We are committed to protecting our members’ privacy. The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.
How we use your personal information
Mosshill credit union may process, transfer and/or share personal information in the following ways:
For legal reasons
• confirm your identity
• perform activity for the prevention of financial crime
• carry out internal and external auditing
• record information about you on a members’ register
For performance of our contract with you
• deal with your account(s) or run any other services we provide to you;
• consider any applications made by you;
• carry out credit checks and to obtain and provide credit references
• undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business
• To send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account(s) operate and notifications of our general meetings.
For our legitimate interests
• recover any debts owed to us
With your consent
• maintain our relationship with you including marketing and market research (if you agree to them)
Sharing your personal information
We will disclose information outside the credit union:
• to third parties to help us confirm your identity to comply with money laundering legislation
• to credit reference agencies and debt recovery agents who may check the information against other databases – private and public – to which they have access to
• to any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations)
• to fraud prevention agencies to help prevent crime or where we suspect fraud;
• to any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s)
• to our suppliers in order for them to provide services to us and/or to you on our behalf
• to anyone in connection with a reorganisation or merger of the credit union’s business
• other parties for marketing purposes (if you agree to this)
Where we send your information
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.
The credit union does not directly send information to any country outside of the European Economic Area , however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.
For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer than information to tax authorities in countries where you or a connected person may be tax resident.
Retaining your information
The credit union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period of time after you have left the credit union.
To read our policy for retaining members data please see: www.mossillcu.co.uk or contact us at: mosshillcu1@aol.com
Credit rating agencies
In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail on:
• Our website at www.mosshillcu1@aol.com
• CallCredit at www.callcredit.co.uk/crain
• Equifax at www.equifax.co.uk/crain
• Experian at www.experian.co.uk/crain
Your Rights
Your rights under data protection regulations are:
(a) The right to access
(b) The right of rectification
(c) The right to erasure
(d) The right to restrict processing
(e) The right to data portability
(f) The right to object to data processing
(g) Rights related to automating decision-making and profiling
(h) Right to withdraw consent
(i) The right to complain to the Information Commissioner’s Office
Please see our website here: www.mosshillcu.co.uk for more information.
Your rights explained
Right to Access
You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. You can access your personal data by visiting www.mosshillcu.co.uk when logged into our website.
The right to rectification
You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
The right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay.
Those circumstances include:
• the personal data is no longer needed for the purpose it was originally processed
• you withdraw consent you previously provided to process the information
• you object to the processing under certain rules of data protection law
• the processing is for marketing purposes
• the personal data was unlawfully processed
However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims.
The right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:
• you contest the accuracy of the personal data;
• processing is unlawful but you oppose erasure;
• we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and
• you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.
We will only otherwise process it:
• with your consent;
• for the establishment, exercise or defence of legal claims; or
• for the protection of the rights of another natural or legal person;
The right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
The right to data portability
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of our contract with you
You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.
Rights related to automatic processing
This credit union uses an automated decision making process for processing members’ loan applications to make sure that our decisions are quick, fair, efficient, and correct based on what we know.
The automated lending decision system looks at your credit score alongside information such as:
• the amount applied for
• your income and expenditure
• your history of repaying debts
• the number and value of County Court Judgements (CCJs) you have
• the number of accounts you have that are in default
• public information such as the insolvency service
• whether or not you are bankrupt
• your age
and makes a decision based on either
• Set policies e.g. the credit union does not lend to those less than 18 years of age, or the credit union does not lend to people with over a certain value of county court judgements.
• The predicted likelihood of the repayment of the loan based on the statistical analysis of whether individuals who had a similar credit profile repaid their debts in the past.
Members have the right to have the decision reviewed by a member of staff, express their point of view, and obtain an explanation of the decision and challenge it.
Right to withdraw consent
To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
The right to complain to the Information Commissioner’s Office
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:
1. Going to their website at: https://ico.org.uk
2. Phone on 0303 123 1113
3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Contact us about your rights
For more information about how your rights apply to your membership of the credit union or to make a request under your rights you can contact us dataprotection@creditunion.com or [phone number here]. We will aim to respond to your request or query within one month or provide an explanation of the reason for our delay.
Contact details of credit union
Name; Mosshill Credit Union Ltd.
Address; 12 Pollock Street, Bellshill, ML4 31QD
Phone; 01698 841923
Email; mosshillcu1@aol.com
Changes to this privacy policy
We can update this Privacy Policy at any time and ideally you should check it regularly here www.mosshillcu.co.uk for updates. We won’t alert you for every small change, but if there are any important changes to the Policy or how we use your information we will let you know and where appropriate ask for your consent.
Retaining and Archiving Records
Mosshill Credit Union Ltd. are required to keep records in accordance with the Industrial and Provident Societies Act 1965, Financial Conduct Authority (FCA) and Prudential Regulatory Authority (PRA) Regulations, Data Protection Regulations and Anti Money Laundering Regulations as well as HMRC requirements.
