The privacy of your information is important to us at Connect First Credit Union Ltd. (herein after referred to as the “credit union”). We respect the trust that you place in us when you choose to become a member and we take our responsibility to you seriously.
Introduction to our privacy code.
Protecting your privacy and the confidentiality of your personal information is fundamental to the way the credit union does business.
As a financial services organization, the credit union has a long history of handling personal information that is secure. We respect your privacy and the ongoing trust you have in us to protect your personal information.
Our Privacy Code outlines how we manage and protect your privacy and the confidentiality of your personal information. This Code applies to all your interactions with the credit union whether at one of our branches, via online, mobile or telephone banking or through our Contact Centre. It applies to all of our related divisions, companies and subsidiaries.
The purpose of the Privacy Code is to provide responsible and transparent practices in the management of personal information in keeping with the applicable privacy legislation (Personal Information Protection Act – Alberta).
Our Privacy Code is available in each of our branches or can be viewed or downloaded via our website. We regularly review this policy and encourage you to keep posted for updates.
Accountability for our Privacy Code.
The credit union is accountable for all personal information in our possession or control, including personal information that has been transferred to a third party for processing. The credit union has appointed a Chief Privacy Officer to oversee privacy governance including policy, dispute resolution, education, and communication activities, as well reporting to our Board of Directors on privacy matters. Contact information for our Chief Privacy Officer is provided at the end of this Privacy Code.
Each credit union employee is personally responsible for maintaining member confidence in the credit union by ensuring personal information is respected and protected within his or her control. We provide training and communication programs designed to educate employees about the meaning and requirements of this Code. We conduct a combination of compliance self-assessments and audits to verify compliance with this Code and the specific policies and procedures that support the Code.
What is personal information?
‘Personal information’ includes any information, factual or subjective, which allows you to be identified. For example, your name, address, birth date, financial information, identifying numbers or other personal data. Business contact information is not considered personal information. For example, your position, title or business address.
Purposes for which we ask for personal information.
We will tell you the main reason for asking for your personal information when we ask it from you. The main reasons for this will usually be to confirm your identity in order for you to obtain information on your account, initiate banking transactions or provide you with a product or service you want.
We may use personal information for several purposes:
- to assist in providing information about a product or service;
- assess and process an application for membership, product or service;
- to assist in providing you with membership benefits or information about those benefits;
- establish, provide and administer any product, service or facility you have with us;
- tell you about products and services we think may interest you (unless you inform us not to, which you can do at any time);
- assess your eligibility when you apply for a loan or other credit facility;
- assist in the arrangements with other organizations (such as partnerships) in relation to the promotion or provision of a product or service;
- to detect and protect us against error, fraud, and other criminal activity;
- perform other administrative and operational tasks (including risk management, systems development and testing, credit scoring and staff training, and market or member satisfaction research);
- provide for an award, donation, recognition, scholarship, contest or draw; and
- comply with legislative requirements, other regulations, codes and external payment systems.
The credit union will collect personal information by reasonable and lawful means, and will not mislead members about the purpose for which information is being collected. We always disclose with our members what the purposes for which we collect, use, disclose and process personal information is for.
What we collect.
We will only ask for personal information relevant to our business relationship with you. So, when you apply for membership and one of our products or services we may ask for:
- information that identifies you, such as: your name; date of birth; address; occupation as required by law and other contact details;
- information about your financial position when you apply for a loan or credit product, such as: your financial details, including income, expenses, savings and lending history; credit reports from credit -reporting agencies; your employment details, and other personal details, like marital status, spouse’s name and number of dependents;
- information to provide you with a specific product or service (for example certain insurance products require medical and lifestyle information);
- your social insurance number (SIN) to report interest earned and dividend income to Canada Revenue Agency as required by law. If you are applying for a loan or other credit product, we will ask you for your SIN to ensure there is an accurate match to your credit bureau;
- information about your intended use of our product or service; and
- information to conduct market research, we may also ask you for your opinion about products, services or your experiences with our staff. We treat these opinions as personal information.
As part of the business relationship with the credit union, we are required by law to identify you for example, if you are opening a new membership or opening a new account within an existing membership or adding a new signing authority to an existing account. Anti-money laundering legislation require us to cite and record details of certain documents (i.e. photographic and non- photographic documents) in order to comply with the standards set under those laws.
