All personal data that we hold is treated as confidential and will not be shared with third parties, other than for the reasons detailed below.
Moray Firth Credit Union is registered at 53 High Street, Forres, IV36 1PB and is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register No. 213795.
For the purposes of Data Protection, Moray Firth Credit Union is the data controller and is registered with the Information Commissioner’s Office, registration number ZA037492. We have a nominated volunteer on the Board of Directors who acts as the Data Protection Officer and a member of staff
who deals with the day to day processes.
General Data Protection Regulations Summary
The following is a brief summary of the General Data Protection Regulations (GDPR), for more information, please visit the Information Commissioner’s Office website, www.ico.org.uk.
There are 6 lawful bases for processing personal data. Following an audit of the data that we hold, we have determined that 4 of these apply to the credit union:
Consent – The member has given clear informed consent for us to process their personal data for a specific purpose. This would include Marketing.
Contract – The processing is necessary for a contract we have with the member, or because they have asked us to take specific steps before entering into a contract.
Legal Obligation – The processing is necessary for us to comply with the law, including Money Laundering Regulations.
Legitimate Interests – The processing is necessary for our legitimate interests or the legitimate interests of a third party. This includes credit checks, prior to approving loans. The GDPR gives individuals certain rights, and this document will inform on how we will ensure that we enable these rights:
- To be informed (about what data we hold and why)
- Of access (Users may make a Subject Access Request)
- To rectification (to correct errors)
- To erasure of information held / right to be forgotten (only if legally allowable)
- To restrict processing (for information held by consent only)
- To data portability (allowing secure transfer of data if necessary)
- To object (to the use of data in a certain way)
- Not to be subject to automated decision-making including profiling. (FACU does not currently use any automated decision-making software.)
What information do we collect about you?
We collect information about you, when you apply to us for membership and during the course of providing a service to you. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected
The majority of the information that we collect about individuals is legally required to meet the Money Laundering Regulations, such as name, address, date of birth and proofs of identity. We are required by law to keep this information for 5 years after a member closes their account with us.
Other information is only requested when the member requests other services, such as a loan, and is therefore collected for a legitimate interest. Our legitimate interests include ensuring that monies borrowed can be repaid and meeting our ethical and responsible duties as a lender. This includes
proof of income and expenditure, bank statements and employment contracts. Again this information will be destroyed 5 years after the end of the loan.
Contact details are requested for a number of reasons, we legitimately need to have a way to contact members about their accounts.
We also ask for permission to use contact details to market to individuals, including sending newsletters, offers and promoting our loan services. Members must opt in to receiving this information and can withdraw their consent at any time, by emailing email@example.com, phoning
01309 676735 or in person at our office.
How will we use the information about you?
The information we collect about members is used to provide our services to them, assess applications for loans and meet our legal and regulatory obligations. In processing loan applications, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies. This comes under our legitimate business requirements. You will be informed if this is the case, should you request that we do not do these checks, it may affect your loan application.
We are required by law to share your information with certain third parties, in certain circumstances, such as law enforcement. We may have to do this without your knowledge or consent.
Volunteers and Staff
If you apply to work with us, as a volunteer or a member of paid staff, we will only collect relevant data to enable us to decide on your suitability to work for the credit union. This includes asking for references. Should your application not be successful we will destroy your application and any other information collected after 6 months.
Should you be accepted, we will keep your volunteer / employment files secure, and are required to keep these for 6 years following the end of your contract. As a volunteer / staff, you have the same rights as detailed above and may request access to your files, by going through the Subject Access Request mentioned below.
We would like to send you information about products and services that we offer, as well as regular newsletters, to do this we need your informed consent. We will not share your information for marketing purposes with any other companies. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes and if you no longer wish to be contacted, please contact us, by emailing firstname.lastname@example.org , phoning 01309 676735 or in person at our office.
Access to your information and correction
You have the right to request a copy of the information that we hold about you. This is known as a Subject Access Request (SAR), for information on how to submit a SAR please visit the Information Commissioner’s Office’s website at, www.ico.org.uk.
If you would like a copy of some or all of your personal information, you are required to complete a SAR and, either email email@example.com or write to us at our registered office, Data Protection Officer – Moray Firth Credit Union, 53 High Street, Forres, IV36 1PB. We will require to confirm your identity before any information is passed over.
We will not charge for this service, unless the request is multiple or excessive or manifestly unfounded.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. Please inform us of circumstances which change the personal information we hold.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or
www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
How to contact us
- by email: firstname.lastname@example.org
- by phone: 01309 676735
- in person or by post: Moray Firth Credit Union, 53 High Street, Forres, IV36 1PB