All those who provide Link Credit Union with their Personal Data have a right to expect us to protect their privacy. In addition there is a statutory obligation on us to do so. Link Credit Union hold Personal Data in respect of their Members’, and it is the policy of Link Credit Union to meet these obligations to the highest standards possible.
Personal Data is any personal information which relates to a living individual. The law sets out a series of standards which any person or entity must adhere to when collecting, storing or using such data. This law applies regardless of how trivial or non-intrusive it may be, or whether it is collected directly from the person in question or from another source.
Therefore relatively innocuous Personal Data such as a list of Members’ names & addresses is covered by the Act just as much as details of wealth or income provided to support a loan application.
Types of Personal Data held
Link CU collects & uses Personal Data such as the following:
- In respect of members
- name, address, telephone, email & other contact details,
- other information collected for Anti-Money Laundering purposes,
- internally generated information such as transactions, balance details or arrears history,
- income history and other information collected for lending, insurance or other business purposes &
- In respect of others:
- Next-of-kin of Members,
- Income or other information about spouses/partners provided on a loan application,
- Personal Data on non-Members collected for nomination purposes &
Our legal obligations
The key elements of the Data Protection Act 1988 are as follows:
- The Data Protection Principles
- o Principle 1: Personal Data must be obtained & processed, fairly and lawfully
- o Principle 2: Personal Data must be kept only for specified, explicit and legitimate purpose(s)
- o Principle 3: Personal Data must not be used or disclosed in a manner incompatible with those purposes
- o Principle 4: Personal Data must be protected against unauthorised access, alteration, disclosure or destruction, or unlawful processing
- o Principle 5: Personal Data must be accurate, complete and where necessary, kept up to date
- o Principle 6: Personal Data must be adequate, relevant and not excessive in relation to the purpose for which they were collected
- o Principle 7: Personal Data must not be kept for longer than is necessary
- o Principle 8: Personal Data must be disclosed to the Data Subject on request, and corrected or destroyed where they so request.
- A requirement for Credit Unions & certain other Data Controllers to register with the Data Protection Commissioner
- A requirement to safeguard Personal Data if its processing is outsourced to a third party
- A prohibition on transferring Personal Data outside the European Economic Area unless in accordance with the Act.
In addition to the above, the Credit Union Act prohibits any Officers from disclosing or permitting to be disclosed any information which concerns an account or transaction of a Member with, or any other business of, the Credit Union except to the extent that it is necessary for the proper conduct of the business of the Credit Union.