Privacy Notice, Cookies and Website Terms and Conditions

We are committed to protecting our members' privacy. The credit union requires any information marked as mandatory for membership to either meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.

About us
Kingdom Community Bank is a 'data controller' and gathers and uses certain information about you. Where Kingdom Community Bank is also a 'data processor', we will process information received from third parties about you.

Kingdom Community Bank does not consider its controlling of and processing of data to be on a large enough scale to employ a Data Protection Officer. All Directors, staff & volunteers are subject to continuous training in the importance of Data Protection. The credit union has a Data Protection representative who ensures this policy is reviewed no less than annually and will assist with queries raised by the membership, Directors, staff and volunteers.

Kingdom Community Bank is registered in Scotland and has its registered office at Main Street, Methilhill, KY8 2DP.

Kingdom Community Bank is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register No. 231896.

How we use your personal information
Kingdom Community Bank may process, transfer and/or share personal information in the following ways:

For legal reasons:
• confirm your identity;
• perform activity for the prevention of financial crime;
• carry out internal and external auditing;
• record basic information about you on a register of members.

For performance of our contract with you
• deal with your account or run any other services we provide to you;
• consider any applications made by you;
• carry out credit checks and to obtain and provide credit references;
• to determine any debts you might have with Fife Council that may impact on the affordability of any loan you apply for;
• undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business
• to send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account operates and notification of our annual general meeting.

For our legitimate interests:
• recover any debts owed to us.

With your consent:
• maintain our relationship with you including marketing and market research (if you agree to them).

Sharing your personal information
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it and use it confidentially. For more information, view the Credit Reference Agency Information Notice (CRAIN) by clicking the following link: CRAIN

The following list show who may share limited personal data with:
• third parties to help us confirm your identity to comply with money laundering legislation
• credit reference agencies and debt recovery agents who may check the information against other databases - private and public - to which they have access to
• any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations)
• Fife Council for the purposes of determining any debts with them (when assessing affordability of a loan application)
• fraud prevention agencies to help prevent crime or where we suspect fraud;
• any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s)
• our suppliers in order for them to provide services to us and/or to you on our behalf
• anyone in connection with a reorganisation or merger of the credit union's business
• other parties for marketing purposes (if you agree to this).

Where we send your information
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

The credit union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer that information to tax authorities in countries where you or a connected person may be tax resident.

Retaining your information
The credit union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period of time after you have left the credit union. We have security measures in place to seek to ensure that there is appropriate security for information we hold.

For a copy of our Data Retention Policy please contact our administration team on telephone number: 01592 714888.

CREDIT REFERENCING AGENCIES
This section of our Privacy Policy relates to our use of Credit Reference Agencies (CRAs) when a loan application is made and Members take out a loan with us. This section should be read conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

When do we use Credit Reference Agencies (CRAs)?
When Members seek to borrow money from us we will normally supply your personal information to CRAs they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. This may affect your ability to get credit.

Details of CRAs
We use two different CRAs - Equifax and Transunion. Their identities and the ways in which they use and share personal information are in more detail at the following links:
Equifax
Transunion

They may retain information for up to 6 years after any credit agreement between us has ended. When we share this information all parties conform to industry standards.

Sharing of Information
Credit Reference Agencies also share information about people with many financial organisations. Their records can tell us:
• whether you have kept up with paying your bills, rent or mortgage, and other debts such as loans, phone and internet contracts;
• your previous addresses;
• information on any businesses you may own or have owned or directed;
• whether you are financially linked to another person, for example by having a joint account or shared credit;
• whether you have changed your name;
• whether you have been a victim of fraud.

Where you are financially linked to another person their records can provide us with details about that person's credit agreements and financial circumstances.

Use of Publicly Available Information
They also use publicly available information to record information about people, including information from:
• The Royal Mail Postcode Finder and Address Finder;
• The Electoral Register;
• Companies House;
• The Accountant in Bankruptcy and other UK equivalents;
• The Insolvency Service and other UK equivalents;
• His Majesty's Court and Tribunal Service (HMCTS) records and Courts and Tribunals Judiciary records.

This tells us, among other things:
• Your age, address and whereabouts;
• whether you are on the Electoral Register;
• whether you have been declared bankrupt;
• whether you are insolvent; and
• whether there are any court decrees or county court judgements against you.

