Kindred Credit Union’s Privacy Code
At Kindred, we understand that privacy is a critical issue for all our members. Our privacy code outlines our principles regarding the confidentiality of member personal information.
This code outlines the principles Kindred applies when protecting members' privacy. We believe that ensuring the accuracy, confidentiality, and security of the information we hold about you is more than simply a legal requirement; it is an ethical obligation.
Our Privacy Code outlines the principles we rely upon to protect the privacy of your personal information.
"Collection" – the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.
"Consent" – involves voluntary agreement with what is being done or proposed. Consent may be expressed or implied. Express consent can be given orally or in writing, it is unequivocal, and does not require any inference on the part of Kindred. Implied consent exists when Kindred can reasonably infer consent based upon the action or inaction of the member.
"Member" – is any individual who uses, or applies to use, financial services with Kindred.
“Kindred” – means Kindred Credit Union Limited.
"Disclosure" – the act of making personal information available to others outside of Kindred.
"Use" – the treatment and handling of personal information by and within Kindred.
"Personal Information" – information about an identifiable individual that is recorded in any form; excluding the individual's name, business title, business address and business phone number.
"Third-Party" – an individual or organization other than Kindred and the member.
Section 1: Kindred's Accountability
1.0 Kindred is accountable for the protection of members' personal information.
1.1 The overall responsibility for the protection of personal information and compliance with this code rests with Kindred’s Privacy Officer.
1.2 Kindred is committed to ensuring that appropriate security measures are employed in the transfer of sensitive information. When a Member elects to use email or other non-secure wireless communication, Kindred cannot guarantee complete confidentiality.
1.3 Kindred is not accountable for any damages suffered when a member elects to transmit personal information through email or other non-secure wireless communication or when Kindred transmits information using these channels at the request of the member.
1.4 Kindred has policies and procedures in place to protect personal information in our possession; receive and respond to complaints and inquiries related to personal information; and to train staff regarding our Privacy policies.
Section 2: Identifying the Purposes of Personal Information
2.0 Kindred will communicate the purposes for which personal information is being collected, either orally or in writing, at the time the personal information is collected.
2.1 Kindred collects personal information for many purposes that can be reasonably inferred for a financial institution providing financial products and services to the public. This includes but is not limited to the following:
- To provide financial services to our members;
- To understand the financial and banking needs of our members;
- To develop and manage products and services to meet the needs of our members;
- To contact our members directly for products and services that may be of interest;
- To respond to inquiries and other communication with our Members;
- To determine the eligibility of our members for different products and services;
- To ensure a high standard of service to our members;
- To meet regulatory requirements;
- To verify a member's identity
Section 3: Member Consent
3.0 Kindred will obtain member consent to collect, use or disclose any personal information. Kindred will make reasonable efforts to ensure that members understand how their personal information will be used and disclosed.
3.1 A member's consent can be express, implied, or given through an authorized representative such as a lawyer, agent or broker. A member can withdraw consent at anytime, with certain exceptions (see section 3.3). Kindred, however, may collect, use or disclose personal information without the member's knowledge or consent in exceptional circumstances:
- When such collection, use or disclosure is permitted or required by law
- When use of information is for acting in an emergency that threatens an individual's life, health, or personal security
- When the information is already publicly available
- When we require legal advice from a lawyer
- When we need to collect a debt from a member
- When we need to deal with an anticipated breach of law.
3.2 Consent may be given orally, in writing, or electronically. For example, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form; when using a product or service; when indicating by means of a check-off box whether or not consent is granted.
3.3 Subject to contractual or legal agreements, members may withdraw or refuse consent provided that Kindred is given reasonable notice. Refusal or withdrawal of consent may prevent Kindred from providing specific products or services. Kindred will not unreasonably withhold products or services from members who refuse or withdraw consent, but if information is required by law or required to operate banking systems, Kindred may decline to deal with a member or person who will not consent to the use of such information.
Section 4: Limits for Collecting Personal Information
4.0 Kindred will only collect personal information for the specific purposes identified.
4.1 Kindred will not collect information indiscriminately.
Section 5: Limits for Using, Disclosing, and Keeping Personal Information
5.0 Member information will only be used or disclosed for the purpose for which it was collected. Kindred will not use personal information for any additional purpose unless Kindred has the member’s consent to do so.
5.1 Kindred will not sell member lists or personal information to Third Parties unless Kindred has the member’s express consent to do so.
5.2 Kindred may periodically use member personal information to conduct member surveys in order to enhance our provision of financial services. If an outside body is employed to conduct research on behalf of Kindred, or provide other services that require access to member information, Kindred will ensure that appropriate security undertakings are employed to protect the transfer and use of personal information.
5.3 Kindred will retain member personal information only as long as necessary for the identified purposes, or as required by legislation.
5.4 Kindred may disclose personal information related to a financial asset of Kindred along with the sale or transfer of that financial asset.
Section 6: Accuracy
6.0 Kindred will periodically take steps to confirm that member personal information is as accurate, complete, and current as required for the purposes for which it was collected.
6.1 Members may request amendments to their personal information held by Kindred in order to ensure accuracy and completeness. If the amendment request pertains to information that remains in dispute, Kindred will keep a record of the member's dispute.
Section 7: Safeguarding Personal Information
7.0 Kindred is committed to the safekeeping of member personal information in order to prevent its loss, theft or unauthorized use.
7.1 Kindred will employ appropriate security measures to protect the information appropriate to the sensitivity of the information.
7.2 Kindred will use appropriate measures to safeguard privacy when disposing of member personal information.
Section 8: Providing Member Access to Personal Information
8.0 Members have a right to access their personal information held by Kindred upon written request. Kindred will confirm what personal information is on record, what this information is being used for, and to whom it has been disclosed.
8.1 All Members requesting to verify their personal information will be required to provide personal information that positively identifies themselves to Kindred.
8.2 Kindred will make the requested personal information available within 30 days, or provide written notice of extension where additional time is required to fulfill the request. When information is not provided within 30 days of the request, Kindred will, no later than 30 days after the date of the request, send a notice of extension to the member, advising of the new time limit, the reasons for extending the time limit.
8.3 The requested personal information may be made available at a cost that will vary with the type and amount of information requested. Where a cost will be incurred for the request, Kindred will inform the member of the cost prior to proceeding with the request.
8.4 If a request is refused, Kindred will notify the member in writing of the reasons for refusal.
8.5 In certain situations, Kindred may not be able to provide access to any or all personal information about a member. In such cases, Kindred will provide an explanation of the reasons it will not provide the requested information.
8.6 If the information is verified to be inaccurate or incomplete, Kindred will amend the original information as required. Where appropriate, Kindred will transmit the amended information to Third Parties having access to the information in question.
Section 9: Compliance and Complaints
9.0 Members are to direct any complaints, concerns or questions regarding this privacy code in writing to the Privacy Officer. If the Privacy Officer is unable to address the member's concerns, the issue can be referred to the office of the CEO. At any point, the member may elect to contact the Privacy Commissioner of Canada.
9.1 Kindred’s Privacy Officer can be reached as follows:
Kindred Credit Union Privacy Officer
1265 Strasburg Rd
Kitchener, ON N2R 1S6