We do not collect, use or disclose sensitive personal information (i.e. race, ethnic origin, religious beliefs, criminal records) about you unless it is necessary to provide you with a product or service and we have your consent or, unless we are legally required to collect, use or disclose that information. We are required by law to determine whether we have members who are politically exposed persons or Head of International Organizations (HIO) and comply with certain legal requirements. More information is available at the website www.fintrac.gc.ca.
We do limit the collection, use, retention and disclosure of information about members to what we need to know.
How we collect your personal information.
We collect most personal information directly from you. For example, your personal information will be collected when you apply for membership, open a new account, fill in an application form, deal with us over the telephone, send us a letter or email, use our website, respond to a survey or when you visit us in person.
We may also need to collect personal information from other organizations such as credit reporting agencies, other financial institutions and from the references you authorize us to contact.
How we use your personal information.
We will tell you the purposes for which we intend to use your personal information.
We only collect personal information about you that is necessary to perform our functions and activities as your financial services provider. If you do not provide your personal details, there may be times when we are unable to provide you with membership or a product or service.
Connect First Credit Union does not sell, rent or trade your personal information to any other party not connected with the provision of your credit union’s financial services. That is guaranteed!
In the course of providing you with products and services, the credit union uses third party suppliers, such as mail delivery and printing services, legal and core banking systems support and merchant solutions. Our suppliers are reputable organizations that are bound by written agreements to abide by the confidentiality and non-disclosure requirements of the credit union. Your personal information remains the property of the credit union at all times and is not available to any other persons for marketing or other uses unless you give your consent.
Your consent is important.
Personal information is used or disclosed only after obtaining your consent. Your consent can be express, implied or deemed.
Examples of express consent:
- Written - our credit application may contain a statement that a credit reference will be required. By signing the application, you are giving your express consent to a credit reference being obtained about you from a credit-reporting agency;
- Electronic - you may be asked to electronically acknowledge that you will be bound by legal terms or agree to certain statements. Clicking "I Agree" is your electronic consent; and
- Verbal - A credit union employee or representative asks whether you agree to us obtaining your credit bureau information. Saying you “Agree” is your verbal consent.
Implied consent is when we can reasonably conclude that you have given permission by some action you take or when you decide not to take action. For example, if you use our Contact Centre service and continue the conversation after hearing the recorded message informing you that your call may be recorded, this is taken as implied consent for us to record your call.
Deemed consent is the collection, use or disclosure of personal information if you, the member voluntarily provides it for a purpose that would, at the time, be considered obvious. This consent is not required to be written or verbal as this type of consent is applied to purposes considered obvious that notification would not be necessary.
If you do not consent to certain uses of personal information by the credit union, we may not be able to deal with you, or provide you with a particular product or service.
There are circumstances where we may collect, use or disclose personal information without your knowledge and consent. For example:
- in connection with an investigation or legal proceeding;
- in connection with a statutory, legal or regulatory requirements;
- in connection with the collection of a debt due to the credit union;
- in connection with determining a person’s eligibility for an award, grant or scholarship;
- the information is publicly available; and
- where it is clearly in the interests of the person and consent cannot be obtained timely.
In disclosing information without consent the credit union will protect the interest(s) of members providing personal information by taking precautionary steps to ensure that:
- legal orders or demands appear to comply with the laws under which they were issued;
- only the personal information that is legally required is disclosed; and
- casual requests for personal information from government or law enforcement authorities are declined.
The credit union will make reasonable efforts to notify members that an order has been received, if the law allows it.
Sharing of personal information within the credit union.
For us to service and manage our relationship with you and carry on business as a group, we may share your personal information within the credit union. This includes activities to administer banking operations, detect and manage fraud and to collect debts owed to the credit union.
We may also share your personal information within the credit union to introduce products and services that could be of interest to you, but always subject to applicable law or unless you withdraw your consent to receiving such information.
Withdrawing your consent.
Serving members well is fundamental to our business. As part of this service we may use personal information we have collected to contact you in order to inform you of a new, existing or improved product or service that may benefit you.
