Privacy Policy

Latvian Credit Union;

Code for the Protection of Personal Information.

This Code was developed in compliance with Part 1 of Canada's Personal Information Protection and Electronic Documents Act

Statutes of Canada 2000, Part 5

Assented to 13th April, 2000

Coming into Force, January 1, 2004

Introduction

Latvian Credit unions and their Central institutions are member-owned and controlled financial institutions and, as such, have an inherent responsibility to be open and accessible while, at the same time, demonstrating the greatest respect for protection of the member's personal privacy.

In adopting this Latvian Credit Union Code for the Protection of Personal Information (the

"Code"), what has been accepted practice becomes a documented commitment to the member.

Principles

Ten interrelated principles form the basis of the Latvian Credit Union Code for the Protection of Personal Information (“the Code"). Each principle must be read in conjunction with the

Accompanying commentary.

1. Accountability

Latvian Credit Union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for Latvian Credit Union's compliance

with the principles of this Code.            

2. Identifying Purposes                                             

The purposes for which personal information is collected shall be identified by  Latvian Credit Union when or before the information is collected.                       

3. Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except in specific circumstances as described within this Code.

4. Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by Latvian Credit Union. Information shall be collected by fair and lawful means.

5. Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

7. Openness

Latvian Credit Union shall make readily available specific, understandable information about its policies and procedures relating to the management of personal information.

8. Individual Access

Upon request, an individual shall be informed of the existence, use. and disclosure of their personal information, and shall be given access to that information. An individual is entitled to challenge the accuracy and completeness of the information and have it amended as appropriate.

9. Compliance                                                   

An individual shall be able to question compliance with the above principles to the Latvian Credit Union Privacy Officer. Latvian Credit Union shall have policies and procedures to respond to an individuals questions and concerns.

Definitions

The following definitions apply in this Code:

Collection
The act of gathering, acquiring, or obtaining personal information from any source, including Third Parties, by any means.

Consent
Voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing.. Express consent is unequivocal and does not require any inference on the part Latvian Credit Union.

Implied consent arises where consent may reasonably be inferred from the action or inaction of the member.

Privacy Officer
The person within Latvian Credit Union who is responsible for overseeing the collection, use, disclosure and protection of personal information, and the day-to-day compliance with the Code.                                                 

Disclosure                                    
Making personal information available to others outside Latvian Credit Union.

Member
The person who is a member and owner of the Latvian Credit union. This Code applies equally to the collection, use or disclosures of personal information about members and non-members. Where the term "member" is used, its intent is also to include nonmembers.

Organization
A term used in the Code that includes business corporations, partnerships, professional practices, persons, government bodies, institutions, associations, charitable organizations, clubs, unions, or any other form of organization.

Personal information
Any information that is about or can be linked to an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.

Third Party                     
Any person or organization other than the Latvian Credit union’s member.

Use                                                        
Refers to the treatment and handling of personal information within Latvian Credit Union.

Principles

1.0 Principle 1 - Accountability

Latvian Credit Union is responsible for personal information under its control and shall designate a Privacy Officer who is accountable for Latvian Credit Union's compliance with the principles of this Code.

1.1 Ultimate accountability for Latvian Credit Union's compliance with the principles rests with the Latvian Credit Union's Board Of Directors, who delegate day-to-day accountability to a Privacy Officer. Other individuals within Latvian Credit Union may be accountable for the day-to-day collection and processing of personal information, or to act on behalf of the Privacy Officer.

1.2 Latvian Credit Union shall identify to Us employees and to other individuals, where appropriate, the Privacy Officer who is responsible for the day-to-day compliance with the principles.

1.3 Latvian Credit Union is responsible for personal information in its control Latvian Credit Union shall use contractual or other means to provide a comparable level of protection while the information is being processed by a Third Party.

