Privacy Policy

Privacy Notice 

Privacy Notice Introduction

The Community & Workers of Jamaica Co-operative Credit Union Limited, (“C&WJCCUL”, “we”, “us”, “our”) is a member-centric, financially-sound and technologically enhanced credit union, with a mission to improve the quality of life of its members and their families, through the provision of personalized financial solutions and advice.

At C&WJCCUL, we will take reasonable steps to ensure that the processing of your personal data is compliant with Jamaica’s Data Protection Act, 2020 (JDPA), and any country-specific data protection laws and regulations to the extent applicable to C&WJCCUL. We have also implemented a number of technical, organizational and physical measures to ensure the most complete protection of personal data processed through the Credit Union’s website and use of our Services.

We have prepared this Privacy Notice to describe to you our practices regarding the personal information we collect from our members, customers, and other users of our services. 

This Privacy Notice describes how C&WJCCUL collects, uses, shares and stores your personal data, and informs you of your rights regarding your personal data. This Privacy Notice applies to data we collect when you use our website, subscribe to our newsletter, take part in a survey, access our products and services, or any other marketing initiatives. 

When you visit our website, you are free to explore without providing any personal data about yourself. We only collect personal data from you when you register, subscribe to a service or fill out a form. 

“Personal data” under the Data Protection Act, 2020, is defined as  'information (however stored) relating to a living individual, or an individual who has been deceased for less than 30 years, who can be identified from that information alone or from that information and other information in the possession of, or likely to come into the possession of, the data controller, and which includes any expression of opinion about that individual and any indication of the intentions of the data controller or any other person in respect of that individual'.

“Anonymous Data” means data that is not associated with or linked to your personal data and which does not, by itself, permit the identification of individual persons.

We collect personal data and anonymous data, as described above.

C&WJCCUL, as a financial institution, is required to ascertain certain information in order to establish membership; without it, membership cannot be guaranteed. In situations where the Credit Union requests information beyond onboarding about a prospective or existing member, consent will be sought when requesting the additional information from the individual. 

How we Collect Data

We may collect an individual’s personal data through the following means:

1. Information you provide via our Website, Social Media Networks or Events: We may collect any personal data that you choose to send to us or provide to us via our website, social media network or when registering or attending an event.
2. Information you provide when accessing our Services: We receive and store information you provide directly to us to access our products and services. For example, when applying to become a member, opening an account, or transacting business.
3. Third Parties: In some instances, we may collect personal data from public and non-public sources and third parties for regulatory purposes or to better serve you. These include, but not limited to: credit bureaus, references, other financial institutions, regulatory bodies and related entities.

Types of Data We Collect: 

The Credit Union collects a wide range of personal data to allow us to conduct business with you.

The types of Personal Data we may collect directly from our members, prospective members, visitors and users of our website include, but not limited to:

1. Valid Photo ID, for example a Passport, Driver’s Licence or National ID card;
2. Taxpayer’s Registration Number (TRN);
3. National Insurance Number (NIS);
4. Proof of Employment;
5. Address including proof of address and past addresses;
6. Email address;
7. Character references;
8. Birth certificate;
9. Declaration of foreign citizenship, Tax residency, if appropriate;
10. Mother’s maiden name;
11. Employment Status & Details;
12. Politically Exposed Person Status;
13. Financial Information;
14. Transaction Records;
15. Image Capture via CCTV or webinar recording.

In operating our website, we may also collect the following types of personal data, to include, but not limited to:

• Log Data - This data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
• Search Analytics - We collect this data so that we can improve our website and make it more easily accessible.
• Cookies - We may also use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. 

“Cookies'' are small pieces of information that a website sends to your computer’s hard drive while you are viewing a web site. Upon your initial visit to the website, you will have the option of accepting or refusing cookies and you will be able to choose the type of cookie you accept or reject. You may also configure your browser to ensure no cookies are stored on your hard drive.

We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our site. Persistent cookies can be removed by following internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customization.

