Privacy policy

Privacy code

At Prospera Credit Union ("PCU") we understand that privacy is a critical issue for all our members. Our privacy code outlines our principles and procedures regarding the confidentiality and security of members' personal information.

This code outlines the principles PCU applies when protecting members' privacy. We believe that ensuring the accuracy, confidentiality, and security of the information we hold about you is more than simply a legal requirement, it is an ethical obligation.

This code is built on the Personal Information Protection Act - Bill 38 (PIPA). Based on this model, we have tailored our own ten privacy principles to meet the specific needs and expectations of our membership.

1. Accountability 
2. Identifying the purposes of personal information 
3. Member consent 
4. Limits for collecting personal information 
5. Limits for using, disclosing, and keeping personal information 
6. Accuracy
7. Safeguarding personal information 
8. Availability of policies and procedures
9. Providing member access to personal information 
10. Compliance and complaints 
    
    

Scope

This code applies to PCU and it outlines the principles and commitments we make to you, our member, to protect the privacy of your personal information. This code does not apply to the information collected, used, or disclosed with respect to corporate or commercial entities that are members. However, PCU exercises the same care and diligence in protecting the confidentiality of this information.

Section 1: Accountability

1.0 PCU is accountable for the protection of members’ personal information and for the protection of personal information. The day-to-day monitoring for compliance may be delegated to different lines of business within the organization.

1.1 The overall responsibility for the protection of personal information, and compliance with this code is assigned to PCU’s Privacy Officer.

1.2 PCU is committed to ensuring that the appropriate security measures are employed in the transfer of sensitive information. However, when using e-mail or wireless communication, PCU advises members that complete confidentiality and security are not assured.

1.3 PCU is not accountable for any damages suffered when a member transmits personal information through email or wireless communication or when PCU transmits information at the request of the member.

1.4 PCU has developed policies and procedures to: protect personal information; receive and respond to complaints and inquiries; train staff regarding the policies and procedures; communicate the policies and procedures to our members.

Section 2: Identifying the purposes of personal information

2.0 PCU will communicate the purposes for which information is being collected, either orally or in writing.

2.1 PCU collects member personal information for the following reasons only:

• To provide financial services.
• To understand the financial and banking needs of our members.
• To develop and manage products and services to meet the needs of our members.
• To contact our members directly for products and services that may be of interest.
• To determine the eligibility of our members for different products and services.
• To ensure a high standard of service to our members.
• To meet regulatory requirements.
• To verify a member’s identity.
  
  

Section 3: Member consent

3.0 PCU will obtain member consent to collect, use or disclose any personal information except where detailed in this code. PCU will make reasonable efforts to ensure that members understand how their personal information will be used and disclosed.

3.1 A member’s consent can be express, implied, or given through an authorized representative such as a lawyer, agent, or broker. A member can withdraw consent at any time, with certain exceptions (see section 3.3). PCU, however, may collect, use, or disclose personal information without the member’s knowledge or consent in exceptional circumstances:

• When such collection, use or disclosure is permitted or required by law
• When use of information is for acting in an emergency
• That threatens an individual’s life, health, or personal security
• When certain information is publicly available
• When we require legal advice from a lawyer
• When we need to collect a debt from a member
• When we need to deal with an anticipated breach of law.

3.2 Consent may be given orally, in writing, or electronically. For example, depending on the sensitivity of the information, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form; when using a product or service; when indicating by means of a check-off box whether consent is granted.

3.3 Subject to contractual or legal arrangements, members may withdraw or refuse consent provided that PCU is given reasonable notice. Refusal or withdrawal of consent may prevent PCU from providing a product or service to the member as in the case where a member is applying for credit and will not provide relevant credit information. PCU will not unreasonably withhold products or services from members who refuse or withdraw consent, but if information is required by law or required to operate banking systems, PCU may decline to deal with a member or person who will not consent to the use of such information.

Section 4: Limits for Collecting Personal Information

4.0 PCU will only collect personal information for the purposes identified. PCU will use methods that are lawful and will not collect information indiscriminately.

Section 5: Limits for Using, Disclosing, and Keeping Personal Information

5.0 Member information will only be used or disclosed for the purpose for which it was collected. PCU will not use personal information for any additional purpose unless PCU seeks member consent to do so.

5.1 PCU will not sell member lists or personal information to Third Parties.

5.2 PCU may periodically use member personal information to conduct member surveys to enhance our provision of financial services. If an outside body is employed to conduct research on behalf of PCU or provide other services that require access to member information, PCU will ensure that appropriate security undertakings, such as confidentiality clauses in contractual arrangements, are employed to protect the transfer and use of personal information.

5.3 Subject to applicable law, PCU, its subsidiaries and affiliated companies may transfer information between each other.

5.4 PCU will retain member personal information only as long as necessary or expected to be necessary for the identified purposes or as required by legislation.

5.5 PCU may disclose personal information related to a financial asset of PCU along with transfer of the financial asset.

Section 6: Accuracy

6.0 PCU will make reasonable efforts to ensure that member personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, PCU relies on its members to ensure that certain information, such as the member’s address or telephone number, is current, complete, and accurate.

