Privacy Policy

White Cart Credit Union (“we”, “us”, “our” or “the credit union”) understands the business impact of personal data related risks and are committed to protecting and respecting your privacy.

Reference to “we”, “us”, “our” or “the credit union” is a reference to White Cart Credit Union and for the purposes of the General Data Protection Regulation (GDPR) the data controller is White Cart Credit Union registered at the address given below.

The Policy sets out the lawful basis and specified purposes on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Relevant legislation

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well.

Personal information that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

Site visitation tracking

Like most websites, this site uses Google Analytics (GA) to track ser interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).
GA makes use of cookies, details of which can be found on Google’s developer guides. FYI our website uses the analytics.js implementation of GA.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

How we store your personal information

There is currently no occasion where personal data will be stored on this website.

Contact forms and email links

Should you choose to contact us using the contact form on our Contact us page or an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. 
Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

About this website’s server

This website is hosted within a UK data centre located just outside London.
Some of the data centre’s more notable security features are as follows:


  • 3m rota-spike security fence and perimeter anti ram barriers

  • Blast proof anti-intruder shielded external windows and doors

  • Proximity access locks on all external and internal doors

  • Interlocked man-trap doors with biometric iris scanners to gain access into data floors

  • Server cabinets have locked doors (no open racks)

  • Perimeter and internal IP CCTV system monitored 24×7

  • 24×7 on-site security guards with static and mobile patrols

  • All on-site personnel are security vetted to BS7858 standard

  • Only authorised security cleared staff are allowed into the facility
  • All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

 Our third party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chose and all of them comply with legislation. Our third parties are based in the USA and are EU-U.S Privacy Shield compliant.
Google (Privacy policy)

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors.

For website communication
By visiting our website, you are accepting and consenting to the practices described in the privacy notice.

On an annual basis we will send requests to our members to ensure data held is kept updated.

White Cart Credit Union has its registered office at:

73 Neilston Road
Paisley
PA2 6NA

White Cart Credit Union is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register Number 213903.

The credit union does not consider its controlling and processing of data to be on a large enough scale to employ a Data Protection Officer. All directors, staff and volunteers are subject to continuous training in the importance of Data Protection. The credit union has a Data Protection representative who ensures this policy is reviewed no less than annually and will assist with queries raised by the membership, directors, staff and volunteers.

You can read our full Privacy Policy so that you may feel confident about the privacy and security of your personal information.


White Cart Credit Union Privacy Notice

We are committed to protecting our members’ privacy. The credit union requires any mandatory information for membership to either meet legal obligations or to enable us to perform our contract with you. Where you are not able to provide us with this information, we may not be able to open an account for you. Where we request further information about you not required for these reasons, we will ask you for your consent.

How we use your personal information

White Cart Credit Union may process, transfer and/or share personal information in the following ways:

For legal reasons:

• Confirm your identity.
• Perform activity for the prevention of financial crime.
• Carry out internal and external auditing.
• Record basic information about you on a register of members.

For performance of our contract with you:

• Deal with your account(s) or run any other services we provide to you.
• Consider any applications made by you.
• Undertake statistical analysis, to help evaluate the future needs of our members and to help manage our business.
• To send you statements, new terms & conditions (including changes to this privacy statement), information about changes to the way your account(s) operate and notification of our annual general meeting.

For our legitimate interests

• Recover any debts owed to us.

With your consent

• maintain our relationship with you including marketing and market research (if you agree to them).

Sharing your personal information

We will disclose information outside the credit union:

• To third parties to help us confirm your identity to comply with money laundering legislation.
• To debt recovery agents who may check the information against other databases – private and public – to which they have access.
• To any authorities if compelled to do so by law (e.g. to HM Revenue & Customs to fulfil tax compliance obligations).
• To fraud prevention agencies to help prevent crime or where we suspect fraud.
• To any persons, including, but not limited to, insurers, who provide a service or benefits to you or for us in connection with your account(s).
• To anyone in connection with a reorganisation or merger of the credit union’s business.
• Other parties for marketing purposes (if you agree to this).

