Security and privacy is a big deal to us. We’re committed to making banking accessible to you and only you by remaining vigilant in our security procedures and privacy policies. Together, we’ll take action to keep your information in the strictest confidence, while helping you achieve your financial goals and dreams.
You work hard for your money. That’s why we work around the clock to keep it safe. You too have a role in your own protection so get familiar with best practices and tips to keep your money safe.
We collect your information and use it wisely. We use it to identify you, to help us find services you may need, and to help determine your credit. We take your privacy seriously and adhere to a strict privacy code of conduct. Your information will never be shared with any other agency, unless you fall under the Foreign Account Tax Compliance Act (FATCA) or Common Reporting Standard (CRS) - Canada.
You’re protected by the Personal Information and Protection Act (PIPA). It’s an Alberta law, which governs provincial private sector organizations. Know more about PIPA by visiting their website. Make sure you keep us up to date on your information in case it changes.
You can limit your information or ask us not to contact you for marketing purposes.
For more information, please contact email@example.com.
The privacy of your information is important to us at Connect First Credit Union Ltd. (herein after referred to as the “credit union”). We respect the trust that you place in us when you choose to become a member and we take our responsibility to you seriously.
Protecting your privacy and the confidentiality of your personal information is fundamental to the way the credit union does business.
As a financial services organization, the credit union has a long history of handling personal information that is secure. We respect your privacy and the ongoing trust you have in us to protect your personal information.
Our Privacy Code outlines how we manage and protect your privacy and the confidentiality of your personal information. This Code applies to all your interactions with the credit union whether at one of our branches, via online, mobile or telephone banking or through our Contact Centre. It applies to all of our related divisions, companies and subsidiaries.
The purpose of the Privacy Code is to provide responsible and transparent practices in the management of personal information in keeping with the applicable privacy legislation (Personal Information Protection Act – Alberta).
Our Privacy Code is available in each of our branches or can be viewed or downloaded via our website. We regularly update this policy and encourage you to keep posted for updates.
The credit union is accountable for all personal information in our possession or control, including personal information that has been transferred to a third party for processing. The credit union has appointed a Chief Privacy Officer to oversee privacy governance including policy, dispute resolution, education, and communication activities, as well reporting to our Board of Directors on privacy matters. Contact information for our Chief Privacy Officer is provided at the end of this Privacy Code.
Each credit union employee is personally responsible for maintaining member confidence in the credit union by ensuring personal information is respected and protected within his or her control. We provide training and communication programs designed to educate employees about the meaning and requirements of this Code. We conduct a combination of compliance self-assessments and audits to verify compliance with this Code and the specific policies and procedures that support the Code.
‘Personal information’ includes any information, factual or subjective, which allows you to be identified. For example, your name, address, birth date, financial information, identifying numbers or other personal data. Business contact information is not considered personal information.
We will tell you the main reason for asking for your personal information when we ask it from you. The main reasons for this will usually be to confirm your identity in order for you to obtain information on your account, initiate banking transactions or provide you with a product or service you want.
We may use personal information for several purposes:
The credit union will collect personal information by reasonable and lawful means, and will not mislead members about the purpose for which information is being collected. We always disclose with our members what the purposes for which we collect, use, disclose and process personal information is for.
We will only ask for personal information relevant to our business relationship with you. So, when you apply for one of our products or services we may ask for:
As part of the business relationship with the credit union, we are required by law to identify you for example, if you are opening a new membership or opening a new account within an existing membership or adding a new signing authority to an existing account. Anti-money laundering legislation require us to cite and record details of certain documents (i.e. photographic and non- photographic documents) in order to comply with the standards set under those laws.
We do not collect, use or disclose sensitive personal information (i.e. race, ethnic origin, religious beliefs, criminal records) about you unless it is necessary to provide you with a product or service and we have your consent or, unless we are legally required to collect, use or disclose that information. We are required by law to determine whether we have members who are politically exposed foreign persons and comply with certain legal requirements. More information is available at the website www.fintrac.gc.ca.
We do limit the collection, use, retention and disclosure of information about members to what we need to know.
We collect most personal information directly from you. For example, your personal information will be collected when you apply for membership, open a new account, fill in an application form, deal with us over the telephone, send us a letter or email, use our website, respond to a survey or when you visit us in person.
We may also need to collect personal information from other organizations such as credit reporting agencies, other financial institutions and from the references you authorize us to contact.
We will tell you the purposes for which we intend to use your personal information.
