Privacy Policy

We are Triodosunion Limited and we are the data controller responsible for your personal data. Our registered address is Innere Margarethenstrasse 5 Heuwaage Basel, Switzerland 4051.

If you are a current member we will hold personal data about you. We may also hold your details if you have been a member in the past or have applied for one of our products or services.

We are committed to keeping your data safe and being clear about how we use and process your personal data.

This statement explains our reasons for processing your personal data. This includes information that you have shared with us directly or data we have collected throughout your membership of the credit union or your use of our website.

We also tell you about your rights under the laws that are designed to protect your privacy.

We have appointed a data privacy manager, Joy Everest who is responsible for overseeing questions in relation to this privacy statement.

If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact the Joy Everest using the details set out below:

Our full details are:

Full name of legal entity: Triodosunion Limited
Data Privacy Manager: Joy Scott
Email address: privacy@Triodosunion.org
Postal address: Triodosunion , Innere Margarethenstrasse 5 Heuwaage Basel, Switzerland 4051
Telephone number: +41 79 250 1464

It is important that you read this privacy statement together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

This privacy statement supplements the other notices and is not intended to override them.

Our website may include links to third-party websites, plug-ins and applications.

Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our website, we encourage you to read the privacy notice of every website you visit.

We collect many different types of data. This includes information that is necessary for us to provide our products and services, to comply with our legal and regulatory obligations or to serve our legitimate business interests.

Below we list the key types of data we collect, hold, use and transfer. Not all of this information is collected from every member and the examples given for each category are intended to help explain their meaning, rather than being an exhaustive list.

  • Data to help identify you – this includes your name, DOB, sex
  • Contact details – your address, phone numbers, email address
  • Socio-demographic – details of your employment, profession, nationality, education
  • Transactional – details about payments to and from your accounts
  • Financial – your financial position, status and history
  • Contractual – details of products and service we provide to you
  • Equalities and lifestyle data – this includes ethnic origin, religious belief, sexual orientation, disability data
  • Behavioural – data about how you use our products or services or interact with our website or our communication
  • Consents – this includes things like how you prefer to be contacted and whether you wish to receive email statements
  • Communication – data contained in letters, emails or details of phone calls or conversations
  • Documentary data – details stored in documents, including ID and address verification like copies of passports, driving licenses or birth certificates.

We will never collect sensitive personal data (such as health information) without your explicit consent.

There is also information about your computer hardware and software that is automatically collected by the website. This information can include your IP address (the unique identifying number of a computer), the browser you use, for example, Internet Explorer (IE), Firefox etc., domain names, access times and referring website addresses.

This information is used by us for the operation of the service, to maintain the quality of the service, and to provide general statistics regarding use of the website.

The information we hold is collected through your direct interactions with us and includes the personal data you provide through:

  • application forms you complete when applying for membership or new services
  • when you talk to us on the phone or in branch or correspond with us by email or letter
  • when you use our website or online banking
  • payment and transaction data
  • member surveys

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

We may also receive personal data about you from third parties. The types of personal data we may collect includes contact details, financial, data to help identify you and transactional data collected from:

  • Credit reference agencies
  • Fraud prevention agencies
  • Payroll service providers
  • Public information sources such as Companies House, the Office for National Statistics, the Electoral Registration Office
  • Government and law enforcement agencies

Under the EU General Data Protection Regulation, we can only process your personal data if we have a lawful basis for doing so. The reasons we process your personal data are:

  • if you have given your consent to the processing of your data for one or more specific purposes
  • if it is necessary to fulfil our contract with you
  • if it is necessary to comply with a legal obligation
  • if we believe it is in our legitimate interest as long as that interest is not overridden by the privacy rights of the individual whose data is being used

By ‘legitimate interest’ we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.

Our legitimate interests are balanced against your right to privacy and when we rely on a legitimate interest to process your data we will tell you.

You always have a right to object and you can do this by speaking to a member of staff or emailing privacy@Triodosunion.org.

