Moray Firth Credit Union (“we”, “us”, “our” or “the credit union”) take the responsibility of holding
personal data we collect from you, or that you provide to us, will be processed by us.
All personal data that we hold is treated as confidential and will not be shared with third parties,
other than for the reasons detailed below.
Moray Firth Credit Union is registered at 53 High Street, Forres, IV36 1PB and is authorised by the
Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential
Regulation Authority. Financial Services Register No. 213795.
For the purposes of Data Protection, Moray Firth Credit Union is the data controller and is registered
with the Information Commissioner’s Office, registration number ZA037492. We have a nominated
volunteer on the Board of Directors who acts as the Data Protection Officer and a member of staff
who deals with the day to day processes.
General Data Protection Regulations Summary
The following is a brief summary of the General Data Protection Regulations (GDPR), for more
information, please visit the Information Commissioner’s Office website, www.ico.org.uk.
There are 6 lawful bases for processing personal data. Following an audit of the data that we hold,
we have determined that 4 of these apply to the credit union:
Consent – The member has given clear informed consent for us to process their personal data for a
specific purpose. This would include Marketing.
Contract – The processing is necessary for a contract we have with the member, or because they
have asked us to take specific steps before entering into a contract.
Legal Obligation – The processing is necessary for us to comply with the law, including Money
Legitimate Interests – The processing is necessary for our legitimate interests or the legitimate
interests of a third party. This includes credit checks, prior to approving loans.
The GDPR gives individuals certain rights, and this document will inform on how we will ensure that
we enable these rights:
- To be informed (about what data we hold and why)
- Of access (Users may make a Subject Access Request)
- To rectification (to correct errors)
- To erasure of information held / right to be forgotten (only if legally allowable)
- To restrict processing (for information held by consent only)
- To data portability (allowing secure transfer of data if necessary)
- To object (to the use of data in a certain way)
- Not to be subject to automated decision-making including profiling. (FACU does not currently use any automated decision-making software.)
What information do we collect about you?
We collect information about you, when you apply to us for membership and during the course of
providing a service to you. We also collect information when you voluntarily complete customer
surveys, provide feedback and participate in competitions. Website usage information is collected
The majority of the information that we collect about individuals is legally required to meet the
Money Laundering Regulations, such as name, address, date of birth and proofs of identity. We are
required by law to keep this information for 5 years after a member closes their account with us.
Other information is only requested when the member requests other services, such as a loan, and is
therefore collected for a legitimate interest. Our legitimate interests include ensuring that monies
borrowed can be repaid and meeting our ethical and responsible duties as a lender. This includes
proof of income and expenditure, bank statements and employment contracts. Again this
information will be destroyed 5 years after the end of the loan.
Contact details are requested for a number of reasons, we legitimately need to have a way to
contact members about their accounts.
We also ask for permission to use contact details to market to individuals, including sending
newsletters, offers and promoting our loan services. Members must opt in to receiving this
information and can withdraw their consent at any time, by emailing email@example.com, phoning
01309 676735 or in person at our office.
How will we use the information about you?
The information we collect about members is used to provide our services to them, assess
applications for loans and meet our legal and regulatory obligations.
In processing loan applications, we may send your details to, and also use information from credit
reference agencies and fraud prevention agencies. This comes under our legitimate business
requirements. You will be informed if this is the case, should you request that we do not do these
checks, it may affect your loan application.
found by following this link: https://www.equifax.co.uk/crain/
We are required by law to share your information with certain third parties, in certain
circumstances, such as law enforcement. We may have to do this without your knowledge or
Volunteers and Staff
If you apply to work with us, as a volunteer or a member of paid staff, we will only collect relevant
data to enable us to decide on your suitability to work for the credit union. This includes asking for
references. Should your application not be successful we will destroy your application and any other
information collected after 6 months.
Should you be accepted, we will keep your volunteer / employment files secure, and are required to
keep these for 6 years following the end of your contract.
As a volunteer / staff, you have the same rights as detailed above and may request access to your
files, by going through the Subject Access Request mentioned below.
We would like to send you information about products and services that we offer, as well as regular
newsletters, to do this we need your informed consent. We will not share your information for
marketing purposes with any other companies. If you have consented to receive marketing, you may
opt out at a later date. You have a right at any time to stop us from contacting you for marketing
purposes and if you no longer wish to be contacted, please contact us, by emailing firstname.lastname@example.org , phoning 01309 676735 or in person at our office.
Access to your information and correction
You have the right to request a copy of the information that we hold about you. This is known as a
Subject Access Request (SAR), for information on how to submit a SAR please visit the Information
Commissioner’s Office’s website at, www.ico.org.uk.
If you would like a copy of some or all of your personal information, you are required to complete a
SAR and, either email email@example.com or write to us at our registered office, Data Protection
Officer – Moray Firth Credit Union, 53 High Street, Forres, IV36 1PB. We will require to confirm your
identity before any information is passed over.
We will not charge for this service, unless the request is multiple or excessive or manifestly
We want to make sure that your personal information is accurate and up to date. You may ask us to
correct or remove information you think is inaccurate. Please inform us of circumstances which
change the personal information we hold.
Cookies are text files placed on your computer to collect standard internet log information and
visitor behaviour information. This information is used to track visitor use of the website and to
compile statistical reports on website activity. For further information visit www.aboutcookies.org or
www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites
tell you how to remove cookies from your browser. However, in a few cases some of our website
features may not function as a result.
Union’s website so when you link to other websites you should read their own privacy policies.
How to contact us
by email: firstname.lastname@example.org
by phone: 01309 676735
in person or by post: Moray Firth Credit Union, 53 High Street, Forres, IV36 1PB