U.S. Privacy Notice
European Union Privacy Notice
Marketing Consent Forms
Data Subject Access Rights Portal
U.S. Privacy Notice
This information can include:
- Social Security number and income
- account balances and payment history
- credit history and credit scores
When you are no longer our customer, we continue to share your information as described in this notice.
|Reasons we can share
your personal information
|DOES SERVICE CREDIT UNION SHARE?||CAN YOU LIMIT THIS SHARING?|
|For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus||YES||NO|
|For our marketing purposes—to offer our products and services to you||YES||NO|
|For joint marketing with other financial companies||YES||NO|
|For our affiliates’ everyday business purposes—information about your transactions and experiences||NO||WE DON'T SHARE|
|For our affiliates’ everyday business purposes—information about your creditworthiness||NO||WE DON'T SHARE|
|For nonaffiliates to market to you||NO||WE DON'T SHARE|
Call: 800.936.7730 (U.S.) or 00800.4728.2000 (Int’l) or go to servicecu.org.
Who we are
Who is providing this notice?
What we do
How does Service Credit Union protect my personal information?
We only work with companies that undertake security measures that will protect your non-public personal information.
How does Service Credit Union collect my personal information?
- open an account or deposit money
- pay your bills or apply for a loan
- use your credit or debit card
We also collect your personal information from others, such as credit bureaus, affiliates,
and other companies.
Why can’t I limit all sharing?
- sharing for affiliates’ everyday business purposes—information about your
- affiliates from using your information to market to you
- sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
- Our affiliates include financial companies with a Service name including Service Financial Advisors, LLC.; Service Insure, LLC.; Service Capital, LLC.; and Service Exchange, LLC.
- Nonaffiliates we share with can include insurance companies, payment networks, and credit card companies.
- Our joint marketing partners include payment networks and credit card companies.
European Union Privacy Notice (May 25, 2018)
Service Credit Union is a New Hampshire state-chartered credit union headquartered at 3003 Lafayette Road, Portsmouth, New Hampshire, 03801 USA. We are a member-owned cooperative financial institution offering a wide variety of financial products and services to our members throughout the world.
We understand that the privacy of your personal information and data is very important to you, and Service Credit Union is fully committed to protecting and using the personal data of its members and all individuals lawfully, fairly, and transparently.
In addition to complying with United States and New Hampshire privacy and data protection laws, the credit union intends to comply with the European Union’s General Data Protection Regulation (“GDPR”), and the German Federal Data Protection Act, to the extent applicable to our members currently living in a European Union country, as soon as feasible, and where those obligations do not conflict with United States law and regulations with which the credit union must comply.
This European Union Privacy Notice applies to any information relating to an identified or identifiable person in the European Union (generally someone living in the European Union) in the credit union’s capacity as either controller or processor of that personal information. The credit union does not apply the GDPR protections and standards to the information of individuals not living in the European Union.
For the purposes of this European Union Privacy Notice, the following definitions apply:
- “Personal Data” means any information relating to an identified or identifiable individual potential member, member, former member, joint account holder, beneficiary, and in limited circumstances non-members. Personal Data includes but is not limited to your name, address, identification number such as Social Security Number, and account number.
- “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or making available, alignment or combination, restriction, erasure, or destruction.
This European Union Privacy Notice generally describes Service Credit Union’s policies and practices regarding its collection and use of your Personal Data, and summarizes your privacy rights under the GDPR. Because the GDPR is very lengthy and complex, this European Union Privacy Notice does not detail all GDPR privacy rights or the limits to those rights.
Data Protection Officer
Service Credit Union has appointed its Chief Risk Officer and General Counsel to act as the credit union’s data protection officer, who you may contact if you have any questions or concerns about Service Credit Union’s personal data policies or practices, or its compliance with the GDPR. The following is the contact information for the Chief Risk Officer and General Counsel:
Patrick F. Harrigan
Chief Risk Officer and General Counsel
Service Credit Union
3003 Lafayette Road
Portsmouth, New Hampshire 03801 USA
Collection and Processing of Personal Data
Service Credit Union collects and processes Personal Data only to market and provide financial products and services to individuals, including but not limited to opening and maintaining deposit accounts, making personal loans, and providing payment services.
