Security & Privacy
Security & Privacy
Our online banking system is safeguarded with the best security available in a commercial environment, ensuring that your information is protected while data is transmitted between your computer and our banking server.
Internet encryption protects your information while it is in transit between your computer and our systems. Encryption ensures that data cannot be read or altered because the information is scrambled. Our online banking website uses a 128-bit SSL, encrypting both request and response transactions, through a secure connection. To establish a secure connection, verify that the prefix of our website address in your browser reads 'https' (and not simply 'http'). All the browsers we support meet this requirement. If yours doesn't, please download the appropriate encryption support from your browser's supplier.
Controlled Access to Your Accounts
Your accounts can only be accessed by providing the correct login credentials and Personal Access Code (PAC), which only you know. Our employees never know these details and will never ask you to provide them with this information.
Enhanced Security Login Process
The first time you log in to your online banking account, you will be asked to choose from a list of security questions and answers. Be sure to pick questions with answers that are not easy to guess. Use ones that only you know. If you have a joint account, the questions and answers for both users must coincide. You can register your home or personal computer so that you will not have to answer a security question every time you log in. However, when you log in to your account from another machine, we will ask one of the security questions to confirm your identity.
For security reasons, we track the number of login attempts used to access your online banking. After a number of incorrect attempts to provide the correct PAC or answers to security questions, your online access will be immediately disabled. To regain access, please contact a branch.
When visiting a branch, you can feel confident that your money is safe and secure, with the premises adorned by vaults, locked doors, security and surveillance. We are keeping you just as safe when you bank online but once your information reaches your computer, you have a responsibility to protect it.
Personal Access Codes (PAC)
Online credentials can be numerous as they are needed for email accounts, social networking sites, online newspapers and shopping websites. That's a lot of usernames and passwords – and it can be tempting to use the same combination for everything. But this makes it far too easy for hackers because once they have one password, they can access all your sites. Login credentials are the keys to your accounts so don't leave those keys around for anyone to find. For online banking, the key is your Personal Access Code (PAC). We recommend you:
- Choose a PAC that is easy for you to remember but difficult for others to guess. Avoid using current phone numbers, dates of birth, or social insurance numbers.
- Don't save a list of your credentials on your device. If you have to write them down, keep these details locked away somewhere only you can access or consider using password-management software, which secures and encrypts usernames and passwords and allows you to use a single master password.
- Do not share your PAC with anyone, especially online. Employees of our financial institution will never call, email, write or ask you to provide your online banking credentials. Ever.
- Don't authorize browsers to memorize your credentials. Saving these on your computer allows anyone using your device to gain access to your login-protected sites.
- Consider changing your PAC every 90 days for optimum security.
When you move, it is important to notify us of your change of address. If your mailing information isn't up-to-date, statements or letters that contain personal information will continue to be sent to your former address.
You may prefer to eliminate paper statements altogether, avoiding any possibility of mail theft. Eliminate paper documents, go electronic and be secure while doing it. Our e-Statements are a digital archive of your monthly banking activity than can be downloaded as a PDF from our secure online banking site.
Logging In and Out
When you are finished with your banking session, always log out by clicking the "Log Out" button, as opposed to simply closing the browser window. To help protect your information, your online banking session will end automatically if there has been no activity for a period of time. If your session has timed out, no further transactions can be made until you log in again. This time-out feature helps protect your accounts from unauthorized access if your device is left unattended or if you have forgotten to log out.
Clearing Cookies and Cache
When you spend time on the Internet, your browser stores information, such as the websites you visit, the images and files you view, and your personal information, including passwords and login details. This data is held on your computer's hard drive and is known as 'cache.' Even though you may have logged out and closed your browser, this information may remain accessible. You can protect your data by clearing your browsing history regularly.
Some web browsers have a feature that allows you to browse the Internet without the browser storing information, such as the sites you visit, the images you see and videos you watch. This feature is sometimes used by people who share the same computer. Private browsing is a temporary option and must be selected in order for it to be activated. Private browsing, however, does not give you immunity to spyware or make you anonymous. It is still possible for your Internet service provider, employer or the websites you visit to track your online activity.
Monitoring Your Accounts
Frequently reviewing your paper and/or electronic account statements and registering for our alerts system ensures that you spot any incorrect or fraudulent transactions as soon as they occur. If your card has been skimmed (when the card's magnetic stripe and PIN are fraudulently copied by embedded devices at ATMs or point-of-sale devices) or unauthorized transactions have been made, you will want to catch this as soon as possible. Every time you receive an account statement verify you made all the transactions.
