notice board for your life for your business for your community about servus
 
personal
business
commercial

common wealth
community savings

insurelink
calculators
loan application
mastercard
on-line trading

rates
member benefits
branch/atm locator
privacy
security
careers


privacy
Contact Us
privacy policy
privacy on the internet
privacy pledge
national do not call list
privacy policy

Servus Credit Union is a member owned financial institution and as such has an inherent responsibility to be open and accessible, while at the same time protecting members' personal privacy. Servus Credit Union has established policies and procedures to protect personal information collected, used and disclosed for business purposes.

Our Personal Information Protection Policy is based on the following ten principles:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Compliance

These principles are explained fully in the following Personal Information Protection Policy Statement, which gives substance to our Privacy Pledge. The purpose of the Privacy Pledge and this Policy is to ensure that the activities of Servus Credit Union are carried out in a manner that is consistent with our mission and beliefs.

Personal Information

Personal information includes any factual or subjective information that is about or can be linked to an identifiable individual. This may include:

  • age, name, ID numbers, income, ethnic origin;
  • opinions, evaluations, comments, social status or disciplinary actions; and
  • employee files, credit records, loan records, medical records, existence of a dispute between consumer and merchant, intentions (e.g. to acquire goods or services, or change jobs).

Personal information does not include the name, title or business address or telephone number of an employee of an organization, but does include his/her email address.

Consent

Voluntary agreement with what is being done or proposed. Consent can be implied or express. Express consent is given explicitly, either orally or in writing. Implied consent arises where consent may reasonably be inferred from the action or inaction of the member.

Disclosure

Making personal information available to others outside Servus Credit Union.

Service Providers

Any person or organization other than Servus Credit Union or its members and which may provide products or services to Servus Credit Union or its members.

Principle 1 - Accountability

Servus Credit Union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for its compliance with the principles of this policy.

1.1 Ultimate accountability for Servus Credit Union's compliance with the principles rests with Servus Credit Union's Board of Directors, who delegate day-to-day accountability to the CEO who will delegate to a Privacy Officer. Other employees of Servus Credit Union will be accountable for day-to-day collection and processing of personal information, or may act on behalf of the Privacy Officer.

1.2 Servus Credit Union will communicate the identity and role of the Privacy Officer internally and externally.

1.3 Servus Credit Union is responsible for personal information in its control. Servus Credit Union will use contractual or other means to protect personal information transferred to a Service Provider for processing.

1.4 Servus Credit Union's policies and procedures will give effect to the principles, including:

  • procedures to protect personal information;
  • procedures to receive and respond to concerns and inquiries;
  • training staff to understand and follow Servus Credit Union's policies and procedures; and
  • annual review of the effectiveness of the policies and procedures to ensure compliance with our Pledge, with recommendations to the Board of Directors for consideration.

Principle 2 - Identifying Purposes

Servus Credit Union will identify the reasons for collection of personal information before or at the time of collection, and inform members how their information will be used. Servus Credit Union will collect personal information for the following purposes:

  • to understand member needs;
  • to determine the suitability of products or services for members, including those of Service Providers;
  • to develop, offer and manage products and services that meet member needs, including products and services delivered by Service Providers;
  • to provide members with information about products and services that may be of interest to them;
  • to determine member eligibility for products and services;
  • to provide ongoing service;
  • to help safeguard the financial interests of the credit union and its members by detecting and preventing criminal activity;
  • to meet human resource requirements;
  • and to meet legal and regulatory requirements.

2.1 Servus Credit Union will ensure that members are aware of the purposes for which personal information is collected and used, including use by and disclosure to Service Providers, and give consent for the described collection, use and disclosure.

2.2 When personal information that has been collected is to be used for a purpose not previously identified, Servus Credit Union will identify the new purpose prior to use. Unless the new purpose is required by law, Servus Credit Union will obtain the consent of the individual before information can be used for the new purpose.

Principle 3 - Consent

Servus Credit Union will require the knowledge and consent of the member for the collection, use, or disclosure of personal information, except in specific limited circumstances.

3.1 Servus Credit Union requires consent for the collection of personal information and the subsequent use or disclosure of this information. In certain circumstances, Servus Credit Union may seek consent after the information has been collected but before use (for example, when existing information is to be used for a purpose not previously identified). Servus Credit Union may be required to collect, use, or disclose personal information without the member's consent for certain purposes, including for the collection of overdue accounts, legal or security reasons.

3.2 Servus Credit Union will make a reasonable effort to ensure that the member is aware of the purposes for which information will be used. To make the consent meaningful, Servus Credit Union will state the purposes in such a manner that members can reasonably understand how the information will be used or disclosed.

3.3 Servus Credit Union will not, as a condition of supplying a product or service, require a member to consent to the collection, use, or disclosure of information beyond that required to fulfill explicitly specified and legitimate purposes.

3.4 In determining the form of consent to use, Servus Credit Union will take into account the sensitivity of the information. Although some information (for example, health records) is almost always considered to be sensitive, any information can be sensitive, depending on the context.

