Privacy policy

OVERVIEW

At Prospera Credit Union ("PCU") we understand that privacy is important to our members. Our Privacy Policy outlines our principles and procedures regarding how we collect, use, disclose, and protect the confidentiality and security of personal information. We developed this Privacy Policy based on our obligations under the British Columbia Personal Information Protection Act.

“Personal information” means information about an identifiable individual as described under Canadian privacy laws including your contact information. Personal information excludes any business contact information.

PCU may modify this Privacy Policy from time to time. When changes are made to this Privacy Policy, they will become immediately effective when published on our website, unless otherwise noted. PCU may also communicate the changes through other means such as signs within our locations, direct mail or email.

WHAT THIS PRIVACY POLICY COVERS

1. Accountability
2. Consent
3. Our collection of Personal Information
4. Our purposes for Using Personal Information
5. Disclosure and Retention of Personal Information
6. Accuracy
7. Safeguarding Personal Information
8. Availability of Policies and Procedures
9. Providing Access to Personal Information
10. Compliance and Complaints

1. ACCOUNTABILITY

The overall responsibility for the protection of personal information, and compliance with this Privacy Policy is assigned to PCU's Privacy Officer.

PCU has developed policies and procedures to protect personal information, receive and respond to complaints and inquiries, train staff regarding the policies and procedures, and communicate the policies and procedures to our members.

2. CONSENT

PCU will obtain your consent to collect, use or disclose your personal information except where detailed in this Privacy Policy or as permitted or required by law. PCU will make reasonable efforts to ensure that you understand how your personal information will be used and disclosed.

An individual’s consent can be expressed, implied, or provided through an authorized representative such as a lawyer, agent, or broker. An individual can withdraw consent at any time, with certain exceptions.

Consent may be given orally, in writing, or electronically. For example, depending on the sensitivity of the information, consent can be expressed: verbally over the telephone; electronically when submitting an agreement, application, or other information; and in writing when signing an agreement or application form.

PCU may collect, use, or disclose personal information without an individual’s knowledge or consent in the following circumstances:

• When such collection, use or disclosure is permitted or required by law;
• When use of information is for acting in an emergency;
• When an individual's life, health, or personal security is threatened;
• When certain information is publicly available;
• When we require legal advice from a lawyer;
• When we need to collect a debt from an individual; and/or
• When we need to deal with an anticipated breach of law.

Subject to contractual or legal arrangements, individuals may withdraw or refuse consent provided that PCU is given reasonable notice. Refusal or withdrawal of consent may prevent PCU from providing a product or service to the individual, such as where a member is applying for credit and will not provide relevant credit information. PCU will not unreasonably withhold products or services from individuals who refuse or withdraw consent, but if information is required by law or required to operate banking systems, PCU may decline to deal with a person who refuses or withdraws consent to the use of such information.

Your information allows us to provide you with the best member experience, products and services that meet your needs. We do understand, though, if you would like to opt-out of the use of your information. Below are the circumstances that you can opt out of and the process in which to do so.

Credit product and membership applications: At initial membership application we will exchange information and reports about you with credit reporting agencies to confirm credit scores to meet our membership requirements. This will be a one-time requirement unless credit products are applied for.

When you apply for any credit product with us, we may exchange information and reports about you with credit reporting agencies on an ongoing basis to review and verify your creditworthiness, establish credit and hold limits, help us collect a debt or enforce an obligation owed to us by you, manage and assess our risks, or to determine your eligibility for other products and services we may offer from time to time. For the time you have a credit product with us, you may not withdraw your consent to this exchange of information.

Social insurance number: The government requires us to collect and use your SIN for the purpose of reporting interest. To open a membership with PCU you need to acquire a share of $5.00, ownership of member shares may give rise to tax reporting as such, Prospera requires that a SIN be provided as part of the account opening process.

In circumstances that we are not required to collect and use your SIN, such as to identify you, to ensure the accuracy of your information or to conduct credit checks, you may instruct us not to do so. Please be aware that if you do not provide a SIN for a credit check, the credit report may contain inaccuracies, particularly where individuals have common names.

