Privacy Policy

Introduction

Gateway Credit Union respects the rights of users of our website and is committed to protecting your privacy and ensuring that you continue to trust us with your personal data.

“Personal Data” is personal information about you as an individual such as your name, email address, address, telephone number and any information relating to you that we hold.

We will not collect your personal data on this website without your permission or otherwise in accordance with Data Protection legislation.

This Privacy Notice sets out:

  1. Third party web sites
  2. Scope
  3. Acceptance
  4. What personal data we collect and why we collect it
  5. Consent
  6. Who we share your personal data with
  7. Your rights
  8. Data security and retention
  9. Information Security and Data Privacy awareness
  10. How we use your data
  11. How to contact us

Third Party Websites

Our web site contains links to other web sites. We are not responsible for the privacy practices of these other sites. We encourage you to be aware of this when you visit these sites and to read the privacy statements on other web sites you visit. This Privacy Notice applies solely to our web site.

Scope

This Privacy Notice applies to the personal data that we collect about you on our website or mobile application for the purpose of operating the website and providing

· information about your Credit Union

· access to your account details and transactions (Online Banking)

· feedback features

· online membership and loan application facilities

· control over your contact preferences

Acceptance

By using our website or mobile application or by giving us your personal data, you accept the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use our website or mobile application or give us any of your personal data.

We reserve the right to make changes to this Privacy Notice at any time and we encourage you to review this notice regularly to make sure you are aware of any changes and how your personal data may be used.

What personal data we collect and why we collect it

4.1 Information that you provide to us

When you submit an enquiry to us via our Enquiry Form or submit feedback, we ask that you submit your member number (optional), your name and email address along with your query or feedback. We ask for this information so that we can respond to your query.

When you apply for a loan via our website we will ask for information necessary to process your loan request such as Credit Union account details, your name, address, contact details, date of birth, marital status, accommodation details, employment and salary information and current debt information.

If you apply for membership of the Credit Union via our website we will ask for your name, address, phone number(s), email address, date of birth, employment and accommodation information.

If you register for Online Access we will ask for your Credit Union member number, your name, date of birth, phone number and email address. This information is necessary to process your application for Online Access.

4.2 Data gathered from all visitors to our website

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.

We do this to understand how our website is used by our visitors, for example how often various parts of the site are visited. This information is stored in an anonymous manner and you are not identified by this information.

We also gather the following technical details about visits.

· Your IP address

· Your web browser and operating system

· Date and time you visited various pages on our website

We also store cookies on your computer.

4.3 What are Cookies?

Cookies are files which are transferred to your computer's hard disk by a website. Cookies can store information about your preferences and other information which you need when you visit a website. The Credit Union uses cookies to monitor our website traffic, to ensure better service levels and in order to provide you with certain features such as the customised delivery of certain information.

To prevent the use of cookies you should activate the facility which is available in most web browsers that enables a user to deny or accept cookies. Click here to find out how to enable and deny cookies.

For more information about cookies see www.allaboutcookies.org

4.4 Why do we collect your personal data and what do we do with it?

We collect data for the following purposes

· to enable the correct functioning of this website

· to allow us to process queries or feedback that you submit to us

· to process applications for membership, access or credit that you submit to us

All the personal data that you submit is processed in the Credit Union by our staff. However, for the purposes of IT hosting and maintenance some of this information is located on servers within the European Union.

4.5 Are there consequences to not supplying Personal Data?

We need to collect your personal data in order to process your applications for membership,

Consent

5.1 What consent do we ask for?

We will ask you for your consent to process loan application information (including disclosing it to third parties necessary for its processing) and to submit your information to a Credit Check bureau. You are may decline to grant this consent however without this consent we will be unable to process your application.

We may also ask for your permission to send you marketing material about carefully selected products and services that we feel would be of interest to you. You may decline to grant this permission without consequence.

5.2 Can I withdraw my consent at any time?

Yes. You must be logged in as a Credit Union user in order to manage your consent online. When logged in you may manage your consent by clicking here.