We are committed to adopting the privacy standards established by federal and provincial regulatory bodies. Ten privacy principles have been adopted to govern the handling of member information. Below is a summary of these ten principles:
The Board of Directors has appointed a Privacy Officer to ensure compliance with the appropriate privacy legislation. The Privacy Officer is responsible for ensuring compliance with this policy.
2. Identifying Purposes
Sudbury Credit Union will only use personal information for the purposes described below.
- to establish and confirm the member's identification
- to aid in understanding the member's needs and to develop, manage and communicate to the member on products and services to meet those needs
- to evaluate your credit standing and worthiness, where applicable, by sharing or exchanging information with credit reporting agencies
- to meet legal and regulatory requirements
- to detect and prevent fraud, and to help safeguard the financial interests of the credit union and its members
- to determine the suitability and eligibility for member products and services
- to provide ongoing services
The purposes for which personal information is collected will be described to you before or at the time the information is collected. We will not use collected information for a new purpose without your consent.
We require your knowledge and consent for the use, collection or disclosure of personal information. New members will provide consent through the completion of the Privacy and Consent Agreement. Existing members will be notified annually with information regarding providing and withdrawing consent. Members have the right to refuse to provide information or to withdraw their consent, at any time, for the collection, use or disclosure of their personal information. In order to withdraw their consent, a written request must be forwarded to the Privacy Officer with 60 days notice. In some instances withdrawal of consent can not be granted. These instances are specifically referenced to in the credit union policies. You can request to have your name not provided to affiliated companies. You can also advise the credit union that you prefer not to receive direct marketing materials regarding products and services. The credit union may still forward marketing materials with other required communications such as statements.
4. Collection of Information
The information collected will be limited to that which is necessary for the purposes identified by the credit union and the information shall be collected by fair and lawful means.
5. Use, Disclosure and Retention of Information
Information will only be used for the purposes specified at the time of collection except with the consent of the member or as required by law.
We only maintain your personal information for as long as it is required to fulfil the purpose for which it was collected. The length of time we keep information is also determined by legal requirements. We have established retention periods for personal information. Subject to any requirements to retain information, Sudbury Credit Union will ensure that personal information that is no longer required will be destroyed, erased or made anonymous in a secure manner.
We will only release your personal information in specific circumstances and only if you have provided consent to do so or as required by law. We will not sell or give lists of our members to other organizations.
We will endeavour to keep your personal information accurate for as long as it is required to fulfil the purpose for which it was collected. In order to achieve this, we request that members provide us with notification of any changes, for example, new address or telephone number. This enables us to provide ongoing service.
To make or report a change in your information please contact us at (705)-682-0641 Ext. 0.
Credit Union employees take seriously the confidentiality of member information. Only employees and members of the Board of Directors have access to reports that contain personal member information. Each employee and director is required to sign an agreement to maintain the confidentiality of personal member information. Sudbury Credit Union has put in place safeguards to protect paper-based and electronic member information.
9. Individual Access
Upon written request, any member may view the information maintained by Sudbury Credit Union. The member may review the information for accuracy and request any amendments where appropriate.
We may charge a nominal fee, however we will advise you of the fee in advance. There may be instances when we can not provide you with the personal information you have requested. They include:
- If it contains references to other persons.
- If it is subject to solicitor-client privilege.
- If it contains information that is confidential to us.
- If we have destroyed it because the information was no longer needed for its purpose.
- For legal requirements.
Members may contact the Privacy Officer regarding any questions, suggestions, or comments concerning compliance with these principles. Such inquiries shall be directed to:
Sudbury Credit Union
Attention: Privacy Officer
1 Gribble Street, Box 662
Copper Cliff, ON P0M 1N0
Sudbury Credit Union has adopted these ten principles of Protecting Member Privacy in accordance with The Personal Information Protection and Electronic Documents Act.
- Accountability - The credit union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for the credit union's compliance with the principles of the Code.
- Identifying Purposes - The purposes for which personal information is collected shall be identified by the credit union at or before the time the information is collected.
- Consent - The knowledge and consent of the member are required for the collection, use and disclosure of personal information, except in specific circumstances as described within this Code.
- Limiting Collection - The collection of personal information shall be limited to that which is necessary for the purposes identified by the credit union. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure and Retention - Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the member or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
- Accuracy - Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards - Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. The credit union will apply the same standard of care as it applies to safeguard its own confidential information of a similar nature.
- Operations - The credit union shall make readily available to members specific, understandable information about its policies and practices relating to the management of personal information.
