General Data Protection Regulation Privacy


This privacy notice is applicable only to individuals located in the European Economic Area (“EEA”).  The General Data Protection Regulation (“GDPR”) is European Union (“EU”) legislation that has the principal purpose of providing residents of the EU with more control over their data.

For purposes of the GDPR, BMI Federal Credit Union (hereinafter “Credit Union”) is the Data Controller of the information you provide.  You can contact us for general data protection queries by email.  Please provide us with as much detail as possible regarding your query so that we can comply with your request.  For further information regarding BMI FCU, you can visit us at https://www.bmifcu.org.

We use information about you and your use of the online services offered by the Credit Union to verify accounts and activity, to monitor suspicious or fraudulent activity, to identify possible violations of Credit Union policies and rules and for other purposes of legitimate interest to the Credit Union.  Where required by law or where we believe it is necessary to protect our legal rights, interest and the interest of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of business.  We use information about you where you have given us consent to do so for a specific purpose not listed above.  For example, we may publish testimonials or featured customer stories to promote the online services, with your permission.

Under the GDPR, you have the right to change or withdraw your consent and to request details of any personal data that we hold about you.  Should we have no legitimate reason to continue to hold your information, you have the right to have  your information removed.  We may use automated decision-making in processing your personal information for some services and products.  You may request a manual review of the accuracy of an automated decision if you are unhappy about such a decision.

Pursuant to the GDPR, you have the following rights:

  • The right to be informed.  This means anyone processing your personal data must make it clear what they are processing, why they are processing the data, and what other parties your personal data may be provided to in furtherance of your business with the Credit Union.
  • The right of access.  You have the right to see what personal data the Data Controller has in it is possession about you.
  • The right to rectification.  You have the right to have your personal data corrected or amended if what is being held is incorrect.
  • The right to erasure.  Under certain circumstances, you can ask the Data Controller to delete your personal data that it has in its possession.  This is also referred to as the “Right to be Forgotten”.  This would apply if the personal data is no longer required for the purposes it was collected for, or you have withdrawal your consent to process that personal data, or your personal data has been unlawfully processed.
  • The right to restrict processing.  This gives you the right to ask the Data Controller to temporarily halt the processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  • The right to data portability.  You have the right to ask for any personal data that is being applied by the Data Controller to be provided to you in a structured, commonly used, and machine-readable format.
  • The right to object.  You have the right to object to further processing of your personal data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  • Rights in relation to automated decision making and profiling.  You have the right not be subject to a decision based solely on automated processing.

 We may transfer personal data we have collected from you to third-party data processors located in countries outside of the EEA.  Please be aware that such countries which are outside of the EEA may not have the same level of data protection as that being offered in the EEA.  Our collection, storage and use of your personal data will continue to be governed by the Credit Union’s Privacy Policy.  By using the Credit Union’s online services, you consent to the transfer of your personal data to third party data processors located in countries outside of the EEA.