Last Updated – March 31, 2025
CCU recognizes the importance of protecting your personal information.
Our Privacy Policy describes the information CCU currently (collectively “CCU’s” “our,” “we,” or “us”) collects, how it is used and disclosed, and your choices about uses and disclosure under specific privacy laws.
We use cookies, session replay technologies (e.g., tracking your online session), and other tracking technologies. We may also share data with service providers.
We reserve the right to change this Privacy Policy from time to time. Please check the Privacy Policy periodically to familiarize yourself with the changes and ensure your comfort and understanding. If we make changes, we’ll revise the “Last Updated” date at the top of this policy, and we will notify you of those changes through other reasonable means of communication, such as email. We will comply with applicable law concerning any changes we make to this policy. By continuing to use our Services, you agree to this Privacy Policy and the Terms of Service and consent to CCU’s collection, maintenance, use, and disclosure of your information, data, and other information per this policy.
1. SCOPE
This Privacy Policy applies to personal information handled or otherwise processed by us in our business, including on our websites, our platforms, mobile applications, and other products or applications CCU offers or uses (collectively, the “Services”). This Privacy Policy applies to you whether you use and access the Services for personal or business purposes.
This Privacy Policy does not apply to third-party websites, services, or applications, even if they are accessible through our Services. It also does not apply to the processing of “non-public information” that is subject to the Gramm Leach Bliley Act (“GLBA”). If you seek, apply for, or obtain a financial product or service with us, we will use and share the information we collect from or about you per our Privacy Notice (PDF).
A. Personal Information We Collect
1. Information you provide to us
We may also collect personal information when you use our website (“Site”), products, and services. We may collect the following types of information:
· Account and contact information. If you create an online or bank account, request information about us, or use our Services, we may collect certain information that can be used to identify you, including your full name, job title, occupation, telephone numbers, email address, postal address, age, gender, government identifiers where you can be reached, preferences, interests, date of birth, voice recordings or other biometric identifiers, driver’s license number, Social Security Number, financial information, geolocation, the contents of your communications with us.
· Financial information. We collect the information you provide when opening a deposit account, requesting a loan, or other related services, including your Social Security Number, income, employment history, credit history, credit scores, and transaction and purchase history details.
· How you use our sites and mobile apps. We may collect information about your browsing, searching, and buying activities, such as your IP address, device numbers, and identifiers, web addresses of the sites you come from and go to next, screen recordings, keystrokes, cursor movements, screen interactions, and clicks, browser and operating system information, platform type, connection speed, and other attributes. We may derive the general area you are in and the internet service provider you use from your IP address.
· Interactive features and mobile apps. We and others who use our Services may collect personal information you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, community forums, blogs, or social media pages).
· Inferences. We may use inferences from any collected information to create a profile about your preferences and characteristics.
· Job applications. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, resume, and/or cover letter, we will collect and use the personal information you provide.
· Security and Fraud Protection. We collect information to authenticate your identity when you contact us or use our mobile applications.
· Surveys. We may also contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information, including personal information.
2. Information collected automatically or from third parties
We may collect personal information automatically using technical data collection techniques when you use our Services.
Technical Data Collection. When you visit our Services, we may collect your internet protocol (“IP”) address, user settings, MAC address, user data including email, name and location, browser information including plug-ins, device type, operating system and platform, time zone setting, and pages visited. This information is collected to improve our services, diagnose technical issues, and prevent fraudulent activities. We track this data using cookies, local storage, JavaScript, pixel tags/ web beacons or clear GIFs HTTP headers, server logs among other mechanisms, IP address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use (“Technologies”).
To help you better understand how Technologies work, here is some additional information:
Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience. We use cookies and other technologies to help us tailor our Sites to our users, offerings, and marketing. Some features of our Sites may not work as intended if you decline to allow or deactivate cookies. You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some site features may not work correctly for you. For instructions on removing existing cookies from your hard drive and/or blocking cookies from all websites, go to your Internet service provider, operating system, or browser’s website for detailed instructions.