3.5 In obtaining consent, the reasonable expectations of the member are also relevant. For example, a member should reasonably expect Servus Credit Union to periodically supply information on Servus Credit Union's developments, products and services, and to provide ongoing services. Similarly, further consent will not be required when personal information is transferred to Service Providers of Servus Credit Union to carry out functions such as data processing. In this case, Servus Credit Union can assume that the member's request constitutes consent for specifically related purposes. On the other hand, a member would not reasonably expect that personal information given to Servus Credit Union would be given to a Service Provider selling insurance products, unless consent was obtained. Consent will not be obtained through deception.

3.6 The way in which Servus Credit Union seeks consent may vary, depending on the circumstances and the type of information collected. Members can give consent:

  • in writing, such as when completing and signing an application;
  • through inaction, such as failing to inform Servus Credit Union that they do not wish their names and addresses to be used for optional purposes;
  • orally, such as when information is collected over the telephone or in person;
  • at the time they use a product or service; and
  • through an authorized representative (such as a legal guardian or a person having power of attorney).

3.7 A member may withdraw consent at any time, subject to legal or contractual restrictions, provided that:

  • reasonable notice of withdrawal of consent is given to Servus Credit Union; and
  • consent does not relate to a credit product requiring the collection and reporting of information after credit has been granted.
    Servus Credit Union will inform the member of the implications of such withdrawal.

3.8 In certain circumstances personal information may be collected, used, or disclosed without the knowledge or consent of the individual. These circumstances include:

  • Where it is clearly in the interests of the individual and consent cannot be obtained in a timely way;
  • Where it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;
  • Where the information is considered by law to be publicly available;
  • To act in respect of an emergency that threatens the life, health or security of an individual; and
  • To investigate an offence under the laws of Canada, a threat to Canada's security, to comply with a subpoena, warrant or court order, or rules of court relating to the production of records, or otherwise as required by law.

Principle 4 - Limiting Collection

Servus Credit Union will limit the collection of personal information to that necessary for the purposes identified. Servus Credit Union will collect personal information by fair and lawful means.

4.1 Servus Credit Union will not collect personal information indiscriminately. Servus Credit Union will specify both the amount and the type of information collected, limited to that which is necessary to fulfill the purposes identified, in accordance with Servus Credit Union's policies and procedures.

4.2 Servus Credit Union will collect personal information by fair and lawful means, and not by misleading or deceiving members about the purpose for which information is being collected.

Principle 5 - Limiting Use, Disclosure and Retention

Servus Credit Union will not use or disclose personal information for purposes other than for which it was collected, except with the consent of the member or as required by law. Servus Credit Union will retain personal information only as long as necessary for the fulfillment of these purposes.

5.1 When Servus Credit Union uses personal information for a new purpose not identified in Principle 2, the purpose will be identified and documented.

5.2 Servus Credit Union will protect the interests of its members by taking reasonable steps to ensure that:

  • orders or demands comply with the laws under which they were issued;
  • only the personal information that is legally required is disclosed;
  • casual requests for personal information are denied; and
  • personal information will not be disclosed to unrelated third party suppliers of non-financial services.
  • Servus Credit Union will make reasonable efforts to notify the member that an order has been received, if not contrary to the security of the credit union and if the law allows it. Notification may be by telephone, or by letter to the member's usual address.

5.3 Members' health records at Servus Credit Union may be used for credit application and related insurance purposes. Members' health records will not be collected from, or disclosed to, any other organization without the Member's express consent.

5.4 Servus Credit Union will maintain guidelines and procedures with respect to the retention of personal information. These guidelines include minimum and maximum retention periods. Personal information that has been used to make a decision about a member will be retained long enough to allow the member access to the information after the decision has been made. Servus Credit Union is subject to legislative requirements with respect to retention of records.

5.5 Subject to any requirement to retain records, Servus Credit Union will destroy, erase or make anonymous personal information that is no longer required to fulfill the identified purposes. Servus Credit Union will develop guidelines and implement procedures to govern the destruction of personal information.

Principle 6 - Accuracy

Servus Credit Union will ensure personal information is kept as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

6.1 The extent to which personal information will be accurate, complete, and up-to-date will depend upon the uses of the information, taking into account the interests of members. Servus Credit Union relies on members to keep certain personal information, such as address information, accurate, complete and up-to-date. Servus Credit Union shall strive to keep information sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision affecting the member.

6.2 Servus Credit Union will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected.

6.3 Personal information that is used on an ongoing basis, including information that is disclosed to Service Providers, will generally be accurate and up-to-date unless limits to the requirement for accuracy are clearly set out.

Principle 7 - Safeguards

Servus Credit Union will protect personal information with security safeguards appropriate to the sensitivity of the information.

7.1 The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, use, copying, modification, disclosure or disposal. Servus Credit Union will protect personal information regardless of the format in which it is held.

7.2 The nature of the safeguards will vary depending on the sensitivity, amount, distribution and format of the information, and the method of storage. Servus Credit Union will safeguard more sensitive information with a higher level of protection.

7.3 The methods of protection will include:

  • physical measures, for example, locked filing cabinets and restricted access to offices;
  • organizational measures, for example, controlling entry to data centres and limiting access to information to a "need-to-know" basis;
  • technological measures, for example, the use of passwords and encryption; and
  • investigative measures, in cases where Servus Credit Union has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.