You have the choice to withdraw your consent to receive marketing information from the credit union and you may refuse to provide personal information to us. Withdrawing consent may limit our ability to serve you and/or may lead to a product or service no longer being available to you.
- you may ask us not to contact you by telephone, mail or email for marketing purposes;
- you may also limit the information that is shared within the credit union for marketing purposes; and
- you can make your privacy choices by visiting a credit union branch, calling us at (403) 520-8000 or toll free at 1-866-923-4778, or by completing our ‘Withdrawal of Consent to Purposes’ form
We will action your instructions as soon as practicable however, there are communications that we are required by law to provide, and you cannot opt out of these. For example, communications containing information about changes to products or services or material on or accompanying your regular account statements.
Disclosing to third parties.
Personal information may be shared or disclosed in limited circumstances and with certain organizations, subject to duties of confidentiality towards our members and subject to the Personal Information and Protection Act. Examples of those organizations are:
- credit reporting agencies;
- debt collection agencies;
- regulatory bodies, government agencies (local, provincial and federal), law enforcement bodies, regulatory organizations and courts;
- other parties as required by law;
- your authorized representative or person acting on your behalf;
- mortgage insurers and any re-insurer of any such mortgage insurance;
- our auditors to ensure the integrity of our operations;
- affiliated and external product and service providers (so they may provide you with the product or service you seek); and
- organizations, advisors and trustees where credit facilities are pooled and sold
In all circumstances where personal information may become known, to our contractors, agents or outsourced service providers there are strict confidentiality and privacy agreements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal information for any purposes other than our own. Your credit union takes our obligations to protect personal information very seriously and we make every effort to deal only with parties who share and demonstrate the same attitude.
User of service providers outside Canada.
The credit union may share personal information with service providers outside Canada, when necessary, to allow us to provide products and services to you.
We protect personal information that is shared with these service providers using contractual agreements described above. Your credit union maintains ownership and responsibility for your personal information at all times. We are also responsible for ensuring these service providers comply with the Personal Information Protection Act – Alberta at all times.
Personal information quality.
Our goal is to ensure that the personal information we hold is accurate, complete and up-to date, to the extent that is reasonable for our purposes in collecting, using or disclosing the information and to comply with regulatory requirements. Please contact us if any of the details you have provided change or if you believe that the information we have about you is not accurate, complete or up-to-date. We will promptly update any personal information that is inaccurate, incomplete or out-of -date. We are also responsible for ensuring these service providers comply with the Personal Information Protection Act – Alberta at all times.
We may also take steps to update personal information, for example, an address, by collecting personal information from publicly available sources, such as telephone directories.
Personal information security.
We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorized access, modification or disclosure.
Your personal information may be stored electronically, in paper format or in telephone recordings and may only be accessed by people with the proper authority.
We have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.
Our security measures include, but are not limited to:
- educating our employees as to their obligations with regard to your personal information, including confidentiality agreements;
- strict identification checks on all people requesting access to personal information
- requiring our employees to use secure passwords when accessing our systems;
- encrypting data sent from your computer to our systems during Internet transactions and access codes transmitted across networks;
- employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering our systems;
- using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
- practicing a clean-desk policy in all premises and providing secure storage for physical records; and
- employing physical and electronic means such as alarms, cameras and external security personnel to protect against unauthorized access to buildings
Where personal information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records, remove identifying features from it and other means in the case of electronic records and equipment. This is subject to any legal obligations we have to keep information for a certain period of time.
Your privacy and the internet.
- the number of users who visit the website;
- the date and time of visits;
- the number of pages reviewed and navigation patterns;
- what country and systems used to access our website; and
- the address of a website, when entering our website from another website
This information is only viewed in the aggregate and on its own does not identify an individual, but it does provide us with statistics that we can use to analyze and improve our website quality and performance.
Cookies are harmless text files that allow the web server (the computer that houses the website) to identify and interact more effectively with your computer. There are two main types:
- Session cookies. These only exist for the duration of your site visit and are deleted on exit.
- Persistent cookies. These stay on your computer until they expire or are deleted.
Internet cookies are common and do not harm your system - they just store or gather site information. They help you do things online, like remembering login details so you don't have to re-enter them when revisiting a site.