We only collect personal information about you that is necessary to perform our functions and activities as your financial services provider. If you do not provide your personal details there may be times when we are unable to provide you with membership or a product or service.
Connect First Credit Union does not sell, rent or trade your personal information to any other party not connected with the provision of your credit union’s financial services That is guaranteed!
In the course of providing you with products and services, the credit union uses third party suppliers, such as mail delivery and printing services, legal and core banking systems support and merchant solutions. Our suppliers are reputable organizations that are bound by written agreements to abide by the confidentiality and non-disclosure requirements of the credit union. Your personal information remains the property of the credit union at all times and is not available to any other persons for marketing or other uses unless you give your consent.
Personal information is used or disclosed only after obtaining your consent. Your consent can be express, implied or deemed.
Examples of express consent:
Implied consent is when we can reasonably conclude that you have given permission by some action you take or when you decide not to take action. For example, if you use our Contact Centre service and continue the conversation after hearing the recorded message informing you that your call may be recorded, this is taken as implied consent for us to record your call.
Deemed consent is the collection, use or disclosure of personal information if the member voluntarily provides it for a purpose that would, at the time, be considered obvious. This consent is not required to be written or verbal as this type of consent is applied to purposes considered obvious that notification would not be necessary.
If you do not consent to certain uses of personal information by the credit union, we may not be able to deal with you, or provide you with a particular product or service.
There are circumstances where we may collect, use or disclose personal information without your knowledge and consent. For example:
In disclosing information without consent the credit union will protect the interest(s) of members providing personal information by taking precautionary steps to ensure that:
The credit union will make reasonable efforts to notify members that an order has been received, if the law allows it.
For us to service and manage our relationship with you and carry on business as a group, we may share your personal information within the credit union. This includes activities to administer banking operations, detect and manage fraud and to collect debts owed to the credit union.
We may also share your personal information within the credit union to introduce products and services that could be of interest to you, but always subject to applicable law or unless you withdraw your consent to receiving such information.
Serving members well is fundamental to our business. As part of this service we may use personal information we have collected to contact you in order to inform you of a new, existing or improved product or service that may benefit you.
You have the choice to withdraw your consent to receive marketing information from the credit union and you may refuse to provide personal information to us. Withdrawing consent may limit our ability to serve you and/or may lead to a product or service no longer being available to you.
We will action your instructions as soon as practicable however, there are communications that we are required by law to provide, and you cannot opt out of these. For example, communications containing information about changes to products or services or material on or accompanying your regular account statements.
Personal information may be shared or disclosed in limited circumstances and with certain organizations, subject to duties of confidentiality towards our members and subject to the Personal Information and Protection Act. Examples of those organizations are:
We also may share personal information with affiliated and external product and service providers, when necessary, to provide and administer products and services you have requested. This may include card and cheque book production, market research, statement production, payment services and information technology support. Before sharing any information, contractual agreements are in place to ensure all information is kept secure and confidential.
In all circumstances where personal information may become known, to our contractors, agents or outsourced service providers there are strict confidentiality and privacy agreements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal information for any purposes other than our own. Your credit union takes our obligations to protect member information very seriously and we make every effort to deal only with parties who share and demonstrate the same attitude.
The credit union may share personal information with service providers outside Canada, when necessary, to allow us to provide products and services to you.
We protect personal information that is shared with these service providers using contractual agreements described above. Your credit union maintains ownership and responsibility for your personal information at all times. We are also responsible for ensuring these service providers comply with the Personal Information Protection Act – Alberta at all times.
Our goal is to ensure that the personal information we hold is accurate, complete and up-to date, to the extent that is reasonable for our purposes in collecting, using or disclosing the information and to comply with regulatory requirements. Please contact us if any of the details you have provided change or if you believe that the information we have about you is not accurate, complete or up-to-date. We will promptly update any personal information that is inaccurate, incomplete or out-of-date. We are also responsible for ensuring these service providers comply with the Personal Information Protection Act – Alberta at all times.
We may also take steps to update personal information, for example, an address, by collecting personal information from publicly available sources, such as telephone directories.
We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorized access, modification or disclosure.
Your personal information may be stored electronically, in paper format or in telephone recordings and may only be accessed by people with the proper authority.
We have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.
Our security measures include, but are not limited to:
Where personal information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records, remove identifying features from it and other means in the case of electronic records and equipment. This is subject to any legal obligations we have to keep information for a certain period of time.
