

If you apply for or hold an account in joint names, or tell us that you have a spouse/ partner or financial associate, a financial association will be created between your records, including any previous and subsequent names used by you. This means that your financial affairs may be treated as affecting each other. These links will remain on your and their files until such time as you or your partner is successful in applying for a disassociation with the CRAs to break that link. You must be sure that you have their agreement to disclose information about them. Searches may be made on all joint applicants, and search footprints will be left on all applicant records.

You have a right to apply to the credit reference agencies for a copy of your file.

Details of how we use credit reference agencies

We carry out most of our credit searches using Experian, but details of how you have run your account(s) may be disclosed to all the credit reference agencies.

The identities of the CRAs, the data they hold, the ways in which they use and share personal information, and your data protection rights with the CRAs are explained in more detail at:

Using fraud prevention agencies

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity as required by Law. These checks require us to process personal data about you.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights.

We have systems that protect our members and ourselves against fraud and other crime. Member information can be used to prevent crime and trace those responsible. We will share your personal information from your application with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

  • Checking details on applications for credit and credit related or other
  • Managing credit and credit related accounts or
  • Recovering
  • Checking details of job applicants and

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

If you wish to receive details of the relevant fraud prevention agencies, please contact Member Services by calling 0141 274  9933 or by email team@glasgowcu.com

How we check your identity

We may ask you to provide physical forms of identity verification when you open your account or we provide services to you. Alternatively, we may search Credit Reference Agency files in assessing your application and/or in the provision of services to you. The agency also gives us other details and information from the Electoral Register to verify your identity. The agency keeps a record of our search, whether your application proceeds. Our search is not seen or used by lenders to assess your ability to obtain credit.

Undertaking anti-money laundering checks

To comply with money laundering regulations, there are times when we need to confirm (or reconfirm) the name and address of our members.

Obtaining information about you, and other personal details

When you apply for a mortgage or further borrowing it may be necessary to obtain references, details of your existing financial commitments, and any other information that is required to assess or review lending risks, to recover debts, and to prevent or detect fraud. Where applicable, your current and previous employers, accountant, landlord, lender, bank, insurance or pension company may be contacted to obtain this information. In limited circumstances, these references may need to be obtained after you open your account. This may be for regulatory purposes, or if the lending decision needs to be reviewed. Your permission to obtain these references will, therefore, continue to apply after your account has been opened. It may also be necessary to obtain information or documentation from your solicitor relating to any work they carry out either on your or our behalf.

Using your details for service contact

Making sure we deliver excellent customer service is very important to us and to do this, various methods of communication may be used when sending you information about your account. Most of the time you will be contacted by letter or telephone, but you may also be sent updates by text message or email when it is believed to be appropriate. You can ask us to stop sending these messages at any time.

In addition, you may wish to choose a channel of communication that suits you when you need to contact us. If you need to email a Glasgow Credit Union, we recommend you log into your account online and use the secure email facility under the members’ section of the website. If you send us emails in other ways, such as from your personal account, then remember that the message may not be secure and there is a risk that it could be intercepted. If you choose to send an unsecured email, please keep the amount of confidential information you include to a minimum.

Recording phone calls

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help detect or prevent fraud or other crimes.
Conversations may also be monitored for staff training purposes. We also operate CCTV in our offices.

Using information on social networking sites

As part of our ongoing commitment to understanding our members better, we may research comments and opinions made public on social networking sites such as Twitter and Facebook.

Using cookies

In general, you can visit Glasgow Credit Union website without identifying who you are or revealing any information about yourself. However, cookies are used to store small amounts of information on your computer, which allows certain information from your web browser to be collected. Cookies are widely used on the internet and do not identify the individual using the computer, just the computer being used. Cookies and other similar technology make it easier for you to log on to and use our websites during future visits.

What are cookies?

Cookies are text files that web servers can store on your computer’s hard drive when you visit a website. There are two main types:

  • Transient (or per-session) cookies
    These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.
  • Persistent (or permanent) cookies
    These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive doesn’t get overloaded. These cookies often store and re-enter your log-in information, so you don’t need to remember membership details.
    Additionally, cookies can be first or third party cookies. First party cookies are owned & created by the website you’re viewing- in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third-party cookies provided from this Site are still subject to the provisions set out below.

What we use cookies for

Internet cookies help you do things online, like remembering log-in details so you don’t have to re-enter them when revisiting a site.

We use cookies to:

  • Gather customer journey information across our sites
  • Ensure your privacy in our secure sites
  • Temporarily store details input into our calculators, tools, illustrations and demonstrations

We use both our own (first party) and partner companies’ (third party) cookies to support these activities.

Services requiring enabled cookies

Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.

Changing your cookie settings

You are not obliged to accept cookies that we send to you and you can, in fact, modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the Help, Tools or Edit facility). Alternatively, an external resource is available, providing specific information about cookies and how to manage them to suit your preferences.

Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example, any online accounts you may hold.

Viewing notifications

Organisations must lodge a notification with their Regulator describing the purposes for which they process personal information. The details are publicly available from the Regulator’s office and you can view ours at https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

Changes to Privacy Notice

We keep our privacy notice under regular review and we will reflect any updates within this notice. This privacy notice was last updated on 23rd April 2018.

Further information

For further information please contact the credit union on 0141 274 9933 or email team@glasgowcu.com.

Glossary

TermDefinition
Data protection actThe Data Protection Act 2018 is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system.
GDPRThe General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union
Glasgow Credit UnionGlasgow Credit Union
CRACredit Rating Agencies