Last Updated: March 1, 2023
Personal Information does not include: (i) publicly available information; (ii) deidentified or aggregated consumer information; or (iii) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”) and the Gramm-Leach-Bliley Act (“GLBA”).
In the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):
B. Personal information categories described in Cal. Civ. Code § 1798.80(e)
Signature; state identification card number; physical characteristics or description; insurance policy number; education; employment or employment history; bank account number, credit card number, debt card number, or any other financial information; or medical information or health insurance information.
C. Protected classification characteristics under state or federal law
D. Commercial information
E. Biometric information
F. Internet or other similar network activity
G. Geolocation data
H. Sensory data
I. Professional or employment-related information.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
K. Inferences drawn from other personal information.
Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
L. Sensitive Personal Information.
A consumer’s social security, driver’s license, state identification card, or passport number; A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; A consumer’s precise geolocation; A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; A consumer’s genetic data; The processing of biometric information for the purpose of uniquely identifying a consumer; Personal information collected and analyzed concerning a consumer’s health; and Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
II. Categories of Sources of Information We Collect
We obtain the categories of personal information listed above from one or more of the following categories of sources:
a. From You or Your Authorized Agent
We may collect information directly from you or your authorized agent. For example, when you provide us your name and Social Security number to open an account and become a member. We also collect information indirectly from you or your authorized agent. For example, through information we collect from our members in the course of providing services to them.
b. From Our Website and Applications That You Access on Your Mobile Device
We collect certain information from your activity on our website activity on our website https://www.partnersfcu.org/ and your use of applications on your mobile device. We may collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider (“ISP”), pages that you visit before and after visiting our website, the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information. We may also collect your mobile device’s GPS signal, or other information about nearby Wi-Fi access points and cell towers.
i. The Role of Cookies and Other Online Tracking Technologies
“Cookies” are small amounts of data a website can send to a visitor’s web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us or our service providers and other companies we work with to relate your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies, but doing so may degrade your experience with our online services.
Clear GIFs, pixel tags or web beacons—which are typically one-pixel, transparent images located on a webpage or in an email or other message—or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns and measure site or campaign engagement.
“First party” cookies are stored by the domain (website) you are vising directly. They allow the website’s owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. “Third-party” cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:
- Essential Cookies: These cookies are technically necessary to provide website functionality. They are a website’s basic form of memory, used to store the preferences selected by a user on a given site. As the name implies, they are essential to a website’s functionality and cannot be disabled by users. For example, an essential cookie may be used to prevent users from having to log in each time they visit a new page in the same session.
- Performance and Function Cookies: These cookies are used to enhance the performance and functionality of a website, but are not essential to its use. However, without these cookies, certain functions (like videos) may become unavailable.
- Analytics and Customization Cookies: Analytics and customization cookies track user activity, so that website owners can better understand how their site is being accessed and used.
- Advertising Cookies: Advertising cookies are used to customize a user’s ad experience on a website. Using the data collected from these cookies, websites can prevent the same ad from appearing again and again, remember user ad preferences, and tailor which ads appear based on a user’s online activities.
ii. Online Advertising & Online Behavioral Advertising
You may see advertisements when you use many of our online services. These advertisements may be for our own products or services (including pre-screened offers of credit) or for products and services offered by third parties. Which advertisements you see is often determined using the information we or our affiliates, service providers and other companies that we work with have about you, including information about your relationships with us (e.g., types of accounts held, transactional information, location of banking activity). To that end, where permitted by applicable law, we may share with others the information we collect from and about you.
Our advertising service providers may deliver our advertisements to you on non-affiliated websites. Such service providers control the manner in which the advertisements are delivered to you on such non-affiliated websites. You should generally be able to opt-out of receiving such advertisements from the service provider responsible for delivering the advertisement.
Cross-context behavioral advertising refers to the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally interacts. We do not engage in cross-context behavioral advertising.
c. Third-party service providers in connection with our services or our business purposes
We collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application. Another example is a third-party service provider that provides us information to help us detect security incidents and fraudulent activity.
d. Information we collect from third-parties for a commercial purpose
III. HOW WE USE YOUR PERSONAL INFORMATION
We may use or disclose personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, you apply for a loan, and we use the information in your loan application to give you the loan.
- To provide you with information, products or services that you request from us.
- To evaluate your candidacy for employment or for an independent contractor engagement, and to administer employment-related benefits for you, your spouse or domestic partner, and your dependents.
- To provide you with email alerts, event registrations or other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis to improve our products and services and for developing new ones.
- To protect the rights, property or safety of us, our employees, our members or others.
- To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.
We also use your personal information to advance our commercial or economic interests (“commercial purpose”), such as advertising our membership, products and services, or enabling or effecting, directly or indirectly, a commercial transaction.
We do not use or disclose your sensitive personal information for any purpose other than, as reasonably necessary and proportionate, for the following purposes:
- To perform the services or provide the goods reasonably expected by an average consumer who requests those goods and services.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside of your current interaction with us.
- For our service providers or contractors to perform services on our behalf, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
- To verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
- To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about you.