Alternatively, you may write to us or call into Gateway Credit Union at 21 Commercial Street, Pontypool, Torfaen, NP4 6JQ, UK

Who we share your personal data with

6.1 Information Technology service providers

We have engaged third parties for the supply of Information Technology services which allow us to process your information. These parties process your information under contract to us and are subject to the same European and national Data Protection laws as are we.

6.2 Transfer of information

We do not transfer your information outside of the EU.

Your information is processed entirely within the EU and, as such, is protected by European-wide Data Protection regulations.

Your rights

You have the following rights:

7.1 Access

You have the right to obtain from us confirmation as to whether or not we hold your personal data. Where that is the case, you have the right to request a copy of the data and information about it such as how long we will hold it and to whom we disclose it.

7.2 Rectification

Where your personal data is incorrect or out of date you have the right to submit a correction and require us to correct your data.

7.3 Erasure

Where your personal data is no longer required for the purposes for which it was gathered and we have no regulatory obligation to retain it, you may instruct us to erase it.

7.4 Restriction

You may require us to restrict processing of your data under certain circumstances.

7.5 Object

You can object to certain types of processing, in particular any direct marketing.

7.6 Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable and interoperable format for transmission to another controller.

7.7 Withdrawal of Consent

Where our processing of your data is based on consent - for example, marketing - you may withdraw that consent at any time. You must be logged in to manage your consent online. Click here to manage your consent.

7.8 Lodge a Complaint

You may lodge a complaint with a Supervisory Authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes Data Protection law.

Data Security and Retention

We do not retain your personal information for longer than we need to in order to meet the objectives for which it was gathered.

When we are moving your data from one location to another, whether physically or digitally, your data will be encrypted. Where appropriate, data will be encrypted at rest.

Information Security and Data Privacy awareness

We provide Information Security and Data Privacy awareness training to all of our staff and we require any of our contracted suppliers who process your data to also provide similar awareness training to their staff.

How we use your data

Credit Referencing Agencies

In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.

Credit Reference Agencies also share information about people with many financial organisations.

Their records can tell us:

  • whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
  • your previous addresses;
  • information on any businesses you may own or have owned or directed;
  • whether you are financially linked to another person, for example by having a joint account or shared credit;
  • whether you have changed your name;
  • whether you have been a victim of fraud.

Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.

They also use publicly available information to record information about people, including information from:

  • The Royal Mail Postcode Finder and Address Finder;
  • The Electoral Register;
  • Companies House;
  • The Accountant in Bankruptcy and other UK equivalents;
  • The Insolvency Service and other UK equivalents;
  • County Court Records.

This tells us, among other things:

  • Your age, address and whereabouts;
  • whether you are on the Electoral Register;
  • whether you have been declared bankrupt;
  • whether you are insolvent; and
  • whether there are any County Court Judgements against you.

Credit Reference Agencies may also be Fraud Prevention Agencies.

We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:

  • confirming your identity;
  • verifying where you live;
  • making sure what you have told us is accurate and true;
  • checking whether you have overdue debts or other financial commitments; and
  • confirming the number of your credit agreements and the balances outstanding together with your payment history.

We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:

  • to identify, prevent and track fraud;
  • to combat money laundering and other financial crime; and
  • to help recover payment of unpaid debts.

We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.

Automated assessment

We may use automated decision making in processing your personal and financial information to make credit decisions.

It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.

The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.

When you apply for a loan and / or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.

Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.

Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.

Fraud Prevention Agencies

We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.

The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.

We will share your:

  • name;
  • address;
  • date of birth;
  • contact details;
  • financial information;
  • employment details;
  • Device identifiers, including IP address; and
  • Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.

How to contact us

11.1 Credit Union

This is the website of Gateway Credit Union, 21 Commercial Street, Pontypool, Torfaen, NP4 6JQ, UK.

Phone: 01495 832111

Email: info@gatewaycu.co.uk

11.2 Data Protection Officer

Queries relating to Data Protection or relating to exercising any of your Data Privacy rights should be directed to our Data Protection Officer:

Name: Xxxxxxxx

Phone: 01495 832111

Email: info@gatewaycu.co.uk