Privacy Policy

Effective Date: [01/10/25] Version 1.0
Transave Credit Union Ltd

1. Introduction

At Transave Credit Union, we are committed to protecting the privacy and personal data of our members, employees, and stakeholders. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

2. Who We Are

Transave Credit Union Ltd is a member-owned financial cooperative, registered in England and Wales. We provide savings, loans, and financial services to our members with integrity, transparency, and respect.

Transave Credit Union is the data controller for the personal data we process, and we have a designated Data Information Officer (DIO) -see section 17 for contact details.

Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. 

3. For legal reasons: 

We may collect and process the following types of personal data:

  • Identification details: Name, date of birth, Passport or Driving Licence, through digital identification systems.
  • Contact information: Address, email, phone number
  • Financial data: Bank account details, income, credit history, transaction records
  • Employment data:    Employer name, payroll number (for payroll deduction services)
  • We and fraud prevention agencies such as the Cifas who will use it to prevent fraud and money-laundering and to verify your identity. We may also enable law enforcement agencies to access your personal data to detect, investigate and prevent crime. 

4.  For performance of our contract with you. 

We use your personal data to (purpose and legal basis):

  • Manage your membership and accounts -Contractual necessity
  • Process loan applications and repayments- Contractual necessity
  • Communicate with you about your account and services – Contractual necessity & Legitimate interests
  • Comply with legal and regulatory obligations – Legal obligation
  • Security & to Improve our services and member experience – Legitimate interests
  • Marketing (if opted in) – Consent
  • International tax reporting – Legal obligation
  • The personal data you have provided from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity. – Legal obligation & Legitimate interests

5. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contractual necessity: To provide financial services you’ve requested
  • Legal obligation: To meet regulatory requirements
  • Legitimate interests: We process your personal data on the basis that we have legitimate interests in preventing fraud and money laundering, and to verify your identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested, 
  • Consent: For marketing communications only if you consent. (you may withdraw consent at any time)
  • Please see our website for more information.

6. Sharing Your Personal Information

We will disclose your personal information outside of the Credit Union to:

  • Fraud prevention Agencies: agencies who will use it to prevent fraud and money laundering, and to verify your identity. We may also enable law enforcement to access and use your personal data to detect, investigate and prevent crime. 
  • Credit reference agencies, Debt Recovery agents who may check the information against other databases – private and public – to which they have access to. 
  • Payroll partners (for payroll deduction services)
  • Any authorities if compelled to do so by law (e.g. HM Revenue and Customs to fulfil tax compliance obligations) 
  • Fraud prevention agencies to help prevent crime, fraud and money-laundering or where we suspect fraud: 
  • Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring the appropriate safeguards are in place. 
  • To our suppliers in order for them to provide services to us and/or to you on our behalf 
  • To send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account(s) operate and notification of our annual general meeting.

7. Where we send your information.

  • The Credit Union does not Directly send information to any country outside the UK, however, any party receiving personal data may also process transfer and share it for the purposes set out below and in limited circumstances this may involve sending your information to countries  This may be a country where the UK Government has decided that your data will be protected to UK standards.
  • For example, when complying with international  tax regulations we may be required report personal information to the HM Revenue and Customs which may transfer that information to tax authorities where you or a connected person may be a tax resident. 

8. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes outlined in this policy and to comply with legal obligations. Your financial records are retained for six years after account closure. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for six years. 

9. Automated Decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is consistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making and to request human intervention: If you want more information, please contact us using the details below in section 17. 

10. Consequences of Processing

 If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested or to employ you, or we may stop providing existing services to you. 

11. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below. 

12. Your rights under data protection regulations are:

a) The right to access
(b) The right of rectification
(c) The right to erasure
(d) The right to restrict processing
(e) The right to data portability
(f) The right to object to data processing
(g) Rights related to automating decision-making and profiling
(h) Right to withdraw consent
(i) The right to complain to the Information Commissioner’s Office

12. Your rights under data protection regulations are:

The right to access

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. You can access your personal data by your account when logged into this website.

The right to rectification

You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:

  • the personal data is no longer needed for the purpose it was originally processed
  • you withdraw consent you previously provided to process the information
  • you object to the processing under certain rules of data protection law
  • the processing is for marketing purposes
  • the personal data was unlawfully processed

However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims.

The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:

  • you contest the accuracy of the personal data.
  • processing is unlawful but you oppose erasure.
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and
  • you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.

We will only otherwise process it:

  • with your consent;
  • for the establishment, exercise or defence of legal claims; or
  • for the protection of the rights of another natural or legal person.

The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to data portability

To the extent that the legal basis for our processing of your personal data is

(a) consent; or
(b) that the processing is necessary for the performance of our contract with you

You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

The right to complain to the Information Commissioner’s Office

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:

  1. Going to their website at: https://ico.org.uk
  2. Phone on 0303 123 1113
  3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

14. Security Measures

We implement robust technical and organisational measures to safeguard your data, including encryption, secure servers, access controls, and staff training.

15. Children’s data

Where we provide services to minors (e.g. junior savings accounts), we collect and process data with parental or guardian consent in line with legal requirements.

16. Changes to This Policy

We may update this Privacy Policy from time to time and at least annually. Significant changes will be communicated via our website or directly to members. The most recent version will always be available on our website.

17. Contact Us

For more information about how your rights apply to your membership of the credit union or to make a request under your rights you can contact us by email to [email protected] or telephone 0330 175 5555. Alternatively, you may write to the address below marking your correspondence “FAO the Data Information Officer DIO) only” We will aim to respond to your request or query within one month or provide an explanation of the reason for our delay.

Contact details of credit union

Transave Credit Union Ltd

Unit H G4 Business Centre Carlisle Street East Sheffield S4 7QD

Tel: 0330 175 5555   Email: [email protected]

18. Changes to this privacy policy

We can update this Privacy Policy at any time and ideally you should check it regularly on this website and face book for updates. We won’t alert you for every small change, but if there are any important changes to the Policy or how we use your information we will let you know and where appropriate ask for your consent.

19. Cookies

With regards to the new requirements on Cookies following the revision of the e-Privacy Directive, the Credit Union is working towards implementing the new requirements in line with guidance from the Information Commissioner’s Office.

To make using our Site as straightforward as possible and to improve the service we offer you, we use cookies.

What are Cookies?

Cookies are text files that web servers can store on your computer’s hard drive when you visit a website. There are two main types:

  • Transient (or per-session) cookies. These only exist for your site visit and are deleted on exit. They recognise you as you move between pages, for example, recording items added to an online shopping basket. These cookies also help maintain security.
  • Persistent (or permanent) cookies. These stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive doesn’t get overloaded. These cookies often store and re-enter your log-in information, so you don’t need to remember membership details.

Additionally, cookies can be first or third party cookies. First party cookies are owned & created by the website you’re viewing – in this case by the Credit Union. Third party cookies are owned & created by an independent company, usually a company providing a service to the website owners. In our case, third party cookies provided from this Site are still subject to the provisions set out below.

What we use cookies for

Internet cookies help you do things online, like remembering logon details so you don’t have to re-enter them when revisiting a site.

We use cookies to

  • Gather customer journey information across our sites.
  • Ensure your privacy in our secure sites.
  • Temporarily store details input into our calculators, tools, illustrations and demonstrations.

We use both our own (first party) and partner companies’ (third party) cookies to support these activities.

We don’t use cookies to track people’s Internet usage after leaving our sites.

Services requiring enabled cookies

Some of our services require cookies in your browser to view and use them and to protect your financial and personal information.