PRINCIPLE 1: ACCOUNTABILITY
The credit union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for the credit union’s compliance with the principles of the Code.
The Board of Directors will designate a Privacy Officer, who will have primary day-to-day responsibility for compliance with the Code. The Board of Directors may also designate a Deputy Privacy Officer to act on behalf of the Privacy Officer. The Board of Directors will notify all employees of these appointments.
The Privacy Officer is responsible to ensure employees receive adequate training in order to understand and follow policies and procedures under this Code.
The Privacy Officer will report to the Board or a delegated sub-committee of the board matters concerning non-compliance with the credit union’s Code principles, policies or procedures that are likely to require input from the Board. Furthermore, the Privacy Officer will review annually this policy and provide recommendations for change to the Board of Directors and/or the Audit Committee. The Privacy Officer will also report to the Board any material inquiries relating to Privacy from the members, the public, other organizations and government agencies
Dundalk Credit Union Limited Privacy Officer – CEO
Deputy Privacy Officer – Senior Personal Loans & Residential Mortgages Loan Officer
PRINCIPLE 2: IDENTIFYING PURPOSES
The purpose for which personal information is collected shall be identified by the credit union at or before the time the information is collected.
Before or when any personal information is collected, the Credit Union will make reasonable efforts to ensure that members are aware of the purpose, for which their personal information is collected, including any disclosure of their personal information to Third Parties.
We only collect the personal information that is necessary for us to provide you with financial services, including such purposes as verifying your identity, contacting you, evaluating and processing applications and transactions, analyzing your financial needs, protecting you and the credit union against fraud and error and complying with the law and with regulatory requirements. We also collect personal information to enable the Credit Union to assess and manage our risks, our operational procedures and our relationship with our members.
The Credit Union will ensure that employees are aware of the purpose, for which employee information is collected, including any disclosure of their personal information to Third Parties. This will be communicated verbally at the time of employment or when purposes change.
To detect and prevent fraud, and to help safeguard the financial interests of the Credit Union and its members, the credit union can collect, use or disclose personal information to combat fraud, collect debts, or otherwise protect the financial interests of the credit union without the knowledge or consent of the individual.
PRINCIPLE 3: CONSENT
The knowledge and consent of the member are required for the collection, use and disclosure of personal information, except where permitted or required by law.
Due to the highly sensitive nature of personal information, expressed consent in writing, primarily through the use of applications, signed forms and contracts, is preferred for obtaining consent for the collection, use or disclosure of such personal information. Express consent may also be obtained verbally or electronically.
Implied consent may be used for marketing purposes or to disclose nominative information to an affiliated organization. Implied consent arises where consent may be inferred from the action of you using a product or service or approaching the Credit Union to obtain information or apply for products or services from us.
The Privacy Officer must review and approve all methods of obtaining consent.
The Credit Union will not require a member to consent to the information, use, or disclosure of information beyond that required to fulfill explicitly specified and legitimate purposes. Where additional information that is non-essential to the product or service is sought from members, this shall be collected only as optional information, at the discretion of the member. Refusal to provide this optional information will not influence the member’s consideration for a product or service.
The Credit Union will obtain a written request (signed and dated) from a member who seeks to withdraw consent. The written request must acknowledge that the member has been advised that the credit union may subsequently not be able to provide the member with a related product, service or information that could be of value to the member.
There are a number of specific exceptions to the requirements to obtain knowledge and consent for the collection, use or disclosure of personal information that are outlined in PIPEDA.
PRINCIPLE 4: LIMITING COLLECTION
The amount and type of the information gathered will be limited to what is necessary for the identified purposes.
The Credit Union will collect and verify identification information at the beginning and during the course of our relationship with you including your name, address, phone number, email address, date of birth, occupation, and employer.
You may supply to the credit union, your Social Insurance Number, as a means of identification. If you request products or services that will generate interest or other investment income, we will require your Social Insurance Number in order to comply with the Income Tax Act (Canada).
If you apply for or have any credit with Dundalk Credit Union we may obtain a credit report from a credit agency or other lenders to verify and/or review your creditworthiness. We will also request that you provide financial information about yourself so that the credit union may verify and/or review your creditworthiness.
The Credit Union may also collect personal information from third parties, including anyone authorized to act on your behalf under a Power of Attorney, from government agencies, registries, or public records. Personal information may also be collected from employers and personal references you have provided, and others with whom you make arrangements.
PRINCIPLE 5: LIMITING USE, DISCLOSURE AND RETENTION
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the member or as authorized by the PIPEDA. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
The credit union shall protect the interests of its members by taking reasonable steps to ensure that:
- Orders or demands comply with the laws under which they are issued
- Only the personal information that is legally required is disclosed and nothing more
- Casual requests for personal information are denied; and
- Personal information disclosed to unrelated Third Party suppliers is strictly limited to programs endorsed by the credit union and they will be given only the information required to perform services on our behalf.
The Privacy Officer will ensure that guidelines and procedures with respect to the retention of personal information are maintained within the credit union and that personal information is kept only as long as necessary to satisfy the purposes for which it was collected or to satisfy a legal requirement. Furthermore, the Privacy Officer will ensure that the credit union has guidelines and procedures to govern the destruction of personal information in such a way that prevents a privacy breach.
PRINCIPLE 6: ACCURACY
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purpose for which it is to be used.
The Credit Union will minimize the possibility of using incorrect information when making a decision about the individual or when disclosing information to third parties by recording information accurately and completely and updating information when necessary. The Credit Union relies on you to inform us when your personal information changes. Your information can be updated by visiting a Dundalk Credit Union office location. The date when the personal information was updated or recorded should be documented whenever possible.
