Privacy Policy

1st Class Credit Union Limited

Who We Are

1st Class Credit Union Limited is situated at 105 Bell Street, Glasgow, G4 0TQ. We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. FCA Firm No: 213700

Our privacy policy covers all interactions we have with our members from phone calls to online banking through our website and app.

The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you. Failure to provide the necessary information may result in the delay of your membership application being processed.

How We Use Personal Information

At 1st Class Credit Union Ltd we will process, transfer and/or share your information for the following legal reasons;

  • To confirm your identity and address
  • Carry out checks for the prevention of financial crime
  • To perform internal and external auditing
  • Hold minimal details about our members on a register of members

For performance of our contract with you, to:

  • Provide you have the services you have requested as well as the handling of your account
  • Review any applications made by you
  • Perform credit checks when necessary and to obtain and provide credit references
  • Process statistical analysis to aid in planning for the future needs of our members
  • To send you statements, changes to our terms & conditions as well as changes to this privacy policy.

We may contact you for legitimate interests, such as:

  • To recover any outstanding debts owed to us

With your consent, to:

  • maintain our relationship with you including marketing and market research (if you agree to them)

Who We Share Your Personal Information With

We will share your information with;

  • Third party agencies to aid us in the verification of your identification and address
  • Credit reference agencies as well as debt recovery agencies who may check the information against other databases – private and public – to which they have access to.
  • To any authority if legally required to do so, for example HM Revenue & Customs for tax compliance obligations
  • To fraud prevention agencies to help to prevent crime or where we suspect crime.
  • To any persons, including, but not limited to, insurance providers, who provide a service or benefits to you or for us in conjunction with your account(s)
  • To our suppliers in order for them to meet our conditions to provide a service to us and/or to you on our behalf
  • To anyone in connection with a reorganisation or transfer of engagement of the credit unions business
  • Other parties for marketing purposes (if you agree to this)

Where we share your information

All countries in the European Economic Area ensure and follow strict data protection laws, however there are countries in the world who do not deliver the same level of protection when holding or processing your personal information.

The credit union does not directly send information to any country outside of the European Economic Area. However any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer that information to tax authorities in countries where you or a connected person may be a tax resident.

Credit Reference Agencies (CRAs)

When submitting an application for credit please be aware we may share your personal information with CRAs to ensure we are safely and responsibly lending to our members.

To keep your credit file account up to date we will exchange information with CRAs about you on a regular basis. This information will contain any settled accounts and any outstanding debts you may have with us, which could affect your credit score.

For further information on the CRAs, the ways in which they use and share personal information, are explained in more detail on:

Retaining Your Information

The credit union will hold your data for a minimum of 7 years following termination of membership. However, we are legally obliged to hold specific data for our members register. This will include members name, date of birth, date of joining/leaving and share value at the time of termination.

Your Rights Under Data Protection Regulations Are:

The right to be informed

Individuals have the right to be informed about the collection and use of their personal data

The right of access

Individuals have the right to access their personal data

The right to rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.

The right to erasure

The GDPR introduces a right for individuals to have personal data erased.

The right to restrict processing

Individuals have the right to request the restriction or suppression of their personal data.

This is not an absolute right and only applies in certain circumstances

The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

The right to object

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances

Rights in relation to automated decision making and profiling.

We may use automated decision making in processing your personal and financial information to make credit decisions.

It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.

The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.

When you apply for a loan and / or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.

Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.

Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.

The right to complain

Individuals have the right to complain to the information’s commissioner’s office.

Fraud Prevention Agencies

We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.

The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.

We will share your:

  • name;
  • address;
  • date of birth;
  • contact details;
  • financial information;
  • employment details;
  • Device identifiers, including IP address; and
  • Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.

What we use cookies for

Internet cookies help you do things online, like remembering log-in details so you don’t have to reenter them when revisiting a site.

