Privacy Notice Privacy Notice

Privacy Notice

This Notice covers how Glasgow Credit Union uses your personal information.

1. Who we are

Glasgow Credit Union is a “data controller” in respect of all personal information we process in connection with our business (including the products and services that we provide). In this notice, references to “we”, “us” or “our” are references to Glasgow Credit Union. We are registered as a data controller with the Information Commissioner’s Office (ICO), the supervisory authority for data protection within the United Kingdom (UK). Our registration number is Z6604434.

2. Our Privacy Promise

We will always: 

  • Keep your personal information safe and private.
  • Not sell your personal information to any third-parties.
  • Give you ways to manage and review your marketing choices at any time.

3. The information we process

We will collect data about you when you apply to become a member, and if we grant you membership, in certain circumstances, we may continue to process your information when you leave Glasgow Credit Union for example to enable us to respond to any complaints you make after you end your membership.

We may collect information about you even if you are not a member. This might be if you use our website or contact us about our products and services.

4. The information we hold about you

This section explains all the places where we get information about you.

We may collect personal information about you from any of these sources:

When you apply to be a member and use our services as a member:

  • Personal details like your name, date and place of birth.
  • Contact details like your home address (and previous addresses), email and phone number.
  • Your National Insurance number.
  • Information about your identity, such as a copy of your ID documents and photos of yourself.
  • Information about your right to live in the UK and your tax residency including all the countries you're a tax resident in and your Tax Identification Number for each one.
  • Financial details, such as your employment status and the industry you work in, annual income, number of dependents, residential status and monthly housing costs.
  • If you apply for a loan or mortgage, we'll obtain details about your financial circumstances and reasons for borrowing as well as details about who you have any financial relationship with (for example, the person’s name, address and financial details).
  • Information you give us, for example, through telephone calls, emails, messages and in-app forms.
  • Details about payments to and from your Glasgow Credit Union account, your savings activity and any products you have.
  • Details about services from us.
  • Details about how you use our app and website.

When you contact us, we collect the following information so we can help you:

  • The phone number you're calling from and information you give us during the call (we record most calls).
  • The email address you use and the contents of your email and any attachments.
  • Public details from your social media profile (like Facebook, Instagram or X) if you reach out to us via these platforms, and the contents of your messages or posts to us.
  • Details about why you are contacting us.
  • Details of any support needs or communication preferences you disclose to us.
  • Details of the device that you are contacting us from.

When you use our website or social media we may collect some information:

  • Your social media handle.
  • Your interactions with our website or social media channel.
  • Direct messages you send to our social media pages.

When using our Digital Services, we may collect some data from your device to:

  • Provide our services to you.
  • Keep your data safe.
  • Improve features and our products and services for you.
  • Perform data analysis to measure and improve our advertising channels.

This includes your:

  • Mobile network and operating system, so we can analyse how our app works and remedy any problems.
  • IP address and device ID (we will link your mobile number with your device).
  • Mobile advertising information. We may share this with companies that help us advertise online (you can reset this ID or limit tracking in your phone 'Settings').
  • Location, if enabled, so we can help protect your account.
  • Actions taken in our app.

When you sign up for a Glasgow Credit Union account, we complete a search on: 

  • Credit Reference Agencies to verify your identity, check if we can offer you an account and manage business risk (this is a 'soft search' and won't impact your credit score).
  • If you take out a loan or mortgage, we do a full search (which may impact your credit score). We use this info to check you can afford your loan as part of our commitment to supporting and helping our members. We may use this information, alongside other information we hold about you, to identify signs that you may be at risk of financial difficulties.
  • Fraud prevention agencies, KYC (Know Your Customer) and AML (Anti-Money Laundering) service providers to prevent fraud and fulfil our legal duties.

We may also collect information about you from public sources for example for AML reasons.

This includes:

  • Official public records, like the Electoral Register or Companies House; and information published by the press or on social media.

Special Category Data:

We may need to process sensitive information about you that data protection laws call 'special category' data. This is information about:

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic or biometric data (if used for identification purposes).
  • Information concerning a person's health, sex life or sexual orientation.

