ESSENTIAL AND EMRGENCY SERVICES & PARTNERS CO-OPERATIVE CREDIT UNION LIMITED

PRIVACY NOTICE

Effective December 1, 2023

1.0  INTRODUCTION

We, the Essential and Emergency Services & Partners Co-operative Credit Union Limited (herein called the “EESPCCUL”, “Credit Union”, “We”, “Us”, “Our”) respect your privacy and have implemented systems and procedures to ensure that personal data is processed in accordance with leading data protection privacy practices and the applicable laws on the data protection in Jamaica in which we operate.

We know that data privacy is an important issue, and we want you to enjoy your interaction with us with the assurance that we value your personal data and that we protect it.

Herein you will find an overview of how we process your personal data, the purpose for which we process it, how it is shared and how you benefit. You will also see what your rights are and how you can contact us.

This Privacy Notice applies to the personal data that we collect and handle for the purposes of maintaining and providing our services when you use our website, when you subscribe to our newsletter, take part in a survey, access our products and services, or any other marketing initiatives.

For the purposes of this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable individual; that is, any information that allows someone to identify you, including but not limited to: your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with any of these.

The terms of this Privacy Notice should be read alongside our general terms and conditions, disclaimers or other contractual terms you have entered into with us, and any applicable laws and regulations.

Please note that this privacy notice may be updated from time to time without notice.

2.0   WHO ARE WE?

The Essential and Emergency Services & Partners Co-operative Credit Union Limited, is a member-centric, financially-sound and technologically enhanced credit union, with a mission to improve the quality of life of its members and their families, through the provision of personalized financial advice and solutions.

Our Credit Union was first established in October 1958 as the Jamaica Prison Service Co-operative Credit Union. In 1975 the Government merged the Prison Services, Probation Department and Juvenile Approved Schools into the Department of Correctional Services, and this necessitated the name change of the credit union to Correctional Services Co-operative Credit Union Limited.

Membership in the Credit Union was limited to employees of the Department of Correctional Services, employees of the Credit Union and the immediate family of the two groups of employees (where “immediate family” consists of a mother, father, spouse, and biological and legally adopted children).

Correctional Services Co-operative Credit Union was renamed the Essential and Emergency Services & Partners Co-operative Credit Union Limited effective December 3, 2019, to broaden and strengthen its membership and financial base. The Credit Union’s core function is to provide financial services to its membership which includes employees of the correctional services, the fire services, other essential services and their partners, along with their immediate families. A variety of financial services and products is offered to the members from the Credit Union’s office in Kingston and an outpost at the Spanish Town Prison Oval.

Essential and Emergency Services & Partners Co-operative Credit Union Limited is positioned to be a premier financial institution providing quality services for thousands of members. The objective of the Credit Union is to create a source of credit for its members at reasonable interest rates for provident and productive purposes. However, we are subject to the varying requirements of data protection legislation in the jurisdiction where we operate. Our aim is to be as consistent as possible as we obey all applicable laws and apply the highest standard of privacy laws to our approach.

The Data Protection Act of Jamaica (DPA) is applicable to credit unions under the obligation of a Data Controller. Where the DPA does not provide sufficient guidance, we will be guided by the principles and requirements of the General Data Protection Regulation of the UK/EU (GDPR), adjusted, if necessary, to the local environment. The GDPR is recognised as the de-facto international standard of data protection.

3.0 OUR AGREEMENT WITH YOU

As a member, you agree to us collecting, using and appropriately disclosing your personal information in accordance with our contract with you. We may change our products and services at any time without notice, and consequently, our Privacy Notice may be updated at any time in the future. Continued use of our products and services implies ongoing acknowledgement and consent to same.

4.0  OUR PRIVACY PROMISE TO YOU

We will:

  1. Secure and protect your personal information;
  2. Not disclose your personal information outside of the confines of the Essential and Emergency Services & Partners Co-operative Credit Union Limited without your consent, unless required by law;
  3. Enable you to express your preferences so that you can manage how we use your personal information.
  • WHAT INFORMATION DO WE COLLECT?

5.1  Personal Data

We gather various types of information that may identify you as an individual (“personal information”). We collect information from you depending on how you interact with us and our services. These include if you are an existing member, potential member who has enquired about our services, beneficiaries, claimants, suppliers or service providers, employee of a supplier/ service provider, etc.

We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalized products and services. Depending on the type of products or services we provide to you, we collect various types of personal data about you, which will be used for the sole purpose for which the information was provided to us and may include:

  1. Contact details such as your name, address, date of birth, email address and phone number;
  2. Government identifiers such as your Taxpayer Registration Number, Valid

Photo ID (e.g., a Passport, Driver’s Licence or Electoral ID; c) Proof of Employment;

  • Employment status and details;
  • Proof of Address;
  • Character Reference;
  • Declaration of US citizenship, Tax residency (if appropriate);
  • Politically Exposed Person Status;
  • Mother’s maiden name;
  • Financial Information;
  • Transaction Records;
  • Image Capture via CCTV or webinar recording.
  • Account login credentials such as usernames and passwords;
  • Transactional information such as your credit or debit card number;
  • Details on services received from us; or
  • Communication exchanges or feedback that you provide to us.

