FHCCU Privacy Notice
First Heritage Co-operative Credit Union
8-10 Eureka Road
Kingston 5
876-929-5142
www.fhccu.com
Effective Date:
At First Heritage Co-operative Credit Union, we are dedicated to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use, share, and protect your personal data in accordance with Jamaica's Data Protection Act, its Regulations, and any other applicable law.
1. Data Controller
First Heritage Co-operative Credit Union is the data controller responsible for the processing of your personal data.
2. Categories of Personal Data
We may collect and process the following categories of personal data:
- Identity data which includes name, username, identification details, Personal Identification Number (PIN) , photo, marital status, race, nationality, age, title, date of birth and gender, Tax Registration Number, signature.
- Contact data which includes residential (home) address, telephone numbers, mailing/postal address, email address.
- Financial data which includes bank account details, financial status and history of transactions, borrowings, debit card details and receipts.
- Transaction data which includes transaction details on your accounts and other details of products and services conducted with us.
- Technical data - These include your login identity data, internet protocol (IP) address and other technology on the devices you use to access our systems.
Employment/Income Data such as employment letters, pay slips source of funds and source of income.
- Usage data which includes information about how you use our website, products and services.
- Marketing and communications data which includes your preferences in receiving marketing information from us and your communication preferences.
- Visitors’ personal information such as identification details of visitors to our premises (for example name, Identification Card, photograph etc.).
- Biometric data such as images, voice and other similar information, surveillance footage by CCTV cameras on our premises.
- KYC and other Data such as beneficiary information, references, politically exposed information, beneficial owner’s information.
- Minors’ personal information – These are collected/processed with the consent of the parent/ guardian.
- Employee Information including, job application details, employment contract, performance appraisals, background checks, salary information, communications to and from the employee.
- Data collected through interactions - correspondences (electronic, verbal or written), records of current or past complaints.
3. Use of Cookies
Our Credit Union uses cookies when you visit our website. These cookies are essential for enabling user movement around our website and providing access to features such as your member-only resources, online banking, and other secure areas of the website.
We collect your personal data when you:
- Visit our website or submit an online application
- Apply for any of the Credit Union’s products or services
- Conduct any branch, mail or online transaction
- Send us an e-mail, mail or phone inquiry
- Visit any of our branch locations
We may also collect data about you from third parties such as:
- People who act for you or who you give consent to transfer data to us
- Publicly available sources
- Credit reference, debt collection and fraud prevention agencies
4. Purpose of Processing
We collect and process your personal data for the following purposes:
- Providing Financial Services: To facilitate account opening, provide the requested products and services and manage said accounts/services as well as to facilitate payment instructions and provision of account information to third parties on your behalf
- Risk Management/Compliance with Legal Obligations: For the purpose of managing our risk, for crime prevention and regulatory reporting which include;
- Fraud and money laundering prevention, detection and reporting
- Compliance with Laws and regulations for example filing reports relating to FATCA and the Common Reporting Standard.
- Credit scoring, automated and partially automated data processing
- Customer Service: To communicate and manage our relationship with you which will include:
- Notifying you about changes in our policies
- Communicating and obtaining feedback about our products and services; testing of new products and managing our brand
- Providing information to allow you to partake in a prize draw competition
- General Administration and Protection of our Business: To record CCTV footage and telephone recordings to;
- ensure the safety and security of our employees, customers and any other person visiting the Company’s premises.
- resolve complaints and improve service standards
- Other legitimate business purposes including; engaging third party service providers and providing employment to job applicants and managing the relationships
We may collect sensitive Personal Data about you including religious beliefs, political opinions, trade union membership, next of kin or family details, information about your health, criminal convictions and offenses and biometric data. These are used for purposes such as:
- For Know Your Customer (KYC) assessment
- To determine politically exposed status
- Reviewing of criminal records to help prevent and detect criminal behavior
- For legal and insurance claims processing
- To facilitate employees joining of a trade union.
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contractual Necessity: Processing required to perform the agreement we are about to enter into or have entered into with you.
- Legal Obligations: Processing required to comply with a legal obligation.
- Legitimate Interests: Processing necessary for our legitimate interests, where these do not conflict with your fundamental rights as a data subject.
Legitimate Interest means the interest of our business in conducting and managing our business, to enable us to give you the best service or product in a secure environment; and satisfy the interests of our various stakeholders as a financial institution.
- Consent: Processing with your explicit consent.
6. Data Sharing and Recipients
We may share your personal data with:
- Regulatory Authorities: As required by law.
- Service Providers: Third party companies that assist in providing services to you:
- Third Parties that the Company shares information with in Jamaica:
- Financial institutions, insurance and other companies through which your transactions are processed;
- Regulators/Oversight Bodies such as the Bank of Jamaica, Financial Services Commission and the Jamaica Stock Exchange
- Government and Law Enforcement authorities such as police or Crime prevention Agencies such as the Financial Investigation Division, the courts, statutory authorities in response to litigation and demand issued on legal/regulatory grounds
- Companies that we work with to provide other services to you e.g. credit reference bureaus, employers, debt collection agencies, debit card service provider, technology service providers, employers, outsourced services parties such as processors
- Third parties having legal obligations e.g. trustees and executors, guarantors, anyone holding a power of attorney to operate an account on your behalf
- Third parties who perform professional services such as lawyers and auditors, also those providing consultancy, insurance and accounting services
- Fraud prevention/detection agencies such as, private investigators
- Agencies used to conduct surveys on behalf of the Credit Union and its Subsidiary
- Emergency and disaster response providers in cases where a person’s health and safety is at stake when an emergency call is made
- Third Parties that the Company shares information with outside of Jamaica:
We may be required to transfer or store your personal data in another country to fulfill a legal obligation, for our legitimate interests, or to protect the public interest. We ensure that there are adequate safeguards such as contractual arrangements where the other country in which we store or process personal does not have the same level of regulatory protection for Personal Data.