Data protection laws say we need a second lawful basis to use special category data. This can be explicit consent, exercising legal rights in connection with an employment relationship, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest.

We process special category data for reasons such as to:

  • Adhere to regulations.
  • Prevent fraud.
  • Support you if you are, or become, a vulnerable customer.

To process special category data we rely on:

  • Substantial public interest, such as to authenticate your identity using biometric data.
  • Vital interests, if it’s necessary to protect your or another person’s life and you can’t consent.
  • Explicit consent, in limited circumstances that have been brought to your attention.

Automated Decision Making

We sometimes make decisions without a human using automated decision making. Some examples of where we do this include to:

  • Decide if we can approve your membership application, loan or mortgage and for any products based on information such as your age, residency, nationality, financial position, and other circumstances, like the results of anti-money laundering and sanctions checks and information from Credit Reference Agencies.
  • Decide if we need to take action, like stopping a transaction or access to your account because we suspect fraud or money-laundering against you or Glasgow Credit Union. We decide this based on patterns in our data, like an account or policy being used in a way that fraudsters work.
  • Decide if our services and products, or those of companies we work with, are suitable for you so that we can tailor our marketing and how we display products in our mobile app.

Some of those automated decisions may have significant effects on you, such as a refusal of credit or an inability to access your account. We’re only allowed to make these kinds of decisions in certain circumstances, and we will always assess and carefully consider whether the law allows us to do this. If we make a solely automated decision about you that significantly affects you, you have the right to request a manual review of that decision by a person. You can also share your perspective and challenge the outcome. You can ask us to review the decision by contacting us using the details above.

Artificial intelligence

We may use artificial intelligence (‘AI’) to provide our products and services. Examples of how we use AI include helping with customer support queries, detecting and monitoring fraud or other unlawful activity, helping make business decisions or improving marketing.

We may also use your data to train and analyse the performance of our AI. We’ll only do this if it’s not possible to anonymise your data. We don’t allow third parties whose AI systems or models we use to use your personal data for their own training purposes.

Product development and marketing

We:

  • Tell you about products and services through our app or other channels, like social media and email, based on how you use our products and services and other information we hold about you.
  • May also exclude ads on this basis so we can make sure our ads are useful and relevant, including instructing platforms to show or not show Glasgow Credit Union adverts to existing customers or prospects.
  • Enter you into, and run, prize draws.
  • Share limited information about you with social media companies, our communication platforms, and analytics and search engine providers and marketing and communication partners.
  • Improve our products and services based on how you respond to ads we show you.
  • May ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them.
  • Use the information you share with us, data we get from our partners and data Glasgow Credit Union has about you to suggest features and products you’d find useful.
  • Use data we have about you to check that you are eligible for products that we show you.
  • Share insights with the public about trends.
  • May use the personal information you give us to test third party services.
  • May use your personal data to train, test and analyse the performance of AI tools that we develop and use.
  • Decide what type of marketing content to send to you by email and push notification (if you have asked to receive this from us).
  • Recommend other products and services in our app that we think you’ll like.

Give you tailored support

We:

  • Record information that you provide us about your support needs.
  • Provide signposting for support that we think may be relevant for your needs
  • Record your communication preferences or any of your reasonable adjustments.
  • Tailor the support we provide to manage your account.
  • May ask you to provide further information or feedback to help us better support your personalised needs.

Security and business management

We:

  • Protect the rights, property or safety of us, our customers and others.
  • Carry out security and maintenance checks to make sure everything runs smoothly.
  • Manage Glasgow Credit Union’s business risk and finances.
  • Share information with credit reference agencies so we can benefit from up-to-date information when we make decisions about our products and services and to help us make responsible lending and investing decisions and fight financial crime.
  • Store backup copies for operational resilience reasons or in case we face a legal claim about the information.
  • Share information with companies so they can help us provide our services, including to validate your bank details or personal information with transaction processors to ensure your account is not used for fraudulent purposes.
  • Use information to provide customer service.

5. Our reasons for using your information:

Data protection laws state that we need to have a lawful basis for using your personal data. At least one of the following must apply:

  • Contractual duty.
  • Legal obligation.
  • Legitimate interest.
  • Public interest.
  • Vital interest.
  • Consent.

