Privacy Policy

1. Introduction

Hampshire Credit Union Limited trading as Wessex Community Bank is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store and share your personal information when you use our website, apply for membership, apply for or use our products and services, contact us, or otherwise deal with us.

We process personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable legal and regulatory requirements.

This policy should be read alongside any terms and conditions, account terms, loan agreements, fair processing notices, credit reference agency information notices, and other notices provided to you when you apply for or use our products and services.

2. Data Controller

Hampshire Credit Union Limited, trading as Wessex Community Bank, is the data controller responsible for the processing of your personal data.

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us using the details below:

Wessex Community Bank


Email: info@wessexcb.org
Telephone: 02392 827980

3. Information We Collect

We may collect and process the following types of personal data about you:

Personal identification information, including your name, date of birth, gender, contact details, address, email address and telephone number.

Financial information, including bank account details, income, employment status, employment history, benefit information, expenditure, affordability information and other information relevant to financial products or services.

Credit information, including information about your creditworthiness, credit history, existing credit commitments, arrears, defaults, insolvency information and other credit-related data.

Transactional information, including details of payments, deposits, withdrawals, transfers, loan repayments and other transactions carried out through our services.

Address history, including past and present addresses and address links, including addresses associated with you even where you have not provided those addresses directly to us.

Personal credit data, including details about how, when and whether you repay credit arrangements, and information about court or insolvency records such as County Court Judgments, Individual Voluntary Arrangements, Debt Relief Orders or bankruptcy.

Identity and verification information, including documents or information used to confirm your identity, address and eligibility for membership.

Communication records, including emails, letters, online messages, text messages, application forms, notes of conversations and other correspondence between you and us.

Call recordings. We may record incoming and outgoing telephone calls. Call recordings may be used for training, monitoring, quality assurance, fraud prevention, complaint handling, dispute resolution, regulatory compliance and to keep an accurate record of instructions or conversations. Call recordings are normally retained for a maximum of 12 months unless we need to keep them for longer for legal, regulatory, complaint, fraud prevention or dispute-related reasons.

Technical and website information, where applicable, including information about how you access and use our website or online services. Where cookies or similar technologies are used, this will be explained in our cookie notice or website information.

4. How We Use Your Information

We use your personal information for the following purposes:

  • To assess and process applications for membership, savings accounts, loans and other products or services.

  • To verify your identity, address, eligibility for membership and common bond qualification.

  • To manage your membership, accounts, loan agreements and any other services you use.

  • To process payments, deposits, withdrawals, transfers and loan repayments.

  • To conduct credit searches, affordability assessments and responsible lending checks.

  • To report information to credit reference agencies where applicable.

  • To prevent and detect fraud, money laundering, financial crime and misuse of our services.

  • To comply with legal, regulatory, tax, accounting and reporting obligations.

  • To communicate with you about your account, membership, application, products, services, arrears, complaints or other matters relating to your relationship with us.

  • To manage arrears, recover debts, enforce agreements and protect the interests of the Credit Union and its members.

  • To maintain records, monitor service standards, train staff, investigate complaints and improve our products and services.

  • To send you information about products or services where we are permitted to do so and where you have not opted out or, or where required, where you have given consent.

5. Lawful Bases for Processing

We must have a lawful basis for processing your personal data. Depending on the purpose, we may rely on one or more of the following lawful bases:

Contract. We process personal data where it is necessary to take steps before entering into a contract with you or to perform a contract with you. This includes processing applications, opening and managing accounts, providing services and administering loan agreements.

Legal obligation. We process personal data where we need to comply with legal or regulatory obligations. This includes anti-money laundering checks, fraud prevention, regulatory reporting, tax, accounting, complaint handling and record keeping obligations.

Legitimate interests. We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. This may include fraud prevention, debt recovery, service improvement, security, record keeping, complaint handling, defending legal claims and communicating with you about relevant services.

