Trelawny Credit Union

Introduction

At the TRELAWNY CO-OPERATIVE CREDIT UNION LTD (“TCCU”, “we”, “us”, “our”), we are committed to protecting your privacy. We ensure that the processing of your Personal Data is compliant with Jamaica’s Data Protection Act (JDPA), and any country-specific data protection laws and regulations to the extent applicable to TCCU. This Privacy Notice describes how TCCU collects, uses, shares and stores your Personal Data, and informs you of your rights regarding your Personal Data. This Privacy Notice applies to data we collect when you use our website, when you subscribe to our newsletter, take part in a survey, access our products and services, or any other marketing initiatives.

When you visit our website, you are free to explore without providing any Personal Data about yourself.
We only collect Personal Data from you when you register, subscribe to a service or fill out a form.

  1. Definitions
  • COOKIES are small files stored on your device (computer or mobile device). DATA CONTROLLER means a natural or legal person who (either alone or jointly or in  common with other persons) determines the purposes for which and how any personal data is or  is to be, processed. For the purpose of this Privacy Notice, Trelawny Co-Operative Credit Union  Ltd. is the Data Controller of your data. 
  • DATA PROCESSORS (OR SERVICE PROVIDERS) mean any natural or legal person who  processes the data on behalf of the Data Controller. We may use the services of various Service  Providers to process your data more effectively. 
  • DATA SUBJECT is any living individual who is the subject of Personal Data. PERSONAL DATA means data about a living individual or individuals who have been deceased  for less than 30 years who can be identified from those data (or from those and other information  either in our possession or likely to come into our possession). 
  • THE USER is the individual using our website. The User corresponds to the Data Subject, who  is the subject of Personal Data. 
  • LOG DATA is data collected automatically either generated using Service or from the Service  infrastructure itself (for example, the duration of a page visit). 
  1. How we Collect Data 

We may collect your Personal Data through the following means: 

  • Information you provide via our Website, Social Media Networks or Events – We may collect  any Personal Data that you choose to send to us or provide to us via our website, social media  network or when registering or attending an event. 
  • Information you provide when accessing our Services – We receive and store the information you provide directly to us to access our products and services. For example, when applying for a  loan, to become a member, opening an account, accessing any of our products or services and/or  transacting at our offices. 
  • Third Parties – In some instances, we may collect Personal Data from public and non-public  sources and third parties for regulatory purposes or to better serve you. These include credit  bureaus, references, other financial institutions, regulatory bodies, and related entities. 
  1. Types of Data We Collect:  

       

We collect a wide range of Personal Data to allow us to conduct business with you. The types of Personal  Data we may collect directly from our members, prospective members, visitors and users of our website  include: 

o Identity data which includes name, username, marital status, race, nationality, age, title, date of  birth and gender, Tax Registration Number, signature, birth certificate, Declaration of US  citizenship, Tax residency, if appropriate

o Contact data which includes residential (home) address, telephone numbers, mailing/postal  address, email address. 

o Financial information which includes financial status and history of transactions, or credit history. o Transaction information which includes transaction details on your accounts and other details of  products and services conducted with us. 

o Valid Photo ID, for example a Passport, Driver’s Licence or ID card 

o Employment/Income Data such as employment letters, pay slips source of funds and source of  income. 

o Biometric data such as images, voice and other similar information, surveillance footage by  CCTV cameras on our premises. 

o KYC and other Data such as beneficiary information, character references, politically exposed  information, beneficial owner’s information. Minors’ personal information – These are  collected/processed with the consent of the parent/ guardian. 

o Employee Information including job application details, employment contract, performance  appraisals, background checks, salary information, communications to and from the employee. 

In operating our website, we may also collect the following types of Personal Data: Google Analytics – We collect this data so that we can improve our website and access it. 

Log Data – This data may be processed for the purposes of operating our website, providing our services,  ensuring the security of our website and services, maintaining back-ups of our databases and  communicating with you. 

Cookies – We may also use cookies and URL information to gather information regarding the date and time  of your visit and the information for which you searched and which you viewed. “Cookies” are small pieces  of information that a website sends to your computer’s hard drive while you are viewing a web site. Upon  your initial visit to the website, you will have the option of accepting or refusing cookies and you will  be able to choose the type of cookie you accept or reject. You may also configure your browser to  ensure no cookies are stored on your hard drive.

We may use both session Cookies (which expire once you close your web browser) and persistent Cookies  (which stay on your computer until you delete them) to provide you with a more personal and interactive  experience on our Site. Persistent Cookies can be removed by following Internet browser help file  directions. Cookies may enable automatic logins when you visit in the future and may enable content  customization. 

  1. Legal Basis for Collecting Personal Data: 

o Contractual Obligation – We may process your Personal Data in contemplation of  entering into a contract with you or to fulfill our existing contractual obligations to you.  o Legal Obligation- There may be instances when we will have to process your Personal  Data in order to comply with the law. This may require us to process information about  criminal convictions to investigate and gather intelligence on suspected financial crimes,  fraud and threats and to share data with law enforcement and regulatory bodies. We are  also legally obliged to assess affordability and suitability of credit for loan and other credit  applications and throughout the duration of the relationship.  

o Legitimate Interest – We process your Personal Data in order to efficiently provide and  market our services to you. However, we will not process your personal data where doing  so poses a risk to your rights and freedoms and vital interests. 

o User Consent – We will always obtain your clear, informed and freely given consent before  processing your Personal Data, except in circumstances where it is not possible to obtain  your consent, but your Personal Data still needs to be processed (for example due to legal  obligations we may have or to protect your vital interests, the public interest or to aid in  the administration of justice). You may withdraw your consent at any time by the same  method it was provided to us or by contacting our Data Protection Officer identified below. 