Below we outline how we use your personal data, our reasons for doing so and the type of data we are referring to. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

To manage our relationship with you

  • To provide advice and information regarding our products and services

Our lawful basis

  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest

Type of data

  • Data to help identify you
  • Contact details
  • Transactional
  • Financial
  • Contractual
  • Behavioural
  • Communication
  • Documentary data
  • To deliver our products and services
  • To manage fees, charges and interest due on members accounts
  • To collect and recover money that is owed to us

Our lawful basis

  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest

Type of data

  • Data to help identify you
  • Socio-demographic
  • Transactional
  • Financial
  • Contractual
  • Consents
  • Behavioural
  • Documentary data
  • To detect, investigate, prevent and report financial crime
  • To manage risk for our members
  • To obey relevant laws and regulations
  • To respond to complaints and seek resolution

Our lawful basis

  • Fulfilling contracts
  • Necessary to comply with a legal obligation
  • Our legitimate interest

Type of data

  • Data to help identify you
  • Transactional
  • Financial
  • Contractual
  • Behavioural
  • Communications
  • Documentary data
  • To run the business in an efficient and proper way, managing our financial position, business capability and corporate governance and audit
  • To develop and carry out marketing activity
  • To exercise our rights as set out in agreements or contracts

Our lawful basis

  • Necessary to comply with a legal obligation
  • Fulfilling contracts
  • Our legitimate interest

Type of data

  • Data to help identify you
  • Contact details
  • Transactional
  • Equalities and lifestyle data
  • Contractual
  • Consents
  • Behavioural
  • Communications

We may use your personal data to tell you about relevant products and offers, this is what we mean by ‘marketing’.

We can only use your personal information to send you marketing messages if we have either your consent or legitimate interest. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time by sending an email to privacy@Triodosunion.org

Whatever you choose, you will still receive other important information such as notification for the AGM or changes to your existing products or services.

We may ask you to confirm or update your choices, in the future. We will also ask you to do this if there are changes in the law, regulation or the structure of the business.

  • People who call our telephone customer service
    When you call Triodosunion we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. The company that provides this service does not retain any information from the calls or record them.
  • People who email us

    We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. Once emails have been actioned they will either be attached to a members file of deleted from the system.

    We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

    If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please do contact us.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

    • We will not share your information with anyone outside Triodosunion except:

    • Where we have your permission;
    • Where required for your product or service;
    • Where we are required by law/and or by law enforcement agencies, government entities, tax authorities or regulatory bodies around the world; i.e;
      • Government agencies and regulatory authorities;
      • HM Revenue & Customs, regulators and other authorities;
      • Switzerland Financial Service Compensation Scheme;
      • Fraud prevention agencies;
    • To third party service providers, agents and sub-contractors acting on our behalf, such as the companies which manufacture our debit cards;
    • To debt collecting agencies;
    • To credit reference and fraud prevention agencies;
    • To other companies that provide you with benefits or services (such as insurance cover) associated with your product or service;
    • Where required for a sale, recognition, transfer or other transaction relating to our business;
    • In anonymised form as part of statistics or other aggregated data shared with third parties; or
    • Where permitted by law, it is necessary for our legitimate interests or those of a third party, and in accordance with our internal procedures.
    • In the event that any additional authorised users are added to your account, you and the additional account user authorises us to pass information about you to the other user.

    We will not share or sell your information to any third party to conduct their own marketing.

    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

    • If you have a debit card we will share transactional details with companies such as MasterCard
    • If you use Direct Debit, we will share your data with the Direct Debit Scheme
    • If you apply for a current account or loan we will share your details with credit reference agencies

    • When we send a non-transactional email we use CharityEmail
    • We use social media to promote our products and services to members and the general public within our Common Bond.
    • We use Facebook’s custom audience and lookalike audience features.

    We carry out credit and identity checks when you apply for our current account or loan products. We will share your personal information with CRAs and they will give us information about you. The data we exchange can include

    • Name, address and date of birth
    • Credit application
    • Public information from sources such as Companies House
    • We will use this data to:
    • Assess whether you or your business is able to afford to make repayments
    • Make sure what you have told us is true
    • Help detect and prevent financial crime
    • Trace and recover debts

    We will go on sharing your personal information with CRAs for as long as you are a member. This will include details about your settled accounts and any debts not fully repaid on time. This will include details of funds going into the account and the account balance. If you borrow, it will also include details of your repayments and whether you repay in full and on time. CRAs may give this information to other organisations that want to check credit status. We will also tell CRAs when you settle your account with us.

    When we ask CRAs about you or your business they will note this on your credit file. This is called a credit search. Other lenders may be able to see this and we may be able to see credit searches from other lenders.

    If you apply for a product with someone, this will link your record with theirs. We will do the same if you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors.

    CRAs will also link your records together. These links will stay on your files unless one of you asks the CRAs to break the link. You would normally need to obtain proof that you no longer have a financial link with each other.

    You can find out more about CRAs and how they use your information by reading this Credit Reference Agency Information Notice (CRAIN). Or visit the CRA websites: Callcredit, Equifax & Experian.

