Privacy Policy

 

We are London Community Credit Union Limited and are the data controller responsible for your personal data.

Our registered address is 473 Bethnal Green Road, London E2 9QH.

If you are one of our current members we will hold personal data about you. We may also hold your details if you have been a member in the past or have applied for one of our products or services.

We are committed to keeping your data safe and to being clear about how we use and process your personal data.

This statement explains our reasons for processing your personal data. This includes information that you have shared with us directly or data we have collected throughout your membership of the credit union or your use of our website. We also tell you about your rights under the laws that are designed to protect your privacy.

We have appointed a data privacy manager Joy Everest who is responsible for overseeing questions in relation to this privacy statement. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact the Joy Everest using the details set out below:

Our full details are:

Full name of legal entity: London Community Credit Union Limited
Data Privacy Manager: Joy Everest
Email address: privacy@londoncu.co.uk
Postal address: London Community Credit Union, 473 Bethnal Green Road, London E2 9QH
Telephone number: 020 7729 9218

It is important that you read this privacy statement together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy statement supplements the other notices and is not intended to override them.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

The types of data we may collect

We collect many different types of data. This includes information that is necessary for us to provide our products and services, to comply with our legal and regulatory obligations or to serve our legitimate business interests.

Below we list the key types of data we collect, hold, use and transfer. Not all of this information is collected from every member and the examples given for each category are intended to help explain their meaning, rather than being an exhaustive list.

  • Data to help identify you – this includes your name, DOB, sex
  • Contact details – your address, phone numbers, email address
  • Socio-demographic – details of your employment, profession, nationality, education
  • Transactional – details about payments to and from your accounts
  • Financial – your financial position, status and history
  • Contractual – details of products and service we provide to you
  • Equalities and lifestyle data – this includes ethnic origin, religious belief, sexual orientation, disability data
  • Behavioural – data about how you use our products or services or interact with our website or our communication
  • Consents – this includes things like how you prefer to be contacted and whether you wish to receive email statements
  • Communication – data contained in letters, emails or details of phone calls or conversations
  • Documentary data – details stored in documents, including ID and address verification like copies of passports, driving licenses or birth certificates.

We will never collect sensitive personal data (such as health information) without your explicit consent.

There is also information about your computer hardware and software that is automatically collected by the website. This information can include: your IP address (the unique identifying number of a computer), the browser you use, for example Internet Explorer (IE), Firefox etc., domain names, access times and referring website addresses. This information is used by us for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the website.

Where we collect personal data from

The information we hold is collected through your direct interactions with us and includes personal data you provide through:

  • application forms you complete when applying for membership or new services
  • when you talk to us on the phone or in branch or correspond with us by email or letter
  • when you use our website or online banking
  • payment and transaction data
  • member surveys

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

We may also receive personal data about you from third parties. The types of personal data we may collect includes contact details, financial, data to help identify you and transactional data collected from:

  • Credit reference agencies
  • Fraud prevention agencies
  • Payroll service providers
  • Public information sources such as Companies House, the Office for National Statistics, the Electoral Registration Office
  • Government and law enforcement agencies

What we use your personal information for

Under the EU General Data Protection Regulation (which became law on 25th May 2018) we can only process your personal data if we have a lawful basis for doing so. The reasons we process your personal data are:

  • if you have given your consent to the processing of your data for one or more specific purposes
  • if it is necessary to fulfil our contract with you
  • if it is necessary to comply with a legal obligation
  • if we believe it is in our legitimate interest as long as that interest is not overridden by the privacy rights of the individual whose data is being used

By ‘legitimate interest’ we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. Our legitimate interests are balanced against your right to privacy and when we rely on legitimate interest to process your data we will tell you. You always have a right to object and you can do this by speaking to a member of staff or emailing privacy@londoncu.co.uk.

