FACTS | WHAT DOES SCE FEDERAL CREDIT UNION (SCE FCU) DO WITH YOUR PERSONAL INFORMATION? |
---|---|
Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand how we handle user privacy. |
What? | The types of personal information we collect and share depend on the product or services you have with us. This information can include:
|
How? | All financial companies need to share members’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their members’ personal information; the reasons SCE FCU chooses to share; and whether you can limit this sharing. |
Reasons we can share your personal information | Does SCE FCU Share? | Can you limit this sharing? |
---|---|---|
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
For our marketing purposes – to offer our products and services to you | Yes | No |
For joint marketing with other financial companies | No | No |
For our affiliates’ everyday business purposes – information about your transactions and experiences | Yes | No |
For our affiliates’ everyday business purposes – information about your creditworthiness | No | No |
For our affiliates to market to you | No | No |
For nonaffiliates to market to you | No | No |
Questions? | Call 800.866.6474 or send us an email. |
---|
What we do | |
---|---|
How does SCE FCU protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. The measures include computer safeguards and secured files and buildings. |
How does SCE FCU collect my personal information? | We collect your personal information, for example, when you
|
Why can’t I limit all sharing? | Federal law gives you the right to limit only
|
Definitions | |
---|---|
Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies. SCE FCU’s affiliates include financial companies such as Community Mortgage Funding and Member Advantage Insurance Services. |
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies. SCE FCU does not share with nonaffiliates so they can market to you. |
Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you. SCE FCU does not jointly market. |
Last updated June 30, 2023
If you are a California resident, you have the following rights under the CCPA:
However, as a financial institution, the CCPA is not applicable if the information we collect, share, or sell is subject to the federal Gramm-Leach-Bliley Act and its implementing regulations and/or the California Financial Information Privacy Act. Generally speaking, this means we are not required to comply with the CCPA if the information we collected is information that:
Nevertheless, the Credit Union takes the privacy and security of your personal information seriously and, even though the CCPA may not be applicable to us in most cases, we will honor your rights described in this CCPA Privacy Policy except in the event of a conflict with applicable state or federal law, another exception to the CCPA applies, or complying with your request would be impossible or require disproportionate effort.
Category | Examples | Collected? | |
---|---|---|---|
1 | Identifies | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers | Yes |
2 | Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes |
3 | Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes |
4 | Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
5 | Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Yes |
6 | Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes |
7 | Geolocation data | Physical location or movements. | Yes |
8 | Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes |
9 | Professional or employment-related information | Current or past job history or performance evaluations. | Yes |
10 | Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
11 | Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We obtain the categories of personal information listed in the Table above from the following categories of sources:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice.
Please note the CCPA defines “selling” and “sharing” personal information differently than you might expect. Under the CCPA, (1) “selling” and “sharing” personal information means selling or sharing personal information to a “third party” and (2) the term “third party” does not include our service providers or contractors when we have a written contract in place with such service providers or contractors that meet certain requirements set forth in the CCPA. This means our service providers and contractors are not considered “third parties” for CCPA purposes.
With the above in mind, we have not sold or shared consumers’ personal information with third parties (other than our service providers or contractors) in the previous 12 months.
We have not disclosed consumer’s personal information to third parties (other than our service providers or contractors) for a business purpose in the preceding 12 months.
We have no actual knowledge that we sell or share the personal information of consumers under 16 years of age. The Credit Union does not use or disclose sensitive personal information for purposes other than specified in Section 7027(m) of the CCPA Regulations.
We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and to promote our products and services to you. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.
“Cookies” are pieces of information that are stored directly on your computer, smartphone, or other internet access device. Browser cookies are assigned by a web server to the browser on your device. When you return to a Website you have visited before, your browser gives this data back to the server. When you visit our Website, we may use cookies and information gathered through your use to personalize your experience with us based on the products, services, and other interactions you have with us. Information gathered through the use of cookies may be used to make offers to you via online ads, email, U.S. mail, or telephone, subject to the privacy preferences you have on file with SCE FCU. Cookies we use do not contain or capture unencrypted personal information.
The browsers of most computers, smartphones, and other internet access devices are set up to accept cookies. You can refuse to accept these cookies through your browser settings. You will need to manage your cookie settings for each device and browser you use. If you choose to reject cookies, you may not be able to use the full functionality of our Website. For example, if we are not able to recognize your device, you will need to answer a challenge question each time you log on. You also may not receive customized advertising or other offers from us that may be relevant to your interests and needs.
Clear GIFs, pixel tags, or web beacons – which are typically one-pixel, transparent images located on a webpage or in an email or other message – or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns, and measure site or campaign engagement.
“First-party” cookies are stored by the domain (Website) you are visiting directly. They allow the Website’s owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. “Third-party” cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting, and ad-serving. We also believe cookies fall into the following general categories:
How to submit a request:
You can exercise your rights under the CCPA by completing one of the following actions:
For all requests, you must provide the following Information:
To submit a request to know the information we have collected about you, to request we delete information we have about you, or to request we correct information we have you believe is inaccurate, you must provide the following information to us:
Please also see the sections below for additional information.