Where we send your information

While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and do not provide the same quality of legal protection and rights when it comes to your personal information.

The credit union does not directly send information to any country outside of the European Economic Area, however, any party receiving personal data may also process, transfer and share it for the purposes set out above and in limited circumstances this may involve sending your information to countries where data protection laws do not provide the same level of data protection as the UK.

For example, when complying with international tax regulations we may be required to report personal information to the HM Revenue and Customs which may transfer than information to tax authorities in countries where you or a connected person may be tax resident.

Retaining your information

The credit union will need to hold your information for various lengths of time depending on what we use your data for. In many cases we will hold this information for a period of time after you have left the credit union.
To read a copy of our data retention policy please see our website www.whitecartcu.co.uk or contact us at the address below.

Credit rating agencies

We currently do not use, nor have any future plans to use credit rating agencies. We will inform members if we decide to use these agencies in future. Members will be informed of any changes in this regard and this Privacy Notice will be updated.

Your Rights

Your rights under data protection regulations are:

(a) The right to access
(b) The right of rectification
(c) The right to erasure
(d) The right to restrict processing
(e) The right to data portability
(f) The right to object to data processing
(g) Rights related to automating decision-making and profiling
(h) Right to withdraw consent
(i) The right to complain to the Information Commissioner’s Office

Your rights explained

Right to Access:

You have the right to access your personal data and details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.

Right to rectification:

You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure:

In some circumstances you have the right to the erasure of your personal data without undue delay.
Those circumstances include:

• The personal data is no longer needed for the purpose it was originally processed.
• You withdraw consent you previously provided to process the information.
• You object to the processing under certain rules of data protection law.
• The processing is for marketing purposes.
• The personal data was unlawfully processed.

However, you may not erase this data where we need it to meet a legal obligation or where it necessary for the establishment, exercise or defence of legal claims. 

Right to restrict processing:

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:

• You contest the accuracy of the personal data.
• Processing is unlawful but you oppose erasure.
• We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims.
• You have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data.
We will only otherwise process it:

• With your consent;
• For the establishment, exercise or defence of legal claims.
• For the protection of the rights of another natural or legal person.

Right to object to processing:

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the data is necessary for the purposes of the legitimate interests pursued by us or by a third party.

If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

Right to data portability:

To the extent that the legal basis for our processing of your personal data is:

(a) consent; or
(b) that the processing is necessary for the performance of our contract with you

You have the right to receive your personal data from us in a commonly used and machine-readable format or instruct us to send this data to another organisation. This right does not apply where it would adversely affect the rights and freedoms of others.

Rights related to automatic processing:

This credit union does not use an automatic decision-making process. We will inform members if we decide to use these processes in future. Members will be informed of any changes in this regard and this Privacy Notice will be updated.

Right to withdraw consent:

To the extent that the legal basis for our processing of your personal information is your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

The right to complain to the Information Commissioner’s Office:

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the Information Commissioner’s Office which is responsible for data protection in the UK. You can contact them by:

1. Going to their website at: https://ico.org.uk
2. Phone on 0303 123 1113
3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contact us about your rights

For more information about how your rights apply to your membership of the credit union or to make a request under your rights you can contact us. We will aim to respond to your request or query within one month or provide an explanation of the reason for our delay.

Contact details of credit union

White Cart Credit Union
73 Neilston Road
Paisley
PA2 6NA.
Phone : 0141 889 3005.
Email : admin@whitecartcu.co.uk.

Changes to this privacy policy

We can update this Privacy Policy at any time and ideally you should check it regularly on our website www.whitecartcu.co.uk for updates. We won’t alert you for every small change, but if there are any important changes to the Policy or how we use your information we will let you know and where appropriate ask for your consent.

Correct as of 25th May 2018