Below we outline how we use your personal data, our reasons for doing so and the type of data we are referring to. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

To manage your credit union membership
  • To manage our relationship with you
  • To provide advice and information regarding our products and services
Our lawful basis
  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest
Type of data
  • Data to help identify you
  • Contact details
  • Transactional
  • Financial
  • Contractual
  • Behavioural
  • Communication
  • Documentary data
To manage our banking operation
  • To deliver our products and services
  • To manage fees, charges and interest due on members accounts
  • To collect and recover money that is owed to us
Our lawful basis
  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest
Type of data
  • Data to help identify you
  • Socio-demographic
  • Transactional
  • Financial
  • Contractual
  • Consents
  • Behavioural
  • Documentary data
To manage security, risk and prevent crime
  • To detect, investigate, prevent  and report financial crime
  • To manage risk for our members
  • To obey relevant laws and regulations
  • To respond to complaints and seek resolution
Our lawful basis
  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest
Type of data
  • Data to help identify you
  • Transactional
  • Financial
  • Contractual
  • Behavioural
  • Communications
  • Documentary data
To manage our business
  • To run the business in an efficient and proper way, managing our financial position, business capability and corporate governance and audit
  • To develop and carry out marketing activity
  • To exercise our rights as set out in agreements or contracts
Our lawful basis
  • Necessary to comply with a legal obligation
  • Fulfilling contracts
  • Our legitimate interest
Type of data
  • Data to help identify you
  • Contact details
  • Transactional
  • Equalities and lifestyle data
  • Contractual
  • Consents
  • Behavioural
  • Communications
Marketing

We may use your personal data to tell you about relevant products and offers, this is what we mean by ‘marketing’.

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest.  That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time by sending an email to privacy@londoncu.co.uk

Whatever you choose, you will still receive other important information such as notification for the AGM or changes to your existing products or services.

We may ask you to confirm or update your choices, in the future. We will also ask you to do this if there are changes in the law, regulation or the structure of the business.

People who call our telephone customer service

When you call LCCU we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. The company that provides this service does not retain any information from the calls or record them.

People who email us

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. Once emails have been actioned they will either be attached to a members file of deleted from the system.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please do contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your personal information with

We will not share your information with anyone outside LCCU except

  • Where we have your permission;
  • Where required for your product or service;
  • Where we are required by law/and or by law enforcement agencies, government entities, tax authorities or regulatory bodies around the world; i.e;
  • Government agencies and regulatory authorities;
  • HM Revenue & Customs, regulators and other authorities;
  • UK Financial Service Compensation Scheme;
  • Fraud prevention agencies;
  • To third party service providers, agents and sub-contractors acting on our behalf, such as the companies which manufacture our plastic cards;
  • To debt collecting agencies;
  • To credit reference and fraud prevention agencies;
  • To other companies that provide you with benefits or services (such as insurance cover) associated with your product or service;
  • Where required for a sale, recognition, transfer or other transaction relating to our business;
  • In anonymised form as part of statistics or other aggregated data shared with third parties; or
  • Where permitted by law, it is necessary for our legitimate interests or those of a third party, and in accordance with our internal procedures.
  • In the event that any additional authorised users are added to your account, you and the additional account user authorises us to pass information about you to the other user.

We will not share or sell your information with any third party to conduct for their own marketing.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Banking and financial service providers
  • If you have a debit card we will share transactional details with companies such as MasterCard
  • If you use Direct Debit, we will share your data with the Direct Debit Scheme
  • If you apply for a current account or loan we will share your details with credit reference agencies
Marketing
  • When we send non-transactional email we use CharityEmail
  • We use social media to promote our products and services to members and the general public within our Common Bond.
  • We use Facebook’s custom audience and lookalike audience features.
Credit Reference Agencies (CRAs)

We carry out credit and identity checks when you apply for our current account or loan products. We will share your personal information with CRAs and they will give us information about you. The data we exchange can include

  • Name, address and date of birth
  • Credit application
  • Public information from sources such as Companies House
  • We will use this data to:
  • Assess whether you or your business is able to afford to make repayments
  • Make sure what you have told us is true
  • Help detect and prevent financial crime
  • Trace and recover debts

We will go on sharing your personal information with CRAs for as long as you are a member. This will include details about your settled accounts and any debts not fully repaid on time. This will include details of funds going into the account and the account balance.  If you borrow, it will also include details of your repayments and whether you repay in full and on time. CRAs may give this information to other organisations that want to check credit status. We will also tell CRAs when you settle your account with us.

When we ask CRAs about you or your business they will note this on your credit file. This is called a credit search. Other lenders may be able to see this and we may be able to see credit searches from other lenders.

If you apply for a product with someone, this will link your record with theirs. We will do the same if you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors.