This information is only viewed in the aggregate and on its own does not identify an individual, but it does provide us with statistics that we can use to analyze and improve our website quality and performance.
Cookies are harmless text files that allow the web server (the computer that houses the website) to identify and interact more effectively with your computer. There are two main types:
We use both types of cookies. We use session cookies to maintain the integrity of your online banking session. With each page you visit, the cookie is passed back and forth between our server and your browser. Our session cookies never store any personal or financial information.
We use persistent cookies to store information to help you personalize the site and make it easier for you. For example, we allow you to make the login easier by remembering your login information with our Memorized Accounts feature. We never store your Personal Access Code (PAC) in a cookie.
You can set your browser in most instances to notify you before you receive a cookie, giving you the chance to decide whether to accept it or not. You can also generally set your browser to turn off cookies. If you block or otherwise reject our cookies, your experience may be diminished and some features may not work as intended.
Internet cookies are common and do not harm your system - they just store or gather site information. They help you do things online, like remembering login details so you don't have to re-enter them when revisiting a site.
Despite common myths, the cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any site other than Legacy Financial, First Calgary Financial, Chinook Financial or Connect First Credit Union.
The internet has rapidly changed the way we do business. It allows the credit union to provide financial services that you can access from the convenience of your home, office or other locations.
The credit union continually maintains and monitors its online security systems to ensure your personal information is appropriately protected.
All communication from your computer to our secure systems is encrypted to ensure the confidentiality of all data sent and received. At a minimum, we use the 128-bit Secure Sockets Layer (SSL) encryption technology to safeguard your information during online transactions.
We have also included ‘time out’ periods in our internet banking program to reduce the risk of anyone else accessing your banking details on your computer if you forget to log out. If someone does try to guess your password, your account will be locked after a pre-determined number of unsuccessful attempts. This will help prevent an unauthorized user trying multiple times to guess your password.
Our website may contain links to external sites managed by third parties. These links are provided for your convenience, you should be aware that our privacy standards, policies and procedures do not apply on these websites. You should check the privacy statements for each site that you visit.
The credit union provides social computing tools through our website to enable online sharing and collaboration among members who have registered to use them. These include forums, blogs and other social media platforms.
If you should choose to provide us with personal information in an email or by filling out an online form and submitting it to us through our website, we will use that information to respond to your message and to help us get the information you have requested. This feature provides a secure channel for sending us comments, questions or instructions.
General email is not secure and can be intercepted. If you are using general email to communicate with us, we strongly recommend that you do not include personal or financial information within the email, as we cannot guarantee its confidentiality en route to us. If you are concerned about sending your personal information to us via the internet, you can use another method such as calling us directly.
You can contact us to inquire about:
Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled in a branch or over the telephone. With regards to a request for access to more substantial amounts of personal information, such as details of what is recorded in your loan file, we will require you to complete a ‘Request to Access Personal Information’ form. We can usually deal with such a request within 14 – 45 days. If this deadline cannot be met due to exceptional circumstances, we will notify you and request an extension. Your identity will be confirmed before access is provided.
In a limited number of circumstances, we may not be able to tell you what personal information is held about you including where:
If we are unable to tell you what personal information is held about you, we will give you the reasons why and attempt to find alternative means to enable you to access your information. No fee shall be charged for requesting access to your information. We may charge a fee for the cost of assembling details for your review; however you will be notified in advance of any fees. A request to correct your personal information can be made after you have been given access to that information. If you believe there is an error or omission in your personal information contained in the credit union record, you may request correction of factual information. It is not possible to correct or annotate opinions, evaluative comments or assessments.
If you have any questions or would like further information about our privacy and information handling practices, please contact us by:
We realize that even in the best-run organizations things can go wrong. If you are unhappy with, or should have a privacy complaint, please notify us as it gives us the opportunity to fix the problem. We have a defined privacy concern resolution process that will ensure your concerns are fully investigated and responded to and that any identified issues are addressed.
The credit union Chief Privacy Officer will acknowledge your formal written concern by contacting you within five business days. You will be informed of the process we will follow to address your concerns and the outcome.
If you feel that the outcome of our investigation is unsatisfactory, you will be provided with assistance to make a formal complaint to the Privacy Commission. The relevant documents can be obtained from the Privacy Commissioner at www.oipc.ab.ca.
We may make changes to this privacy code and information handling practices from time to time. We will publish those changes on our website and update our Privacy Code.