- Individual Access - Upon request, a member shall be informed of the existence, use, and disclosure of their personal information, and shall be given access to that information and have it amended as appropriate on proof of inaccuracy.
- Challenging Compliance - A member shall be able to question compliance with the above principles to the Privacy Officer accountable for the credit union's compliance. The credit union shall have policies and procedures to respond to the member's questions and concerns.
This information page describes in general terms how your personal information is collected and used within the online banking section of our site. The online banking area of the site is the area of our website that requires you to use your Member ID and Personal Access Code (PAC) to enter.
Controlled Access to your Information
To ensure that you are the only person accessing your personal financial information, we restrict access to the online banking section of the site by requiring that you enter your Member ID and PAC to login. Only you know your PAC. Our employees do not have access to your PAC, and they will not ask you to reveal it. If someone does ask you to provide your PAC to them, we ask that you refuse to do so and contact us immediately.
By nature, our Internet banking site has many transactional functions such as transfers between accounts and bill payment functions. These transactions are all logged to ensure that your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account information. We store and use your transactional information in the same fashion as if you performed the transaction at a branch or through any other service channel.
We may also use transactional information for servicing your account — for example, billing you for the particular transactions that you perform, or for the services that you use.
Creating a Secure Channel
We create a secure channel between your browser and our server to protect your information when you use the site. To learn more about how we do this, please review our information on Internet Security.
To provide you with a convenient method for applying for loans and mortgages, or for purchasing other financial services products such as Registered Savings Plans, we may provide secure online application forms. These forms capture personal information that we use to provide you with the products and services you request. This information is processed in a similar way to application forms received through our other channels.
Website Usage Statistics
To continually improve our site, we often collect statistics about how our members are using it. These usage statistics are only viewed in the aggregate and are not associated with you as an individual. We use this information for purposes such as improving the pages where our members are having difficulties.
The information collected may include your IP address, your browser type and your operating system, as well as data such as the number and types of pages visited, and the length of time spent per page and on the site overall.
We also use a key web technology called cookies. A cookie is a small information token that sits on your computer. As you use this site, cookies are passed back and forth between our server and your browser.
Specifically, we use two kinds of cookies — session cookies and persistent cookies. A session cookie exists only for the length of your browsing session and is deleted when you close your browser. A persistent cookie is a cookie that stays on your computer after you close your browser. A persistent cookie may or may not expire on a given date.
We use a session cookie to maintain the integrity of your online banking session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any personal information, such as your name, or date of birth, or financial information, such as your accounts and balances.
We may use persistent cookies to (i) provide you with a customized experience by recording your preferences; (ii) gather statistical information such as average time spent on a page; and (iii) to show you targeted marketing information about us when you visit other websites. The data gathered provides us with information on how we can improve the design, content and navigation of our website.
Most recent browser versions allow you to set some level of control over which cookies are accepted and how your browser uses them. For example, it may be set to notify you when it is receiving a cookie so that you accept cookies from only known, reliable sites such as this one. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the Help section of your browser to learn more about its specific control features.
Memorized Accounts Feature
We use a persistent cookie to store information to help you personalize the site and to make it easier to use. For example, we allow you to make the login easier by remembering your login information within our Memorized Accounts feature. Since the Memorized Accounts feature is optional, this cookie only contains information that you have entered into it. We never store your Personal Access Code (PAC) in a cookie.
To ensure that no-one else can access your personal information, always use the logout button to end an online banking session. It is located at the top of every page. When you exit using the logout button, we delete your session cookie so that your session cannot be resumed unless your Member ID and PAC are re-entered.
Automatic Session Time-outs
In the event that you leave your computer without logging out, the online banking feature of this site has been designed to end your session automatically if our system detects that you haven't provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your PAC again.
To communicate with us electronically, we strongly recommend that you use our Contact Us feature. This feature provides a secure channel for sending us comments, questions or instructions.
General email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend that you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality en route to us.
When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We then store your email and our replies to you in case we correspond further.
Links to Other Sites
Our site may also contain links to other websites or Internet resources. As an example, from time-to-time we may provide links to Microsoft or Netscape to assist you in upgrading your Internet browser. However, we have no control over these other websites or Internet resources and do not control their collection, use and disclosure of your personal information. Always review the Privacy Statements of the sites that you are viewing.
We welcome any questions or concerns about your privacy relating to use of our website. Please use the Contact Us form to submit your questions or comments.
As we continue to expand our online banking service to serve you better, and as new Internet technologies become available, we may update the information on this page at any time, to reflect changes.