1.4 Latvian Credit Union shall implement policies and procedures to give effect to the principles.

Including:

a) procedures to protect personal information;
b) procedures to receive and respond to concerns and inquiries;
c) training staff to understand and follow Latvian Credit Unions policies and procedures; and
d) annual review of the effectiveness of the polices and procedures to ensure compliance with the Code and consideration of any revisions as deemed appropriate.

2.0 Principle 2 - Identifying Purposes

The purposes for which personal information is collected shall be identified by Latvian Credit Union when or before the information is collected.

2.1 Latvian Credit Union shall document the purposes for which personal information is collected prior to the information being collected.

2.2 Latvian Credit Union shall make reasonable efforts to ensure that individuals are aware of the purposes for which personal information is collected, including any disclosures to Third Parties.

2.3 Identifying the purposes for which personal information is being collected at or before the time of collection also defines the information needed to fulfill these purposes.

Latvian Credit Union shall collect personal information for the following purposes:

• to understand the needs of Latvian Credit Union organizations and their members;
• to develop, offer and manage products and services that meet these need
• to provide ongoing service;
• to assist in dispute resolution with the Latvian Credit union and its members;
• to detect and prevent fraud, and to help safeguard the financial interests of the Latvian Credit union and its members.
• to meet legal and regulatory requirements; and
• to meet personnel requirements.

2.4 The identified purposes should be specified to the individual from whom the personal information is being collected. This can be done orally, electronically or in writing. An application form with the purposes highlighted, for example, may give notice of the purposes.

2.5 When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the member is required before information can be used for that purpose.

3.0 Principle 3 - Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except in specific circumstances as described within this Code.

Note: In certain circumstances personal information may be collected, used. or disclosed without the knowledge or consent of the individual. These circumstances include:

• Where clearly in the interests of the individual and consent cannot be obtained in a timely way;

• To avoid compromising information availability or accuracy and if reasonable to Investigate a breach of an agreement or a contravention of the laws of Canada or a province;

• Where the information is considered to be in the public domain;

• To act in respect of an emergency that threatens the life, health or security on an individual;

• To investigate an offence under the laws of Canada, a threat to Canada's security, to comply with a subpoena, warrant or court order, or rules of court relating to the production of records, or otherwise as required by law.

3.1 Consent is required for the collection of personal information and the subsequent use or disclosure of this information. In certain circumstances, consent may be sought after the information has been collected but before use (for example, when existing information is to be used for a purpose not previously identified).

Latvian Credit Union may be required to collect, use. or disclose personal information without the member's consent for certain purposes, including for the collection of overdue accounts, legal or security reasons.

3.2 The principle requires "knowledge and consent".     Latvian Credit Union shall make a reasonable effort to ensure that individuals are aware of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.

3.3 Latvian Credit Union shall not, as a condition of the supply of a product or service, require a member to consent to the collection, use. or disclosure of information beyond that required to fulfill explicitly specified and legitimate purposes.

3.4 In determining the form of consent to use, Latvian Credit Union shall take into account the sensitivity of the information. Although some information (for example, medical and financial records) is almost always considered to be sensitive, any information can be sensitive, depending on the context.

3.5 In obtaining consent, the reasonable expectations of the member are also relevant.

For example, a Latvian Credit Union member or other individual dealing with Latvian Credit Union should reasonably expect  Latvian Credit Union to periodically supply information on Latvian Credit Union developments, products and services, and to provide ongoing services. Similarly, further consent will not be required when personal information is transferred to agents of Latvian Credit Union to carry out functions such as data processing. In this case, Latvian Credit Union can assume that the individual's request constitutes consent for specifically related purposes.

On the other hand, an individual would not reasonably expect that personal information given to Latvian Credit Union would be given to a Third party company selling insurance products, unless consent was obtained.

Consent will not be obtained through deception.

3.6 The way in which Latvian Credit Union seeks consent may vary, depending on the circumstances and the type of information collected. Latvian Credit Union will seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive.

