This polices applies to information we collect when you visit or use our web-based service and any other online services offered by AFCU (collectively, “Online Services”). Online Services include but are not limited to the AFCU website, AFCU Online and Mobile banking, AFCU social accounts, as well as any interactions you may have while viewing content provided through AFCU’s digital campaigns. We may combine this collected information with information we collect in other contexts, such as from our phone calls, emails and texts with you, from third-party data sources for fraud prevention, identity verification, or marketing purposes, from companies we work with and from publicly available data sources. By interaction with AFCU’s Online Services, you are consenting to these terms.
Our Online Services are not intended for children under 13. Please refer to our Children’s Online Privacy Protection Act at www.advantagefcu.org/disclosure-statement.
When you interact with us on our official social media pages, such as Facebook, Twitter, Instagram and LinkedIn or elsewhere on social media, we may collect information such as your likes, interests, feedback and preferences. We may collect additional information from social media companies if you choose to share with them and they, in turn, share such information with us.
Any posts you make on our official social media pages – including posts that contain pictures, suggestions, opinions, complaints and personal information – are available to others who use those pages. Never include sensitive personal, financial or other confidential information such as your Social Security Number, account number, phone number, mailing address or email address when posting or commenting online. Please refer to the privacy policies of our social media partners when you interact with them online.
We reserve the right to remove content that contains sensitive information, is offensive or inaccurate at our sole discretion.
How AFCU Collects Information
Information is collected directly from you when you apply or register for our products and services, use our Online Services or mobile apps, communicate with us, respond to surveys, provide feedback, or enter contests or promotions.
Information is collected automatically when you use our Online Services. We and others on our behalf may collect Device Data, Online/Mobile Activity Data and other information automatically when you interact with us on line
Information We Collect
When you visit or use our Online Services, we may collect personal information from or about you such as your name, email address, mailing address, telephone number(s), account numbers, limited location information (for example, a zip code to help you find a nearby ATM), user name and password. We may also collect payment card information, social security numbers, driver’s license numbers (or comparable) when you provide such information while using our Online Services where we believe it is reasonably required for ordinary business purposes.
When you interact with us through mobile banking, we may collect information such as unique device identifiers for your mobile device, your screen resolution and other device settings, information about your location, and analytical information about how you use your mobile device. Mobile banking collects location data to enable push notifications even when the app is closed or not in use. It is also used to support promotional offers from the Credit Union. If you use any location – based feature of Mobile banking, you agree that your geographic location and other personal information may be accessed and disclosed through Mobile Banking. If you wish to revoke access to such information, you must cease using location-based features of Mobile Banking via your device’s settings.
We may also collect information about you from additional online and other sources, including from co-branded partner sites or commercially available third-party sources, such as credit reporting agencies.
Use of Information
We use information for various purposes depending on how you interact with us, including but not limited to:
- Providing, maintaining and servicing your accounts;
- Processing applications and transactions;
- Verifying your identity;
- Detecting and preventing fraud;
- Protecting against security risks;
- Advertising and marketing and tailored content and marketing messages;
- Conducting analytics and research;
- Improving our products and services;
- Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our polices;
- Using aggregated and de-identified information;
- Responding to your requests and communicating with you;
- Managing your preferences; and
- For other purposes that we may disclose at the time you provide or we collect your information.
How Do We Share Information Collected Online
We share information with government entities and others for legal and necessary purposes, such as:
- To respond to requests from our regulators or to respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order, or other legal process.
- For other legal purposes, such as to enforce our terms and conditions, exercise or defend legal claims, or if we determine that disclosure is necessary or appropriate to protect the life, safety, or property of our members, ourselves or others.
Online Tracking Technology
We use a variety of online tools and technology, including but not limited to server logs, cookies, local shared objects, pixels, web beacons, etc., to collect information when you visit or use our Online Services.
Clear GIFs, pixel tags or web beacons – which are typically one- pixel, transparent images located on a webpage or in an email or other message – or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements or you otherwise interact with advertisements outside of our online services. These are principally used to help others recognize users, assess traffic patterns and measure site or campaign engagement.
Local Shared Objects, sometimes referred to as “flash cookies” may be stored on your hard drive using a media player or other software installed on your device. Local Shared Objects are similar to cookies in terms of their operation, but may not be managed in your browser in the same way.
You may opt out of certain targeted advertising, however it must be done separately on each specific browser and device that you use. Visit the cross-industry Self-Regulatory Program for Online Behavioral Advertising (OBA) managed by the Digital Advertising Alliance (DAA) to opt out of OBA and follow the instructions: http://youradchoices.com You can help preserve web browser opt-out preferences set through the DAA’s WebChoices tool by using the ‘Protect My Choices’ plug-ins. Please note that you may still receive general advertising from us even after you opt out of targeted advertising.
Linking To Third-Party Websites
AFCU uses reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings. Please note that information you send to us electronically may not be secure when it is transmitted to use. We recommend that you do not use unsecured channels to communicate sensitive or confidential information (such as your account number or social security number) to us.
The California Consumer Privacy Act (“CCPA”) provides consumers (California Residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise these rights.
Your Rights Under the CCPA
- Right to know the information AFCU collects about you;
- Right to know what information AFCU shares about you;
- Right to request:
- The categories of personal information collected about you with in the preceding twelve (12) months;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collecting personal information;
- The categories of third parties with whom information is shared; and
- The specific pieces of personal information that AFCU collected about you.
- Right to request deleting of certain personal information; and
- Right to non-discrimination in accessing products and services when exercising these rights.
Right to Know
Under the CCPA, consumers (California residents) have the right to request that AFCU disclose certain personal information that it collects, uses, discloses and sells that is not subject to the exemption of information covered under the federal Gramm-Leach-Bliley Act and implementing regulations, California Financial Information Privacy Act, or the Fair Credit Reporting Act. To request this information, to request this information, complete our online form or call us at 1-888-454-2328.
By law and regulation AFCU is required to positively verify your identity prior to responding to your request. Below are ways that AFCU will attempt to positively verify your identity:
- If you have online banking with AFCU, you may submit a secure message request and additional information will not be required.
- If you do not have online banking with AFCU, you will need to provide a valid identification including a state-issued driver’s license, ID card or US or other government issued passport, plus a document proving your address, such as the address portion of a utility bill, bank, investment or credit card statement (number redacted) that contains the name and address that matches your ID and information request.
- If making the request by phone, we will require you to send AFCU the information listed above to verify your identity.
- If you are requesting to know specific pieces of information a higher degree of verification may be required. AFCU will also require, pursuant to CCPA regulations, that you submit a signed declaration under penalty of perjury that you are the consumer for whom the information relates.
- If AFCU is unable to positively identify the individual making the request is the member to whom the information relates, AFCU may ask for additional verification or may deny the request.
If you use an authorized agent to submit a request to know information under CCPA, you must provide the agent a signed written permission which the agent will have to provide to us in order to submit the request on your behalf. An agent’s failure to provide proof of authorization will result in a denial of the request.
Right to Request Deletion of Personal Information
Under CCPA, consumers have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. Consumers can exercise this right by making a verifiable request. The business must delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records. Please note that a business does not have to honor such a request if the personal information is necessary to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
- Comply with a legal obligation.
- Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
For further information regarding our Online Banking and Mobile App, please review our disclosures at https://www.advantagefcu.org/disclosure-statement/