Personal Data is transferred mostly in the following circumstances:
- When we store data in the public cloud.
- When we use third party service providers who reside in other countries such as our technological systems providers whose computing operations are based in foreign countries.
If FHC receives your data and thereafter transfers it to a third party service provider for processing, FHC is committed to ensuring that such third party service provider processes your data in accordance with the standards outlined in the Data Protection Act and other applicable legislations.
- Affiliates: Other entities within our corporate group.
- Other Parties: With your consent or as permitted by law.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice, or as required by applicable laws. The usual retention period is seven years after the end of your relationship with FHC. However, we may keep your personal data for longer periods due to regulatory/legal reasons or if required for an ongoing investigation.
8. Your Rights
You have the right to:
- Access your personal data.
- Erase your data under certain conditions.
- Rectify inaccurate data.
- Data portability.
- Restrict processing in certain circumstances.
- Withdraw consent.
9. Security Measures
We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. Security policies and procedures are in place to protect your personal data from unauthorized loss, misuse, alteration, or destruction.
10. Changes to this Privacy Notice
We may modify this Privacy Notice from time to time to reflect our current privacy practices. Any changes to the processing of personal data will be communicated to you through an appropriate channel. The latest version will be available on our website.
11. Contact Us
If you have any questions or concerns regarding this Privacy Notice or your personal data, you may submit your requests in writing to the Credit Union as follows:
In person – at any FHC branch, addressed to the Office of the Data Protection Officer
Mail: First Heritage Co-operative Credit Union Limited, 8-10, Eureka Road, Kingston 5 and addressed to the Data Protection Officer
Email: [email protected]
FHC Foundation Privacy Notice
Privacy Notice - FHC Foundation
8-10 Eureka Road
Kingston 5
876-929-5142
www.fhccu.com
Effective Date:
The FHC Foundation is dedicated to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use, share, and protect your personal data in accordance with Jamaica’s Data Protection Act, its Regulations, and any other applicable law.
1. Data Controller
The FHC Foundation is the data controller responsible for the processing of your personal data.
2. Categories of Personal Data
We may collect and process the following categories of personal data:
- Identity data which includes name, photo, age, title, date of birth, gender and signature.
- Contact data which includes residential (home) address, telephone numbers, mailing/postal
- address, email address.
- Financial data which includes credit union/bank account numbers.
- Employment Data such as occupation and employer.
- Marketing and communications data which includes your preferences in receiving marketing information from us and your communication preferences.
- Biometric data such as images, voice and other similar information, surveillance footage by
CCTV cameras on our premises.
- Minor’s personal information – These are collected/processed with the consent of the parent/
guardian.
- Data collected through interactions/correspondences (electronic, verbal or written)
We collect your personal data when you:
- Apply for one of our awards or scholarships
- Send us an e-mail, mail, social media or phone inquiry
- Visit any of our branch locations
We may also collect data about you from third parties such as:
- People who act for you or who you give consent to transfer data to us
- Publicly available sources
- Persons or organizations that recommend you for an award such as educational institutions or government ministries.
3. Purpose of Processing
We collect and process your personal data to:
- Solicit scholarship and special award applications and or nominations
- Process and award scholarships and special award applications and nominations
- Maintain records of our scholarship and awards programme
The types of processing we conduct are in keeping with our legitimate interests as a Foundation. We process sensitive personal data such as your filiation (family relationships) and religious affiliation with your written consent.
4. Data Sharing and Recipients
We may share your personal data with:
- Entities within the FHCCU Group such as the Credit Union and its subsidiary
- References, for confirmation of your application details
- Educational institutions
- Government entities that participate in the awards process
- Other Parties: with your consent or as permitted by law.
- Our software service providers
If FHC receives your data and thereafter transfers it to a third party service provider for processing, FHC
is committed to ensuring that such third party service provider processes your data in accordance with
the standards outline in the Data Protection Act and other applicable legislations.
5. International Transfers
We may be required to transfer or store your personal data in another country to fulfill a legal
obligation, for our legitimate interest, or to protect the public interest. We will ensure that there are
adequate safeguards such as a contractual arrangement where the other country in which we store or
process personal does not have the same level of regulatory protection for Personal Data.
Personal Data is transferred mostly in the following circumstances:
- When we store data in the public cloud.
- When we use third party service providers who reside in other countries such as our technological systems providers whose computing operations are based in foreign countries.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy
Notice, or as required by applicable laws. The usual retention period is seven years after the award of a scholarship or award for which you applied. In some cases, we may keep your personal data for longer periods due to regulatory/legal reasons.
7. Your Rights
You have the right to:
- Access your personal data.
- Erase your data under certain conditions.
- Rectify inaccurate data.
- Data portability.
- Restrict processing in certain circumstances.
- Withdraw consent for the processing of sensitive personal data.
8. Security Measures
We implement appropriate technical and organizational measures to ensure the security and
confidentiality of your personal data. Security policies and procedures are in place to protect your
personal data from unauthorized loss, misuse, alteration, or destruction.
9. Changes to this Privacy Notice
We may modify this Privacy Notice from time to time to reflect our current privacy practices. Any
changes to the processing of personal data will be communicated to you through an appropriate
channel. The latest version will be available on our website.
10. Contact Us
If you have any questions or concerns regarding this Privacy Notice or your personal data, you may
submit your requests in writing to the FHC Foundation as follows:
In person – at any FHC branch, addressed to the Office of the Data Protection Officer
Mail: FHC Foundation C/o First Heritage Co-operative Credit Union Limited, 8-10, Eureka Road, Kingston 5 and addressed to
the Data Protection Officer
Email: [email protected]