The security of our members and their personal information is of utmost importance to us. We regularly work with banking-industry regulators to refine our security practices and ensure we meet the highest standards.
What information we collect
In the course of business, we collect personal information that allows us to provide informed, reliable financial products, services and advice, and meets our regulatory requirements. In all cases, we only collect the information we require and only use it for the purposes explained to you.
For every product or service we offer, we require basic information such as your name, address, and identification. Depending on the purpose of your membership and the products and services you select, various information may be requested to complete the application process.
Your birth date helps us ensure no one is trying to impersonate you, and helps us determine your eligibility for products and services designed for particular age groups.
Social Insurance Number (also referred to as Tax ID)
Your SIN is unique to you, so having this on file means we can keep your information separate from that of other members with a similar name. In addition, we require your SIN for Canada Revenue Agency's income reporting requirements.
We want to give you the best advice possible. That starts with understanding your current financial situation.
For some products, such as insurance, we are required to collect health information as part of the application process, to determine your eligibility for the selected product.
In addition to your mailing address, we also collect your phone number as another means to communicate with you and provide important information about the products you hold with us. You have the option to provide us with your email address, which will help you access and use our digital services. We will also use your email address as an alternate form of communication to reach out to you about your accounts and to keep you informed about products and services that may be of interest to you. You can learn more about how we use email and the options available to you here.
We also ask you provide a next of kin and their address and telephone number, so we know who to alert in a critical or emergency situation.
We record your gender preference to align with other governing bodies and to match the information on your proofs of identification (ex. your license).
Purpose of membership and accounts or services
As part of our FINTRAC reporting requirements, we are required to collect information that helps us understand the types of transactions we should expect to occur within your membership and accounts. This protects you and helps us monitor attempts at fraud or other illegal activities. This information includes:
Reason for opening membership: Why you chose to open a membership at SCU.
Purpose of business relationship: How you or your business intend to interact with us.
Intended use: The type of transactions we should expect you to make within a specific account or product.
Occupation and current employer
Third-party Determination: Are you acting on behalf or opening an account on behalf of any other person or will the account be used by a third party?
Politically Exposed Person or Head of an International Organization: We are required to determine whether you, or a member of your family (or close associate) is a politically exposed person (PEP) or head of international organization (HIO).
Declaration of Tax Residency: In compliance with the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS), we are required to determine the tax resident country for all members. You will be asked to complete a declaration at membership opening and when a change of circumstance occurs.
We collect biometric data for the purpose of verifying your identity, to guard against fraud and to create a smoother in branch experience for our members. You will be asked to give consent to the collection of your biometric data (whether that is your signature, a palm vein scan or otherwise), before we collect it from you. As with other personal information we collect from you, biometric data will be protected with safeguards that are appropriate to its sensitivity, and used and disclosed only for those purposes that are set out in these Privacy Practices or otherwise communicated to you by our staff.
Why we collect your information
The financial services industry is heavily regulated to protect individuals and prevent money laundering and other criminal activity. Much of the information we collect is to satisfy these regulatory requirements, however, it also allows us to serve you better. By collecting current, accurate personal information we can provide you with the best possible financial advice, as well as products and services you may find valuable.
The personal information we collect will only be used, disclosed or retained for the intended purpose for which it was gathered, as authorized by you or as required by law.
We will not gather, use, retain, or disclose your information without your consent, and we will never sell your information to a third-party.
We collect your information to:
Verify your identity when you are in the branch, on the phone or banking digitally;
Understand your banking requirements, including personal and business financial products and services;
Provide you with the products and services you request or that may benefit you;
Develop, offer, manage, and provide products and services that meet your needs;
Determine your eligibility for our products and services;
Contact you directly about the products you have with us, or inform you about products or services that may be of interest to you;
Conduct member research and member satisfaction surveys;
Detect and prevent fraud, and help safeguard your and our financial interests;
Help us collect debts or enforce obligations which are owed or guaranteed by you to us;
Meet our regulatory requirements; and
Carry out any other purpose that you authorize or that is required by law.