In this section we explain which one we rely on to use your data in a certain way.

Contractual Duty

We need to use your data for a contract we have with you, or to enter a contract with you. We use details about you to:

  • Facilitate and manage your membership with us in line with our Rulebook and Membership Terms and Conditions.
  • Consider your applications.
  • Give you services we agreed to in line with our Membership Terms and Conditions.
  • Contact you about your account and other services you use if you get in touch, or we need to tell you about something.
  • Exercise our right under contract we’ve entered into with you, like managing, collecting and recovering money you owe us.
  • Investigate and fix complaints and other problems.
  • Support you if you contact our customer support team, or to help investigate complaints.
  • Conduct member meetings like our Annual General Meeting including video or audio recordings of you taking part in such meetings.
  • Provide you with our personalised Glasgow Credit Union service through the app based on your financial goals, preferences, your use of the service and other information you tell us.

Legal obligation

We:

  • Confirm your identity when you sign up or get in touch.
  • Check your information at credit reference and fraud prevention agencies.
  • Prevent illegal activities like money laundering, tax evasion and fraud.
  • Check your credit history and ask about your reasons for applying and your financial circumstances.
  • Keep records of information we hold about you in line with our legal and regulatory requirements.
  • Adhere to laws and regulations (these mean we sometimes need to share information with regulators, tax authorities, law enforcement or other third parties).

Legitimate interest

We need to use your data for our legitimate interest, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights.

Public interest

We:

  • Use facial recognition technology to identify people who use our services in the Glasgow Credit Union app or website to prevent or detect unlawful acts, such as fraud.
  • Record information about your health if it’s necessary to protect your financial wellbeing or to safeguard your overall wellbeing if you are at risk and enable us to tailor the support we give you.

Vital interest

We may share information about you externally (generally with police or other authorities in an emergency), if it's necessary to protect your or another person's life and you cannot consent.

Consent

We’ll ask for your consent to:

  • Tell you about our, or our partners, products and services by email, phone post or push notification if we think they’re of interest to you. You can unsubscribe from these in the app or by contacting us.
  • Help protect you against fraud by tracking the location of your phone if you've authorised it.
  • Share information, including special category data, about you with companies we work with when we have your permission, unless we are otherwise legally allowed to.
  • Share details about other bank accounts you hold when you use our Bank Pay feature or connect using open banking.
  • Fetch your full credit file or complete an eligibility check for a loan or mortgage.

You can withdraw your consent to processing at any time either through the app, or contacting us, but this does not make prior processing based on consent invalid.

6. Who we share your data with

Here we are referring to companies that help us provide services you use and need to process details about you for this reason.

We share as little information as we can and encrypt and/or make it impossible for the recipient to identify you where possible (for example, by using a User ID rather than your name). These include:

  • Payment service providers for certain bank transfers.
  • Our partner banks for making and receiving transactions to and from your credit union account.
  • Our prize draw facilitators in line with our Membership Terms and Conditions.
  • Our partners that support us with member meetings such as participating in our AGM or voting in line with our Rulebook and Membership Terms and Conditions.
  • Our auditors and regulators.
  • Analytical, Know Your Customer (KYC) and cyber security service providers that help us with identity verification or fraud checks.
  • IT providers such as managed service or network providers, cloud computing backup, storage and software providers.
  • Companies that help us with marketing (we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time).
  • Companies that help us to market to prospects (we may share limited information to enable profiling).
  • Software companies that we use to contact you or when you contact us, or for processing and storing interactions with you.
  • Companies that help us with fraud prevention.
  • Companies that offer benefits or rewards through special programmes associated with any of our products.
  • Companies that print written statements and notices.
  • Companies that manage our safety and security if you visit our offices.

Credit Reference Agencies (CRAs)

CRAs give lenders information about borrowers to help them make responsible lending decisions. Banks share details about their customers to help CRAs maintain up-to-date information about people's financial status. We work with Experian and Equifax.

When you join, and for as long as you're a member, we'll exchange details about you with CRAs. This includes:

  • Your name, address and date of birth.
  • Loans or mortgages you have with us, including when you opened them, contractual monthly repayments and your current balance (if you miss a repayment, we'll also share arrears information).
  • Credit applications you've made for a loan or mortgage.
  • Fraud prevention information.