We use multiple cookies: operationally necessary, performance-related, functionality-related, and advertising or target-related.
o Operationally necessary. This includes Technologies that allow you access to our Services, applications, and tools required to identify irregular site behavior, prevent fraudulent activity, engage in network management, improve security, or use our functionality. These cookies will always be on and cannot be switched off in our systems.
o Performance related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services (see Analytics below).
o Functionality related. We may use Technologies that allow us to offer you enhanced functionality when you access or use our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
o Advertising or targeting related. We may use first-party or third-party Technologies to deliver content on our Services or third-party sites, including ads relevant to your interests.
· Pixel Tag or Web Beacon. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. Using a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a specific advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
Analytics. We may use website analytics and other third-party tools to provide you with the best possible experience with our platforms, Site, and offerings. We will use this data to manage customer interactions, manage the success of campaigns, engage in a session replay analytics service that allows us to record and replay an individual’s interaction with the Services, and understand how users interact with our Site.
· Google Analytics. CCU and third-party vendors use Google Analytics to serve more relevant ad experiences across the web based on previous visits to our website. We use the following Google Analytics features: re-marketing, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest reporting. CCU and third-party vendors, including Google, use first-party cookies such as the Google Analytics cookie) and third-party cookies (such as the AdWords & DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website. CCU and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as a DoubleClick cookie) together to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visit to our site. We use data from Google’s interest-based advertising or third-party audience data (such as age, gender, and interests) with Google Analytics to serve more relevant ad experiences based on previous website visits. We may use remarketing with Google Analytics to advertise online, which means third-party vendors, including Google, may show ads on sites across the Internet. For more information, please visit this website. You can opt out of Google’s collection and processing of generated data using the Ad Settings in your Google Account.
C. Information from other sources
We may obtain information about you from other sources, including through third-party services and organizations, to supplement your information. For example:
· Business development and strategic partnerships. We may collect personal information from individuals, third-party services, and organizations to assess and pursue potential business opportunities.
· Bank partners. If you enroll in banking services, we may receive information from our bank partner, including your transaction and purchase history. We use this information to facilitate online banking services, cash-back programs, and rewards programs.
· Credit information. We obtain credit information when you use our Services.
· Fraud and security. We may collect information from other third-party providers for identity verification, security monitoring, and other services that help us protect our Services.
· Demographic and interest data. We collect age and gender information.
· KYC providers. If you open a bank account or a loan, we may receive information from third-party Know Your Customer (“KYC”) verification services to authenticate your identity and the information you provide.
· Marketing leads and other information we purchase or receive. This includes lead information we buy and information from referral campaigns or similar initiatives.
· Widely available or public data. We may also collect widely available or publicly available data, such as tax, assessment, or demographic information about you, from local, state, or federal governments or agencies.
D. Collection and Use of Sensitive Information
We have collected the following categories of sensitive personal information (as defined under specific US state privacy laws) from consumers within the last twelve months:
· Government identifiers: Social Security Number, driver’s license, government-issued identification card, or passport number
· Complete account credentials
· Contents of mail, email, and text
· Biometric information processed to identify an individual
· Financial account information
· Credit card numbers
3. HOW WE USE YOUR INFORMATION
We use your information for various business purposes, including providing our Services, administrative purposes, and marketing products and services that may interest you, whether from CCU or nonaffiliated third parties, as described below. When we process your personal information, we do so when (i) needed to perform our responsibilities in connection with our obligations to you, (ii) we have a legitimate interest in processing your personal information, (iii) we have a valid legal basis for doing so, and (iv) we have your consent to do so. We retain personal information about you for as long as necessary to provide you with the Services. Sometimes, we keep personal information longer if required to comply with our legal obligations or as permitted by applicable law. Afterward, we retain some information in a de-identified and/or aggregated form but not in a way that would identify you personally. We may use automation, including artificial intelligence, to assist us with these uses.