How we use your personal data

C&WJ Co-operative Credit Union may process, transfer and/or share personal data in the following ways, but not limited to:

For legal reasons

• Confirmation of identity;
• Reporting purposes;
• Perform activity for the prevention of financial crime;
• Carry out internal and external auditing; and
• Record basic information on a register of members.

For performance of our contract with our members and customers:

• Execute transactions and instructions;
• Evaluate applications;
• Carry out credit checks and verify credit references;
• Undertake statistical analysis for future products and services.

For our legitimate interests:

• Recover any debts owed to the Credit Union.
• Investigate and prevent fraudulent activities, unauthorized access to our services, and other illegal activities; and
• For any other purposes about which we notify members and users.

With member’s consent:

• Maintain relationship, including marketing and market research.

Third Parties and International Data Transfers

Our website may contain links to other sites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party site or service. We may disclose your personal data to third parties to whom you expressly ask us to send your personal data or to third parties for whom you consent to us sending your personal information. Third parties include our partners, affiliates, service providers and professional advisors. Personal data may also be shared with regulators in order to demonstrate compliance with legal obligations. Personal data will only be shared with third parties to provide our services to you and/or to comply with legal obligations.  In contracting these third parties to provide services, it is stipulated that they are not to  retain, share, use or process personal data beyond the defined purpose of providing our services to you.

Sharing your personal information

We will disclose information outside the Credit Union:

• To third parties to help confirm identity to comply with relevant legislative requirements;
• To credit reference agencies and debt recovery agents who may check the information against other databases - private and public - to which they have access;
• To any authorities if compelled to do so by law;
• To fraud prevention agencies to help prevent crime or where we suspect fraud;
• To any persons, including, but not limited to, insurers, who provide a service or benefits to our members, or for us in connection with a member’s account(s);
• To our suppliers for them to provide services to us and/or to you on our behalf;
• To anyone in connection with a reorganisation or merger of the credit union’s business; and
• Other parties for marketing purposes (if consented to by member).

Where we send your information

While Jamaica’s Data Protection Act, 2020 strives to ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to a member’s personal information.

The Credit Union does not directly send information to any country outside of Jamaica; however, any party receiving personal data may also process, transfer, and share it for the purposes set out above and in limited circumstances this may involve sending a member’s information to countries where data protection laws do not provide the same level of data protection as Jamaica.

Credit Bureaus

To process a credit application, the Credit Union will supply personal information to credit bureaus, who will in turn provide us with information about the applicant, such as financial history. This is done to assess creditworthiness and product suitability, for identity check, to manage your account, trace, and recover debts and prevent criminal activity.

We will also continue to exchange information about our members with credit bureaus on an ongoing basis, including settled accounts and any debts not fully repaid on time. 

Retention Policy

We only retain your personal data for as long as it is needed to provide our services to you. We also retain personal data in line with legal requirements which may stipulate retention periods for different categories of personal data. We typically therefore retain members’ personal data for a minimum of seven years following the date of transaction or termination of customer relationship.

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory, or technical reasons.

Basis for Collecting Personal Data:

• User Consent - We will always obtain your clear, informed and freely given consent before processing your personal data, except in circumstances where it is not possible to obtain your consent but your personal data still needs to be processed (for example due to legal obligations we may have or to protect your vital interests, the public interest or to aid in the administration of justice). You may withdraw your consent at any time by the same method it was provided to us or by contacting our Privacy Officer identified below. 
• Contractual Obligation - We may process your personal data in contemplation of entering into a contract with you or to fulfill our existing contractual obligations to you. 
• Legitimate Interest - We process your personal data in order to efficiently provide and market our services to you. However, we will not process your personal data where doing so poses a risk to your rights and freedoms and vital interests.
• Legal Obligation- There may be instances when we will have to process your personal data in order to comply with the law. This may require us to process information about criminal convictions to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies. We are also legally obliged to assess affordability and suitability of credit for loan and other credit applications and throughout the duration of the relationship.  

