European Union Privacy Notice (May 25, 2018)
Service Credit Union is a New Hampshire state-chartered credit union headquartered at 3003 Lafayette Road, Portsmouth, New Hampshire, 03801 USA. We are a member-owned cooperative financial institution offering a wide variety of financial products and services to our members throughout the world.
We understand that the privacy of your personal information and data is very important to you, and Service Credit Union is fully committed to protecting and using the personal data of its members and all individuals lawfully, fairly, and transparently.
In addition to complying with United States and New Hampshire privacy and data protection laws, the credit union intends to comply with the European Union’s General Data Protection Regulation (“GDPR”), and the German Federal Data Protection Act, to the extent applicable to our members currently living in a European Union country, as soon as feasible, and where those obligations do not conflict with United States law and regulations with which the credit union must comply.
This European Union Privacy Notice applies to any information relating to an identified or identifiable person in the European Union (generally someone living in the European Union) in the credit union’s capacity as either controller or processor of that personal information. The credit union does not apply the GDPR protections and standards to the information of individuals not living in the European Union.
For the purposes of this European Union Privacy Notice, the following definitions apply:
- “Personal Data” means any information relating to an identified or identifiable individual potential member, member, former member, joint account holder, beneficiary, and in limited circumstances non-members. Personal Data includes but is not limited to your name, address, identification number such as Social Security Number, and account number.
- “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or making available, alignment or combination, restriction, erasure, or destruction.
This European Union Privacy Notice generally describes Service Credit Union’s policies and practices regarding its collection and use of your Personal Data, and summarizes your privacy rights under the GDPR. Because the GDPR is very lengthy and complex, this European Union Privacy Notice does not detail all GDPR privacy rights or the limits to those rights.
Data Protection Officer
Service Credit Union has appointed its Chief Risk Officer and General Counsel to act as the credit union’s data protection officer, who you may contact if you have any questions or concerns about Service Credit Union’s personal data policies or practices, or its compliance with the GDPR. The following is the contact information for the Chief Risk Officer and General Counsel:
Patrick F. Harrigan
Chief Risk Officer and General Counsel
Service Credit Union
3003 Lafayette Road
Portsmouth, New Hampshire 03801 USA
Collection and Processing of Personal Data
Service Credit Union collects and processes Personal Data only to market and provide financial products and services to individuals, including but not limited to opening and maintaining deposit accounts, making personal loans, and providing payment services.
The credit union’s Personal Data subject to the GDPR is:
- Processed lawfully, fairly, and transparently;
- Collected for specified, explicit and legitimate purposes, and not further Processed in a manner incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are Processed;
- Accurate, and where necessary, kept up to date;
- As soon as feasible, kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are Processed; and,
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical security measures.
Service Credit Union also minimizes the risk to your rights and freedoms by not collecting or storing sensitive personal information about you, such as racial or ethnic origin, political opinions, or religious beliefs.
Legal Basis for Processing Personal Data
Service Credit Union processes your Personal Data only to provide financial products and services the credit union has contractually agreed to provide you, where necessary with your consent, or to comply with laws.
Transferring Personal Data from the EU to the US
Service Credit Union is headquartered in the United States, and the Personal Data we collect from you may be Processed in the United States. The United States has not received a finding of information security “adequacy” from the European Union under Article 45 of the GDPR. Therefore, Service Credit Union relies on the specific grounds in GDPR Article 49 to transfer your Personal Data from the European Union to the United States. In particular, the credit union transfers Personal Data collected in the European Union to its Portsmouth, New Hampshire, headquarters for Processing only to provide financial products and services the credit union has contractually agreed to provide to you, where necessary with your consent, or to comply with laws.
Service Credit Union applies appropriate safeguards to protect the privacy and security of your Personal Data while in transit to the United States.
Disclosure of Personal Data to Third Parties
Service Credit Union discloses Personal Data to independent third parties only for the credit union’s everyday business purposes to serve you, including but not limited to account opening and maintenance, transaction processing, loan origination and processing, payment processing, credit bureau reporting, responding to court orders or valid subpoenas or other information requests, and to market the credit union’s products and services to you. For example, to process your debit or credit card transactions, the credit union must share your Personal Data with various payment network providers. Service Credit Union never sells your Personal Data to third parties.
Data subject rights
Under the GDPR, you have the following rights regarding your Personal Data:
- To confirm that the credit union is Processing your Personal Data;
- To access your Personal Data;
- To request correction of inaccurate Personal Data or to have incomplete Personal Data completed;
- To require the erasure of your Personal Data, subject to United States and New Hampshire record retention laws and regulations, which may require data retention for a specified time;
- To block or restrict the Processing of your Personal Data;
- To receive your Personal Data in a format which may be transferred to another company;
- To object to a decision based solely on automated Processing or your Personal Data, including profiling, unless necessary for entering into, or performing, a contract between you and the credit union; and,
- To file a complaint with your local European Union state data protection authority.
Personal Data of Children
Service Credit Union Processes Personal Data of children under the age of 16 only with the written consent of the holder of parental responsibility over the child prior to Processing the child’s Personal Data. The credit union only Processes the Personal Data of a child over the age of 16 with that child’s explicit consent.
Security of your information
Considering the state of the art of data security, the implementation costs, and the nature, scope, context and purpose of Processing, as well as the likelihood and severity of the risks to your rights and freedoms, Service Credit Union has implemented appropriate technical and organizational measures to ensure a level of information security appropriate to the risks. We also continually invest in testing and updating our security technology and procedures.
It is the responsibility of all Service Credit Union employees to protect and insure the confidentiality of all Personal Data, and the credit union regularly trains our employees on the importance of maintaining the privacy and security of your Personal Data. We are also committed to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Service Credit Union’s information security policies, processes or technology do not guarantee absolute security of your Personal Data. You should take all normal personal information security steps to protect your Personal Data such as using and not sharing your secure passwords, closing browsers after use, and not using insecure public networks.
Data storage and retention
Service Credit Union is implementing a program where it retains your Personal Data only for as long as it is required to do so under United States federal and state law applicable to the credit union.
Changes and updates to the Privacy Notice
Service Credit Union and its membership, products and services change from time to time, and information security threats and security technologies also constantly evolve. Accordingly, we reserve the right to amend this European Union Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended European Union Privacy Notice on our website. You should check our website frequently to see the current European Union Privacy Notice that is in effect and any changes we may have made to it.
Questions, concerns or complaints
If you have any questions, concerns, or complaints about your Personal Data and Service Credit Union, or this European Union Privacy Notice, please contact Service Credit Union’s Chief Risk Officer and General Counsel.