Why we care about your privacy
We believe that your privacy is important. We collect, use, and share your personal data only in ways that are fair and transparent, and that protect your rights. We also take steps to keep your personal data safe and secure.
What personal data do we collect?
We collect the following personal data about you:
- Your name
- Your address
- Your contact details (phone number, email address)
- Your financial information (account details, credit history)
- Your transaction history
- Your marketing preferences
How we collect your personal data
We collect your personal data from the following sources:
- When you apply for a membership or account with us
- When you use our website or mobile app
- When you contact us
- When you provide us with your personal data for other purposes (such as marketing)
How we use your personal data
We use your personal data for the following purposes:
- To provide you with our financial services
- To manage your accounts and transactions
- To comply with legal and regulatory requirements
- To prevent fraud and money laundering
- To contact you about your account or other services
- To send you marketing communications (if you have opted in to receive them)
How we protect your personal data
We take steps to keep your personal data safe and secure. These steps include:
- Using industry-standard security measures to protect our systems and databases
- Ensuring that our employees are trained in data protection
- Only sharing your personal data with third parties who are bound by confidentiality agreements
Who we share your personal data with
We may share your personal data with the following third parties:
- Our service providers (such as banks, payment processors, and IT providers)
- Credit reference agencies
- Regulatory authorities
- Other credit unions
Credit reference Agencies
When you apply for a loan with us, we will share your personal information with credit reference agencies (CRAs). CRAs use this information to assess your creditworthiness and to help us decide whether to lend you money. They will also share your information with other organisations, such as banks and financial institutions. This may affect your ability to get credit in the future.
We believe that using this information is necessary to protect our business and to comply with the law. We also believe that it is in your best interests, as it helps us to make a responsible lending decision and to protect you from fraud.
The identities of the CRAs, and how they use and share personal information, are explained in more detail at:
- Transunion at transunion.co.uk/crain
- Equifax at equifax.co.uk/crain
- Experian at experian.co.uk/crain
They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information, all parties conform to industry standards.
Credit Reference Agencies also share information about people with many financial organisations.
Their records can tell us:
- whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
- your previous addresses;
- information on any businesses you may own or have owned or directed;
- whether you are financially linked to another person, for example by having a joint account or shared credit;
- whether you have changed your name
- whether you have been a victim of fraud.
Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.
They also use publicly available information to record information about people, including information from:
- The Royal Mail Postcode Finder and Address Finder;
- The Electoral Register;
- Companies House;
- The Accountant in Bankruptcy and other UK equivalents;
- The Insolvency Service and other UK equivalents;
- County Court Records.
This tells us, among other things:
- Your age, address and whereabouts;
- whether you are on the Electoral Register;
- whether you have been declared bankrupt;
- whether you are insolvent; and
- whether there are any County Court Judgements against you.
Credit Reference Agencies may also be Fraud Prevention Agencies.
We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:
- confirming your identity;
- verifying where you live;
- making sure what you have told us is accurate and true;
- checking whether you have overdue debts or other financial commitments; and
- Confirm the number of your credit agreements and the balances outstanding together with your payment history.
We also must protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:
- to identify, prevent and track fraud;
- to combat money laundering and other financial crime; and
- to help recover payment of unpaid debts.
We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.
We may use automated decision-making in processing your personal and financial information to make credit decisions.
It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.
The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loan officer.
When you apply for a loan and/or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.
Each of these five ‘footprints’ relates to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.
Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.
Fraud Prevention Agencies
We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.
The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.
We will share your:
- date of birth;
- contact details;
- financial information;
- employment details;
- Device identifiers, including IP address; and
- Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.
How long we keep your personal data
We will keep your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
You have the following rights concerning your personal data:
- The right to access your personal data
- The right to correct your personal data
- The right to delete your personal data
- The right to restrict the processing of your personal data
- The right to object to the processing of your personal data
- The right to data portability
- The right to complain to the Information Commissioner’s Office
How to contact us
- By phone: 0330 004 0842
- By email: firstname.lastname@example.org
- By post: Notts & Lincs Credit Union, 69 Maid Marian Way, Nottingham. NG1 6AJ