A. To Provide Our Services
We use your information to fulfill our contract with you and provide you with our Services, such as:
· Managing your information and setting up your bank accounts or loans;
· Approving or declining loans, deposit accounts, or services applications;
· Servicing the products and Services you have with us;
· Working with consultants and auditing firms;
· Answering requests for customer or technical support;
· Communicating with you about your account, activities on our Services, and policy changes;
· Providing advertising, analytics, and marketing services;
· Processing applications if you apply for a job we post on our Services;
· Allowing you to register for events;
· Furnishing you with customized materials about offers, products, and services that may be of interest, including new content or services from us or nonaffiliated third parties;
· Using the information for internal business purposes, such as data analysis, benchmarking, audits, research, analysis, studies or surveys, and identifying usage trends.
B. Administrative Purposes
We use your information for various administrative purposes, such as:
· Pursuing our legitimate interests, direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
· Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
· Measuring interest and engagement in our Services;
· Researching and developing products, services, marketing, or security procedures to improve their performance, resilience, reliability, or efficiency;
· Improving, upgrading, or enhancing our Services;
· Monitoring internal sales and other metrics;
· Ensuring internal quality control and safety;
· Authenticating and verifying your identities, including requests to exercise your rights under this Privacy Policy;
· Debugging to identify and repair errors with our Services;
· Auditing relating to interactions, transactions, and other compliance activities;
· Enforcing our Terms of Service and other policies;
· Complying with our legal obligations, protecting your vital interest, or as may be required for the public good.
C. Marketing and Advertising Products and Services from CCUCCU or Nonaffiliated Third Parties
We partner with third-party ad networks to either display advertising on our Site or to manage our advertising on other sites. Our ad network partner uses cookies and web beacons to collect non-personal information about your activities on this website and other websites to provide targeted advertising based on your interests. If you wish not to use this information to serve targeted ads, visit DoubleClick’s opt-out page or the Network Advertising Initiative opt-out page. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
D. Other Purposes
· Automated decision-making. We may engage in automated decision-making by analyzing your online behavior and interests to recommend specific products or services, including in connection with AI and ML models. The processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have a proper legal basis, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision-making, please contact us as outlined in “Contact Us” below.
· Consent. We may use personal information for other purposes disclosed to you when you provide personal information or with your consent.
· Using de-identified and aggregated information. We might also share information collected from you from the CCU Site with a third party if that information has been de-identified or aggregated in a way that does not directly identify you.
We disclose your information to third parties for various business purposes, including to provide our Services, to protect us or others, or in the event of a significant business transaction such as a merger, sale, or asset transfer, as described below. We do not share your information (including, but not limited to, the personal information of your end users) with third parties who are not business partners (as discussed below) for their direct marketing purposes unless you consent. SMS consent is not shared with third parties for marketing purposes. CCU may use certain services for fraud prevention and detection, which may include collecting biometric data. Please refer to CCU’s Biometric Data Privacy Policy for additional information.
A. Disclosures to Provide Services
The categories of third parties we may share your information with are described below.
· Advertising Partners. We may share information collected from you on the CCU Site with third-party service providers or consultants who need access to the data to perform their work on CCU’s behalf, such as a website analytics company or our third-party advertising partners. These third-party service providers are limited to accessing or using this data only to provide services to us. They must provide reasonable assurances that they will appropriately safeguard the information.
· Affiliates. For more information about our affiliate sharing practices, please see our Privacy Notice (PDF).
· Business Partners. We may share your personal information with business partners to provide you with a product or service that may interest you. We may also share your personal information with business partners with whom we offer products or services jointly. These partners may also use our information to customize offers and services for you or their marketing purposes.
· Service providers and other partners. We may share your personal information with our vendors, third-party service providers, and partners who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.
