Your trust matters to us. That’s why we follow strict privacy practices and protect your information with care.
While the Internet is revolutionizing the way that we do business — providing convenient access to financial services from your home or office — we also recognize that it may bring legitimate concerns about privacy and security.
We collect personal information from you in the course of doing business. Keeping that information secure is of critical importance to us; you have a right to know that your privacy is being respected and that your personal information is collected, used and protected appropriately. And so, we have policies and practices in place to safeguard and maintain the accuracy and security of your personal information.
For more information, see our Privacy standards.
In order to function as a business, Assiniboine Credit Union needs to collect a certain amount of personal information from you. At the same time, you have a right to know that your privacy is being respected and your confidential information is collected, used and protected appropriately. For that reason, we have policies and practices in place to safeguard and maintain the accuracy and security of information we collect.
Assiniboine Credit Union meets or exceeds all privacy standards established by industry guidelines, provincial legislation, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and all other applicable laws.
The following information describes in general terms how your personal information is collected and used within the online banking section of our website, the area that requires you to use your username and password to enter.
To ensure that you are the only person accessing your personal financial information, we restrict access to the online banking section of the site by requiring that you enter your username and password to login. Only you know your password. Our employees do not have access to your password, and they'll never ask you to reveal it. If someone does ask you to provide your password to them, please refuse to do so and contact us immediately.
By nature, our Internet banking site has many transactional functions such as transfers between accounts and bill payments. These transactions are all logged to ensure that your accounts are debited or credited appropriately and a history of each transaction is available to verify your account information. We store and use your transactional information in the same way as if you performed it at a branch or through any other service channel.
We may also use transactional information for servicing your account; for example, billing you for the particular transactions that you perform, or for the services that you use.
We create a secure channel between your browser and our server to protect your information when you use the site.
To continually improve our site, we often collect statistics about how our members are using it. We use this information for purposes such as improving the user experience on pages where members are having difficulties.
The information collected may include your IP address, your browser type and your operating system, as well as data such as the number and types of pages visited and the length of time spent per page and on the site overall.
We also use a web technology called cookies. A cookie is a small information token that is stored on your computer. As you use this site, cookies are passed back and forth between our server and your browser.
Specifically, we use two kinds of cookies; session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie is one that stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.
We use a session cookie to maintain the integrity of your online banking session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information such as your name, or date of birth, or financial information, such as your accounts and balances.
We may use persistent cookies to (i) provide you with a customized experience by recording your preferences; (ii) gather statistical information such as average time spent on a page; and (iii) to show you targeted marketing information about ACU when you visit other websites. The data gathered provides us with information on how we can improve the design, content and navigation of our website.
Most recent browser versions allow you to set some level of control over which cookies are accepted and how your browser uses them. For example, it may be set to notify you when it is receiving a cookie so that you accept cookies from only known, reliable sites like this one. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review its Help section to learn more about its specific control features.
We use reCAPTCHA to help us protect you and our site, by verifying that you are not a robot. In order to do this, reCAPTCHA collects browser and user information, including cookies that have been placed by Google over the last six months, how many mouse clicks you've made on the screen, the date, the language your browser is set to and any plug-ins you've installed on your browser. This information is then sent to Google, so that it can determine if the user is a robot. Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
To ensure that nobody else can access your personal information, always use the sign out button to end your online banking session. It is located in the top right-hand corner of the site, no matter where you are. When you exit using the sign out button, your session cookie is deleted so that your session cannot be resumed unless your username and password are re-entered.
The online banking feature of this site has been designed to end your session after a period of inactivity. To sign in, you will need to provide your unique username and password again.
To communicate with us electronically, we strongly recommend that you use our Contact Us feature. This feature provides a secure channel for sending us comments, questions or instructions. Alternately, you can also communicate with us through two-secure messaging, once you are signed in to online banking.
General email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly discourage you from including personal financial information (such as account numbers) within the email as we can't guarantee its confidentiality en route to us.
When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We then store your email and our replies to you in case we correspond further.