Key Points
• There are varying requirements for keeping records
• Records can be in hard copy or electronic format
• We have a retention policy in place that outlines the requirements on how we store or destroy records
• The credit union must comply to the 8 principles of data protection
Putting it into Practice
Credit unions require a structured system of record retention in order to maintain their records from creation to final preservation or destruction.
There are several important reasons for retaining records, including facilitating credit union operations and satisfying legal requirements. The legal requirements for maintaining records are generally found in statutes and regulations, but these requirements do not cover all records created by credit unions.
In addition, the legal requirements merely provide the minimum period of time that records must be retained by the credit union. Credit unions must exercise good business judgment when making retention decisions.
N.B. This should always comply with the Data Protection Act which requires that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Some records may be considered as historical record. Provided that the retention of those complies with legislation it is recommended that the credit union seek to store such records with a historical archive or record office.
To maintain an effective record retention strategy the credit union should be:
• setting policies and standards;
• assigning responsibilities and authorities;
• establishing and disseminate procedures and guidelines;
• integrating records management into business systems and processes.
Reproduction of Records
Many credit union records can be preserved on scans, machine copies, microfilm, microfiche, magnetic tape, or any electronic format that accurately reflects the information on the record. As long as a credit union follows vital records precautions and can easily access stored information and produce paper copies, all of the documents in this guide can be retained electronically unless marked “ORIGINAL FORMAT.”
Main retention criteria
Register of Members
Industrial & Provident Society Act (IPSA)
Permanently
Rules and Amendments (as registered with the Financial Services Authority)
Industrial & Provident Society Act (IPSA)
Permanently
Receipts for any securities held, securities register and register of contracts of guarantee.
Industrial & Provident Society Act (IPSA) Permanently
Minutes of annual and special general meetings and the meetings of the Board of Directors
Industrial & Provident Society Act (IPSA)
Permanently
Members’ Share and Loan Register
Industrial & Provident Society Act (IPSA)
Permanently
Copies of Annual Returns
Regulator
Permanently
Register of bad debts written off
Regulator
Permanently
Complaints
Regulator (FCA - DISP 1.9.1)
Legal evidence Complaint resolution + 3 years
Retaining these for 6 years would cover the limitation for legal action.
Financial Promotions
Regulator (FCA - COBS 4.11 (3))
Legal evidence 3 Years after the end of promotion for promotions not involving pensions or life policies.
End of promotion + 6 years
Anti Money Laundering
Evidence of identity, member transactions, reports of suspicious transactions (internal and external), and training provision
Anti Money Laundering – Section 40, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
5 years after member leaves
Accounting Records - -
All record appertaining to the accounts of the credit union including:
• Receipts and invoices.
• Ledgers and cash books (whether manual or electronic)
• Payroll Information
• VAT books and copies of returns
• Corporation tax records
HMRC 6 Years after the date to which they refer
Loan Applications Recommended
Limitations Act 1980 (E & W)
Prescription & Limitation(Scotland) Act 1973
6 years after loan is repaid
5 years in Scotland
Financial implications of making a subordinated loan (to another credit union) Regulator (PRA - credit union rulebook 3.15)
5 years
Investment decisions Regulator (PRA - credit union rulebook 6.6)
5 years
Personnel - -
Senior Management Arrangements Systems and Controls
Regulators
6 years after the Senior Manager has been superseded
Employer’s Liability Certificate
HSW 40 years
Application forms/interview notes for unsuccessful candidates Guideline retention period in case of discrimination challenge
www.acas.org.uk 1 year
Disciplinary, working time and training, redundancy details Recommended
www.businesslink.gov.uk
6 years after employment ceases
Information pertinent to Regulatory References (see guide here under 'records')
Regulators (PRA - Fitness and Propriety 5.5)
6 years except in cases of serious misconduct (indefinite)
Employee details and records Recommended
Limitations Act 1980 (E & W)
Prescription & Limitation(Scotland) Act 1973
6 years after employment ceases
Trade union agreements Recommended
www.businesslink.gov.uk 10 years after agreement ceases
Volunteer records No clear guidelines but the credit union should follow data protection requirement that data should not be kept longer than for the purpose for which it was taken.
Health & Safety
Accident Reports
HSW Act Three years after date of last entry.
There are specific rules on recording incidents involving hazardous substances.
Health & Safety Consultations
HSW Act Permanently
Records that may be routinely destroyed - -
Notices and acknowledgements of meetings and events.
Messages on post it notes and paper, message slips, duplicate documents such as CC and FYI copies, unaltered drafts, working papers not required to retain together with final official document, reference materials no longer required, superceded address lists or contribution lists.