Marketing campaigns and customer surveys: We send communications by mail and email about special offers, promotions, and surveys. If you do not want us to contact you for promotional or survey purposes, you can opt out. Note that opting out of marketing and surveys does not apply to material associated with your written or electronic account statements or required legal notices.

If you would like to opt out of marketing and surveys, please call our Member Service Centre at 1-888-440-4480 or visit us at one of our locations.

3. OUR COLLECTION OF PERSONAL INFORMATION

PCU will only collect personal information for the purposes identified, or as permitted or required by law.

PCU may collect different types of personal information, depending on our relationship with you. Examples of personal information we may collect include (not all of which may apply to you):

• identity information, such as your name, username or similar identifier, marital status, title, date of birth and gender. For members, this could also include your social insurance number and copies of identity documents, such as your passport or driver’s license;
• contact information, such as your home address, e-mail address and telephone number;
• financial information, such as your bank account information, financial transaction details and credit history;
• technical and usage information when you use our website and our services, such as your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and services;
• professional information, such as your employment details, professional designations and details of your employer;
• event participation information, such as your enrollment and attendance at our events;
• information provided via surveys and contests; and
• marketing and communications information, such as your preferences for receiving our newsletter.

PCU may collect personal information from third party sources, such as credit reporting agencies, references you have provided to us, other financial institutions, government agencies, and public registries.

PCU may collect, use, and disclose aggregated and anonymized data for any purpose. Aggregated and anonymized data is not considered personal information because it cannot be used to identify you.

When you communicate with our Member Service Centre by telephone we may monitor or record your conversations for quality assurance, record keeping, investigation, or training purposes.

To protect our members and ourselves from criminal activity, we use security cameras at our branches and ATMs. If you prefer not to be recorded by audio and/or video, many but not all transactions can be conducted using our online banking channel. You may not record our interactions without obtaining our consent.

4. OUR PURPOSES FOR USING PERSONAL INFORMATION

PCU will generally communicate the purposes for which information is being collected, either orally or in writing. PCU will not use personal information for any additional purpose unless PCU seeks consent to do so, or as permitted or required by law.

PCU may use the personal information it collects for the following reasons:

• To provide financial services;
• If you use any of our technology applications, to administer your use of those applications;
• To understand the financial and banking needs of our members;
• To respond to your inquiries, complaints or requests;
• To improve the effectiveness and efficiency of our operations, products, services, and programs;
• To contact our members, including for products and services that may be of interest;
• To determine the eligibility of our members for different products and services;
• To periodically conduct member surveys to enhance our provision of financial services;
• To confirm the accuracy of our members’ information;
• To manage and administer our business and our arrangements with our members and partners, including to detect and prevent errors, abuse, and fraud;
• To ensure a high standard of service to our members;
• To meet regulatory requirements; and
• To verify a member's identity.

5. DISCLOSURE AND RETENTION OF PERSONAL INFORMATION

Your personal information may be disclosed for the purpose for which it was consented, collected or as permitted or required by law. This could include:

• Transfers of personal information between PCU, its subsidiaries, and affiliated companies;
• To joint members with you in relation to the membership;
• To our regulators;
• In relation to an investigation or legal proceeding to investigate and protect you, other customers, and PCU;
• To a third party in the event of a significant business transaction, such as a merger or a reorganization;
• In relation to a financial asset of PCU along with the transfer of the asset;
• To service providers on PCU’s behalf, such as providers of technical support, credit reporting agencies, other lenders and payment card networks to support your accounts and service;
• Data analytics, research, data storage, and processing; and
• Other financial services providers, upon receiving your consent.

PCU will not sell member lists or personal information to third parties.

PCU will retain personal information only as long as necessary or expected to be necessary for the identified purposes or as required or permitted by law.

6. ACCURACY

PCU will make reasonable efforts to ensure that personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, PCU relies on its members to ensure that certain information, such as the member's address or telephone number, is current, complete, and accurate.

PCU will not routinely update information unless it is necessary to fulfill the purposes for which it was collected, has regulatory requirements or if it is required to maintain an active account.