For more information on Cookies and why we use them please click here, 1st Class Credit Union | Cookie Notice (1stclasscu.co.uk)

Security

We take the protection of your information very seriously and high security measures will be taken to ensure your data is protected. All online banking activity is protected by a secure certificate using the TLS1.2 standard encryption which provides an industry standard level of security.

Changes to this privacy policy

We can update this Privacy Policy at any time and ideally you should check it regularly at 1st Class Credit Union | Privacy Policy (1stclasscu.co.uk) for updates. We won’t alert you for every small change, but if there are any important changes to the Policy or how we use your information we will let you know and where appropriate ask for your consent.

How we use your data

Credit Referencing Agencies

In order to process credit applications you make we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.

Credit Reference Agencies also share information about people with many financial organisations.

Their records can tell us:

  • whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
  • your previous addresses;
  • information on any businesses you may own or have owned or directed;
  • whether you are financially linked to another person, for example by having a joint account or shared credit;
  • whether you have changed your name;
  • whether you have been a victim of fraud.

Where you are financially linked to another person their records can provide us with details about that person’s credit agreements and financial circumstances.

They also use publicly available information to record information about people, including information from:

  • The Royal Mail Postcode Finder and Address Finder;
  • The Electoral Register;
  • Companies House;
  • The Accountant in Bankruptcy and other UK equivalents;
  • The Insolvency Service and other UK equivalents;
  • County Court Records.

This tells us, among other things:

  • Your age, address and whereabouts;
  • whether you are on the Electoral Register;
  • whether you have been declared bankrupt;
  • whether you are insolvent; and
  • whether there are any County Court Judgements against you.

Credit Reference Agencies may also be Fraud Prevention Agencies.

We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:

  • confirming your identity;
  • verifying where you live;
  • making sure what you have told us is accurate and true;
  • checking whether you have overdue debts or other financial commitments; and
  • confirming the number of your credit agreements and the balances outstanding together with your payment history.

We also have a duty to protect the Credit Union and the wider society against loss and crime, so we use and share Credit Reference Agency information:

  • to identify, prevent and track fraud;
  • to combat money laundering and other financial crime; and
  • to help recover payment of unpaid debts.

We use information in this way to fulfil our contract to you, to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect the Credit Union from loss, to pursue our legitimate interests and to prevent crime.

Automated assessment

We may use automated decision making in processing your personal and financial information to make credit decisions.

It is our policy to manually review automated decisions whenever possible. However, you have the right to request a manual review of the accuracy of any decision we make if you are unhappy with it.

The Credit Union uses a company called NestEgg Ltd to process this data on our behalf. NestEgg Ltd provides an automated ‘decision’ to help the Credit Union make it easy for members to apply for loans and savings accounts. NestEgg Ltd is not responsible for making decisions, they do not see your personal information. Their software makes a recommendation to a loans officer.

When you apply for a loan and / or savings account up to five searches may appear on your credit file. For the purposes of credit scoring, this will typically only affect your credit score as if one credit application were made.

Each of these five ‘footprints’ relate to the different sources of data being used to assess an application; these include the credit report itself and an affordability check. The Credit Union needs to prove the information belongs to you which is when an ID check is required. In cases where an application is made by a new member; the Credit Union will use an ID check and may also run a report to check ownership of any bank account details you may give us. These checks are required by law to prevent money laundering.

Some of these footprints will be in the name of NestEgg Ltd and others in the name of the Credit Union.

Fraud Prevention Agencies

We use your information to carry out checks for the purposes of preventing fraud and money laundering. These checks require us to process and share personal data about you.

The personal data can include information that you have shared with us in making your loan application, other information we have collected or hold about you, or information we receive from third parties such as Credit Reference Agencies.

We will share your:

  • name;
  • address;
  • date of birth;
  • contact details;
  • financial information;
  • employment details;
  • Device identifiers, including IP address; and
  • Any other information that it is in our legitimate interest to share in order to prevent or detect fraud, or that we are legally obliged to provide.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your data in these ways because we have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, for up to six years.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan or any other services you have asked for. We may also stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this then please contact us.