PRINCIPLE 7: SAFEGUARDS
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. The credit union will apply the same standard of care as it applies to safeguard its own confidential information of a similar nature.
The credit union security safeguards will protect personal information against loss or theft, as well as unauthorized access, use, copying, modification, disclosure or disposal. The credit union will protect personal information regardless of the format in which it is held.
Appropriate safeguards including the use of vaults, locked cabinets, restricted access, alarm systems, passwords, encryption tools, and firewalls will be used to protect personal information. Access will be limited to individuals on a “need-to-know” basis. Employees, officers and directors are individually required to sign a Code of Ethical Conduct annually, including a commitment to keep member’s personal information secure and strictly confidential.
Third Party Agents or Suppliers will be required to safeguard personal information disclosed to them in a manner consistent with the policies of the credit union.
The credit union will dispose of or destroy personal information in a secure manner to prevent any unauthorized access.
PRINCIPLE 8: OPENNESS
The credit union shall make readily available to members specific, understandable information about its policies and practices relating to the management of personal information.
Openness can be accomplished through the use of brochures, information sheets, online Web information, etc., and must include the name or title of the Privacy Officer who is accountable for compliance with the credit union’s policies and procedures and to whom complaints or inquiries can be directed. Dundalk District Credit Union shall make readily available information relating to the type of personal information held at the credit union, including a general account of its use and the type and circumstances under which related organizations may be provided with such information.
PRINCIPLE 9: INDIVIDUAL ACCESS
Upon request, a member shall be informed of the existence, use, and disclosure of their personal information, and shall be given access to that information. A member is entitled to question the accuracy and completeness of the information and have it amended as appropriate.
You may review your banking information by reviewing your account statement, passbook, on-line banking or visiting an office location of the Dundalk Credit Union. All other personal information access requests must be submitted in writing and include adequate proof of the individual’s identity or right to access, and sufficient information to allow the credit union to locate the requested information. The credit union shall respond to a member’s request within 30 days; this time frame can be extended upon written notice to the member. If the Credit Union extends the time frame, it must make the individual aware of his or her right to complain to the Privacy Commissioner of Canada. At the Privacy Officer’s discretion, the credit union may impose a minimal fee at a stated hourly rate where collection of the requested information requires exceptional time and effort. The member must be informed of an estimate of costs prior to commencement of the request.
In certain situations, the credit union may not be able to provide access to all the personal information it holds about a member.
Credit Unions must refuse an individual access to personal information if it would reveal personal information about another individual unless there is consent or a life-threatening situation; or if an individual requests that he or she be informed of information disclosed to a government institution, and the government institution objects to the institution complying with the access request.
The Credit Union may refuse access to personal information if the information:
- would reveal confidential commercial information;
- would reasonably be expected to harm an individual’s life or security;
- was collected without the individual’s knowledge or consent to ensure its availability and accuracy, and the collection was required to investigate a breach of an agreement or contravention of a federal or provincial law (the Privacy Commissioner of Canada must be notified);
- was generated in the course of a formal dispute resolution process; or
- was created for the purpose of making a disclosure under the Public Servants Disclosure Protection Act or a related investigation.
PRINCIPLE 10: PROVIDE RECOURSE
The Credit Union will have a simple and easily accessible complaint process. Complainants will be informed of their avenues of recourse, including the Credit Union’s complaint process, that of industry associations, regulatory bodies and the Office of the Privacy Commissioner of Canada.
The Privacy Officer must ensure employees are aware of the process for handling employee or member questions, concerns or complaints. Inquiries and complaints must be in writing. The credit union must respond as quickly as possible and within 30 days.
Upon a written request or complaint the Privacy Officer will contact the appropriate business area for investigation and respond to the request. All complaints must include the name and contact information of the person making the grievance. It must also clearly state the nature of the complaint and the details relevant to the matter. It should also include to/with whom the issue has already been discussed.
The Privacy Officer is responsible for ensuring appropriate measures are taken when a complaint is found to be justified, these measures will include:
- Written response to the complainant within the specified time frame of 30 days;
- Revision of any inaccurate personal information;
- If required, revision to policies and procedures;
- Review of any complaint that requires disciplinary action against a credit union employee with the appropriate Manager(s);
- Reporting of the non-compliance to the Board of Directors, including the actions proposed or taken to resolve the issue, as specified in Principle 1, Accountability.
You may contact the Dundalk District Credit Union Limited Privacy Officer by email at firstname.lastname@example.org
or by phone at 519-923-2400
or mail to:
Dundalk District Credit Union Limited
79 Proton Street
Dundalk, ON N0C 1B0
Att: Privacy Officer
If you are not satisfied with the response to your inquiries, you may contact the Office of the Privacy Commissioner of Canada either by calling the general inquiries line at 1-800-282-1376 or by writing to:
Office of the Privacy Commissioner of Canada
30 Victoria Street
The Dundalk District Credit Union applies the ten privacy principles as adopted in its privacy code in all aspects of operations including those related to on-line privacy in order to protect the personal information and privacy rights of individuals. This website uses “cookies” to obtain certain types of information when your web browser accesses the website. These cookies are textual identifiers that Dundalk Credit Union’s systems transfer to your computer’s hard drive through your web browser to enable Dundalk Credit Union’s websites to recognize your browser, and to optimize and sometimes customize your use of our website. A cookie file may contain information that the website uses to track the pages visited, but will only contain personal information that you have supplied. Dundalk Credit Union will not correlate information captured via cookies with information about you, nor will it share your information with or sell it to any third party. Dundalk Credit Union may use this information to measure the number of times you visit our web site, the average time you spend on the site, the pages viewed, and other relevant statistics in order to tailor your experience on our website. By doing this it allows Dundalk Credit Union to improve your experience and our web presence by displaying content that you might be interested in.