The credit union’s Personal Data subject to the GDPR is:
- Processed lawfully, fairly, and transparently;
- Collected for specified, explicit and legitimate purposes, and not further Processed in a manner incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are Processed;
- Accurate, and where necessary, kept up to date;
- As soon as feasible, kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are Processed; and,
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical security measures.
Service Credit Union also minimizes the risk to your rights and freedoms by not collecting or storing sensitive personal information about you, such as racial or ethnic origin, political opinions, or religious beliefs.
Legal Basis for Processing Personal Data
Service Credit Union processes your Personal Data only to provide financial products and services the credit union has contractually agreed to provide you, where necessary with your consent, or to comply with laws.
Transferring Personal Data from the EU to the US
Service Credit Union is headquartered in the United States, and the Personal Data we collect from you may be Processed in the United States. The United States has not received a finding of information security “adequacy” from the European Union under Article 45 of the GDPR. Therefore, Service Credit Union relies on the specific grounds in GDPR Article 49 to transfer your Personal Data from the European Union to the United States. In particular, the credit union transfers Personal Data collected in the European Union to its Portsmouth, New Hampshire, headquarters for Processing only to provide financial products and services the credit union has contractually agreed to provide to you, where necessary with your consent, or to comply with laws.
Service Credit Union applies appropriate safeguards to protect the privacy and security of your Personal Data while in transit to the United States.
Disclosure of Personal Data to Third Parties
Service Credit Union discloses Personal Data to independent third parties only for the credit union’s everyday business purposes to serve you, including but not limited to account opening and maintenance, transaction processing, loan origination and processing, payment processing, credit bureau reporting, responding to court orders or valid subpoenas or other information requests, and to market the credit union’s products and services to you. For example, to process your debit or credit card transactions, the credit union must share your Personal Data with various payment network providers. Service Credit Union never sells your Personal Data to third parties.
Data subject rights
Under the GDPR, you have the following rights regarding your Personal Data:
- To confirm that the credit union is Processing your Personal Data;
- To access your Personal Data;
- To request correction of inaccurate Personal Data or to have incomplete Personal Data completed;
- To require the erasure of your Personal Data, subject to United States and New Hampshire record retention laws and regulations, which may require data retention for a specified time;
- To block or restrict the Processing of your Personal Data;
- To receive your Personal Data in a format which may be transferred to another company;
- To object to a decision based solely on automated Processing or your Personal Data, including profiling, unless necessary for entering into, or performing, a contract between you and the credit union; and,
- To file a complaint with your local European Union state data protection authority.
Personal Data of Children
Service Credit Union Processes Personal Data of children under the age of 16 only with the written consent of the holder of parental responsibility over the child prior to Processing the child’s Personal Data. The credit union only Processes the Personal Data of a child over the age of 16 with that child’s explicit consent.
Security of your information
Considering the state of the art of data security, the implementation costs, and the nature, scope, context and purpose of Processing, as well as the likelihood and severity of the risks to your rights and freedoms, Service Credit Union has implemented appropriate technical and organizational measures to ensure a level of information security appropriate to the risks. We also continually invest in testing and updating our security technology and procedures.
It is the responsibility of all Service Credit Union employees to protect and insure the confidentiality of all Personal Data, and the credit union regularly trains our employees on the importance of maintaining the privacy and security of your Personal Data. We are also committed to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Service Credit Union’s information security policies, processes or technology do not guarantee absolute security of your Personal Data. You should take all normal personal information security steps to protect your Personal Data such as using and not sharing your secure passwords, closing browsers after use, and not using insecure public networks.
Data storage and retention
Service Credit Union is implementing a program where it retains your Personal Data only for as long as it is required to do so under United States federal and state law applicable to the credit union.
