Privacy Policy

Privacy Policy

Manchester Credit Union Privacy Notice

This is the Privacy Notice of Manchester Credit Union (Registration Number 235C) whose registered office is Ground Floor, 24 Queen St, Manchester, M2 5HX.  We are committed to protecting the privacy and security of our members' personal information. Any mandatory information requested to open an account is needed either to meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.

Data controller

For the purposes of relevant data protection legislation, Manchester Credit Union is a controller of your personal data. As a controller we use or process the personal data we hold about you in accordance with this privacy notice.

How we use your personal information

Manchester Credit Union may process, transfer and/or share personal information in the following ways:

For legal reasons, to:

  • confirm your identity;
  • perform activity for the prevention of financial crime;
  • carry out internal and external auditing;
  • record basic information about you on a register of members.

For performance of our contract with you, to:

  • deal with your account(s) or run any other services we provide to you;
  • consider any applications made by you;
  • carry out credit checks and obtain and provide credit references;
  • undertake statistical analysis, to help evaluate our members’ needs and manage our business;
  • send you statements, new terms and conditions (including changes to this privacy statement) and information about changes to the way your account(s) operate; and
  • notify you of our general meetings of members.

For our legitimate interests, to:

  • recover any debts owed to us.

With your consent, to:

  • maintain our relationship with you including marketing and market research.

Sharing your personal information

We will disclose information outside Manchester Credit Union to:

  • third parties to help us confirm your identity to comply with money laundering legislation;
  • credit reference agencies and debt recovery agents who may check the information against other databases – private and public – to which they have access;
  • any authorities if compelled to do so by law (such as HM Revenue & Customs to fulfil tax compliance obligations);
  • fraud prevention agencies to help prevent crime or where we suspect fraud;
  • any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s);
  • our suppliers for them to provide services to us and/or to you on our behalf;

Where we send your information

Manchester Credit Union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK. For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer that information to tax authorities in countries where you or a connected person may be tax resident.

Retaining your information

Manchester Credit Union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period after you have left the credit union.

Fraud Prevention Agencies

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by https://www.cifas.org.uk/fpn

The main Fraud Prevention Agency we work with is CIFAS. You can find more information about them here: https://www.cifas.org.uk/about-cifas/what-is-cifas.

 

 

Credit Reference Agencies (CRAs)

In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.

Credit Reference Agencies also share information about people with many financial organisations.

Their records can tell us:

  • whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
  • your previous addresses;
  • information on any businesses you may own or have owned or directed;
  • whether you are financially linked to another person, for example by having a joint account or shared credit;
  • whether you have changed your name;
  • whether you have been a victim of fraud.

Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.

They also use publicly available information to record information about people, including information from:

  • The Royal Mail Postcode Finder and Address Finder;
  • The Electoral Register;
  • Companies House;
  • The Accountant in Bankruptcy and other UK equivalents;
  • The Insolvency Service and other UK equivalents;
  • County Court Records.

This tells us, among other things:

  • Your age, address and whereabouts;
  • whether you are on the Electoral Register;
  • whether you have been declared bankrupt;
  • whether you are insolvent; and
  • whether there are any County Court Judgements against you.

Credit Reference Agencies may also be Fraud Prevention Agencies.

We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:

  • confirming your identity;
  • verifying where you live;
  • making sure what you have told us is accurate and true;
  • checking whether you have overdue debts or other financial commitments; and
  • confirming the number of your credit agreements and the balances outstanding together with your payment history.

We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:

  • to identify, prevent and track fraud;
  • to combat money laundering and other financial crime; and
  • to help recover payment of unpaid debts.

We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.

Automated assessment

We may use automated decision making in processing your personal and financial information to make credit decisions.

It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.

The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.

When you apply for a loan and / or savings account up to five searches may appear on your credit file.  For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.

Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.

Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.

Fraud Prevention Agencies

We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.

The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.

We will share your:

  • name;
  • address;
  • date of birth;
  • contact details;
  • financial information;
  • employment details;
  • Device identifiers, including IP address; and
  • Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.

 

Your Rights

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request accessto your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correctionof the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasureof your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing
  • Object to processingof your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processingof your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transferof your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us as follows:

  • In person at – Ground Floor, 24 Queen St, Manchester, M2 5HX
  • By email to – info@manchestercreditunion.co.uk
  • By telephone on – 0161 231 5222
  • In writing to – Manchester Credit Union, Ground Floor, 24 Queen St, Manchester, M2 5HX


No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Time limit to respond

We will aim to respond to all legitimate requests within one month of receiving them and verifying your identity. Occasionally it may take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints to the regulator

If you do not think that we have processed your data in accordance with this notice you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact them by going to their website at ico.org.uk, phoning them on 0303 123 1113 or by post to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Changes to this Privacy Policy

We can update this Privacy Policy at any time and ideally you should check regularly here www.manchestercreditunion/privacypolicy for updates. We won’t alert you for every small change, but if there are any important changes to the Policy or how we use your information we will let you know and where appropriate ask for your consent.



Updated June 2024