We'll use this information to comply with our legal duties and when it's in our 'legitimate interest' to:

  • Verify your identity and make sure what you've told us is true.
  • Help detect and prevent fraud and money laundering.
  • Assess whether you can afford to make repayments if you borrow.
  • Manage your account with us.
  • Trace and recover debts.
  • Make sure our products are relevant for you.
  • If you apply for a joint mortgage account with someone else, we and CRAs will link your records with theirs.
  • For more information about how the CRAs we work with use your data, read Equifax and Experian's CRA Information Notices.

Anyone you give us permission to share it with

We will tell when we need your consent to share your data with:

  • Third party services.
  • Other banks if you use account switching services like an ISA transfer.
  • People you've asked to represent you, like solicitors and debt management companies.

Authorities and other external parties

We may share information about you with:

  • Authorities that spot and stop financial crime, money laundering, terrorism and tax evasion if the law says we have to, or if it's necessary for other reasons
  • The police, courts or dispute resolution bodies if we have to.
  • Local health authorities, such as Adult Social Services, to safeguard your wellbeing.
  • Other banks to help trace money if you're a victim of fraud or other crimes, or if there's a dispute about a transaction.
  • Organisations who manage or signpost vulnerability services where you have requested us to.
  • Any other third parties where necessary to meet our legal obligations.

Debt Management

If you do not keep up repayments on any borrowing with us, we may share your personal information with debt management companies who can help you manage your debt. Any debt management companies we work with are regulated by the FCA.

7. Under 16s Accounts

If you open an Under 16 account, we will store your child’s data as well as your own. We will keep a record of how you and your child use the account in line with our legal and regulatory obligations.

8. Transferring information overseas  

We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way as we do, or, in accordance with applicable laws.

If we transfer information to countries outside of the UK, we will only do so where we have your explicit consent or one of these safeguards in place:

  • The UK ICO has decided that the country or the organisation we are sharing your information with will protect your information adequately.
  • The transfer has been authorised by the ICO.
  • We have entered a contract with the organisation with which we are sharing your information (on terms approved by the ICO) to ensure your information is adequately protected.

9. How long we keep your information

We will always keep your information safe, up to date and will only keep your information for as long as necessary in line with our retention policies. If your information changes, it is important that you tell us so that we can update our records.

We may keep your information after your account closes, where we have a legal obligation to, or in case we need to respond to a legal claim. In some circumstances, like cases of anti-money laundering or fraud, we may keep information for a much longer period if we need to (that’s in our legitimate interest) and/or the law says we must.

To work out how long we keep different information, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

10. Your rights

You have a right to:

  • Be informed about what personal data we hold about you and how we process it (this notice).
  • Access the personal data we hold about you, or to get a copy of it.
  • Ask for a copy of your personal data in a portable format or ask us send this to someone else.
  • Ask us to correct inaccurate data.
  • Ask us to delete your data, although for legal reasons we might not always be able to do this.
  • Object to us using your data for direct marketing and where your data is processed on the basis of 'legitimate interests', or for research and statistical reasons.
  • Withdraw any consent you've given us at any time, but this does not make prior processing based on consent invalid.
  • Restrict processing of your data.
  • Complain to the Information Commissioner's Office. We ask that you first contact us to give us an opportunity to address any concerns.
  • Ask us to review an automated decision.

To do any of these things, please get in touch using the details contained at the end of this Notice.

11. Getting in touch

If you have any data protection issues or queries, you can:

  • Write to us at Glasgow Credit Union, 95 Morrison Street, Glasgow, G5 8BE.
  • Complete a support request: https://help.glasgowcu.com
  • Call us on 0141 274 9933.

12. How to make a complaint

If you have a complaint about how we use your personal information, please contact us using the details above and we'll do out best to put things right. 

If you're still not happy, you can refer your complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues. The Information Commissioner’s contact details are noted below:

13. Changes to this notice

We'll update the Customer Privacy Notice on this page and if we make significant changes, we'll let you know by email or in the app.

Privacy Notice, Final V9.0 


 



 

 

Articles in this section