Your Privacy is Important to Us
We are committed to protecting your privacy and safeguarding your personal and financial information. While the Internet is revolutionizing the way that we do business — providing convenient access to financial services from your home or office — we also recognize that it may bring legitimate concerns about privacy and security.
At Kindred Credit Union (Kindred), our goal is to serve members as effectively and conveniently as possible. In order to provide you with a high level of service and an extensive range of products, we need to know who you are and understand your financial needs. To do this, sometimes we may require you to provide us with certain personal information beyond your name and address. For example, to provide you with an investment product, we must request your social insurance number. To provide you with a mortgage or line of credit, we need to assess your credit history and financial status. We understand your concerns in providing this information. Your privacy and the security of your information are important to us.
Kindred Privacy Code
At Kindred, we understand that privacy is a critical issue for all our members. Our privacy code outlines our principles and procedures regarding the confidentiality and security of member personal information.
This code outlines the principles Kindred applies when protecting members’ privacy. We believe that ensuring the accuracy, confidentiality, and security of the information we hold about you is more than simply a legal requirement; it is an ethical obligation.
This code is based on the Canadian Standards Association (CSA) Model Code for the protection of personal Information (CAN/CSA-Q830-96) and the Federal Personal Information Protection and Electronic Documents Act (PIPAEDA). Based on these models, we have tailored our own ten privacy principles to meet the specific needs and expectations of our membership.
This code applies to Kindred. It outlines the principles and commitments we make to you, our member, to protect the privacy of your personal information. This code does not apply to the information collected, used or disclosed with respect to corporate or commercial entities that are members. However, Kindred exercises the same care and diligence in protecting the confidentiality of this information.
“Collection” – the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.
“Consent” – involves voluntary agreement with what is being done or proposed. Consent may be expressed or implied. Express consent can be given orally or in writing, it is unequivocal, and does not require any inference on the part of Kindred. Implied consent exists when Kindred can reasonably infer consent based upon the action or inaction of the member.
“Member” – is any individual who uses, or applies to use, financial services with Kindred.
“Kindred” – means Kindred Credit Union Limited.
“Disclosure” – the act of making personal information available to others outside of Kindred.
“Use” – the treatment and handling of personal information by and within Kindred.
“Personal Information” – information about an identifiable individual that is recorded in any form; excluding the individual’s name, business title, business address and business phone number.
“Third-Party” – an individual or organization other than Kindred and the member.
Section 1: Kindred’s Accountability
1.0 Kindred is accountable for the protection of members’ personal information. While the board of directors is ultimately accountable for the protection of personal information, the day-to-day monitoring for compliance may be delegated to other staff.
1.1 The overall responsibility for the protection of personal information, and compliance with this code rests with Kindred’s Privacy Officer.
1.2 Kindred is committed to ensuring that the appropriate security measures are employed in the transfer of sensitive information. However, when using e-mail or wireless communication, Kindred advises members that complete confidentiality and security are not assured.
1.3 Kindred is not accountable for any damages suffered when a member transmits personal information through e-mail or wireless communication or when Kindred transmits information at the request of the member.
1.4 Kindred has developed policies and procedures to: protect personal information; receive and respond to complaints and inquiries; train staff regarding the policies and procedures; communicate the policies and procedures to our members.
Section 2: Identifying the Purposes of Personal Information
2.0 Kindred will communicate the purposes for which information is being collected, either orally or in writing.
2.1 Kindred collects member personal information for the following reasons:
- To provide financial services;
- To understand the financial and banking needs of our members;
- To develop and manage products and services to meet the needs of our members;
- To contact our members directly for products and services that may be of interest;
- To determine the eligibility of our members for different products and services;
- To ensure a high standard of service to our members;
- To meet regulatory requirements;
- To verify a member's identity.
Section 3: Member Consent
3.0 Kindred will obtain member consent to collect, use or disclose any personal information except where detailed in this code. Kindred will make reasonable efforts to ensure that members understand how their personal information will be used and disclosed.
3.1 A member's consent can be express, implied, or given through an authorized representative such as a lawyer, agent or broker. A member can withdraw consent at anytime, with certain exceptions (see section 3.3). Kindred, however, may collect, use or disclose personal information without the member's knowledge or consent in exceptional circumstances:
- When such collection, use or disclosure is permitted or required by law
- When use of information is for acting in an emergency that threatens an individual's life, health, or personal security
- When certain information is publicly available
- When we require legal advice from a lawyer
- When we need to collect a debt from a member
- When we need to deal with an anticipated breach of law.
3.2 Consent may be given orally, in writing, or electronically. For example, depending on the sensitivity of the information, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form; when using a product or service; when indicating by means of a check-off box whether or not consent is granted.
3.3 Subject to contractual or legal arrangements, members may withdraw or refuse consent provided that Kindred is given reasonable notice. Refusal or withdrawal of consent may prevent Kindred from providing a product or service to the member as in the case where a member is applying for credit and will not provide relevant credit information. Kindred will not unreasonably withhold products or services from members who refuse or withdraw consent, but if information is required by law or required to operate banking systems, Kindred may decline to deal with a member or person who will not consent to the use of such information.