- gather member journey information across our site;
- ensure your privacy in our secure site;
- store login details for our secure site; and
- evaluate our website effectiveness
Despite common myths, the cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any site other than Connect First Credit Union.
Internet and Mobile Banking.
The internet has rapidly changed the way we do business. It allows the credit union to provide financial services that you can access from the convenience of your home, office or other locations.
The credit union continually maintains and monitors its online security systems to ensure your personal information is appropriately protected.
All communication from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received. At a minimum, we use 128-bit Secure Sockets Layer (SSL) encryption technology to safeguard your information during online transactions.
We have also included ‘time out’ periods in our internet banking program to reduce the risk of anyone else accessing your banking details on your computer if you forget to log out. If someone does try to guess your password, your account will be locked after a pre-determined number of unsuccessful attempts. This will help prevent an unauthorized user trying multiple times to guess your password.
Links to other sites.
Our website may contain links to external sites managed by third parties. These links are provided for your convenience, you should be aware that our privacy standards, policies and procedures do not apply on these websites. You should check the privacy statements for each site that you visit.
Use of information in the social computing environment.
The credit union provides social computing tools through our website to enable online sharing and collaboration among members who have registered to use them. These include forums, blogs and other social media platforms.
Information collected in e-mails and web forms.
If you should choose to provide us with personal information in an email or by filling out an online form and submitting it to us through our website, we will use that information to respond to your message and to help us get the information you have requested. This feature provides a secure channel for sending us comments, questions or instructions.
General email is often not secure and could be intercepted. If you are using general email to communicate with us, we strongly recommend that you do not include personal or financial information within the email, as we cannot guarantee its confidentiality enroute to us.
To send us email and/or file attachments using end to end encryption, we recommend using our secure electronic envelope service (formally named encrypted external email). If you are concerned about sending your personal information to us via the internet, you can use another method such as calling us directly.
Access to your personal information.
You can contact us to inquire about:
- the personal information we have collected;
- the use or disclosure of your personal information;
- how to request access to your personal information;
- how to correct your personal information; and
- request a copy of the personal information we have in our records
Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled in a branch or over the telephone. With regards to a request for access to more substantial amounts of personal information, such as details of what is recorded in your loan file, we will require you to complete a ‘Request to Access Personal Information’ form. We can usually deal with such a request within 14 – 45 days. If this deadline cannot be met due to exceptional circumstances, we will notify you and request an extension. Your identity will be confirmed before access is provided.
In a limited number of circumstances, we may not be able to tell you what personal information is held about you including where:
- it will threaten the privacy of other individuals;
- the information relates to anticipated legal proceedings;
- the information would reveal our commercially sensitive decision making process;
- it is a frivolous or vexatious request; and
- the law prevents us from disclosing the information
If we are unable to tell you what personal information is held about you, we will give you the reasons why and attempt to find alternative means to enable you to access your information. No fee shall be charged for requesting access to your information. We may charge a fee for the cost of assembling details for your review; however, you will be notified in advance of any fees. A request to correct your personal information can be made after you have been given access to that information. If you believe there is an error or omission in your personal information contained in the credit union record, you may request correction of factual information. It is not possible to correct or annotate opinions, evaluative comments or assessments.
Resolving your privacy questions and concerns.
If you have any questions or would like further information about our privacy and information handling practices, please contact us by:
How to make a complaint
We realize that even in the best-run organizations things can go wrong. If you are unhappy with, or should have a privacy complaint, please notify us as it gives us the opportunity to fix the problem. We have a defined privacy concern resolution process that will ensure your concerns are fully investigated and responded to and that any identified issues are addressed.
The credit union Chief Privacy Officer will acknowledge your formal written concern by contacting you within five business days. You will be informed of the process we will follow to address your concerns and the outcome.
If you feel that the outcome of our investigation is unsatisfactory, you will be provided with assistance to make a formal complaint to the Privacy Commission. The relevant documents can be obtained from the Privacy Commissioner at www.oipc.ab.ca.
Changes to our privacy code
We may make changes to this privacy code and information handling practices from time to time. We will publish those changes on our website and update our Privacy Code.