Our site may also contain links to other websites or Internet resources. As an example, from time-to-time we may provide links to Microsoft or Netscape to assist you in upgrading your Internet browser. However, we have no control over these other websites or Internet resources and do not control their collection, use and disclosure of your personal information. Always review the Privacy Statements of the sites that you are viewing.
We welcome any questions or concerns about your privacy relating to use of our website. Please contact us if you have questions or comments.
As we continue to expand our online banking service to serve you better and as new Internet technologies become available, we may update the information on this page at any time, to reflect changes.
Protecting the personal information we collect and maintain is as important to us as it is to you. Like any organization, we require a certain amount of personal information to conduct business and to provide you with the products and services you want and need. At the same time, you have a right to know that your privacy is being respected and that your personal information is collected, used and protected appropriately. For that reason, we have policies and practices in place to safeguard and maintain the accuracy and security of your personal information. (In this Privacy Agreement, when we use the term “personal information” we mean information about an identifiable individual.)
Our Privacy Agreement is a key part of our commitment to treat you fairly, provide you with superior member service, and maintain the accuracy and security of your personal information. The agreement is guided by the following 10 principles:
PRINCIPLE 1 – ACCOUNTABILITY
We are responsible for maintaining and protecting all member personal information under our control and have designated a Privacy Officer who is accountable for our compliance with the 10 principles that comprise this Privacy Agreement and applicable law.
PRINCIPLE 2 – IDENTIFYING PURPOSES
When we ask for your personal information, we identify what it will be used for.
PRINCIPLE 3 – CONSENT
We require your knowledge and consent for the collection, use or disclosure of your personal information, except where it is required or permitted by law. Consent can be express, implied or deemed. Express consent occurs when you take action to agree to something, such as by signing a form, clicking a box or indicating your agreement verbally. Implied consent occurs when it is reasonable to conclude that, based on the circumstances, you've agreed to something either by action you've taken or declined to take. Deemed consent occurs when you voluntarily provide personal information and your agreement to our use of that information for a particular purpose is obvious.
PRINCIPLE 4 – LIMITING COLLECTION
We collect personal information by fair and lawful means and limit our collection to those details necessary for identified purposes.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION
We use or disclose your personal information only for the purpose(s) for which it was collected, unless you consent otherwise, or when it is required or permitted by law. We retain personal information only for the time required to fulfill the purpose(s) for which it was collected.
PRINCIPLE 6 – ACCURACY
We maintain and update your personal information as accurately and completely as necessary to fulfill the purposes for which it is used.
PRINCIPLE 7 – SAFEGUARDING MEMBER INFORMATION
We protect your personal information with security safeguards appropriate to the sensitivity level of the personal information.
PRINCIPLE 8 – OPENNESS
We make information available to you concerning the policies and practices that apply to the management of your personal information.
PRINCIPLE 9 – MEMBER ACCESS
At your request, and subject to applicable law, you will be informed of the existence, use and disclosure of your personal information, and be given access to it. You may verify the accuracy and completeness of your personal information provided, and may request that it be amended.
PRINCIPLE 10 – HANDLING MEMBER COMPLAINTS AND SUGGESTIONS
Our Privacy Officer will answer any questions or enquiries you have about this Privacy Agreement or our privacy practices.
We have comprehensive security safeguards and standards in place to protect our systems and your personal information against unauthorized access and use. This section explains what we do to protect your personal information against unauthorized access and use.
All ACU employees are familiar with procedures that safeguard member personal information. The protection of your personal information is specified in our employment agreements and regularly confirmed in writing.
Every employee is required to pass an annual privacy training course.
We audit our procedures and security measures regularly to ensure that they are properly administered and remain effective and appropriate.
We retain your personal information only as long as it is required for the reasons it was collected, or as is required by law. Depending on the product or service and the nature of the personal information, this period may extend beyond your relationship with us but only as long as it is necessary to accomplish the purposes for which it was collected, or as required by law.
When your personal information is no longer needed, we have procedures in place to securely destroy, delete, erase or convert it to an anonymous form.
