The Credit Union and its Subsidiaries are committed to protecting the confidentiality and privacy of the personal information of all members and other individuals whose personal information is held and controlled by the Credit Union and its Subsidiaries.  This commitment to privacy includes treating you fairly and with respect while complying with the principles set out in the Credit Union’s Privacy Code.

The Credit Union recognizes the Credit Union Code for the Protection of Personal Information (the “Code”) developed by Credit Union Central of Canada and set out in Credit Union Central of Canada’s Credit Union Manual, based on principles entrenched in the Personal Information Protection and Electronic Documents Act (Canada). The Code is comprised of the following 10 interrelated privacy principles:

• Accountability– The Credit Union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for the Credit Union’s compliance with the principles of the Code.
• Identifying Purposes– The purposes for which personal information is collected shall be identified by the Credit Union at or before the time the information is collected.
• Consent– The knowledge and consent of the individual are required for the collection, use, and disclosure of personal information, except in specific circumstances as described within the Code.
• Limiting Collection– The collection of personal information shall be limited to that which is necessary for the purposes identified by the Credit Union. Information shall be collected by fair and lawful means.
• Limiting Use, Disclosure, and Retention– Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
• Accuracy– Personal information shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
• Safeguards– Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. The Credit Union will apply the same standard of care as it applies to safeguard its own confidential information of a similar nature.
• Openness– The Credit Union shall make readily available to individuals specific, understandable information about its policies and practices relating to the management of personal information.
• Individual Access– Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual is entitled to question the accuracy and completeness of the information and have it amended as appropriate on proof of inaccuracy.
• Challenging Compliance– An individual shall be able to question compliance with the above principles to the Privacy Officer accountable for the Credit Union’s compliance. The Credit Union shall have policies and procedures to respond to the individual’s questions and concerns.

Personal information is information that identifies you. It includes your name and address, your age and gender, your personal financial records, identification numbers such as your Social Insurance Number, personal references, and employment records.

We only collect personal information from you by fair and lawful means and for legitimate and necessary reasons, which includes information:

• to identify you,
• to protect you and us from fraud and error,
• to comply with legal requirements,
• to understand your financial needs,
• to determine your eligibility for our products and services, and
• to help us better match our products and services to your needs.

The Income Tax Act requires that we ask you for your Social Insurance Number in connection with interest bearing and registered accounts. Additionally, we collect health information when you apply for any of our life or other insurance products. The Credit Union is committed not to collect more information than is needed to provide you with our products and services and is committed to inform you of the purposes for which we collect your personal information.

We collect your personal information to open accounts and administer your accounts and other financial products with us. We collect your personal information to verify your identity and creditworthiness, to consider you for employment, to establish your eligibility for special offers or discounts, and protect you and the Credit Union from fraud.

By agreeing to the privacy portion of the terms of service of your credit union account and/or products and providing your personal information to us you are consenting to the Credit Union using and disclosing your personal information in the ways described in this policy. You may withdraw all or part of your consent at any time by contacting your local Credit Union branch or notifying the Privacy Officer. Your consent to disclose some personal information is necessary in order to provide you all the products and services that the Credit Union offers. If your consent is withdrawn, we may be limited in the products and services we can provide to you. Your personal information will only be disclosed when required by law, or in the ways described below. If the Credit Union is interested in disclosing your personal information for any other reason, we are required to receive new consent from you.

As part of the day-to-day management of your account and the services we provide you, we may at times disclose your personal information when required to by law or when necessary to continue providing you with products and services. We disclose your personal information with your consent to third-party suppliers of products and services, such as administration of accounts and loans, cheque printing, credit cards, and access to online banking. Some of our suppliers may be located outside of the province or country. The Credit Union ensures that all information that is provided to third parties is given the same degree of protection that we offer our members, regardless of where in the world that service provider is located.

We disclose your information to credit reporting agencies and to other financial institutions to update your credit information as needed from time to time. We disclose your information to market research firms for purposes of analysis and conducting surveys, solely on behalf of the Credit Union. We disclose your information to our affiliates and other carefully selected organizations for the purpose of enabling them to give you information about products and services that may be of interest to you.