Consent. We may rely on your consent where required, for example, for certain types of marketing or optional processing. Where we rely on consent, you can withdraw it at any time.

Public interest or substantial public interest. In limited circumstances, we may process personal data where this is necessary for reasons of substantial public interest, such as preventing or detecting unlawful acts, fraud, money laundering or financial crime.

Where we process special category data, such as health information, vulnerability information or other sensitive information, we will only do so where we have a lawful basis under Article 6 of the UK GDPR and a valid condition under Article 9 of the UK GDPR or the Data Protection Act 2018. This may include situations where you provide information to help us support you, make reasonable adjustments, assess vulnerability or deal with financial difficulty.

6. Applying for and Obtaining Credit

When you apply for credit with Wessex Community Bank, we will assess your application. This may include credit searches, identity checks, affordability checks, income and expenditure assessment, fraud prevention checks and other checks relevant to responsible lending.

  • We may credit search any address associated with you, even if you do not provide us with that address.

  • We may access information about:

  • past and present loans and whether repayments have been maintained;

  • past and present credit cards and whether repayments have been maintained;

  • past and present address history;

  • County Court Judgments;

  • Debt Relief Orders;

Individual Voluntary Arrangements;

  • bankruptcy;

  • defaults, arrears, payment arrangements and other credit performance data.

If you provide false or misleading information, we may decline your application. We may also share information about false or misleading information with credit reference agencies, fraud prevention agencies or other relevant organisations where lawful and appropriate. This may affect your ability to obtain credit or services elsewhere.

All lending decisions remain at the discretion of Wessex Community Bank.

7. Sharing Data with Credit Reference Agencies

We may share your personal information with credit reference agencies such as Experian, Equifax and TransUnion.

This may include:

  • information about your application;

  • identity and address information;

  • creditworthiness and financial standing;

  • loan account information;

  • payment history;

  • arrears, arrangements, defaults and settled accounts;

  • past and present address history.

Credit reference agencies may record this information and share it with other organisations. This may help those organisations make decisions about credit, affordability, identity, fraud prevention, money laundering, insurance, account management and debt recovery.

Credit reference agencies may retain account and credit performance information for a period determined by their own retention rules and applicable law. Information about closed accounts, defaults or arrears may remain visible on your credit file for a number of years.

Further information about how credit reference agencies use and share personal data is available from the credit reference agencies directly and from their Credit Reference Agency Information Notice.

8. Sharing Data with Fraud Prevention Agencies

To protect against fraud, money laundering and financial crime, we may share personal data with fraud prevention agencies, law enforcement agencies, regulators, credit reference agencies and other relevant organisations.

This information may include:

  • personal identification details;

  • contact and address information;

  • financial information;

  • transactional information;

  • application information;

  • details of suspected or confirmed fraud, misuse, false information or financial crime.

Fraud prevention agencies may use this data to prevent fraud and money laundering by you and by other individuals or organisations. This information may also be used by law enforcement agencies for the investigation and prosecution of criminal activity.

If fraud is detected, you could be refused certain services, finance or employment. Your information may also be retained by fraud prevention agencies in accordance with their own retention rules and applicable law.

9. Sharing Data with Third Parties

We may share your personal information with third parties where this is necessary, lawful and appropriate.

These may include:

  • credit reference agencies;

  • fraud prevention agencies;

  • payment service providers;

  • banking and account service providers;

  • debt collection agencies;

  • tracing agents;

  • legal advisers;

  • auditors;

  • insurers;

  • IT and software providers;

  • cloud hosting and data storage providers;

  • printing, mailing and communication providers;

  • regulators and supervisory authorities;

  • law enforcement agencies;

  • courts and tribunals;

  • government bodies, including HMRC, the Department for Work and Pensions and other relevant public authorities.

We may also share information with agents, contractors and service providers who process personal data on our behalf. Where they act as processors, they are required to process personal data only on our instructions and to keep it secure.