B. Disclosures to Protect Others
We may disclose your information to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or a government request (including to meet national security or law enforcement requirements), (ii) to obtain legal advice, (iii) to enforce our agreements and policies, (iv) to protect the security or integrity of the CCU Site or our services and products, (v) to protect ourselves, our other customers, or the public from harm or illegal activities, or (vi) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing a death or serious bodily injury. If CCU is required by law to disclose any of the information that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement unless we are prohibited from doing so by statute, subpoena, or court or administrative order. Further, we object to requests that we do not believe were issued properly.
C. Disclosure in the event of merger, sale, or other asset transfers
If we go through a corporate sale, merger, reorganization, receivership, dissolution, purchase or sale of assets, financing, or similar event, your personal information may be part of the assets sold, transferred, or shared in connection with due diligence for any such transaction as permitted by law and/or contract. Any acquirer or successor of CCU may continue to use the information we collect from you through our website as described in this policy.
4. INFORMATION FROM CHILDREN
We do not knowingly collect any personal information directly from children under 16. If we discover we have received any personal information from a child under 16 in violation of this Privacy Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone under 16, please reach out to us as described in the Contact Us section below.
5. SECURITY OF YOUR INFORMATION
We use appropriate security measures to protect the security of your information, both online and offline. These measures vary based on the sensitivity of the information we collect, process, and store and the current state of technology. Please note that no website or internet transmission is completely secure, so while we strive to protect your information, we cannot guarantee that unauthorized access, hacking, data loss, or a data breach will never occur.
6. CALL RECORDING
We record all calls to discuss our services, and we may use nonaffiliated third-party vendors to record the calls and provide communications analytics. We use this information to improve our customer service, train our staff, resolve disputes or complaints, ensure the quality of our communications, and comply with regulatory requirements. By continuing with the call after hearing the recording disclosure, you consent to the recording and analysis of the conversation as described in this Privacy Policy. The recordings may capture personal information shared during the call, including but not limited to (i) name and contact information, (ii) account details, (iii) transaction information, and (iv) any other personal data you provide during the conversation. We have implemented appropriate safeguards to protect your personal information, including (i) contractual agreements with our vendor to ensure data security and confidentiality, (ii) encryption of call recordings during transmission and storage, and (iii) strict access controls limiting who can listen to or analyze the recordings.
7. DATA RETENTION
As explained in this Privacy Policy, we will store your personal information for as long as it is reasonably necessary for the purposes for which it was collected. In some circumstances, we may store your personal information for more extended periods, for instance, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements.
In specific circumstances, we may store your personal information for extended periods to have an accurate record of your dealings with us in case of any complaints or challenges or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
8. YOUR PRIVACY RIGHTS AND CHOICES
A. Your Privacy Choices
The online advertising industry provides websites from which you may opt out of receiving targeted ads from data and other advertising partners participating in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. To make separate choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store. Alternatively, for some devices, you may use your device’s platform controls in your settings to exercise your choice. Please see https://www.networkadvertising.org/mobile-choice/ for more information on how to opt-out on mobile devices. Please note you must separately opt out in each browser and on each device.
B. Your Privacy Rights
To the extent required by applicable law, you may have the right to:
· Access, know, or port information about you, including (i) confirming whether we are processing your personal information; (ii) the specific pieces and categories of your personal information collected; (iii) the categories of sources from where your data is collected; (iv) the purpose for collecting your personal information; (v) the categories of third parties with whom we have shared your personal information; (vi) obtaining access to or a copy of your personal information in a structured, commonly used, and machine-readable format; and (vii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (the “Right of Data Portability”).
· Request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information or refer you to the controller who can correct your personal information.
· Request deletion of your personal information, subject to certain exceptions prescribed by law.
· Request restriction of or object to processing your personal information, including sensitive personal information.
· Withdraw your consent to our processing of your personal information.
· Right to Restrict the use of sensitive personal information.
· Right to Access Information on Automated Decision-Making related to your personal information.
To request access to, restrict, delete, or change the personal information we’ve collected from you, please email us at privacypolicyinquiry@myconsumers.org or call us at (877) 275-2228.