Fraud and Crime Prevention
Credit Reference Agencies may also be Fraud Prevention Agencies.

We also have a duty to protect Kingdom Community Bank and wider society against loss and crime, so we use and share CRA information to:
• identify, prevent and track fraud;
• combat money laundering and other financial crime; and
• help recover payment of unpaid debts.

Primary Purpose of Sharing Information with CRAs
We use this information to help us make sure we are lending our money responsibly and to help us decide whether a loan is appropriate for you. We cannot do this without:
• confirming your identity;
• verifying where you live;
• making sure what you have told us is accurate and true;
• checking whether you have overdue debts or other financial commitments; and
• confirming the number of your credit agreements and the balances outstanding together with your payment history.

Lawful Basis for Processing Data with CRAs
We use information in the ways set out in this statement to fulfil our contract to you (loan agreement, membership terms and conditions etc), to meet our legal and regulatory responsibilities relating to responsible lending and financial crime, to protect Kingdom Community Bank from loss, to pursue our legitimate interests and to prevent crime.

OPEN BANKING
This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

What is Open Banking?
Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.

Registered providers and participating banks and building societies are listed under the Open Banking Directory.

Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.

As a forward thinking lender, we support the use of Open Banking as it allows us to process loan applications efficiently, securely and in our consumer's best interests.

By permitting access to your bank or building society account information we are able to make a better lending decision as we shall be able to verify your income, outgoings and other matters in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.

Further information about Open Banking is available from www.openbanking.org.uk.

How will my personal data be shared and used for the purposes of Open Banking?
By proceeding with your loan application via our website you expressly consent to us sharing your personal, contact and loan application details ("the Shared Personal Data") with our registered Open Banking partner, Perfect Data Solutions Limited ("PDS") who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS's secure portal ("the Portal") for the purposes of granting PDS access to your bank or building society account information ("Transaction Information"). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application ("the Permitted Purpose").

Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.

Is Open Banking secure?
PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.

We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.

You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society's login page where you will enter in your own login details directly.

Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Personal Data and Transaction Information be used?
PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.

PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.

PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed their via our website.

As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.

Will you use my Transaction Information data for any other purpose?
The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.

Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.

Do I have to provide you with my consent to proceed?
No. If you don't provide consent then a) we will not be able to access your Transaction Information and b) you will need to provide evidence in other ways (this will take longer and result in delays to assessing your loan application). Some Members do not have access to online banking facilities, but can still apply for loans and can provide bank statements in other ways.

Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?
Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.

Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.



COOKIES
With regards to the new requirements on Cookies following the revision of the e-Privacy Directive, the credit union is working towards implementing the new requirements in line with guidance from the Information Commissioner's Office.



To make using our Site as straightforward as possible and to improve the service we offer you, we use cookies.

WHAT ARE COOKIES?
Cookies are text files that web servers can store on your computer's hard drive when you visit a website. There are two main types:
Transient (or per-session) cookies
These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.

Persistent (or permanent) cookies
These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive doesn't get overloaded. These cookies often store and re-enter your log-in information, so you don't need to remember membership details.

Additionally, cookies can be first or third party cookies. First party cookies are owned & created by the website you're viewing- in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third party cookies provided from this Site are still subject to the provisions set out below.

WHAT WE USE COOKIES FOR
Internet cookies help you do things online, like remembering log-in details so you don't have to re-enter them when revisiting a site.

WE USE COOKIES TO:
Gather customer journey information across our sites
Ensure your privacy in our secure sites
Temporarily store details input into our calculators, tools, illustrations and demonstrations
We use both our own (first party) and partner companies' (third party) cookies to support these activities.
We don't use cookies to track people's Internet usage after leaving our sites.

SERVICES REQUIRING ENABLED COOKIES
Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.

CHANGING YOUR COOKIE SETTINGS
You are not obliged to accept cookies that we send to you and you can, in fact modify your browser so that it will not accept cookies. To enable or disable cookies, follow the instructions provided by your browser (usually located within the Help, Tools or Edit facility). Alternatively, an external resource is available, providing specific information about cookies and how to manage them to suit your preferences.

Please note that should you choose to set your browser to disable cookies, you may not be able to access secure areas of this Site, for example any online accounts you may hold.