CRAs will also link your records together. These links will stay on your files unless one of you asks the CRAs to break the link. You would normally need to obtain proof that you no longer have a financial link with each other.

You can find out more about CRAs on their website:  Callcredit, Equifax & Experian

Fraud Prevention Agencies (FPAs)

We may need to confirm your identity before we provide you with membership or services to you or your business. Once you have become a member, we will also share your personal information as needed to help detect fraud and money laundering risks. We use Fraud Prevention Agencies to help us with this.

Both LCCU and the fraud prevention agency can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law or for a ‘legitimate interest’.

By ‘legitimate interest’ we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. Our legitimate interests are balanced against your right to privacy.

We will use the information to:

  • Confirm identities
  • Help prevent fraud and money laundering
  • Fulfil any contract you or your business has with us.

LCCU or a FPA may allow law enforcement agencies to access your personal information.  This is to support their duty to detect, investigate, prevent and prosecute crime.

FPAs can keep personal information for different lengths of time. They can keep your data for up to six years if they find a risk of fraud or money laundering.

The information we use:

  • Name
  • Date of birth
  • National Insurance Number
  • Residential address
  • History of where you have lived
  • Contact details, such as email address and phone numbers
  • Financial data
  • Data relating to you or your business
  • Employment details

We and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. We may finds that an account is being used in ways that fraudsters work, or we may notice that an account is being used in a way that is unusual for you or your business. Where we or the FPA decide there is a risk of fraud, we may stop activity on your account(s) or block access to them. FPA will also keep a record of any risk associated with you or your business.  Either of these could indicate a possible risk of fraud or money laundering. If we or the FPA decide there is a risk of fraud, we may stop activity on the account or block access to them. FPA will also keep a record of the risk that you or your business may pose. This may result in other organisations refusing to provide you with products or services or to employ you.

Data transfers out of the EEA

FPAs may send personal information to countries outside the European Economic Area (EEA). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.

We will only send your data outside the European Economic Area (EEA) to:

  • Follow your instructions
  • Comply with a legal duty

If we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you choose not to give your personal information

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot preform services needed to run your account. It could mean that we have to cancel your membership with us but we will notify you if this is the case at the time.

Any data collection that is optional would be made clear at the point of collection.

Your rights and access to your personal information

You have the right to know what information we hold about you and to ask, in writing, to see your records.

Individuals can find out if we hold any personal information by making a ‘subject access request’ pursuant to Article 15 of the General Data Protection Regulation ((EU) 2016/679). If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to LCCU to see any personal information we may hold you need to put the request in writing using the Subject Access Request Form. We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.

If we do hold information about you, you can ask us to correct any mistakes by contacting us.

Right to be informed

You have the right to be informed how your personal data will be used. This statement as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.

Right to data portability

Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.

Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.

How long we keep your personal information

We will keep your personal information for as long as you are a member. After you stop being a member we may keep your data for up to 6 years for one of these reasons:

  • To respond to any questions or complaints
  • To show that we treated you fairly
  • To maintain records according to rules that applies to us.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Letting us know if your personal information is incorrect

You have the right to question any information we have about you that you think is wrong or incomplete and if you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. Please contact us if you want to do this.
If you do, we will take reasonable steps to check its accuracy and correct it.
If you believe the information we hold about you is out of date or incorrect please notify a member of staff or email privacy@londoncu.co.uk .

What if you want us to stop using your personal information

Where we process your data on the basis of your consent (for example, to send you marketing e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us.

You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us.

In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.

How to withdraw your consent

You can withdraw your consent at any time. Please contact us if you want to do so.
If you withdraw your consent, we may not be able to provide you with your membership, products or services if this is so we will tell you.

How to complain

If you are unhappy with the way in which we have used your personal information you can let us know by sending an email to privacy@londoncu.co.uk. Alternately, you can let us know in branch or by using the contact form on this website. You also have the right to complain to the Information Commissioners Officer.

People who make a complaint to us

When we receive a complaint we will open a case file that contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. Annually, we report to the Financial Conduct Authority on how many  complaints we receive, relating to which regulated banking categories and the outcomes. This data is anonymised.

We usually disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. It will not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Updating this policy

We may update this policy from time to time without notice to you, so please check it regularly. The privacy policy was last updated on 25 May 2018.