ABOUT MSCU
MSCU Advantage | Mission | History
Mutual Aid | Financials | Annual Report
Privacy | Careers | Branches
Privacy
MSCU Privacy Statement | Privacy Code
Privacy Statement
Mennonite Savings and Credit Union, its subsidiaries and affiliated companies may collect personal information from me, from product and service arrangements I have made with or through you, from credit bureaus and other financial institutions, and from the references I have provided you.
MSCU may collect, use and disclose my personal information for the following purposes:
• To provide me with financial services
• To understand my financial and banking needs
• To develop and manage products and services to meet my needs
• To contact me directly for products and services that may be of interest
• To determine my eligibility for different products and services
• To ensure that I receive a high standard of service
• To meet regulatory requirements; and
• To verify my identity.
MSCU may provide my personal information to credit bureaus and other financial institutions and, with my consent, to other parties. MSCU may share my personal information with its employees and business partners, but only as needed for the provision of products and services.
MSCU may also use my personal information to introduce products and services that may be of interest to me through contacting me directly (via mail, telephone calls or e-mail only), and share it, (subject to applicable law) for marketing purposes within MSCU.
At any time, I can choose to opt out of receiving direct marketing or sharing my personal information for marketing purposes. To opt out, I will contact you through an MSCU Branch, TeleService at 519-746-1010, toll-free at
1-888-672-6728 or fill out the Withdrawl of Consent Form online.
For more information of how MSCU manages your personal information, please ask us for a copy of our full Privacy Code.
back to top...
Privacy Code
General Information About Privacy
At Mennonite Savings and Credit Union (MSCU), our goal is to serve members as effectively and conveniently as possible. In order to provide you with a high level of service and an extensive range of products, we need to know who you are and understand your financial needs. To do this, sometimes we may require you to provide us with certain personal information beyond your name and address. For example, to provide you with an investment product, we must request your social insurance number. To provide you with a mortgage or line of credit, we need to assess your credit history and financial status. We understand your concerns in providing this information. Your privacy and the security of your information are important to us.
What follows is MSCU’s Privacy Code, which outlines in more detail how we deal with privacy throughout Mennonite Savings and Credit Union.MSCU Privacy Code
At MSCU, we understand that privacy is a critical issue for all our members. Our privacy code outlines our principles and procedures regarding the confidentiality and security of member personal information.
This code outlines the principles MSCU applies when protecting members' privacy. We believe that ensuring the accuracy, confidentiality, and security of the information we hold about you is more than simply a legal requirement; it is an ethical obligation.
This code is based on the Canadian Standards Association (CSA) Model Code for the protection of personal Information (CAN/CSA-Q830-96) and the Federal Personal Information Protection and Electronic Documents Act (PIPAEDA). Based on these models, we have tailored our own ten privacy principles to meet the specific needs and expectations of our membership.
Scope
This code applies to MSCU. It outlines the principles and commitments we make to you, our member, to protect the privacy of your personal information. This code does not apply to the information collected, used or disclosed with respect to corporate or commercial entities that are members. However, MSCU exercises the same care and diligence in protecting the confidentiality of this information.
Definitions
"Collection" - the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.
"Consent" - involves voluntary agreement with what is being done or proposed. Consent may be expressed or implied. Express consent can be given orally or in writing, it is unequivocal, and does not require any inference on the part of MSCU. Implied consent exists when MSCU can reasonably infer consent based upon the action or inaction of the member.
"Member" - is any individual who uses, or applies to use, financial services with MSCU.
“MSCU” - means Mennonite Savings and Credit Union (Ontario) Limited and Meritas Financial Inc., a subsidiary of the Credit Union.
"Disclosure" - the act of making personal information available to others outside of MSCU.
"Use" - the treatment and handling of personal information by and within MSCU.
"Personal Information" - information about an identifiable individual that is recorded in any form; excluding the individual's name, business title, business address and business phone number.
"Third-Party" - an individual or organization other than MSCU and the member.
Section 1: MSCU’s Accountability
1.0 MSCU is accountable for the protection of members' personal information. While the board of directors is ultimately accountable for the protection of personal information, the day-to-day monitoring for compliance may be delegated to other staff.