IV. Disclosure of Personal Information
We disclose your personal information for our business or commercial purposes to the following parties:
- Our third-party service providers;
- Our affiliated websites and businesses in an effort to bring you improved service across our family of products and services, when permissible under relevant laws and regulations;
- Other companies to bring you co-branded services, products or programs;
- Third parties that help us advertise products, services or membership with us to you;
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you;
- Third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation or merger of our financial institution or affiliated business; and
In the preceding 12-months, we have disclosed the following categories of personal information for our business and commercial purposes and, for each category, the following categories of third-parties to whom such personal information was disclosed:
1, 2, 3, 4, 5, 6,7
1, 2, 3, 4, 5, 6,7
1, 2, 3, 4, 5, 7
1, 5, 7
1, 5, 7
1, 2, 3, 4, 5, 6, 7
We have not shared your personal information to third-parties for cross-context behavioral advertising.
We do not have actual knowledge of sharing personal information of minors under 16 years of age for cross-context behavioral advertising.
The general categories of third-parties that we sold your personal information to are as follows:
- Third parties that help us advertise products, services or membership with us to you;
- Non-affiliated third-parties for their commercial purposes;
- Our affiliated websites and businesses in an effort to bring you improved service across our family of products and services, when permissible under relevant laws and regulations; and
- Other companies to bring you co-branded services, products or programs.
In the preceding 12-months, we have sold the following categories of personal information and, for each category, the following categories of third-parties to whom such personal information was sold:
Category of Personal Information
(Represented in alphabetical form from the categories listed in Section I)
Category of Third-Parties
(Represented in numerical form from the categories of third-parties identified in this subsection (c) of Section IV)
We do not have actual knowledge of selling personal information of minors under 16 years of age.
V. Rights and Choices for California Residents
If you are a California resident, this section describes your rights and choices regarding how we collect, share, use, and protect your personal information, how to exercise those rights, and limits and exceptions to your rights and choices under the CCPA.
In the following instances, the rights and choices in this Section V do not apply to you:
- If you are not a California resident.
- Aggregate consumer information.
- Deidentified personal information.
- Publicly available information.
If the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting, sharing or selling that personal information.
- The categories of third parties to whom we disclosed, shared or sold your personal information.
- The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”).
You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of the your personal information is reasonably necessary and proportionate for those purposes.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent.
- To enable solely internal uses that are reasonably aligned with your expectation based on your relationship with the us and compatible with the context in which the you provided the information.
- Comply with a legal obligation.
You have the right to request changes to any of your personally identifiable information that we have collected through our website and online services.
To exercise the access, data portability, deletion and correction rights described above, a consumer or a consumer’s authorized agent may submit a verifiable consumer request to us by either:
- Calling us at 800.948.6677
- Completing the CCPA Request Form
- Visiting one of our CA branch locations.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we may consider requests made through a password protected account with us sufficiently verified when the request relates to personal information associated with that specific account. If we receive a request through and authorized agent of the consumer, we will require:
- Submission of a written document signed by the consumer with the consumer’s permission for the authorized agent to submit a verifiable request on their behalf and require the authorized agent to verify their own identity to us; or
- The consumer to directly verify with us that they have authorized the agent to submit the request.
- We will not require either of the above if the authorized agent provides a copy of a power of attorney pursuant to California Probate Code sections 4121 to 4130 and we are able to verify authorized agent’s identity.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it. We will ask you to complete the CCPA Request Form which will ask you for information that will help us verify your identity. The verification process includes matching the information you provide us with the information we have in our records. The stringency of the verification process depends on the sensitivity of the request, whether or not the consumer is a current customer with a password-protected account, the need to prevent unauthorized access and disclosure of personal information and other factors. Within 10-days of your submission of your CCPA request, we will notify you of any additional information we might need to verify your identity.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request.
You have the right opt-out of the sale of your personal information or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please click on the “Do Not Sell or Share My Personal Information” link on the homepage of our website or mobile application at https://www.partnersfcu.org/california-consumer-privacy-notice-of-right-to-opt-out.
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price for goods or services or a different level or quality of goods or services.
- Retaliate against you as our employee, applicant for employment, or independent contractor.
Industry standards are currently evolving and we may not separately respond to or take any action with respect to a “do not track” configuration set in your internet browser.
The following expresses how we address opt-out preference signals to comply with our obligations to California consumers under the CCPA. The CCPA defines an “opt-out preference signal” as a signal that is sent by a platform, technology or mechanism, on a consumer’s behalf, that communicates the consumer’s choice to opt-out of the sale and sharing of personal information for cross-context behavioral advertising purposes and that complies with certain technical requirements.
If we receive an opt-out preference signal in a format commonly used and recognized by businesses, we will accept the signal as a valid request to opt-out of sale/sharing for the particular browser or device from which the signal was sent, and if we are able to identify you from your browser or device, we will accept the signal as an opt-out of sale/sharing for your personal information as well. In most instances, we will not be able to identify you from your browsers or device, so if you would like to opt-out of sale/sharing of your personal information that may occur offline, please opt-out through the Do Not Sell or Share My Personal Information link, through which we will ask for additional information to identify you.
IX. Children's Online Information Policy
Our website is not intended for children under the age of 13. We do not knowingly collect, maintain, or use personally identifiable information from our website about children under the age of 13 without parental consent. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission website: www.ftc.gov.
X. Linking to Third-Party Websites
We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings.
Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information (such as your Social Security number) to us.
XII. Contact Information
- Phone: 800.948.6677
- Website: https://www.partnersfcu.org/
- Partners Online Banking: Reply electronically by contacting us through Partners Online Banking. After logging in, click the Messages button; select Compose New; in the subject line type 3rd Party Information Sharing; click the Send button to launch the message.
Partners Federal Credit Union
P.O. Box 10000
Lake Buena Vista, FL 32830