  1. How We Use Your Personal Data 

We may use the information we collect from you in connection with the services we provide for a range of  reasons, including to: 

  • provide our products and services; 
  • process and complete transactions, and send related information, including transaction  confirmations and records; 
  • manage our members’ use of the services, respond to enquiries and comments and provide customer  service and support; 
  • send alerts, updates, security notifications, and administrative communications; ● verify your identity, creditworthiness and the accuracy of the information provided; ● ensure compliance with laws and regulations, for example filing reports relating to FATCA and  the Common Reporting Standard; 
  • trace debtors and recover debts; 
  • investigate and prevent fraud and money laundering activities, unauthorized access to our services,  and other illegal activities; and 
  • to record CCTV footage to ensure the safety and security of our employees, customers and any  other person visiting the Company’s premises. 
  1. Third Parties and Transfers 

We may disclose your Personal Data to third parties to whom you expressly ask us to send your Personal  Data or to third parties for whom you consent to us sending your personal information. Third parties include  our partners, affiliates, service providers and professional advisors. Personal Data may also be shared with  regulators in order to demonstrate compliance with legal obligations. Personal Data will only be shared  with third parties to provide our services to you and/or to comply with legal obligations. These third parties  do not retain, share, use or process personal data beyond the defined purpose of providing our services to  you. 

  1. How We Protect Your Personal Data 

Trelawny Co-Operative Credit Union is committed to protecting the security of your Personal Data. We  (and our third-party service providers) use a variety of industry-standard security technologies and 

procedures, as well as organizational measures to help protect your Personal Data from unauthorized access,  use, or disclosure, such as:  

o We use vulnerability scanning and/or scanning to PCI standards. 

o We use regular Malware Scanning. 

o Your Personal Data is contained behind secured networks and is only accessible by a limited  number of persons who have special access rights to such systems and are required to keep the  information confidential. In addition, all sensitive information you supply is encrypted via Secure  Socket Layer (SSL) technology. 

o We implement a variety of security measures when a user enters, submits, or accesses their  information to maintain the safety of your personal information. 

o All transactions are processed through a gateway provider and are not stored or processed on our  servers. 

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.  Therefore, while Trelawny Co-Operative Credit Union Ltd. makes reasonable efforts to protect your  Personal Data, we cannot guarantee its absolute security. 

  1. Your Rights 

Under Jamaica’s Data Protection Act data subject enjoy the following rights: 

  • Right to access your personal data – You are entitled to make a written request to us to be  informed whether your Personal Data is being processed by us. You are also entitled to request a  copy of your data. You may also request that your Personal Data be transferred to a third party; 
  • Right to be informed about automated decision making – You may request in writing that  decisions regarding your Personal Data that have been made solely on the basis of automated  processing be reconsidered with human involvement; 
  • Right to prevent processing in certain circumstances – You are entitled to make a written  request to us to cease or not to begin processing your Personal Data in a specific manner or for a  specific purpose; and 
  • Right to request rectification of inaccuracies – You may request that inaccuracies in your  Personal Data be rectified. “Rectification” means amend, block, erase or destroy, as may be 

required to correct the inaccuracy. You may request that your personal data be erased on the  expiration of any applicable retention period. 

  1. Retention Policy 

We only retain your Personal Data for as long as it is needed to provide our services to you. We also retain  Personal Data in line with legal requirements which may stipulate retention periods for different categories  of Personal Data. We typically therefore retain members’ Personal Data for a minimum of seven years  following the date of transaction or termination of customer relationship. 

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or  technical reasons.  

  1. Notifiable Data Breaches 

We take data breaches very seriously. We will endeavour to meet the 72-hour deadline as imposed by the  JDPA to report any data breach to the Information Commissioner. Further, where there is likely to be a high  risk to your rights, we will endeavour to contact you without undue delay.  

Our report will inform you of: 

  • the nature of the security breach; 
  • the measures taken or proposed to be taken to mitigate or address the possible adverse effects of  the breach; and 
  • the name, address and other relevant contact information of our Data Protection Officer or other  designated representative. 

We will review every incident and/or breach and take action to prevent future incidents or breaches. 

  1. Children’s Privacy 

Our services are not offered to persons under the age of 18 without parental or guardian consent. Any  information that is in breach of this provision will be deleted. 

If you become aware that a child has provided us with information, please contact our Data Protection Officer.  

  1. Changes to This Privacy Policy

Trelawny Co-Operative Credit Union Limited 

Data privacy and protection is an ongoing responsibility and so this Privacy Notice is subject to occasional  revision to ensure that it remains in line with the ever-evolving regulatory and security landscape. Trelawny  Co-Operative Credit Union therefore reserves the right, at its sole discretion, to modify or replace any  part of this Privacy Notice. It is your responsibility to check this Privacy Notice periodically for changes.  The last date of modification will be noted at the bottom. Continued use of our Site or Services indicates  your acknowledgement that it is your responsibility to review this Privacy Notice periodically and become  aware of any modifications. Changes to this notice are effective once they have been uploaded to our  website. 

  1. Contact Information 

Trelawny Co-Operative Credit Union Ltd welcomes your comments or questions regarding this  Privacy Notice. If you have any question or comment regarding this Privacy Notice or you would like to  make a complaint, please submit a written request to our Data Protection Officer as follows:  

In person – at any TCCU branch, addressed to the Data Protection Officer 

Mail: Trelawny Co-Operative Credit Union Ltd, Water Square, Falmouth, Trelawny and addressed to the  Data Protection Officer 

Email: dpo@jtccu.com.