NB: This policy may change with or without prior notice. However, the Credit Union will make a reasonable effort to seek input from key stakeholders prior to any changes.

Introduction

P.W.D. Co-operative Credit Union Limited, (PWDCCU Limited) is a member-centric, financially-sound and technologically enhanced credit union, with a mission to improve the quality of life of its members and their families, through the provision of personalized financial solutions.

At PWDCCU Limited, we are committed to protecting your privacy. we ensure that the processing of your Personal Data is compliant with Jamaica’s Data Protection Act (JDPA), and any country-specific data protection laws and regulations to the extent applicable to PWDCCU Limited. We have also implemented several technical, organizational and physical measures to ensure the most complete protection of personal Data processed through the site or use of our services.

We have prepared this Privacy Notice to describe to you our practices regarding the personal information we collect from our members and users of our website.

1.1 Purpose

The objective of this Privacy Notice is to describe how PWDCCU Limited collects, uses, shares, stores and manages your personal data, and informs you of your rights regarding your personal data. This Privacy Notice aims to secure the data, maintain confidentiality and integrity of PWDCCU’s IT infrastructure when you use our website, subscribe to our newsletter, take part in a survey, and access our products and services. It also delivers a quality assurance to PWDCCU’s business by ensuring PWDCCU’s seclusion of its business information dependencies on IT functionality.

1.2 Scope

This policy applies to:

All staff (permanent and temporary/contractual) and non-employees (contractors, consultants, suppliers, vendors, board of directors and volunteers) of PWDCCU, other individuals and entities responsible for administering and maintaining the credit union’s IT infrastructure.

1.3 Policy Statements

1.3.1 Data Access – How we collect data.

“Personal Data” means any information that allows someone to identify you, including such as: your name, address, telephone number, email address, as well as any other non-public information about you that is associated with any of these. When you visit our website, you are free to explore without providing any personal data about yourself. We only collect personal data from you when you register, subscribe to a service or fill out a form.

“Anonymous Data” means data that is not associated with or linked to your personal data, and which does not, by itself, permit the identification of individual persons. We collect Personal Data and Anonymous Data as described below. 

We may collect your personal data through the following means:

• Information you provide via our website, social media networks or events: 

We may collect any personal data that you choose to send to us or provide to us via our website, social media network or when registering or attending an event.

• Information you provide when accessing our services: 

We receive and store information you provide directly to us to access our products and services. For example, when applying to become a member, opening an account or transacting business at our offices.

1.3.2 Third Parties.

In some instances, we may collect personal data from public and non-public sources and third parties for regulatory purposes or to better serve you. These include credit bureaus, references, other financial institutions, regulatory bodies and related entities.

Types of data we may collect:

We collect  a wide range of personal data to allow us to conduct business with you. 

The types of personal data we may collect directly from our members, prospective members, visitors and users of our website include:

• Valid photo ID, for example a Passport, Driver’s License, or ID Card.
• Passport sized Photo
• Taxpayer’s Registration Number (TRN)
• National Insurance Scheme (NIS)
• Proof of Employment
• Address including proof of address and past addresses
• Email Address
• Character References
• Birth Certificate
• Declaration of US Citizenship, Tax Residency, (if appropriate)
• Mother’s Maiden Name
• Employment Status and Details
• Politically Exposed Person Status
• Financial Information
• Transaction Records
• Image capture via CCTV or webinar recording.

In operating our website, we may also collect the following types of personal data

Log Data –  This data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you.

Google Analytics –  We collect this data so that we can improve our website and access to it.

Cookies –  We may also use cookies and URL information to gather information regarding the date and time of your visit and the information for which you searched and which you viewed. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a web site. Upon your initial visit to the website, you will have the option of accepting or refusing cookies and you will be able to choose the type of cookie you accept or reject. You may also cnfigure your browser to ensure no cookies are stored on your hard drive.

We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our site. Persistent Cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customization.

1.3.3 Third Parties.

User Consent –  We will always obtain your clear, informed and freely given consent before processing your personal data, except in circumstances where it is not possible to obtain your consent but your personal data still needs to be processed (for example due to legal obligations we may have or to protect your vital interests, the public interest or to aid in the administration of justice). You may withdraw your consent at any time by the same method it was provided to us or by contacting our Privacy Officer identified below:

Mrs. Janette Getfield Beckford at 8769265745.

Contractual Obligation –  We may process your personal data in contemplation of entering a contract with you or to fulfil our existing contractual obligations to you.

Legitimate Interest –  We process your personal data to efficiently provide and market our services to you. However, we will not process your personal data as doing so poses a risk to your rights, freedoms and vital interests.

Legal Obligation –  There may be instances when we will have to process your personal data to comply with the law. This may require us to process information about criminal convictions to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies. We are also legally obligated to assess affordability and suitability of credit for loans and other credit applications and throughout the duration of the relationship.