5.2  Data We Automatically Collect:

Like many websites, our website use cookies to optimize functionality and to give you the best possible experience. We also automatically collect information when you visit our website such as the IP address of your device, browser type and version, operating system and other software installed on your device and mobile platforms, device’s geo-location.

In operating our website, we may also collect the following types of Personal Data:

Log Data – This data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you.

Google Analytics – We collect this data so that we can improve our website and access it.

Cookies – We may also use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. “Cookies” are small pieces of information that our website sends to your computer’s hard drive while you are viewing a website. Upon your initial visit to the website, you will have the option of accepting or refusing cookies and you will be able to choose the type of cookie you accept or reject. You may also configure your browser to ensure no cookies are stored on your hard drive.

We may use both “Session Cookies” (which expire once you close your web browser) and “Persistent Cookies” (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Persistent Cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customization.

5.3 Circumstances in which Your Information is Collected:

  • When you request information about our products and services;
  • When you apply for our products and services;
  • When you talk to us on the phone or in branch, including recorded calls and notes we make;
  • When you use our websites, web chats and mobile device apps;
  • When you send emails and letters;
  • When you submit insurance claims or other documents;
  • When you participate in customer surveys, webinars, video calls, etc.;
  • When you take part in our competitions or promotions.
  • When you register or apply for benefits under our rewards programs.

5.3.1  We may also collect data when you use our services. This data collection covers two areas:

  1. details about how and where you access our services and;
    1. account activity that is shown on your statement as follows:
      1. Payments and Transactions: This includes the amount, frequency, type, location, origin and recipients. If you borrow money, it also includes details of repayment and whether they are made on time and in full.
      1. Profile and Usage of Information: This includes any security details you create and use to connect to our services. It also includes your settings and marketing choices. Additionally, we gather statistical data about your browsing actions and patterns, from the devices you use (such as computers and mobile phones) to connect to our internet, mobile and telephone banking services. We may collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers.

6.0  WHO COLLECTS DATA?

Personal data is collected by our Member Service Representatives, Tellers, Loans Officer, Securities & Delinquency Officers, Accounts Department, Marketing Officers, Systems Administrator, or other third parties.

6.1 Disclosures to Third Parties

Our website may contain links to other sites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party site or services.

We may disclose your Personal Data to third parties to whom you expressly ask us to send your Personal Data or to third parties for whom you consent to us sending your personal information. Third parties include our partners, affiliates, service providers and professional advisors. Personal Data may also be shared with regulators in order to demonstrate compliance with legal obligations. Personal Data will only be shared with third parties to provide our services to you and/or to comply with legal obligations. These third parties do not retain, share, use or process personal data beyond the defined purpose of providing our services to you.

6.2    International Transfers of Personal Data

We may process your personal data outside of the countries in which you are based (including countries outside of the territories in which we operate) for the purposes set out in this notice. When we transfer your personal data to other countries, we take steps to ensure that this is done in compliance with applicable laws.

7.0  REASONS FOR COLLECTING DATA?

We may use the data collected from our members and their users in connection with the services we provide for a range of reasons, including to:

  • Fulfil regulatory requirements;
  • Create member accounts;
  • verify the identity of members, their creditworthiness and the accuracy of the information provided, in order to administer the members’ accounts;
  • update members personal data;
  • update contractual agreement terms and conditions;
  • test new products;
  • develop new ways to meet our members’ needs;
  • communicate to you, information related to our products and services;
  • execute the business of the Credit Union in accordance with industry best practices;
  • provide, operate and maintain the services;
  • process     and    complete     transactions,      and    send    related     information, including transaction confirmations and receipts;
  • manage our members’ use of the services, respond to enquiries and

comments, and provide member service and support;

  • manage fees, charges and interest due on member accounts;
  • send      alerts,      updates,      security      notifications,       and      administrative communications;
  • track use of the website and applications;
  • improve the Credit Union’s website, applications, promotions, payment systems, amongst other services;
  • investigate and prevent criminal or fraudulent activities and money laundering, unauthorized access to the services, and other illegal activities;
  • conduct internal research, to market products to members and to communicate with them;
  • improve overall customer experience and ensure compliance with our legal and regulatory obligations; and
  • manage how we work with other companies that provide services to us and our members.
  • perform any other functions about which we notify our members and users.