Changes and updates to the Privacy Notice
Service Credit Union and its membership, products and services change from time to time, and information security threats and security technologies also constantly evolve. Accordingly, we reserve the right to amend this European Union Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended European Union Privacy Notice on our website. You should check our website frequently to see the current European Union Privacy Notice that is in effect and any changes we may have made to it.
Questions, concerns or complaints
If you have any questions, concerns, or complaints about your Personal Data and Service Credit Union, or this European Union Privacy Notice, please contact Service Credit Union’s Chief Risk Officer and General Counsel.
Service Credit Union’s marketing consent forms will be available soon.
The link below will take you to a secure web form which you can use to exercise your GDPR data access rights. These include requests for information, requests to update information, requests for copies of your data, requests for data erasure, objections to processing, reviewing automated decisioning and filing of complaints with SCU.
European Union’s General Data Protection Regulation (GDPR) FAQs
What is the GDPR?
The GDPR is a new set of rules that aims to give people in the European Union (EU), including those assigned to military bases in the EU, more information about and control over their Personal Data and how it is used and processed by businesses serving the EU. The rules focuses on your Personal Data and maintaining its confidentiality, integrity and accuracy.
When will it go into effect?
The GDPR becomes effective May 25, 2018.
Who does it affect?
The GDPR affects any person—referred to as a “Data Subject”—that is physically in the EU. It also affects businesses such as Service Credit Union that collect or process the Personal Data of any Data Subject. Data Subjects may also include citizens or residents of non-EU countries such as the United States—for example, if a U.S. citizen is temporarily living in the EU.
How is Personal Data defined under GDPR?
As it relates to Service Credit Union, “Personal Data” means any information relating to an individual member, potential member, former member, joint account holder, beneficiary and, in limited circumstances, non-members. Personal Data includes but is not limited to your name, address, identification number (such as Social Security Number) and account number.
The GDPR also extends the definition of Personal Data to any information that could lead someone to identify an individual—for example, an IP address, which could determine your location. It also includes sensitive Personal Data such as genetic data and biometric data, all of which could be further used to uniquely identify an individual.
How does GDPR affect you?
In terms of your relationship with SCU, you will need to opt in to communications from us and confirm how you want to be contacted. If you want to continue being notified of the credit union’s promotions, you will need to opt in to receive those communications. In general, business emails cannot be sent to an EU member who has not opted in. Visitors to our website will also have the option to consent to or block SCU using cookies to track their activity.
What kind of data does Service Credit Union collect?
The Personal Data that we collect and process from or on you will vary based on the SCU services you choose to use. Personal Data is only collected and used when it is relevant to providing those products or services. SCU does not collect Personal Data that is not related to the financial services we provide you.
Examples of Personal Data we may collect include your name, address, date of birth, government identification number, contact information (phone number and email), signature, security questions and answers, current debt and income information, credit history and banking history, and transactional behavior information.
For more information and to read the Service Credit Union European Union Privacy Notice, please visit our Privacy Center.
How is this data used?
The Personal Data that we collect is used to identify you and maintain your account securely. We share this data with vetted third-party vendors only when it is necessary for our everyday business purposes to serve you, such as when issuing a new debit card, offering online banking services or processing account statements. Additionally, through the cookies on our website, Service Credit Union uses your unique information to enhance your browsing experience and to refine our marketing both to you and others like you.
How does SCU protect my data?
We understand that the privacy of your Personal Data is very important to you, and Service Credit Union is, and has always been, fully committed to protecting and using the Personal Data of all individuals lawfully, fairly, transparently and securely. Service Credit Union has implemented appropriate technical measures to ensure a high level of information and data security. We also continually invest in testing and updating our security technology and processes to maintain a high level of security. Finally, independent auditors and examiners annually review Service Credit Union’s information security practices, further ensuring this high level of security.
If you have any further question about this policy, or how we collect or process your data, please visit servicecu.org/privacycenter at any time.