1.1 The overall responsibility for the protection of personal information, and compliance with this code rests with MSCU’s Privacy Officer.
1.2 MSCU is committed to ensuring that the appropriate security measures are employed in the transfer of sensitive information. However, when using e-mail or wireless communication, MSCU advises members that complete confidentiality and security are not assured.
1.3 MSCU is not accountable for any damages suffered when a member transmits personal information through e-mail or wireless communication or when MSCU transmits information at the request of the member.
1.4 MSCU has developed policies and procedures to: protect personal information; receive and respond to complaints and inquiries; train staff regarding the policies and procedures; communicate the policies and procedures to our members.
Section 2: Identifying the Purposes of Personal Information
2.0 MSCU will communicate the purposes for which information is being collected, either orally or in writing.
2.1 MSCU collects member personal information for the following reasons:
• To provide financial services;
• To understand the financial and banking needs of our members;
• To develop and manage products and services to meet the needs of our members;
• To contact our members directly for products and services that may be of interest:
• To determine the eligibility of our members for different products and services;
• To ensure a high standard of service to our members;
• To meet regulatory requirements;
• To verify a member's identity.
Section 3: Member Consent
3.0 MSCU will obtain member consent to collect, use or disclose any personal information except where detailed in this code. MSCU will make reasonable efforts to ensure that members understand how their personal information will be used and disclosed.
3.1 A member's consent can be express, implied, or given through an authorized representative such as a lawyer, agent or broker. A member can withdraw consent at anytime, with certain exceptions (see section 3.3). MSCU, however, may collect, use or disclose personal information without the member's knowledge or consent in exceptional circumstances:
• When such collection, use or disclosure is permitted or required by law
• When use of information is for acting in an emergency that threatens an individual's life, health, or personal security
• When certain information is publicly available
• When we require legal advice from a lawyer
• When we need to collect a debt from a member
• When we need to deal with an anticipated breach of law.
3.2 Consent may be given orally, in writing, or electronically. For example, depending on the sensitivity of the information, consent can be expressed over the telephone when information is being collected; electronically when submitting an agreement, application, or other information; in writing when signing an agreement or application form; when using a product or service; when indicating by means of a check-off box whether or not consent is granted.
3.3 Subject to contractual or legal arrangements, members may withdraw or refuse consent provided that MSCU is given reasonable notice. Refusal or withdrawal of consent may prevent MSCU from providing a product or service to the member as in the case where a member is applying for credit and will not provide relevant credit information. MSCU will not unreasonably withhold products or services from members who refuse or withdraw consent, but if information is required by law or required to operate banking systems, MSCU may decline to deal with a member or person who will not consent to the use of such information.
Section 4: Limits for Collecting Personal Information
4.0 MSCU will only collect personal information for the purposes identified. MSCU will use methods that are lawful and will not collect information indiscriminately.
Section 5: Limits for Using, Disclosing, and Keeping Personal Information
5.0 Member information will only be used or disclosed for the purpose for which it was collected. MSCU will not use personal information for any additional purpose unless MSCU seeks member consent to do so.
5.1 MSCU will not sell member lists or personal information to Third Parties.
5.2 MSCU may periodically use member personal information to conduct member surveys in order to enhance our provision of financial services. If an outside body is employed to conduct research on behalf of MSCU, or provide other services that require access to member information, MSCU will ensure that appropriate security undertakings, such as confidentiality clauses in contractual arrangements, are employed to protect the transfer and use of personal information.
5.3 MSCU will retain member personal information only as long as necessary or expected to be necessary for the identified purposes, or as required by legislation.
5.4 MSCU may disclose personal information related to a financial asset of MSCU along with transfer of the financial asset.
Section 6: Accuracy
6.0 MSCU will make reasonable efforts to ensure that member personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, MSCU relies on its members to ensure that certain information, such as the member's address or telephone number, is current, complete, and accurate.
6.1 MSCU will not routinely update information unless it is necessary to fulfill the purposes for which it was collected or if it is required to maintain an active account.