Individuals may request amendments to the records at PCU to ensure the accuracy and completeness of their personal information. If the amendment request pertains to information that remains in dispute, PCU will note the individual’s opinion in the file.

7. SAFEGUARDING PERSONAL INFORMATION

PCU has implemented physical, organizational, contractual, and technological security measures in an effort to protect your personal information from loss or theft and unauthorized access, use, or disclosure. For example:

• we train our employees and agents on the importance of safeguarding personal information; and
• we seek to restrict access to your personal information to those employees or agents who need access for authorized purposes.

Despite these measures, we cannot guarantee that our safeguards will always be effective. A breach of security safeguards can result in risks such as phishing, fraud, and/or identity theft. In such cases, we will try to mitigate the risks and to inform you where required by law.

PCU may also require that you assist us in safeguarding your personal information. For example, you should use a unique and strong password for your account and not share your password with others. PCU is not accountable for any damages suffered when an individual transmits personal information through unsecure email or wireless communication or when PCU transmits information by such means at the request of the individual.

8. AVAILABILITY OF POLICIES AND PROCEDURES

PCU has policies and procedures it uses to protect personal information. Information about these policies and procedures will be made available to individuals either electronically or in written format in plain language, if requested. However, to ensure the integrity of our security procedures and business methods, PCU may refuse to publicly disclose certain information.

9. PROVIDING ACCESS TO PERSONAL INFORMATION

Individuals have a right to access their personal information held by PCU. Upon request, PCU will, within a reasonable period, advise you what personal information it has, what it is being used for, and to whom it has been disclosed, if applicable, and the time period for which records are available.

Individuals may be asked to be specific about the information they would like to access and to submit their request in writing to either a PCU branch or the Privacy Office at privacy@prospera.ca.

Individuals will be required to provide personal information to identify themselves to enable PCU to provide an account of the existence, use, and disclosure of personal information.

PCU will make the information available within 30 days or provide a written notice of extension where additional time is required to fulfill the request. When information is not provided within 30 days of the request, PCU will, no later than 30 days after the date of request, send a notice of extension to the individual, advising of the new time limit, the reasons for extending the time limit and of the right of the individual to make a complaint to the applicable privacy commissioner regarding the extension. If a request is refused, PCU will notify you in writing, documenting the reasons for refusal and resources for redress available to you.

The information may be made available at a cost that will vary with the type and amount of information requested. Where a cost will be incurred, PCU will inform you of the cost and request further direction from you on whether PCU should proceed with the request.

When reporting to individuals to whom their information has been disclosed, PCU will not document information transfers necessary for the daily provision of products and services to their members. For example, transfers to organizations that process debit card purchases, cheque clearing, credit card transactions, and automated banking transactions will not be documented.

In certain situations, PCU may not be able to provide access to any or all personal information about you. In such cases, PCU will explain the reasons it will not provide the requested information and identify resources available to you. The reasons for not providing information may include that it is unreasonably costly to provide, the information would threaten the life or security of another individual, the information was generated in a formal dispute resolution process, the information contains references to other individuals, the information cannot be disclosed for legal, security, or commercial proprietary reasons, and the information is subject to solicitor-client or litigation privilege.

If the information is demonstrated to be inaccurate or incomplete, PCU will amend the information as required. Where appropriate, PCU will transmit the amended information to third parties having access to the information in question.

10. COMPLIANCE AND COMPLAINTS

Individuals are to direct any complaints, concerns, or questions regarding this Privacy Policy in writing to the Privacy Officer. If the Privacy Officer is unable to address the concerns, the issue can be referred to the office of the CEO. At any point in this process, you may also write to your applicable privacy commissioner.

You may contact us at any time with any questions or concerns with respect to your Personal Information, this Employee and Applicant Privacy Policy, to exercise your rights, or for any other matter related to PCU’s collection, use, protection, retention or disclosure of your Personal Information.

Please direct all such requests to our Privacy Office:

Address: Suite 2000 -13450 102 Ave. Surrey, BC V3T 5X3
Telephone Number: 236-305-7085
Fax: 604-557-5005
Email: privacy@prospera.ca