How We Use Your Personal Data

We may use the information we collect from you in connection with the services we provide for a range of reasons, including but not limited to:

• Provide our products and services
• Process and complete transactions, and send related information, including transaction confirmations and records.
• Manage our members’ use of the services, respond to enquires, comments and provide customer service support
• Send alerts, updates, security notifications, and administrative communications
• Verify your identity, creditworthiness and the accuracy of the information provided
• Prevent criminal activity, fraud and money laundering
• Trace debtors and recover debts
• Investigate and prevent fraudulent activities, unauthorized access to our services, and other illegal activities, and
• for any other purposes about which we notify members and users

1.3.4 Third Party Controls.

Our website may contain links to other sites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party site or service. We my disclose your personal data to third parties to whom you expressly ask us to send your personal data or to third parties for whom you consent to us sending your personal information.

Third parties include our partners, affiliates, service providers and professional advisors. Personal data may also be shared with regulators to demonstrate compliance with legal obligations. Personal data will only be shared with third parties to provide our services to you and /or to comply with legal obligations. These third parties do not retain, share, use or process personal data beyond the defined purpose of providing our services to you.

1.3.5 Data Storage – How We Protect Your Personal Data.

PWDCCU Limited is committed to protecting the security of your personal data. We (and our third-party service providers) use a variety of industry standard security technologies and procedures, as well as organizational measures to help protect your personal data from unauthorized access, use, or disclosure, such as: 

• Vulnerability scanning and /or scanning to Payment Card Industry *PCI) standards.
• Regular Malware Scanning
• Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted  via Secure Socket Layer (SSL) technology.
• We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. 
• All transactions are processed through a gateway provider and are not stored or processed on our servers.

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, while PWDCCU Limited uses reasonable efforts to protect your personal data, we cannot guarantee its absolute security.

Your Rights

Under Jamaica’s Data Protection Act, the data subjects enjoy the following rights: 

• Right to access your personal data – You are entitled to make a written request to us to be informed whether you personal data is being processed by us. You are also entitled to request a copy of your data. You may also request that your personal data be transferred to a third party.
• Right to be informed about automated decision making – You may request in writing that decisions regarding your personal data that have been made solely based on automated processing be reconsidered with human involvement.
• Right to prevent processing – You are entitled to make a written request to us to cease or not to begin processing your personal data in a specific manner or for a specific purpose.
• Right to rectification – You may request that inaccuracies in your personal data be rectified. “Rectification” means amend, block, erase or destroy, as may be required to correct the inaccuracy. You may request that your personal data be erased on the expiration of any applicable retention period.

Retention Policy

We only retain your personal data for as long as it is needed to provide our services to you. We also retain personal data in line with legal requirements which may stipulate retention periods for different categories of personal data. We typically therefore retain members’ personal data for a minimum of seven years following the date of transaction or termination of customer relationship.

We may also keep your data for longer than seven years if we cannot delete it for legal, regulatory or technical reasons.

Notifiable Data Breaches

We also take data breaches very seriously. We will endeavour to meet the 72 hours deadline as imposed by the JDPA to report any data breach to the Information Commissioner. Further, where there is likely to be a high risk to your rights, we will endeavour to contact you without undue delay.

Our report will inform you of: 

• The nature of the security breach
• The measures taken or proposed to be taken to mitigate or address the possible adverse effects of the breach
• The name, address and other relevant contact information of our Data Protection Officer or other designated representative.

We will review every incident and/or breach and take action to prevent future incidents or breaches. 

Children’s Privacy

Our services are not offered to persons under the age of 18 without parental or guardian consent. Any information that is in breach of this provision will be deleted.

If you become aware that a child has provided us with information, please contact our  Privacy Office at 8769265745.

Changes to This Privacy Policy

Data privacy and protection is an ongoing responsibility and so this Privacy Policy is subject to occasional revision to ensure that it remains in line with the ever-evolving regulatory and security landscape. PWDCCU Limited therefore reserves the right, at its sole discretion, to modify or replace any part of this Privacy Policy. It is your responsibility to check this privacy policy periodically for changes. The last date of modification will be noted at the end of the page.  Continued use of our site or services indicates your acknowledgement that it is your responsibility to review this Privacy Policy periodically and become aware of an modifications. Changes to this policy are effective once they have been uploaded to our website.

Contact Information

PWDCCU Limited welcomes your comments or questions regarding this Privacy Policy. If you have a question or comment regarding this Privacy Policy or you would like to make a complaint, please contact our Privacy Office using the details below.

• info@pwdccu.com
• 147 Maxfield Avenue, Kingston 10
• 876-618-3642-3
• 8769265745

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@pwdccu.com and we will promptly remove you from all correspondence.

Updated: November 23, 2023

Last updated: December 10, 2024.