We will disclose your information to bailiffs, collection agencies, lawyers and others when collecting a debt owed to the Credit Union, enforcing an agreement between you and the Credit Union, ensuring or otherwise protecting the Credit Union’s interests in security held by the Credit Union or, realizing on security held by the Credit Union. We disclose your information to other organizations in connection with a merger or sale of some or all of the Credit Union’s assets. We disclose your information as required or authorized by law.

 

 

We may tell you about the Credit Union products or services through direct mail, e-mail, by phone, or by other means. If you do not wish to receive such communications, you may unsubscribe through a link on the emails, opt out from our website or contact the branch where you do your banking.

If you opt-out of receiving our marketing communications related to promotional offers, financial advice, or community involvement, this will not affect your eligibility for products or services. By opting-out for one account, you’ll be opting-out for all your Credit Union accounts including joint accounts where you are the primary account holder.

We will comply with your request within a reasonable amount of time.

 

 

The personal information we hold about you will be accurate and complete as of the date you provide it. You can request access to see your personal information. If you think any of your personal information is wrong, you can ask that we correct it.

If you want to see and/or correct your personal information, please contact an employee or the Privacy Officer.  You will need to provide as much information as you can to help us process your request, such as dates, account numbers, and any other details that can help us track down the information you require. More information about the request process, including time limits for providing our response, will be provided at the time you make the request.  

If you want to see a copy of your personal credit report, please contact the credit reporting agency.  We can provide assistance if you need help contacting the credit reporting agency.

We will protect your personal information through a combination of physical, technological, and organizational measures, which can include secure storage, passwords, and encryption.  Access to your personal information will be restricted to employees who need the information to do their jobs.

In addition, the Credit Union will dispose of, destroy, erase, or anonymize personal information when there is no legal or business reason to retain it to prevent unauthorized parties from gaining access to the information. 

You may access your accounts with a Member Card® debit card, online banking, and/or telephone banking. To do so, you must use personal security codes that you choose. These security codes protect your accounts and your personal information from unauthorized access. It is your responsibility to protect your security codes.

The following tips can help you protect your accounts and personal information from unauthorized access:

• Do not choose obvious numbers (e.g., birth date, 12345) or words (e.g., child’s name) for your personal security codes
• Do not write down or record your personal codes
• Do not send confidential information to us or anyone else through email, text messages, or social media
• Keep your account and credit card statements, blank cheques, and your personal financial information in a safe place at all times, such as a locked cabinet or a safe
• Tell us immediately if you suspect that your personal security codes are known by anyone else
• Review your account statements carefully, within 30 days of receipt. If you do not receive account statements, regularly review your account online
• Tell us immediately if your address changes or if you find any errors in your information.

 

 

If you have any questions or concerns, please contact us via email, addressed Attention: Privacy Officer.

Privacy Officer can answer your questions about personal information and privacy and provide you with information about our policies and practices. Our Privacy Officer can also help you complete an access to information request, help you correct your personal information, and try to resolve any concerns or complaints you have regarding our policies or practices.

 

There are some instances were a member’s concerns or complaints can be addressed in branch by a manager (e.g. staff error). Other complaints or concerns must be directed to the Privacy Officer.

For example:

• Complaints related to a data breach
• Concerns and complaints about the Credit Union’s Privacy Management Program, i.e. policy and/or practices. Members may request copies of the Credit Union’s Privacy Policy and procedures.

To support the Credit Union’s documentation and investigation, these types of complaints must be provided in writing and directed to the Privacy Officer. 

Process:

A complaint/concern must be made in writing. 

You can either send an outline of the situation/complaint:

• e-mail us Attention: Privacy Officer; or
• drop off the written complaint at the Credit Union, Attention: Privacy Officer

Note: Provide as much detail as possible as it will assist in the investigation and response to your complaint or concern.

Within five business days, you will be contacted by phone by a Compliance team member to confirm the receipt of the complaint or concern and advising when you can anticipate a more detailed response.

 

Please ensure that your contact information on record at the Credit Union is current (phone, e-mail).

 

To ensure that you are the only person accessing your personal financial information, we restrict access to the online banking section of the site by requiring that you enter your Member ID and PAC to login. Only you know your PAC. Our employees do not have access to your PAC, and they will not ask you to reveal it. If someone does ask you to provide your PAC to them, we ask that you refuse to do so and contact us immediately.