6.2 Members may request amendments to the records at MSCU in order to ensure the accuracy and completeness of their personal information. If the amendment request pertains to information that remains in dispute, MSCU will note the member's opinion in the file.
Section 7: Safeguarding Personal Information
7.0 MSCU is committed to the safekeeping of member personal information in order to prevent its loss, theft, unauthorized access, disclosure, duplication, use, or modification.
7.1 Depending on the sensitivity of the information, MSCU will employ appropriate security measures to protect the information. The measures may include, for example, the physical security of offices, and electronic security measures such as passwords, encryption, and personal identification numbers.
7.2 MSCU will use appropriate security measures when disposing of member personal information.
7.3 The development of MSCU’s policies and procedures for the protection of personal information is an ongoing process. Changes in technology necessitate that MSCU continually develops, updates, and reviews information protection guidelines and controls to ensure ongoing information security.
Section 8: Availability of Policies and Procedures
8.0 MSCU is open about the policies and procedures it uses to protect member personal information. Information about these policies and procedures will be made available to members either electronically or in written format in plain language. However, to ensure the integrity of our security procedures and business methods, MSCU may refuse to publicly disclose certain information.
8.1 MSCU will make the following information available:
• The name, title and address of the person accountable for the policies and procedures and to whom complaints or inquiries can be forwarded;
• A description of the type of personal information held by MSCU, including a general account of its use;
• A copy of any brochures or other information that explain the policies and procedures; and
• An explanation of what personal information is made available to related organizations such as affiliated companies.
Section 9: Providing Member Access to Personal Information
9.0 Members have a right to access their personal information held by MSCU. Upon request, MSCU will, within a reasonable time period, tell the member what personal information it has, what it is being used for, and to whom it has been disclosed, if applicable, and within the time period for which records are available.
9.1 Members may be asked to be specific about the information they would like to access and to submit their request in writing to the Privacy Officer at MSCU’s head office.
9.2 Members will be required to provide personal information to identify themselves to enable MSCU to provide an account of the existence, use, and disclosure of personal information.
9.3 MSCU will make the information available within 30 days, or provide written notice of extension where additional time is required to fulfill the request.
When information is not provided within 30 days of the request, MSCU will, no later than 30 days after the date of the request, send a notice of extension to the member, advising of the new time limit, the reasons for extending the time limit and of the right of the member to make a complaint to the Commissioner regarding the extension.
9.4 The information will be made available at a cost that will vary with the type and amount of information requested. Where a cost will be incurred by the member, MSCU will inform the member of the cost and request further direction from the member on whether or not MSCU should proceed with the request.
9.5 When reporting to members to whom their information has been disclosed, MSCU will not document information transfers necessary for the daily provision of products and services to members. For example, transfers to organizations that process debit card purchases, cheque clearing, credit card transactions, and automated banking transactions will not be documented. Upon request, MSCU will provide a list of organizations where member personal information may have been sent.
9.6 If a request is refused, MSCU will notify the member in writing, documenting the reasons for refusal and resources for redress available to the member.
9.7 In certain situations, MSCU may not be able to provide access to any or all personal information about a member. In such cases, MSCU will explain the reasons it will not provide the requested information, and identify resources for recourse available to the member. The reasons for not providing information may include that it is unreasonably costly to provide, information that would threaten the life or security of another individual, information generated in a formal dispute resolution process, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
9.8 If the information is demonstrated to be inaccurate or incomplete, MSCU will amend the information as required. Where appropriate, MSCU will transmit the amended information to Third Parties having access to the information in question.
Section 10: Compliance and Complaints
10.0 Members are to direct any complaints, concerns or questions regarding this privacy code in writing to the Privacy Officer. If the Privacy Officer is unable to address the member's concerns, the issue can be referred to the office of the CEO. At any point in this process the member may also write to the Privacy Commissioner.
10.1 Contact Information:
Mennonite Savings and Credit Union
1265 Strasburg Rd
Kitchener, ON N2R 1S6
Attention: The Privacy Officer
Phone: 519-746-1010
Email: privacy@mscu.com
back to top..