8.0  WHAT ARE OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL INFORMATION?

The lawful bases we rely on for processing this information are:

  1. Your consent. You are free to remove your consent at any time. You can do this by contacting our Data Protection Officer whose contact details are listed herein.
    1. contractual obligation.
    1. legal obligation.
    1. a vital interest.
    1. to perform a public task.
    1. a legitimate interest.

9.0  DATA SECURITY AND STORAGE

We appropriate technical and organizational security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. This is done to protect the confidentiality and integrity of your data.

Your information is secured physically in a fireproof vault and stored electronically on hard drives or online in the “cloud”. We keep your personal data for a period as prescribed by law and we will then dispose of your information by shredding as well as deletion (including back-up data). We take every reasonable step to ensure that your personal data is only processed for the minimum period necessary in connection with:

  1. the purposes set out in this privacy notice;
    1. any additional purposes notified to you at or before the time of collection of the relevant personal data for commencement of the relevant processing;
    1. as required or permitted by applicable law, and thereafter for the duration of any applicable limitation.

In short, once your personal data is no longer required, we will dispose of it either electronically or physically in a secure manner.

We (and our third-party service providers) use a variety of measures to keep your personal data confidential and secure including restricting access to your personal data on a need-to-know basis and following appropriate security and access control standards. Some of these measures include:

  1. We use vulnerability scanning and/or scanning to Payment Card Industry (PCI) standards.
    1. We use regular Malware Scanning.
    1. Your Personal Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems

and are required to keep the information confidential. In addition, sensitive information you supply is encrypted via “Secure Socket Layer (SSL)” technology.

  • We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
    • Transactions are processed and stored or processed on our servers.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while the Credit Union uses reasonable efforts to secure and protect your Personal Data, we cannot guarantee its absolute security.

10.   DATA RETENTION

We only retain your personal data for as long as it is needed to provide our services to you. We also retain personal data in line with legal requirements which may stipulate retention periods for different categories of personal data. We typically therefore retain members’ personal data for a minimum of seven years following the date of transaction or termination of customer relationship.

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons.

11.0   YOUR PRIVACY RIGHTS AND CHOICE

You can access, modify and delete any personal and other information that is made available to you in your Account or in-app.

Under the Jamaica’s Data Protection Act, data subjects enjoy the following rights:

  1. Right to be informed about how your personal data is being processed.
    1. Right to request access to your personal data.
    1. Right to consent and withdraw consent.
    1. Right to request the correction of your personal data.
    1. Right to object to the processing of your personal data.
    1. Right to request transfer of your personal data.
    1. Right to require that your personal data is not subject to automated decision making only.

If you wish to exercise any rights set out above, please contact us or our Data Protection Officer by e-mail at privacy@eespccul.com. However, if you choose not to provide personal data when you ask or when we ask you, please note that this may limit the services we can offer you or continue to offer you.

12.0 NOTIFIABLE DATA BREACHES

We take data breaches very seriously. We will endeavour to meet the 72-hour deadline as stipulated by the DPA to report any data breach to the Information Commissioner.

Further, where there is likely to be a high risk to your rights, we will endeavor to contact you without undue delay.

It will inform you of:

  • the nature of the security breach;
    • the measures taken or proposed to be taken to mitigate or address the possible adverse effects of the breach; and
    • the name, address and other relevant contact information of our Data Protection Officer or other designated representative.

We will review every incident and/or breach and take action to prevent future incidents or breaches.

13.0  CHILDREN’S PRIVACY

Our services are not offered to persons under the age of eighteen (18) without parental or guardian consent. Any information that is in breach of this provision will be deleted.

If you become aware that a child has provided us with information, please contact our Data Protection Officer.

14.0  CHANGES TO THIS PRIVACY POLICY

Data privacy and protection is an ongoing responsibility and so this privacy policy is subject to occasional revision to ensure that it remains in line with the ever evolving regulatory and security landscape. The Credit Union therefore reserves the right, at its sole discretion, to modify or replace any part of this Privacy Policy. It is your responsibility to check this Privacy Policy periodically for changes. The last date of modification will be noted at the end of this Notice. Continued use of our Site or Services indicates your acknowledgement that it is your responsibility to review this Privacy Policy periodically and become aware of any modifications. Changes to this policy are effective once they have been uploaded to our website.

15.0  CONTACT INFORMATION

The Credit Union welcomes your comments or questions regarding this Privacy Policy. If you have a question or comment regarding this Privacy Policy or you would like to make a complaint, please contact our Data Protection Officer using the details below.

Data Pro Consulting Ltd.

Data Protection Officer (External Service Provider) 9th Floor Pan Jam Building

60 Knutsford Boulevard Kingston

Jamaica, WI

Email Address: privacy@eespccul.com Telephone: 876-665-5671

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@eespccul.com and we will promptly remove you from ALL correspondences.

Last Updated: November 29, 2023

Privacy Policy