7.4 Servus Credit Union will periodically remind employees, officers and directors of the importance of maintaining the confidentiality of personal information. Employees, officers and directors are individually required to sign an oath of ethical conduct, including a commitment to keep members' personal information in strict confidence.

7.5 Servus Credit Union will require Service Providers to safeguard personal information disclosed to them in a manner consistent with the policies of Servus Credit Union. Examples include cheque printing, data processing, credit collection, credit bureaus and card production.

7.6 Servus Credit Union will use care in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

Principle 8 - Openness

Servus Credit Union will make readily available to members specific, understandable information about its policies and procedures relating to the protection of personal information.

8.1 Servus Credit Union will be open about privacy policies and procedures with respect to the management of personal information and shall make them readily available in a form that is generally understandable.

8.2 The information made available shall include:

  • the name or title, and the address of the Privacy Officer who is accountable for compliance with Servus Credit Union's policies and procedures and to whom inquiries or complaints can be forwarded;
  • the means of gaining access to personal information held by Servus Credit Union;
  • a description of the type of personal information held by Servus Credit Union, including a general account of its uses;
  • a copy of any brochures or other information that explains Servus Credit Union's policies, procedures, standards or codes; and
  • the types of personal information made available to Service Providers.

8.3 Servus Credit Union may make information on its policies and procedures available in a variety of ways. The method chosen depends on the nature of its business and other considerations. For example, Servus Credit Union may choose to make brochures available in its place of business, mail information to its members, provide on-line access, or establish a toll-free telephone number.

Principle 9 - Individual Access

Upon request, Servus Credit Union will inform members of the existence, use, and disclosure of their personal information, and provide access to that information. Members are entitled to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.1 Upon request, Servus Credit Union will inform a member of the existence, use, disclosure, and source of personal information about the member held by Servus Credit Union, and shall allow the member access to this information.

9.2 For Servus Credit Union to provide an account of the existence, use, and disclosure of personal information, the member may be asked to provide sufficient information to aid in the search. The additional information provided shall only be used for this purpose.

9.3 In providing an account of Service Providers to which it has, or may have, disclosed personal information about a member, Servus Credit Union will be as specific as possible, including a list of Service Providers.

9.4 Servus Credit Union will respond to a member's request within a reasonable time and at a reasonable cost to the member. Servus Credit Union will, to the best of its ability, provide the requested information in a form that is generally understandable. For example, if Servus Credit Union uses abbreviations or codes to record information, an explanation will be provided.

9.5 When a member successfully demonstrates the inaccuracy or incompleteness of personal information, Servus Credit Union shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, Servus Credit Union shall transmit the amended information to Service Providers having access to the information in question.

9.6 When a challenge is not resolved to the satisfaction of the member, Servus Credit Union shall record the substance of the unresolved challenge. When appropriate, Servus Credit Union shall transmit the existence of the unresolved challenge to Service Providers having access to the information in question.

9.7 In certain situations, Servus Credit Union may not be able to provide access to all the personal information it holds about a member. Exceptions to the access requirement will be limited and specific. The reasons for denying access include the following:

  • providing access would likely reveal personal information about a third party unless such information can be severed from the record or the third party consents to the disclosure, or the information is needed due to a threat to life, health or security;
  • the personal information has been requested by a government institution for the purposes of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out any investigation related to the enforcement of any law, the administration of any law, the protection of national security, the defence of Canada or the conduct of international affairs;
  • the information is protected by solicitor-client privilege;
  • providing access would reveal confidential commercial information, provided this information cannot be severed from the file containing other information requested by the individual;
  • providing access could reasonably be expected to threaten the life, health, or security of another individual, provided this information cannot be severed from the file containing other information requested by the individual;
  • the information was collected without the knowledge or consent of the individual for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; and
    the information was generated in the course of a formal dispute resolution process.

Principle 10 - Compliance

Members shall be able to question compliance with the above principles to Servus Credit Union's designated Privacy Officer. Servus Credit Union shall have policies and procedures to respond to members' questions and concerns.

10.1 The Privacy Officer accountable for Servus Credit Union's compliance shall be known to staff and identified to the members periodically.

10.2 Servus Credit Union will maintain procedures to receive and respond to complaints or inquiries about their policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.

10.3 Members who make inquiries or lodge complaints shall be informed by Servus Credit Union of the existence of relevant complaint procedures. If a complaint is not satisfactorily resolved with the Privacy Officer of Servus Credit Union, it may be taken to Servus Credit Union's Board of Directors. If not resolved there, procedures shall be in place to refer it to Credit Union Central of Canada, to a regulator, or to an independent mediator or arbitrator, as may be appropriate.

10.4 Servus Credit Union will investigate all complaints. If a complaint is found to be justified, Servus Credit Union shall take appropriate measures, including revision of the personal information and, if necessary, amending its policies and practices.
  Top of Page
 

Home > security > privacy
Return to Home Page Conduct a Search Contact Us Canada's Best Managed Companies