Cardiff & Vale Credit Union Privacy Notice
We are committed to protecting our members’ privacy and respecting their Data Protection rights. This Privacy Notice explains how we collect, use, store, share and protect your Personal Information in a way which complies with UK Data Protection laws (including the General Data Protection Regulation (GDPR) and Data Protection Act 2018). For the purposes of this statement, reference to members includes existing members, junior savers and anyone who makes an application to Cardiff & Vale Credit Union.
1. About Us
Cardiff & Vale Credit Union is a mutual organisation that exists for the benefit of our members who save and borrow with us. We offer safe savings accounts and affordable loans to anyone living in Cardiff or the Vale of Glamorgan or working anywhere in Wales. With over 8,000 members and around 100 new joiners each month, we have instigated a local revolution for ethical savings and affordable loans to people from all walks of life. Cardiff & Vale Credit Union is registered as a Data Controller with the Information Commissioner’s Office (ICO), the UK regulator responsible for Data Protection.
2. How to Contact Us
If you want more information about our Privacy Notice or about the way that we handle your Personal Information, or would like to exercise any of your Data Subject rights (see below for more information), please contact us at (029) 29 872373 or email@example.com.
You can also contact the ICO via https://ico.org.uk/ or by phone on 0303 123 1113 for information, advice or to make a complaint.
3. Our Lawful Basis for Processing your Personal Information
We only process your Personal Information if we: have a lawful basis to do so; the processing is necessary, reasonable and proportionate; and in accordance with the way in which we describe in this Privacy Notice.
4. The Personal Information We Collect About You and What We Use it For
We may collect Personal Information from you in the following ways:
The Personal Information we may collect from you includes:
We use the Personal Information we collect from you for the following purposes:
To confirm your identity;
o To perform activity for the prevention of financial crime;
o To carry out internal and external auditing;
o To record basic information about you on our Register of Members;
o To comply with industry-related standards, codes of practice and our general legal requirements. This will include if you have an accident on our premises and we are required to report it in accordance with health and safety laws.
In performing our contract with you:
o To administer with your account(s), collect payments, recover outstanding amounts due to us and to inform our debt recovery processes. This may involve consulting your records held at credit reference agencies (see below for further information) in relation to new accounts, settled accounts and any debts not fully repaid on time.
o To consider any applications made by you;
o To carry out credit checks and to obtain and provide credit references;
o To send you statements, our current and updated terms and conditions, information about changes to the way your account(s) operate and notification of our Annual General Meeting.
o To undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business;
o For training or system testing purposes;
o To look at your relationship with you to contact you to invite you to participate in surveys.
o For new members, in relation to sending you marketing and market research messages such as our newsletter and annual member survey.
o For current members, we rely on the “soft-opt in” exception on the basis that:
If you change your mind at any time about being contacted by us in this wayyou can let us know by calling us on (029) 20872373, emailing us on firstname.lastname@example.org with the title Marketing or write to us at 4 Working Street, Cardiff, CF10 1GN to let us know.
5. Sharing your Personal Information
We will disclose information outside of the credit union only
Where appropriate with law enforcement agencies, including the police and local authorities, to help prevent, detect and prosecute crime, or where we consider it appropriate to do so to protect the Credit Union, our employees and our members to third parties when making referrals of support to you (with your consent) such as money or debt advisors.
6. Where We Store Your Personal Information and How We Keep it Safe
All member Personal Information is held in our Curtains database in the UK, which has controlled access and is subject to strong cyber security measures. All access to our system is strictly controlled. We also operate strict physical security at our offices and our employees receive security and Data Protection awareness training.
Where we transfer information to third parties to enable them to process it on our behalf, we have contractual provisions in place to ensure that they protect your Personal Information.
We do not directly transfer any Personal Information outside of the European Economic Area (EEA) but some of our partners may do so. These countries may noy have the same Data Protection laws as the UK and the EEA, and so your Personal Information may not be subject to the same protections. However, in such cases, we will make sure that any transfer of your Personal Information to countries outside of the EEA is subject to appropriate safeguards as if it were being processed inside of the EEA.
7. Retaining your Personal Information
The Credit Union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period of time after you have left the Credit Union.
To read our policy for retaining members data please see our Data Retention Policy or contact us at: (029) 29 872373 or email@example.com
8. Credit Reference Agencies
In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail on the following websites and also in the “Credit Reference Agency Information Notice (CRAIN) available at this link: https://www.experian.co.uk/legal/crain/:
9. Your Data Protection Rights
You have certain rights in relation to your Personal Information and can make different types of Data Subject Rights Requests in relation to the Personal Information we hold on you. Each of these rights may not apply in all circumstances, but we will ensure that we deal with any request we receive in a way which safeguards your rights and freedoms, and in compliance with Data Protection laws.
For more information about how your rights apply to your membership of the Credit Union or to make a Data Subject Rights Request you can contact us at firstname.lastname@example.org or on  20 872373. We will aim to respond to your request within one month or provide an explanation of the reason for our delay.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
Any individual whose Personal Information we hold can make a Data Subject Rights Request. A third party can make a request on behalf of an individual (eg. a relative or friend), but we need the consent of the relevant individual before we provide any Personal Information to the third party.
10. Changes to our Privacy Notice
We will keep our Privacy Notice updated as our processes and/or the Data Protection laws change Our most up to date version will always be on our website and and ideally you should check it regularly here www.cardiffcu.com for updates.
Savings deposits made with us up to £85,000 are protected by the Financial Services Compensation Scheme (FSCS).