Individuals can give consent:

a) in writing, such as when completing and signing an application;
b) through inaction, such as failing to check a box indicating that they do not wish their names and addresses to be used for optional purposes;
c) orally, such as when information is collected over the telephone or in person;
d) at the time they use a product or service; and
e) through an authorized representative (such as a legal guardian or a person having power of attorney).

3.7 An individual may withdraw consent at any time, subject to legal or contractual restrictions, provided that:                                       

a) reasonable notice of withdrawal of consent is give to Latvian Credit Union;
b) consent does not relate to a Latvian Credit product requiring the collection and reporting of information after Latvian Credit has been granted; and
c) the withdrawal of consent is in writing and includes understanding by the individual that withdrawal of consent could mean that Latvian Credit Union cannot provide the individual with a related product, service or information of value.

Latvian Credit Union shall inform the individual of the implications of such withdrawal.

4.0 Principle 4 - Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified Latvian Credit Union. Information shall be collected by fair and lawful means.

4.1 Latvian Credit Union shall not collect personal information indiscriminately Latvian Credit union shall specify both the amount and the type of information collected, limited to that which is necessary to fulfill the purposes identified, in accordance with Latvian Credit Unions policies and procedures.                                          

4.2 Latvian Credit Union shall collect personal information by fair and lawful means, and not by misleading or deceiving individuals about the purpose for which information is being collected.

5.0 Principle 5 - Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

5.1 When Latvian Credit Union uses personal information for a new purpose, the purpose shall be documented.

5.21 Latvian Credit Union shall protect the interests of individuals by taking reasonable steps to ensure that:

a) orders or demands comply with the laws under which they were issued;
b) only the personal information that is legally required is disclosed and nothing more;
c) casual requests for personal information are denied; and
d) personal information disclosed to unrelated

Third Party suppliers of non-financial services are strictly limited to programs endorsed by Latvian Credit union.                                                                

Latvian Credit Union will make reasonable efforts to notify individuals that an order has been received, if not contrary to the security of Latvian Credit Union and if the law allows it. Notification may be by telephone, or by letter to the member's usual address.

5.3 An individual's health records Latvian Credit Union may be used for Latvian Credit application and related insurance purposes. An individual's health records shall not be collected from or disclosed to any other organization.

5.4 Latvian Credit Union shall maintain guidelines and procedures with respect to the retention of personal information. These guidelines include minimum and maximum retention periods. Personal information that has been used to make a decision about a member shall be retained long enough to allow the member access to the information after the decision has been made Latvian Credit Union may be subject to legislative requirements with respect to retention of records. )

5.5 Subject to any requirement to retain records, personal information that is no longer required to fulfill the identified purposes shall be destroyed, erased, or made anonymous. Latvian Credit Union shall develop guidelines and implement procedures to govern the destruction of personal information.

6.0 Principle 6 – Accuracy

Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

6.1 The extent to which personal information shall be accurate, complete, and up-to-date will depend upon the uses of the information, taking into account the interests of the individual. Latvian Credit Union relies on the member to keep certain personal information, such as address information, accurate, complete and up-to-date. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.

6.21 Latvian Credit Union shall not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected.

6.3 Personal information that is used on an ongoing basis, including information that is disclosed to Third Parties, will generally be accurate and up-to-date unless limits to the requirement for accuracy are clearly set out.

7.0 Principle 7 - Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. Latvian Credit Union will apply the same standard of care as it applies to safeguard its own confidential information of a similar nature.

7.1 The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, use, copying, modification, disclosure or disposal Latvian Credit Union shall protect personal information regardless of the format in which it is held.

7.2 The nature of the safeguards will vary depending on the sensitivity, amount, distribution and format of the information, and the method of storage. More sensitive information will be safeguarded by a higher level of protection.

7.3 The methods of protection will include:

a) physical measures, for example, locked filing cabinets and restricted access to offices;

b) organizational measures, for example, controlling entry to data centres and limiting access to information to a "need-to-know" basis;

c) technological measures, for example, the use of passwords and encryption; and

d) investigative measures, in cases where Latvian Credit Union has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.