Please note that even if you request that we delete the information we’ve collected from you, we may still retain your information in an aggregated or anonymized form that does not identify you. We also will not delete your information if we are legally required to maintain it.
We may ask you for additional information to confirm your identity and for security purposes before taking any action regarding your information. We reserve the right to charge a fee, where permitted by law, for instance, if your request is manifestly unfounded or excessive.
B. Other Provisions
1. Mobile Banking
CCU offers mobile banking on your Apple or Google Android device for your convenience. The CCU Privacy Notice (PDF) applies to your online banking and mobile applications. Additional permissions are requested to facilitate some services within our mobile banking applications.
· Camera: Allow access to the device’s camera for Remote Deposit Capture.
· Contacts: Allow access to contacts on the device for Zelle person-to-person requests.
· External storage: Allow access to files/media on the device for secure messaging and sending/receiving attachments.
· Location: Allow access to location for maps
· Audio: Allow access to the device’s microphone for Chat services.
· Phone State: Allow access to information about the device for device identification for security solutions.
SUPPLEMENTAL NOTICE FOR CALIFORNIA, COLORADO, CONNECTICUT, DELAWARE, IOWA, MARYLAND, MONTANA, NEBRASKA, NEW JERSEY, NEW HAMPSHIRE, OREGON, TENNESSEE, TEXAS, UTAH AND VIRGINIA RESIDENTS
This supplemental notice (“Supplemental Notice”)for California, Colorado, Connecticut, Delaware, Iowa, Maryland, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Tennessee, Texas, Utah, and Virginia residents (“Supplemental Notice States”) only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CDPA”), the Delaware Personal Data Privacy Act (“DPDPA”), the Iowa Consumer Data Protection Act (“ICDPA”), the Maryland Online Data Privacy Act (“MODPA”), the Montana Consumer Data Privacy Act (“MCDPA”), the Nebraska Data Privacy Act (“NDPA”), the New Jersey Data Protection Act (“NJDPA”), New Hampshire Privacy Act (“NHPA”), the Oregon Consumer Privacy Act (“OCPA”), the Tennessee Information Protection Act (“TIPA”), the Texas Data Privacy and Security Act (“TDPSA”), the Utah Consumer Privacy Act (“UTCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”) (collectively the “State Privacy Law(s)”) and applies solely to individuals (“consumer” or “you”), who are residents of the states of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Tennessee, Texas, Utah, and Virginia in our role as a business.
1. Information We Collect
In providing our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). Personal Information does not include:
· Publicly available information from government records
· Personal information collected in the business-to-business context (defined as personal information reflecting a communication or transaction with a consumer, where that consumer is acting as an employee, owner, director, officer, or contractor of another business, non-profit or government entity, and where the communication or transaction occurs solely within the context of us conducting due diligence regarding or providing or receiving a product or service to or from the other business). Deidentified or aggregated consumer information
· Information excluded from the Supplemental Notice States scope, like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or clinical trial data; Personal Information covered by specific sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994.
This Supplemental Notice does not address our handling of Personal Information about consumers, which we undertake on behalf of our customers to provide those customers with our products and services. In those contexts, we act as a service provider.
We may have collected the following categories of Personal Information from our consumers in our role as a business within the last twelve (12) months):
|
Category of Personal Information
|
Examples
|
Collected
|
Disclosed for a Business Purpose
|
Categories of Third-Parties Information Disclosed for Business Purposes
|
|
Name, Contact, Information and Identifier
|
Name, address, phone number, tax identification number, age, gender, email address, account numbers, log-in credentials, identity verification, and other account information.
|
Yes
|
Yes
|
· Vendors
· Financial Institutions
· Insurance Companies
· Investment companies
· Security companies
· Credit reporting agencies;
· Payment processors
|
|
Characteristics of protected classifications
|
Gender, marital status, nationality, and citizenship.