Section 4: Limits for Collecting Personal Information
4.0 Kindred will only collect personal information for the purposes identified. Kindred will use methods that are lawful and will not collect information indiscriminately.
Section 5: Limits for Using, Disclosing, and Keeping Personal Information
5.0 Member information will only be used or disclosed for the purpose for which it was collected. Kindred will not use personal information for any additional purpose unless Kindred seeks member consent to do so.
5.1 Kindred will not sell member lists or personal information to Third Parties.
5.2 Kindred may periodically use member personal information to conduct member surveys in order to enhance our provision of financial services. If an outside body is employed to conduct research on behalf of Kindred, or provide other services that require access to member information, Kindred will ensure that appropriate security undertakings, such as confidentiality clauses in contractual arrangements, are employed to protect the transfer and use of personal information.
5.3 Kindred will retain member personal information only as long as necessary or expected to be necessary for the identified purposes, or as required by legislation.
5.4 Kindred may disclose personal information related to a financial asset of Kindred along with transfer of the financial asset.
Section 6: Accuracy
6.0 Kindred will make reasonable efforts to ensure that member personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, Kindred relies on its members to ensure that certain information, such as the member's address or telephone number, is current, complete, and accurate.
6.1 Kindred will not routinely update information unless it is necessary to fulfill the purposes for which it was collected or if it is required to maintain an active account.
6.2 Members may request amendments to the records at Kindred in order to ensure the accuracy and completeness of their personal information. If the amendment request pertains to information that remains in dispute, Kindred will note the member's opinion in the file.
Section 7: Safeguarding Personal Information
7.0 Kindred is committed to the safekeeping of member personal information in order to prevent its loss, theft, unauthorized access, disclosure, duplication, use, or modification.
7.1 Depending on the sensitivity of the information, Kindred will employ appropriate security measures to protect the information. The measures may include, for example, the physical security of offices, and electronic security measures such as passwords, encryption, and personal identification numbers.
7.2 Kindred will use appropriate security measures when disposing of member personal information.
7.3 The development of Kindred’s policies and procedures for the protection of personal information is an ongoing process. Changes in technology necessitate that Kindred continually develops, updates, and reviews information protection guidelines and controls to ensure ongoing information security.
Section 8: Availability of Policies and Procedures
8.0 Kindred is open about the policies and procedures it uses to protect member personal information. Information about these policies and procedures will be made available to members either electronically or in written format in plain language. However, to ensure the integrity of our security procedures and business methods, Kindred may refuse to publicly disclose certain information.
8.1 Kindred will make the following information available:
- The name, title and address of the person accountable for the policies and procedures and to whom complaints or inquiries can be forwarded;
- A description of the type of personal information held by Kindred, including a general account of its use;
- A copy of any brochures or other information that explain the policies and procedures; and
- An explanation of what personal information is made available to related organizations such as affiliated companies.
Section 9: Providing Member Access to Personal Information
9.0 Members have a right to access their personal information held by Kindred. Upon request, Kindred will, within a reasonable time period, tell the member what personal information it has, what it is being used for, and to whom it has been disclosed, if applicable, and within the time period for which records are available.
9.1 Members may be asked to be specific about the information they would like to access and to submit their request in writing to the Privacy Officer at Kindred’s head office.
9.2 Members will be required to provide personal information to identify themselves to enable Kindred to provide an account of the existence, use, and disclosure of personal information.
9.3 Kindred will make the information available within 30 days, or provide written notice of extension where additional time is required to fulfill the request. When information is not provided within 30 days of the request, Kindred will, no later than 30 days after the date of the request, send a notice of extension to the member, advising of the new time limit, the reasons for extending the time limit and of the right of the member to make a complaint to the Commissioner regarding the extension.
9.4 The information will be made available at a cost that will vary with the type and amount of information requested. Where a cost will be incurred by the member, Kindred will inform the member of the cost and request further direction from the member on whether or not Kindred should proceed with the request.
9.5 When reporting to members to whom their information has been disclosed, Kindred will not document information transfers necessary for the daily provision of products and services to members. For example, transfers to organizations that process debit card purchases, cheque clearing, credit card transactions, and automated banking transactions will not be documented. Upon request, Kindred will provide a list of organizations where member personal information may have been sent.
9.6 If a request is refused, Kindred will notify the member in writing, documenting the reasons for refusal and resources for redress available to the member.
9.7 In certain situations, Kindred may not be able to provide access to any or all personal information about a member. In such cases, Kindred will explain the reasons it will not provide the requested information, and identify resources for recourse available to the member. The reasons for not providing information may include that it is unreasonably costly to provide, information that would threaten the life or security of another individual, information generated in a formal dispute resolution process, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
9.8 If the information is demonstrated to be inaccurate or incomplete, Kindred will amend the information as required. Where appropriate, Kindred will transmit the amended information to Third Parties having access to the information in question.
Section 10: Compliance and Complaints
10.0 Members are to direct any complaints, concerns or questions regarding this privacy code in writing to the Privacy Officer. If the Privacy Officer is unable to address the member's concerns, the issue can be referred to the office of the CEO. At any point in this process the member may also write to the Privacy Commissioner.
10.1 Contact Information: