Glasgow Credit Union is a “data controller” in respect of personal information we process in connection with our business (including the products and services that we provide). In this notice, references to “we”, “us” or “our” are references to Glasgow Credit Union. We are registered as a data controller with the Information Commissioner’s Office (ICO), the supervisory authority for data protection within the United Kingdom. Our registration number is Z6604434.
This privacy notice (the “Privacy Notice”) will apply to all personal information processing activities carried out by Glasgow Credit Union.
If you have any data protection issues or queries, please direct these to:
Data Protection Officer, Glasgow Credit Union, 95 Morrison Street, Glasgow, G5 8BE. Telephone 0141 274 5405 or email: [email protected]
We respect individuals’ rights to privacy and to the protection of personal information. The purpose of this Privacy Notice is to explain how we collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). We may update this Privacy Notice from time to time. When we do, we will publish the updated Privacy Notice on our website. If we make any significant changes, we will bring this to your attention via a bold notification on our website and/or by sending a copy to you to either an e-mail or home address registered with us.
We collect and process various categories of personal information at the start of, during our and, even after, your relationship with us. We will limit the collection and processing of information to only what is necessary to achieve one or more purposes as identified in this notice. Personal information may include:
We may also process some special category personal data for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to customers.
We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided). This may include:
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime or to comply with laws relating to money laundering, fraud, terrorist financing, bribery, corruption and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud, threats and sharing data between banks or with law enforcement and regulatory bodies.
Your information is made up of all the financial and personal information we collect and hold about you and your transactions. It includes:
We want to make sure you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in the table below.
If you wish to exercise any of these rights, if you have any queries about how we use your personal information that are not answered here, or if you wish to complain please refer to the contact details set out in Section 1 above.
Rights | Description |
Access – You have a right to get access to the personal information we hold about you. | If you would like a copy of the personal information we hold about you, please refer to the contact details set out in Section 1 above. |
Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information. | If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we rectify the inaccurate personal information. |
Erasure – you have a right to request that we delete your personal information, in certain circumstances | You may request that we delete your personal information if you believe that: we no longer need to process your information for the purposes for which it was provided; we have requested your permission to process your personal information and you wish to withdraw your consent; we are not using your information in a lawful manner or; where we are required to erase your personal information to comply with local law. Note: We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. |
Restriction – You have a right to request us to restrict the processing of your personal information, in certain situations | You may request us to restrict processing your personal information if you believe that: any of the information that we hold about you is inaccurate; we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner; You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. |
Portability – You have a right to data portability, in certain circumstances | Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you. If you would like to request the personal information you provided to us in a portable format, please refer to the contact details set out in Section 1 above. Note that this right only applies to your personal information which you initially provided to us, which is processed based on your consent or based on the performance of a contract between us and which is processed by us using automated means. |
Objection – You have a right to object to the processing of your personal information. | You have a right to object to us processing your personal information (and to request us to restrict processing) for the purposes described in Section C of Schedule A – Purposes of Processing (below) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal information altogether, or, where requested, delete your information. |
Marketing – You have a right to object to direct marketing. | You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. For more information see Section 8. |
Withdraw consent – You have a right to withdraw your consent. | Where we rely on your consent to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your consent to undertake specific processing activities. |
Lodge complaints – You have a right to lodge a complaint with the Supervisory Authority in the UK, The Information Commissioner’s Office (ICO) | If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the ICO if you’re unhappy or dissatisfied. Visit ico.org.uk |
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data, we may not be able to perform, or even enter, the contract (for example, to provide you with financing or other services). In this case, we may have to cancel such financing or services you have with us, but we will notify you if this is the case at the time.
We will not share your information with anyone outside Glasgow Credit Union except:
If you ask us to, we will share information with any third party that provides you with account information or payment services.
If you ask a third-party provider to provide you with account information or payment services, you are allowing that third party to access information relating to your account. We will not be responsible for any third party use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
Glasgow Credit Union will not share your information with third parties for their own marketing purposes without your permission.
We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way as we do, or, in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
Where you have provided consent for us to do so, we will process your personal information in order to send you information about products and services which may be of interest to you by phone, email, text and other forms of electronic communication.
We may also send you information as above where we have a legitimate interest in doing so and where you have not objected to us doing so. In this situation, any information will be in respect of your similar products and services only.
If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us on 0141 274 5423 or by email to [email protected]
We will contact you with information relevant to the operation and maintenance of your account (including updated information about how we process your personal information), by a variety of means including via our website, mobile app, email, text message, post and/or telephone. If at any point in the future you change your contact details, you should tell us promptly about those changes, in order that we can ensure your account details remain accurate.
We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for the purposes outlined in Schedule A – Purposes of Processing.
We may access and use information from credit reference and fraud prevention agencies when you open your account and periodically to:
Application decisions may be taken based solely on automated checks of information from credit reference and fraud prevention agencies and internal credit union records. To help us make decisions whether or not to give you credit, we use a system called credit scoring to assess your application. To work out your credit score, we look at the information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available net income, existing debts, and if you have shared your bank account transactions via Open Banking. You have rights in relation to automated decision-making, including a right to appeal if your application is refused.
We will continue to share information with credit reference agencies about how you manage your account including your account balance, payments into your account, the regularity of payments being made, credit limits and any arrears or default in making payments, while you have a relationship with us. This information will be made available to other organisations (including fraud prevention agencies and other financial institutions) so that they can take decisions about you, your associates and members of your household.
If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
When credit reference and fraud prevention agencies process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them.
If you would like a copy of your information held by the credit reference and fraud prevention agencies we use, or if you want further details of how your information will be used by credit reference agencies, please visit their websites or contact them using the details below.
The three main credit reference agencies TransUnion, Equifax, Experian, and Crediva. Each use and share personal information they receive about you that is part of, derived from or used in credit activity and this is explained in more detail in the Credit Reference Agency Information Notice available at any of the following:
Credit reference agency | Contact details |
TransUnion Limited (transunion.co.uk/crain) | Post: TransUnion Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP. Website: www.transunion.co.uk/crain Email: [email protected] Phone: 0330 024 7574 |
Equifax Limited | Post: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS Website: www.equifax.co.uk/crain Phone: 0333 321 04043 or 0800 014 2955 |
Experian Limited | Post: Experian, PO Box 9000, Nottingham, NG80 7WF Website: www.experian.co.uk/crain Email: [email protected] Phone: 0344 481 0800 or 0800 013 8888 |
Crediva | Post: Crediva Limited, LexisNexis Risk Solutions, Global Reach, Dunleavy Drive, Cardiff, CF11 0SN Website: Crediva Limited Email: [email protected] Phone: 0808 129 3210 |
Cifas is the UK’s leading fraud prevention service. Their members are organisations from all sectors, sharing their data across those sectors to reduce instances of fraud and financial crime.
Before providing you with a service we may check details against the Cifas database. For further information on Cifas and how we process your information please see:
Cifas | Post: Consumer Affairs, Cifas, 6th Floor, Lynton House 7-12 Tavistock Square, London, WC1H 9LT Website: https://www.cifas.org.uk/fpn Phone: 0330 100 0180 |
By providing you with products or services, we create records that contain your information, such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media and formats (physical/paper or electronic). We manage records to help us serve our customers (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service. We normally keep customer account records for up to six years after your relationship with the credit union ends, whilst other records are retained for shorter periods, for example, 30 days for CCTV records or 6 months for call recordings. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that the credit union will be able to produce records as evidence if they’re needed.
If you would like more information about how long we keep your information, please refer to the contact details set out in Section 1 above.
We are committed to ensuring that your information is secure whilst held and processed by us and with any third parties who act on our behalf. Where we do engage a third party to act on our behalf, we ensure they undertake processing activities using the same standards as ourselves and with suitable data processing or sharing agreements in place.
We seek to directly resolve any complaints about how we handle personal information and would request you contact us in the first instance. If you are not happy thereafter, you also have the right to complain to the Information Commissioner’s Office (ICO) in relation to our use of your information. The Information Commissioner’s contact details are noted below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Or see: https://ico.org.uk/make-a-complaint/
We keep this privacy notice under regular review and if there are any significant updates, we will draw attention to these via a banner page on our website.
We will only use and share your information where it is necessary for us to carry out our lawful business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:
We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
B – Legal obligation
When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
C – Legitimate interests of the credit union
1. We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our members, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
2. It is in our interest as a business to ensure that we provide you with the most appropriate products and services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:
We may perform data analysis, data matching and profiling to support decision-making with regards to the activities mentioned above. It may also involve sharing information with third parties who provide a service to us.
3. It is in our interest as a business to manage our risk and to determine what products and services we can offer and the terms of those products and services. It is also in our interest to protect our business by preventing financial crime. This may include processing your information to:
Application decisions may be taken based on solely automated checks of information from credit reference agencies and internal credit union records. For more information on how we access and use information from credit reference and fraud prevention agencies see Section 11 – Credit reference and fraud prevention agencies in this document.
D – Explicit Consent
1. We may process your information where you have given us consent to do so. Where you have provided consent, we will process your personal information in order to send you:
2. We may process special categories of information where you give us explicit consent to do so. We will only ask for your explicit consent to process special categories of data where is it necessary to do as follows:
The law determines there is a substantial public interest, but we will always consider and take appropriate measures to safeguard your rights and privacy before doing this.