By nature, our Internet banking site has many transactional functions such as transfers between accounts and bill payment functions. These transactions are all logged to ensure that your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account information. We store and use your transactional information in the same fashion as if you performed the transaction at a branch or through any other service channel.

We may also use transactional information for servicing your account — for example, billing you for the particular transactions that you perform, or for the services that you use.

We create a secure channel between your browser and our server to protect your information when you use the site. To learn more about how we do this, please review the Internet Security section.

To provide you with a convenient method for applying for loans and mortgages, or for purchasing other financial services products such as Registered Savings Plans, we may provide secure online application forms. These forms capture personal information that we use to provide you with the products and services you request. This information is processed in a similar way to application forms received through our other channels.

To continually improve our site, we often collect statistics about how our members are using it. These usage statistics are only viewed in the aggregate and are not associated with you as an individual. We use this information for purposes such as improving the pages where our members are having difficulties.

The information collected may include your IP address, your browser type and your operating system, as well as data such as the number and types of pages visited, and the length of time spent per page and on the site overall..

We also use a key web technology called cookies. A cookie is a small information token that sits on your computer. As you use this site, cookies are passed back and forth between our server and your browser.

Specifically, we use two kinds of cookies — session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie is a cookie that stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.

We use a session cookie to maintain the integrity of your online banking session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, or date of birth, or financial information, such as your accounts and balances.

We may use persistent cookies to (i) provide you with a customized experience by recording your preferences; (ii) gather statistical information such as average time spent on a page; and (iii) to show you targeted marketing information about us when you visit other websites. The data gathered provides us with information on how we can improve the design, content and navigation of our website.

Most recent browser versions allow you to set some level of control over which cookies are accepted and how your browser uses them. For example, it may be set to notify you when it is receiving a cookie so that you accept cookies from only known, reliable sites such as this one. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version.

We use a persistent cookie to store information to help you personalize the site and to make it easier to use. For example, we allow you to make the login easier by remembering your login information within our Memorized Accounts feature. Since the Memorized Accounts feature is optional, this cookie only contains information that you have entered into it. We never store your Personal Access Code (PAC) in a cookie.

To ensure that no-one else can access your personal information, always use the logout button to end an online banking session. It is located at the top of every page. When you exit using the logout button, we delete your session cookie so that your session cannot be resumed unless your Member ID and PAC are re-entered.

In the event that you leave your computer without logging out, the online banking feature of this site has been designed to end your session automatically if our system detects that you haven't provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your PAC again.

To communicate with us electronically, we strongly recommend that you use our Contact Us feature. This feature provides a secure channel for sending us comments, questions or instructions.

General email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend that you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality en route to us.

When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We then store your email and our replies to you in case we correspond further.

 

Our site may also contain links to other websites or Internet resources. As an example, from time-to-time we may provide links to Microsoft or Netscape to assist you in upgrading your Internet browser. However, we have no control over these other websites or Internet resources and do not control their collection, use and disclosure of your personal information. Always review the Privacy Statements of the sites that you are viewing.

We take many precautions to protect the online banking environment and ensure your information is safe. Our online services offer you the best security currently available in a commercial environment so that your personal and financial information is protected while in transit between your computer and our server. This is done through the use of industry standard security techniques such as encryption. Encryption ensures that information cannot be read in transit or changed by scrambling the data using a complex mathematical formula. Some browsers can create a more secure channel than others, owing to the ‘strength’ of their encryption. We use only the strongest channel available - referred to as 128-bit SSL (Secure Socket Layer). If you have a browser that only supports ‘weaker’ encryption such as 40-bit or 56-bit SSL, you will need to upgrade your browser before using our site. The longer and more complex the ‘key’ is, the stronger the encryption. The 40 and 128 refer to the length of the key. Since 128 is longer, than 40, it is more secure. According to Netscape, 128-bit encryption is trillions of times stronger than 40-bit encryption.

We also ensure that only individuals who provide an authentic Personal Access Code can access your account information. After 20 minutes of inactivity your online banking session will end and you will be required to login again however personal information may remain visible after that time. To ensure your information remains private you should always logout of online banking to end your session.

Access to our databases is strictly managed and systems are in place to ensure security is not breached, including the physical security of our computer hardware and communications.

For more information on the specific policies and practices that we use to safeguard your personal and financial information, please view the Privacy Online section.