We may also share information where required by law, regulation, court order, regulatory request, legal proceedings, debt recovery, fraud prevention, financial crime prevention, or to protect the rights, property or safety of Wessex Community Bank, our members, staff or others.

10. Marketing

As part of your membership or relationship with us, we may use your contact details to keep you informed about products, services, member information, account updates and other matters relevant to your relationship with Wessex Community Bank.

We may contact you:

  • to tell you about things you have asked us to tell you about;

  • to provide information about your account, membership or services;

  • to obtain or provide additional information;

  • to check our records are accurate;

  • to tell you about relevant products, services or member benefits, where permitted.

  • We do not sell, rent or trade email lists with other organisations or businesses.

Where we send direct marketing, we will do so in accordance with applicable law. You can ask us to stop sending marketing communications at any time by contacting us.

Important service messages, account notices, regulatory notices, arrears notices, complaint communications and other essential communications are not marketing and may still be sent even if you opt out of marketing.

11. Data Retention

We will retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy, unless a longer period is required or permitted by law.

Retention periods may vary depending on the nature of your relationship with us, the type of product or service, legal and regulatory requirements, limitation periods, complaint handling, audit requirements, fraud prevention and debt recovery needs.

Where information is no longer required, we will delete it, anonymise it or securely retain it only where we have a lawful reason to do so.

Call recordings are normally retained for a maximum of 12 months, unless we need to keep them for longer for legal, regulatory, complaint, fraud prevention, security, debt recovery or dispute-related reasons.

12. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction.

This may include access controls, encryption, secure storage, staff training, system monitoring, security procedures, contractual controls with service providers and other safeguards appropriate to the nature of the information we hold.

No system can be completely secure, but we take reasonable steps to protect your personal information and to keep our security arrangements under review.

13. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have rights in relation to your personal data. These rights may include:

Access. You can request a copy of the personal data we hold about you.

Rectification. You can ask us to correct inaccurate or incomplete personal data.

Erasure. You can ask us to delete personal data in certain circumstances.

Restriction. You can ask us to restrict the processing of your personal data in certain circumstances.

Data portability. You can ask to receive certain personal data in a structured, commonly used and machine-readable format.

Objection. You can object to certain types of processing, including processing based on legitimate interests and direct marketing.

Withdrawal of consent. Where we rely on consent, you can withdraw that consent at any time.

Rights relating to automated decision-making. You may have rights in relation to decisions made solely by automated means where those decisions have legal or similarly significant effects.

These rights are not absolute and may be subject to exemptions or limitations. For example, we may need to retain or process certain information to comply with legal obligations, manage accounts, recover debts, prevent fraud, respond to complaints or defend legal claims.

To exercise your rights, please contact us at:

Email: info@wessexcb.org
Telephone: 02392 827980

We may need to verify your identity before responding to a request.

14. Credit Reference Agency Information

When we use credit reference agencies, they may process your personal data as data controllers in their own right.

Credit reference agencies use personal data to provide credit reporting, affordability, identity, fraud prevention, debt recovery and other related services to lenders and other organisations.

Further information about how credit reference agencies use your personal data is available from the relevant credit reference agencies and their Credit Reference Agency Information Notice.

15. Links to Other Websites

Our website may contain links to other websites.

Once you use these links to leave our website, we do not have control over the other website. We are not responsible for the protection or privacy of any information you provide while visiting other websites.

You should read the privacy policy or privacy notice of any website you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on our website and, where appropriate, notified to you by email or another suitable method.

You should check this page from time to time to make sure you are aware of any updates.

17. Contact Information

If you have any questions or concerns about this Privacy Policy or how your personal data is processed, please contact us at:

Wessex Community Bank
Email: info@wessexcb.org
Telephone: 02392 827980

18. Complaints

If you are unhappy with how we handle your personal data, you should contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


Telephone: 0303 123 1113
Website: ico.org.uk