How we protect your personal information
We have comprehensive safeguards in place to protect our systems and your personal information so you can bank with confidence.
All employees go through training on how to safeguard member information and are required to pass privacy and security tests each year. Staff are only permitted to access member information as required by their role or specific duty. We only gather and retain information for the intended purpose and we have procedures on how information is collected, stored, handled, and destroyed.
Employees do not have access to member information such as passwords, access codes or ATM Personal Identification Codes (PIN) and will not ask you to reveal them.
We invest in technology to protect member information, ensure online security measures are in place and to provide a secure experience. We use the newest security standards to protect our systems, digital properties and services, and your information. Incorporating security features including firewalls, encryption, and cookies ensure the security and privacy of our members by taking steps to unauthorized access to our internal systems.
We also use biometric data to help safeguard your personal information. This includes palm vein scanning technology, which recognizes the vein pattern in your palm and uses it to verify your identity, when you carry on activity related to your account. The scan is immediately converted into an encrypted string of numbers, meaning that the image is not stored and cannot be re-produced by anyone else. Unlike a password, a vein scan cannot be forgotten, stolen or lost. Further, only you can produce your palm vein pattern, which does not change over time, as might your face, fingerprints or other physical attributes that can be used to identify you.
We always use encrypted or protected email when sending sensitive or confidential information or documents. Encrypted emails are managed through a secure web-based portal and may be initiated by a member of our staff. When you receive an encrypted email from us, you will be prompted to select read the message, and you will be able to reply like a regular email and add attachments as necessary.
Learn more about using encrypted email — Outlook (microsoft.com).
When we share your information
Personal information may be shared or disclosed in limited circumstances and with certain organizations, subject to duties of confidentiality towards our members and subject to the Government of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Examples of those organizations are:
credit reporting agencies;
debt collection agencies;
regulatory bodies, government agencies (local, provincial and federal), law enforcement bodies, regulatory organizations and courts;
other parties as required by law;
your authorized representative or person acting on your behalf;
mortgage insurers and any re-insurer of any such mortgage insurance;
our auditors to ensure the integrity of our operations;
affiliated and external product and service providers (so they may provide you with the product or service you seek); and
organizations, advisors and trustees where credit facilities are pooled and sold.
We also may share personal information with affiliated and external product and service providers, when necessary, to provide and administer products and services. This may include card and cheque book production, market research, member surveys, statement production, payment services, and information technology support (including with respect to our biometrics measures). We take our obligations to protect personal information very seriously and deal only with parties who share and demonstrate the same attitude.
Your access to your personal information
We want you to feel secure about the personal information we have on file, and can assure members that the information collected is being used for the purposes outlined . You can contact us to inquire about:
the personal information we have collected;
the use or disclosure of your personal information;
how to request access to your personal information;
how to correct your personal information;
requesting a copy of the personal information we have in our records; and
the length of time we retain your information.
Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled in a branch or over the telephone. Requests for access to more substantial amounts of personal information may take longer and may require you to submit a formal request.
- it will threaten the privacy of other individuals;
- the information relates to anticipated legal proceedings;
- the information would reveal our commercially sensitive decision making process; or
- the law prevents us from disclosing the information.
Limiting or withdrawing your consent
Serving our members well and providing them with expert advice is fundamental to how we do business. To deliver on this, we may use personal information we have collected to contact you in order to inform you of a new, existing or improved product or service that may benefit you.
You have the choice to limit or withdraw your consent to receive marketing information from us and may ask us not to contact you by telephone, mail, or email, for marketing purposes. If you would like to change or limit your consent, please ask us for our Privacy Exception Form.
Please note there are communications we are required by law to provide, and you cannot opt out of these. For example, communications containing information about changes to products or services, or material on or accompanying your regular account statements.
We have processes in place to securely destroy, delete, erase or de-identify your personal information, when it is no longer needed for the purposes for which it was collected. For example, if you withdraw from our palm vein scan initiative, we will delete the mathematical summary of your palm vein pattern from our systems.