6.1 PCU will not routinely update information unless it is necessary to fulfill the purposes for which it was collected or if it is required to maintain an active account.

6.2 Members may request amendments to the records at PCU to ensure the accuracy and completeness of their personal information. If the amendment request pertains to information that remains in dispute, PCU will note the member’s opinion in the file.

Section 7: Safeguarding Personal Information

7.0 PCU is committed to the safekeeping of member personal information to prevent its loss, theft, unauthorized access, disclosure, duplication, use, or modification.

7.1 Depending on the sensitivity of the information, PCU will employ appropriate security measures to protect the information. The measures may include, for example, the physical security of offices and data centers, and electronic security measures such as passwords, encryption, and personal identification numbers.

7.2 PCU will use appropriate security measures when disposing of member personal information.

7.3 The development of PCU’s policies and procedures for the protection of personal information is an ongoing process. Changes in technology necessitate that PCU continually develops, updates, and reviews information protection guidelines and controls to ensure ongoing information security.

Section 8: Availability of Policies and Procedures

8.0 PCU has policies and procedures it uses to protect member personal information. Information about these policies and procedures will be made available to members either electronically or in written format in plain language if requested. However, to ensure the integrity of our security procedures and business methods, PCU may refuse to publicly disclose certain information.

8.1 PCU will make the following information available:

• The name, title, and address of the person accountable for the policies and procedures and to whom complaints or inquiries can be forwarded.
• A description of the type of personal information held by PCU including a general account of its use.
• A copy of any brochures or other information that explain the policies and procedures; and
• An explanation of what personal information is made available to related organizations such as affiliated companies.
  
  

Section 9: Providing Member Access to Personal Information

9.0 Members have a right to access their personal information held by PCU. Upon request, PCU will, within a reasonable period, advise the member what personal information it has, what it is being used for, and to whom it has been disclosed if applicable and within the time period for which records are available. The information will be made available in an appropriate format for members with a sensory disability.

9.1 Members may be asked to be specific about the information they would like to access and to submit their request in writing to either a PCU branch or the Privacy Office at privacy@prospera.ca.

9.2 Members will be required to provide personal information to identify themselves to enable PCU to provide an account of the existence, use, and disclosure of personal information.

9.3 PCU will make the information available within 30 days or provide written notice of extension where additional time is required to fulfill the request. When information is not provided within 30 days of the request, PCU will, no later than 30 days after the date of request, send a notice of extension to the member, advising of the new time limit, the reasons for extending the time limit and of the right of the member to make a complaint to the Commissioner regarding the extension.

9.4 The information will be made available at a cost that will vary with the type and amount of information requested. Where a cost will be incurred by the member, PCU will inform the member of the cost and request further direction from the member on whether PCU should proceed with the request.

9.5 When reporting to members to whom their information has been disclosed, PCU will not document information transfers necessary for the daily provision of products and services to members. For example, transfers to organizations that process debit card purchases, cheque clearing, credit card transactions, and automated banking transactions will not be documented. Upon request, PCU will provide a list of organizations where member personal information may have been sent.

9.6 If a request is refused, PCU will notify the member in writing, documenting the reasons for refusal and resources for redress available to the member.

9.7 In certain situations, PCU may not be able to provide access to any or all personal information about a member. In such cases, PCU will explain the reasons it will not provide the requested information and identify resources for recourse available to the member. The reasons for not providing information may include that it is unreasonably costly to provide, information that would threaten the life or security of another individual, information generated in a formal dispute resolution process, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

9.8 If the information is demonstrated to be inaccurate or incomplete, PCU will amend the information as required. Where appropriate, PCU will transmit the amended information to Third Parties having access to the information in question.

Section 10: Compliance and Complaints

10.0 Members are to direct any complaints, concerns, or questions regarding this privacy code in writing to the Privacy Officer. If the Privacy Officer is unable to address the member’s concerns, the issue can be referred to the office of the CEO. At any point in this process the member may also write to the Privacy Commissioner.

The Privacy Officer:
Address: Suite 1900 -13450 102 Ave. Surrey, BC V3T 5Y1 

Telephone Number: 236-305-7085

Fax: 604-557-5005
Email: privacy@prospera.ca 

Definitions 

"PCU" - means Prospera Credit Union, its subsidiaries, or affiliated companies (collectively PCU).

"Collection" - the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.

"Consent" - involves voluntary agreement with what is being done or proposed. Consent may be expressed or implied. Express consent can be given orally or in writing, it is unequivocal, and does not require any inference on the part of PCU. Implied consent exists when PCU can reasonably infer consent based upon the action or inaction of the member.

"Member" - is any individual who uses, or applies to use, financial services with PCU.

"Disclosure" - the act of making personal information available to others outside of PCU.

"Use" - the treatment and handling of personal information by and within PCU.

"Personal Information" - information about an identifiable individual that is recorded in any form, excluding the individual's name, business title, business address and business phone number.

"Third-Party" - an individual or organization other than PCU and the member.