7.4 Latvian Credit Union shall periodically remind employees, officers and directors of the importance of maintaining the confidentiality of personal information. Employees, officers and directors are individually required to sign an oath of ethical conduct annually, including a commitment to keep member's personal information in strict confidence.

7.5 Third Parties shall be required to safeguard personal information disclosed to them in a manner consistent with the policies of Latvian Credit Union. Examples include cheque printing, data processing, Latvian Credit collection, Latvian Credit bureaus and card production.

7.6 Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information

8.0 Principle 8 - Openness

Latvian Credit Union shall make readily available specific, understandable information about its policies and procedures relating to the management of personal information.

8.1 Latvian Credit Union shall be open about privacy policies and procedures with respect to the management of personal information and shall make them readily available in a form that is generally understandable.

8.2 The information made available shall include:

a) the name or title, and the address of the Privacy Officer who is accountable for compliance with Latvian Credit Union's policies and procedures and to whom complaints or inquiries can be forwarded;                   

b) the means of gaining access to personal information held by Latvian Credit Union;

c) a description of the type of personal information held by Latvian Credit Union, including a general account of its uses;

d) a copy of any brochures or other information that explaining Latvian Credit Union's policies, procedures, standards or codes; and                  

e) the types of personal information made available to related organizations, such as subsidiaries or other suppliers of services.

8.3 Latvian Credit Union may make information on its policies and practices available in a variety of ways. The method chosen depends on the nature of its business and other considerations. The Latvian Credit Union will display the privacy policy in each office on the bulletin board, notify members through the local Latvian newspaper and print a privacy statement on the bottom of each financial statement sent to its members.

9.0 Principle 9 - Individual Access

Upon request, an individual shall be informed of the existence, use and disclosure of their personal information, and shall be given access to that information. An individuals entitled to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note in certain situations Latvian Credit Union may not be able to provide access to all the personal information it holds about a member. Exceptions to the access requirement will be limited and specific.

The reasons for denying access include the following:

•  providing access would likely reveal personal information about a third party unless such information can be severed from the record or the third party consents to the disclosure or the information is needed due to a threat to life, health or security;

• the personal information has been requested by a government institution for the purposes of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out any investigation related to the enforcement of any law, the administration of any law, the protection of national security, the defence of Canada or the conduct of international affairs;

• the information is protected by solicitor-client privilege;

• providing access would reveal confidential commercial information, provided this information cannot be severed from the file containing other information requested by the individual;                                                                 

• providing access could reasonably be expected to threaten the life or security of another individual, provided this information cannot be severed from the file containing other information requested by the individual;

• the information was collected without the knowledge or consent of the individual for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;

• the information was generated in the course of a formal dispute resolution process.

9.1 Upon request, Latvian Credit Union shall inform an individual of the existence, use disclosure, and source of personal information about the individual held by the Latvian Credit Union and shall allow the individual access to this information. However, Latvian Credit Union may choose to make sensitive medical information available through a medical practitioner.

9.2 For Latvian Credit Union to provide an account of the existence, use, and disclosure of personal information held by Latvian Credit Union, an individual may be asked to provide sufficient information to aid in the search. The additional information provided shall only be used for this purpose.

9.3 In providing an account of Third Parties to which -it has, or may have, disclosed personal information about an individual. Latvian Credit Union will be as specific as possible, including a list of Third Parties.

9.4 Latvian Credit Union shall respond to an individual's request within a reasonable time and at no cost or reasonable cost, to the individual. The requested information shall be provided or made available in a form that is generally understandable. For example, if Latvian Credit Union uses abbreviations or codes to record information, an explanation will be provided.

9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, Latvian Credit Union shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion or addition of information. Where appropriate, the amended information shall be transmitted to Third Parties having access to the information in question.