How we protect your personal data

The C&WJCCUL is committed to protecting the security of your personal data. We (and our third-party service providers) use a variety of industry-standard security technologies and procedures, as well as organizational measures to help protect your personal data from unauthorized access, use, or disclosure, such as: 

1. We use vulnerability scanning and/or scanning to PCI standards.
2. We use regular Malware Scanning.
3. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
4. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
5. All online transactions are processed through a gateway provider and are not stored or processed on our servers beyond the purposes of updating your account accordingly.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while C&WJCCUL uses reasonable efforts to protect your personal data, we encourage all members and customers to exercise vigilance when conducting any business on the internet.

Your Rights

Your rights under data protection regulations are:

The right to access: 

• The right to be informed of whether their personal data is being processed by or on behalf of the data controller, and if so, they have the right to be provided with:
• A description of the personal data;
• The purposes for which the data is being processed; and
• The recipients to whom the disclosure is made. 

The right of rectification: 

• The right to request that the data controller rectify any inaccuracy in any personal data in its possession or control. For the purposes of the Act, the term “rectify” means to amend, block, erase, or destroy and the term “inaccuracy” includes any error or omission. 

The right to object to data processing:

The right to prevent the processing of one’s personal data in specified circumstances such as: 

• Where the processing is likely to cause substantial damage or substantial distress to the data subject or to another person and that the damage or distress caused or likely to be caused (as the case may be) is unwarranted;
• Where the processing of the data is incomplete/irrelevant;
• Where the processing of the data is prohibited by law; or
• Where the data has been retained by the controller for a period longer than required by the law. 

Rights related to automated decision-making and profiling: 

• The right to request that a data controller does not make any decisions which would significantly affect them solely based on results of automated processing. These decisions also include matters related to the evaluation of the data subject’s work performance, credit worthiness, reliability, or conduct. 

Right to withdraw consent

The right to complain to the Information Commissioner’s Office:

• If the data subject is not satisfied with the response from the Credit Union, they reserve the right to escalate to the Information Commissioner for further action if applicable. 

Notifiable data breaches

We take data breaches very seriously. We will endeavour to meet the 72-hour deadline as imposed by the JDPA to report any data breach to the Office of the Information Commissioner. Further, where there is likely (potential) to be a high risk to your rights we will endeavour to contact you without undue delay. 

Our report will inform you of:

1. The nature of the data breach;
2. The measures taken or proposed to be taken to mitigate or address the possible adverse effects of the breach; and
3. The name, address and other relevant contact information of our Data Protection Officer or other designated representative.

We will review every incident and/or breach and take action to prevent future incidents or breaches.

Children's Privacy

Our services are offered to persons under the age of 16 only with parental or guardian consent. Any information that is in breach of this provision will be deleted.

If you become aware that a child has provided us with information, please contact our Privacy Office. 

Contact us about your rights

For more information about how your rights apply to your membership of the credit union, or to make a request under your rights you can contact us at: dpo@cwjcu.com, phone at (876) 936-3800, or mail us at: 51 Half Way Tree Road, Kingston 10, Jamaica W.I. We will aim to respond to your request or query within thirty (30) days or provide an explanation of the reason for our delay.

Changes to this Privacy Notice

Data privacy and protection is an ongoing responsibility and so this Privacy Notice is subject to occasional revision to ensure that it remains in line with the ever-evolving regulatory and security landscape. The C&WJCCUL therefore reserves the right, at its sole discretion, to modify or replace any part of this Privacy Notice. It is your responsibility to check this Privacy Notice periodically for changes. The last date of modification will be noted at the bottom. Continued use of our site or services indicates your acknowledgement that it is your responsibility to review this Privacy Notice periodically and become aware of any modifications. Changes to this policy are effective once they have been uploaded to our website.

Contact Information

The C&WJCCUL welcomes your comments or questions regarding this Privacy Notice. If you have a question or comment regarding this Privacy Notice or you would like to make a complaint, please contact our Privacy Office using the details below.

Symptai Consulting Limited

Data Protection Officer

for C&WJ Co-operative Credit Union Limited

51 Half Way Tree Road

Kingston 10

Jamaica W.I.

dpo@cwjcu.com

(876)936-3800

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@cwjcu.com and we will promptly remove you from ALL correspondence.

Last Update: February 27, 2024