Our systems ensure your Personal Identification Number (PIN), password and other access codes are kept private and confidential. For example, when you use your PIN at an ATM, the code is scrambled after you enter it. In addition, only you know your access codes. Our employees can’t find out what they are and will not ask you to reveal them.
To help protect your personal information, we offer you the use of biometric services, using facial recognition technology. When you enroll in this program, the technology measures your facial features from an image, and encodes the result in a template of numerical values that are specific to your facial features. Each time you use the program to verify your identity to conduct business with us, the technology maps facial features from the image you provide and then compares the result to your previously registered facial image.
When you enroll in online services such as CU@HOME Internet banking, the passwords you use are encrypted to ensure data security.
As part of their contracts with us, our suppliers and agents have confidentiality agreements in place and may not use your personal information for unauthorized purposes.
We ensure all legal enquiries or orders are valid and disclose only the personal information required or permitted by law to be disclosed.
We use reCAPTCHA to help us protect you and our site, by verifying that you are not a robot. In order to do this, reCAPTCHA collects browser and user information from you. This information is then sent to Google, so that it can determine if the user is a robot. Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
Any email we use to send you information about important financial matters, such as the status of your account or any security breaches, will only be sent through the Secure Email Service. We will not request sensitive financial or personal information by any other email method. Please contact us if you receive an email about these matters that is not sent through the Secure Email Service.
You look to us to offer responsible, reliable financial services and value-added advice. Collecting current, accurate personal information allows us to provide you with the best possible financial advice, as well as products and services you may find valuable. This section explains what kinds of personal information we collect from you, and how we use that personal information.
ACU and our affiliates and partners in the Canadian Credit Union system collect, use or disclose your personal information to:
The information we request depends on the product or service you want. Much of the personal information we ask for is either mandatory by law or vital for us to be able to do business with you. Here is a summary of the types of personal information we collect, and how that information is used.
Social Insurance Number (SIN)
In order to comply with the Canada Revenue Agency’s income reporting requirements, we must collect your SIN when you open a savings account or apply for an RRSP, RRIF or TFSA or other product that earns investment income.
Financial information
Your financial information is also necessary to assess your eligibility for credit products you request, such as a line of credit, loan or mortgage. At the same time, it helps us give you the most appropriate financial planning advice about investments and other products and services.
Product-specific information
Some products and services require you to provide a specific type of information. For example, information about your health may be required to determine your eligibility for insurance products.
Identification information
Knowing your birth date and other identification information, such as your name, address and occupation, helps identify you and reduces the risk that someone will impersonate you. We are required by anti-money laundering laws to cite and record details of certain documents, such as photographic ID and other personal documents. With your consent, we use biometric data to verify your identity when required for transactions. If you have enrolled in our facial recognition initiative, your facial image will be converted to a series of numbers which is encrypted and checked against a facial image is taken each time your identity is verified.
Intended uses of our products and services
Collecting information about how you intend to use, and use, our products and services allows us to better tailor those products and services to your needs.
Your feedback and opinions
As part of our commitment to continuous improvement, we sometimes employ the services of professional research companies to conduct independent member satisfaction surveys. These surveys will be conducted during your relationship with us or within a reasonable period of time thereafter. If you do not want to participate in these surveys, please contact our Privacy Officer. We also receive feedback from you, when you interact with us in person, on the phone or by email.
Transfer of personal information to service providers outside Canada
We may engage service providers to assist us in fulfilling the purposes that are set out in this agreement, and, in some instances, these service providers may be located outside Canada. We only select service providers that protect personal information in a manner that is comparable to the protection we provide under our own privacy policies. Please be advised that personal information may be subject to, and accessed under, the laws of the countries in which our service providers operate. If you have any questions about our transfer of personal information to our service providers outside Canada, or if you would like to learn more about our privacy policies in that regard, please contact our Privacy Officer.
We obtain most personal information about you directly from you. However, with your consent, we may ask for personal information about you from a third party. For example, if you are applying for a loan or other credit, or if we believe a loan or other credit may be of interest to you, we may contact other lenders or credit bureaus for personal information about your credit history, and we may also contact your employer or other reference sources to verify personal information you provide to us.