  • Fraud Prevention Agencies (FPA)

    We may need to confirm your identity before we provide you with membership or services to you or your business. Once you have become a member, we will also share your personal information as needed to help detect fraud and money laundering risks. We use Fraud Prevention Agencies to help us with this.

    Both Triodosunion and the fraud prevention agency can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law or for a ‘legitimate interest’.

    By ‘legitimate interest’ we mean the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. Our legitimate interests are balanced against your right to privacy.

    We will use the information to:

    • Confirm identities
    • Help prevent fraud and money laundering
    • Fulfil any contract you or your business has with us.

    Triodosunion or a FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.

    FPAs can keep personal information for different lengths of time. They can keep your data for up to six years if they find a risk of fraud or money laundering.

    The information we use:

    • Name
    • Date of birth
    • National Insurance Number
    • Residential address
    • History of where you have lived
    • Contact details, such as email address and phone numbers
    • Financial data
    • Data relating to you or your business
    • Employment details

    We and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work, or we may notice that an account is being used in a way that is unusual for you or your business. Where we or the FPA decide there is a risk of fraud, we may stop activity on your account(s) or block access to them. FPA will also keep a record of any risk associated with you or your business. This may result in other organisations refusing to provide you with products or services or to employ you.

    Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

  • Data transfer out of the EEA

    FPAs may send personal information to countries outside the European Economic Area (EEA). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include when following international frameworks for making data sharing secure.

    We will only send your data outside the European Economic Area (EEA) to:

    • Follow your instructions
    • Comply with a legal duty

    If we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information.

    Data Security

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  • If you choose not to give your personal information

    We may need to collect personal information by law, or under the terms of a contract, we have with you.

    If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the services needed to run your account. It could mean that we have to cancel your membership with us but we will notify you if this is the case at the time.

    Any data collection that is optional would be made clear at the point of collection.

    You have the right to know what information we hold about you and to ask, in writing, to see your records.

    Individuals can find out if we hold any personal information by making a ‘subject access request’ pursuant to Article 15 of the General Data Protection Regulation ((EU) 2016/679). If we do hold information about you we will:

    • give you a description of it;
    • tell you why we are holding it;
    • tell you who it could be disclosed to; and
    • let you have a copy of the information in an intelligible form.

    To make a request to Triodosunion to see any personal information we may hold you need to put the request in writing us to info@Triodosunion group.com. We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.

    If we do hold information about you, you can ask us to correct any mistakes by contacting us.

    • Right to be informed
      You have the right to be informed about how your personal data will be used. This statement as well as any additional information or notice that is provided to you either at the time you provided your details or otherwise, is intended to provide you with this information.
    • Right to data portability
      Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
    • Disclosure of personal information
      In many circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
    • How long we keep your personal information

      We will keep your personal information for as long as you are a member. After you stop being a member we may keep your data for up to 6 years for one of these reasons:

      • To respond to any questions or complaints
      • To show that we treated you fairly
      • To maintain records according to rules that apply to us.

      In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

    • Letting us know if your personal information is incorrect
      You have the right to question any information we have about you that you think is wrong or incomplete and if you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. Please contact us if you want to do this.

      If you do, we will take reasonable steps to check its accuracy and correct it. If you believe the information we hold about you is out of date or incorrect please notify a member of staff or email privacy@Triodosunion.org.

    • What if you want us to stop using your personal information

      Where we process your data on the basis of your consent (for example, to send you marketing e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us.

      You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us.

      In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

      In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.

    • How to withdraw your consent
      You can withdraw your consent at any time. Please contact us if you want to do so.

      If you withdraw your consent, we may not be able to provide you with your membership, products or services if this is so we will tell you.

    • How to complain
      If you are unhappy with the way in which we have used your personal information you can let us know by sending an email to privacy@Triodosunion.org.

      Alternately, you can let us know in branch or send an email to info@Triodosunion group.com. You also have the right to complain to the Information Commissioners Officer.

    • People who make a complaint to us

      When we receive a complaint we will open a case file that contains the identity of the complainant and any other individuals involved in the complaint.

      We will only use the personal information we collect to process the complaint and to check on the level of service we provide. Annually, we report to the Financial Conduct Authority on how many complaints we receive, relating to which regulated banking categories and the outcomes. This data is anonymized.

      We usually disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. It will not be possible to handle a complaint on an anonymous basis.

      We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

      Similarly, where inquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

      We may update this policy from time to time without notice to you, so please check it regularly.

      The privacy policy was last updated on 05 Jan 2025.

    • We’re a leading financial services provider with over 22 years of banking operations in Switzerland.

    Click the link below to start the subscription service
    subscribe

    © 2025 Triodosunion Bank. All rights reserved