Protecting your Personal Access Code (PAC)

Just as you play a vital role in ensuring the security of your home and your possessions, you too share in the responsibility for ensuring that your personal information is adequately protected.

In order for us to ensure that only you are accessing your accounts, we need a unique way of knowing that it's you. Just as the key to your home protects unwanted entry, the online banking ‘key’—your Personal Access Code (PAC)—ensures that only you can access your accounts.

It is your responsibility to ensure that your ‘key’ to the online banking section of this website is protected. Please observe the following security practices:

• Select a PAC that is easy for you to remember but difficult for others to guess.
• Do not select a part of your PIN (your ATM ‘key’) or another password.
• Keep your PAC confidential and do not share it with anyone.
• Do not write your PAC down or store it in a file on your computer.
• Never disclose your PAC in a voice or email, and do not disclose it over the phone.
• Ensure no one observes you typing in your PAC.
• Change your PAC on a regular basis. We suggest every 90–120 days.
• Protecting your computer

We have provided a secure channel for our members to communicate with us. Once the information has reached your computer, it's up to you to protect it. To protect your information, you should:

• Never leave your computer unattended while using our online banking services.
• Always exit the site using the Logout button and close your browser if you step away from your computer. Your browser may retain information you entered in the login screen and elsewhere until you exit the browser.
• Prevent the browser from caching (storing) the pages that you view by using the Enhanced Security feature located on the login screen. We strongly recommend that you use this feature if you are accessing the online banking section of the website from a shared computer, such as at a friend's house or through a publicly-accessible computer, such as at a library or airport.
• Secure or erase files stored on your computer by your browser so others cannot read them. Most browsers store information in non-protected (unencrypted) files in the browser's cache to improve performance. These files remain there until erased. They can be erased using standard computer utilities or by using your browser feature to ‘empty’ the cache.
• Disable automatic password-save features in the browsers and software you use to access the Internet.
• Install and use a quality anti-virus program. As new viruses are created each and every day, be sure to update your anti-virus program often. It is recommended you update anti-virus definitions weekly. Scan all download files, programs, disks and attachments and only accept files and programs from a trusted source.
• Install and use a personal firewall on your computer to ensure others cannot access your computer through the Internet.
• Install new security patches as soon as your operating system and Internet browser manufacturers make them available.
• Install an anti-spyware program and check your computer regularly.

You should be extra vigilant when using publicly available computers. Even if you adopt the tips above to protect your information, you need to bear in mind that even benign programs, like popular desktop search programs, can pose a security risk. Certain programs, such as Google Desktop, cache items that you have viewed so you - or potentially, an unwelcome third party - can easily search and find those pages later again.

If you come across a program like this when you are using a public computer, using the Enhanced Security feature located on the login screen will not stop these types of programs from caching the pages you view. You can adjust the search program preferences so it does not store secure pages you wish to view. If you forgot to adjust the preferences before banking online, you can remove the stored items via the Google Desktop results page by clicking on the Remove items link.

To ensure a safe and secure Internet session, only visit reputable sites. If you visit any questionable web site beforehand, we recommend you close your browser and restart it before proceeding to use our online banking services.

Electronic identity theft can occur when you respond to a fraudulent email that asks for your personal banking information. Armed with this information, a person may be able to access your accounts or establish credit, pay for items or borrow money using your name. You can help protect yourself from electronic identity theft by following some simple precautions.

• The easiest way to tell if an email is fraudulent is to bear in mind that we will never ask you for your personal passwords, personal information numbers or login information in an email. Legitimate financial institutions do not include links to their web sites in email communications to customers.
• When banking online, check the address of any pages that ask you to enter personal account information. In the toolbar at the top of the page any legitimate Internet banking web site will begin with ‘https’ to indicate that the page is secure.
• Look for the padlock found in the lower right corner of your screen. If the page is legitimate, by clicking on the padlock, you can view the security certificate details for the site. A fraudulent site will not have these details.
• Type in our web address yourself to ensure you are transacting with our server.
• Check your bank and credit card statements regularly to ensure that all transactions are legitimate.

Contact Nelson & District Credit Union immediately if you suspect someone has gained knowledge of your PAC/PIN, or if you suspect any loss, theft or unauthorized use of your account.