We are not in the business of selling member lists or personal information about you to others but, under certain circumstances, we may release your personal information to outside parties, including:
We give the minimum amount of personal information necessary for our suppliers and agents to produce goods and services provided to you through us. For example:
Also, as part of our commitment to continuous improvement, we sometimes employ the services of professional research companies to conduct independent member satisfaction surveys. If you do not want to participate in these surveys, please contact our Privacy Officer.
Just as we may request personal information from a third party when you apply to ACU for credit, or if we believe a product or service offered by ACU may be of interest to you, we may disclose your ACU credit history to other lenders or credit bureaus if you apply for credit at another financial institution, with your consent. In these cases, we release only the information required to identify you and credit records about your repayment history.
We may disclose your personal information in order to complete a business transaction, such as a merger with another credit union or the sale to, or purchase of, another credit union. In such circumstances, we will only disclose your personal information to the other party to the transaction if the disclosure is necessary to complete the transaction and there is a written agreement that restricts the collection, use and disclosure of such personal information to purposes that relate to the business transaction.
If the business transaction is not completed, all personal information disclosed and collected by us will be destroyed or returned.
We are obligated to provide personal information in response to a valid demand, search warrant or other legal enquiry or order. We may also disclose personal information to help us collect a debt owed to us and in the case of a breach of agreement or contravention of law.
If you have a product or service with us, where ownership or liability is shared with others (such as a joint account or a guarantor on a loan), we may share any or all of the information relating to or about that product or service with these other people, including any of your personal information which relates to the account.
We are proud of the policies and practices we use to protect your personal information. We also believe that you have the right to know how your personal information is being collected, used and disclosed. That is why we have developed procedures to restore the integrity of your personal information if the policies and practices we use to safeguard your personal information are breached.
Our procedures to respond to security breaches include breach notification. We will notify you, as soon as reasonably practicable in the circumstances, of any security breaches of your personal information which create a real risk of significant harm to you, and explain what it might mean to you.
Our procedures to respond to security breaches include breach notification. We will notify you, as soon as reasonably practicable in the circumstances, of any security breaches of your personal information which create a real risk of significant harm to you, and explain what it might mean to you.
We will ensure that you have enough information to take whatever steps are possible to reduce the risk of the harm that could result from the breach.
Second, if the breach creates a real risk of significant harm to you (determined by a number of factors, including the sensitivity of the personal information and the number of individuals whose personal information was involved), we will also notify the Office of the Privacy Commissioner of Canada and the applicable provincial information and privacy commissioner and/or ombudsman as appropriate.
Third, we will investigate whether any other government institutions may be able to help us reduce the risk of harm from the breach. If so, we may notify those institutions, so that they can help us respond to the breach.
In all cases, we will strive to make our notifications as soon as we confirm the breach has occurred, and that notification is required, in a manner which is consistent with applicable laws.
Privacy Office
Assiniboine Credit Union
Box 2, Station Main
Winnipeg, MB R3C 2G1
Note: For your protection, only send sensitive financial or personal information through the secure email service.
204.478.5524
Assiniboine Credit Union members have a right to access their personal information that we have in our possession. If you want to access this information, or if you have a complaint or concern related to privacy, please print and complete the Member information access and privacy concern form and email to PrivacyOfficer@acu.ca, fax to 204.478.5524, or mail to the Privacy Office at:
Privacy Office
Assiniboine Credit Union
Box 2, Station Main
Winnipeg MB R3C 2G1
The Privacy Office will respond to your request or complaint within 30 days of receiving this form. If there are any costs associated with the information gathering, we will notify you in advance.
Do not use The Member Information Access and Privacy Concern Form to report instances of theft or fraud.
If you suspect fraud or notice suspicious activity on your account, contact us right away. The sooner we know, the faster we can act to protect your money and information.
To find out more about our privacy policies, kindly contact our Privacy Office by email or postal mail.
Privacy Office
Assiniboine Credit Union
Box 2, Station Main
Winnipeg, MB R3C 2G1
Please note: For your protection, only send sensitive financial or personal information through the Secure Email Service.
