Privacy Policy

Last updated: May 28, 2026

1. Who We Are

Bradford District Credit Union Limited ("Bradford CU", "we", "our", "us") is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority (FCA) and the PRA. Our registered address is 14 Manningham Lane, Bradford, BD8 7JF, UK. We are committed to protecting your personal data and complying with applicable data protection law, including the UK GDPR and the Data Protection Act 2018.

2. Information We Collect

We may collect the following personal data:

  • Identity Data: Full name, date of birth, national insurance number, government-issued ID.
  • Contact Data: Address, email address, and telephone numbers.
  • Financial Data: Bank account details, credit history, income information, and payment records.
  • Transaction Data: Details of payments to and from your account.
  • Technical Data: IP address, login data, browser type, and usage data from our online services.
  • Marketing Preferences: Your preferences for receiving communications from us.

3. How We Use Your Information

We use your data to:

  • Verify your identity and fulfil our legal obligations under FCA/PRA regulations.
  • Manage your accounts, process loans, and deliver services.
  • Detect and prevent fraud and financial crime.
  • Send account statements, alerts, and service communications.
  • Improve our products and digital services.
  • Comply with legal and regulatory requirements.

4. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract: To fulfil our obligations to you as a member.
  • Legal Obligation: To comply with FCA, HMRC, and anti-money-laundering regulations.
  • Legitimate Interests: To manage fraud risk and improve our services.
  • Consent: For optional marketing communications (which you can withdraw at any time).

5. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Credit reference agencies (Equifax, Experian, TransUnion) for loan assessments.
  • Fraud prevention agencies and regulatory bodies.
  • IT service providers and cloud hosting partners, bound by data processing agreements.
  • Our insurance and financial product partners, only as required to provide services you've requested.

6. Data Retention

We retain personal data for as long as required to fulfil the purposes outlined in this policy, or as required by law. Account data is typically retained for 7 years following account closure in accordance with FCA guidance.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal retention obligations).
  • Restrict or Object to certain processing.
  • Data Portability — receive your data in a machine-readable format.
  • Withdraw Consent at any time where consent is the legal basis.

To exercise any of these rights, contact: info@bradfordcu.org

8. Cookies

Our website uses essential cookies to ensure the site functions correctly, and optional analytics cookies to understand how visitors use our site. You can manage cookie preferences through your browser settings. We do not use advertising or tracking cookies.

9. Security

We implement bank-grade technical and organisational measures to protect your data, including 256-bit TLS encryption, multi-factor authentication, firewalls, and regular security audits. Please see our Security Policy for full details.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the latest revision. Significant changes will be communicated to members via email.

11. Contact & Complaints

If you have any questions or concerns, contact our Data Protection Officer at info@bradfordcu.org. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.