|
Yes
|
Yes
|
|
Internet or other electronic network activity information
|
Information about your interaction with our websites, including browsing history, search history, application, advertising, internet protocol address, device ID, marketing tags, and other identifiers.
|
Yes
|
Yes
|
|
Commercial information
|
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|
Yes
|
Yes
|
|
Professional or employment-related information
|
Professional title, salary, other employment-related information provided by you in conjunction with a credit request, information on job applications, employment files, or references.
|
Yes
|
Yes
|
|
Financial Information
|
Bank account numbers, debit/credit card numbers, cardholder or accountholder name and detail, credit reports and credit scores, transaction details.
|
|
|
|
Geolocation data
|
Any information used to identify your physical location.
|
Yes
|
Yes
|
|
Sensitive Personal Information
|
Government identifiers (such as SSN, driver’s license, passport number), an account log-in, financial account, debit or credit card number with any required security code, password, or credentials allowing access to an account, precise geolocation (which means within 1,850 feet of a particular person), contents of mail, email, and text messages, genetic data, biometric information processed to identify an individual.
|
Yes
|
Yes
|
|
Inferences drawn from other personal information
|
Profile reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, and aptitudes.
|
Yes
|
|
|
Communications
|
Audio and video recordings and images.
|
Yes
|
Yes
|
The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are outlined in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.
2. Your Rights and Choices
The State Privacy Laws provide state residents with specific rights regarding their Personal Information. This information is provided in the “Your Privacy Rights” section above. If you are a resident of one of the Privacy Law States, you can opt out of automated profiling that produces legal or similarly significant effects. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request for your minor child. To designate an authorized agent, please contact us as outlined in “Contact Us” below and provide written authorization signed by you and your designated agent. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.
3. Exercising Your Rights
If you want to exercise your rights, you can contact us as outlined in the Contact Us section below; we will respond to verifiable requests received as required by law. We may also ask you for additional information to verify or process your request. We may also check with third-party identity verification services to verify your identity before taking any action regarding your personal information. We will respond substantively to your verifiable requests within the periods required by law, which is most likely within 45 days unless additional time (up to 45 extra days) is needed, in which case we will let you know.
Certain states permit businesses to charge a fee to a consumer if the consumer’s requests are excessive. In that case, you can charge a fee or notify the consumer of the reason for denying the request.
4. Verifiable Requests for Copy, Deletion, and Right to Know
Subject to certain exceptions, California consumers can make the following requests twice every twelve (12) months. If we determine that the consumer’s request is excessive, we may charge a fee or notify the consumer of the reason for the denial of the request.
5. Incentives and Discrimination
We will not discriminate against you for exercising your State Privacy Law rights. We may offer you specific financial incentives. Under applicable State Privacy Laws, these incentives may vary in price, rate, or quality. Any permitted financial incentive we provide in the Supplemental Notice States will reasonably relate to your Personal Information’s value and contain written terms describing the program’s material aspects. Participation in an economic incentive program requires prior opt-in consent, which you may revoke at any time.
6. How to Resolve Disputes Relating to Our Privacy Practices
If you have a dispute about our privacy practices, please contact us as described in the “Contact Us” section below. If we decline to act in response to any of your privacy requests, you have the right to appeal that decision within a reasonable amount of time but no later than 90 days from the date of our decision. To submit an appeal request, you can exercise this right by contacting us as described in the “Contact Us” section below. If you believe your rights have been violated and cannot resolve the issue directly with us, you may file a complaint with your state attorney general’s office.
7. California’s “Shine the Light” Law
Civil Code Section § 1798.83 permits users of our Sites and Services who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us as outlined in “Contact Us” below.
SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties. You can exercise this right by contacting us as outlined in “Contact Us” below with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as outlined in “Contact Us” below.
CONTACT US
If you have questions about this policy or our privacy practices, you may request more information by contacting us at (877) 275-2228 or sending the request to:
Mailing Address:
Consumers Credit Union
300 N Field Dr.
Lake Forest, IL 60045