Requests to know:
If you wish to submit a request to know the information we have collected about you, you may request we tell you:
In response to a request to know, we will provide all the personal information we have collected and maintain about you on or after January 1, 2022, including beyond the 12-month period preceding our receipt of the request, unless doing so proves impossible or would involve disproportionate effort, or you request data for a specific time period. The information we provide will include any personal information our service providers or contractors collected pursuant to their written contract with us. If we claim that providing personal information beyond the 12-month period would be impossible or would involve disproportionate effort, we will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot provide personal information beyond the 12-month period. We will not simply state it is impossible or would require disproportionate effort.
If you want us to disclose the specific pieces of personal information we have collected about you, you must specify you want to know this information at the time you submit your request. For requests that seek the disclosure of specific pieces of information, if we cannot verify your identity, we will not disclose any specific pieces of personal information to you and we will inform you we cannot verify your identity. If the request is denied in whole or in part, we will also evaluate your request as if it is seeking the disclosure of categories of personal information about you.
For requests that seek the disclosure of categories of personal information about you, if we cannot verify your identity, we may deny the request and we will inform you we cannot verify your identity. If the request is denied in whole or in part, we will provide or direct you to our general business Information Practices regarding the collection, maintenance, and sale of personal information set forth in our privacy policy.
We are not required to search for personal information if all of the following conditions are met:
We will not disclose in response to a request to know your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answers, or unique biometric data generated from measurements or technical analysis of human characteristics. We will, however, inform you with sufficient particularity we have collected the type of information. For example, we may respond that we collect “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.
If we deny your verified request to know specific pieces of personal information, in whole or in part, because of a conflict with federal or state law, or an exception to the CCPA, we will inform you and explain the basis for the denial, unless prohibited from doing so by law. If the request is denied only in part, we will disclose the other information you requested.
We will use reasonable security measures when transmitting personal information to you.
Requests to delete:
In addition to the general information, you must provide in connection with your request (see “For all requests, you must provide the following information” above), to request information be deleted, you must identify the information you would like us to delete.
If we cannot verify your identity, we may deny the request to delete. We will inform you that your identity cannot be verified.
As set forth in the CCPA regulations, we will comply with a verified request to delete your personal information by:
If we, a service provider, or a contractor stores any personal information on archived or backup systems, we/it may delay compliance with your request to delete, with respect to data stored on the archived or backup system, until the archived or backup system relating to that data is restored to an active system or is next accessed or used for a sale, disclosure, or commercial purpose.
In responding to a request to delete, we will inform you whether or not we have complied with your request. We will maintain a record of the request as required by regulation. We, our service providers, contractors, or third parties may retain a record of the request for the purpose of ensuring your personal information remains deleted.
In cases where we deny your request to delete in whole or in part, we will do all of the following:
In responding to a request to delete, we may present you with the choice to delete select portions of your personal information as long as a single option to delete all personal information is also offered and more prominently presented than the other choices. If we provide California consumers the ability to delete select categories of personal information (e.g., purchase history, browsing history, voice recordings) in other contexts, however, we must inform you of your ability to do so and direct you how you can do so.
Requests to correct:
In addition to the general information, you must provide in connection with your request (see “For all requests, you must provide the following information” above), to request information be corrected, you must identify the information you would like us to correct.
If we cannot verify your identity, we may deny the request to correct. We will inform you your identity cannot be verified.
In determining the accuracy of the personal information is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information. We may deny your request to correct if we determine the contested personal information is more likely than not accurate based on the totality of the circumstances. Considering the totality of the circumstances includes, but is not limited to, considering:
If we are not the source of the personal information and we have no documentation to support the accuracy of the information, your assertion of inaccuracy may be sufficient to establish the personal information is inaccurate.
If we comply with your request to correct, we will correct the personal information at issue on our existing systems and implement measures to ensure the information remains corrected. We will also instruct our service providers and contractors that maintain the personal information at issue pursuant to their written contract with us to make the necessary corrections in their respective systems. Service providers and contractors must comply with our instructions to correct the personal information or enable us to make the corrections and must also ensure the information remains corrected.
If we, a service provider, or a contractor store any personal information that is the subject of your request to correct on archived or backup systems, we/it may delay compliance with your request to correct, with respect to data stored on the archived or backup system, until the archived or backup system relating to that data is restored to an active system or is next accessed or used.
We will accept, review, and consider any documentation you provide in connection with your request to correct whether provided voluntarily or as required by us. You should make a good-faith effort to provide us with all necessary information available at the time of your request.
We may require you to provide documentation if necessary to rebut our own documentation that the personal information is accurate. In determining the necessity of the documentation requested, we will consider the following:
Any documentation provided by you in connection with your request to correct shall only be used and/or maintained by us for the purpose of correcting your personal information and to comply with the record-keeping obligations under the CCPA regulations.
We will implement and maintain reasonable security procedures and practices in maintaining any documentation relating to your request to correct.
We may delete the contested personal information as an alternative to correcting the information if the deletion of the personal information does not negatively impact you, or if you consent to the deletion. For example, if deleting instead of correcting inaccurate personal information would make it harder for you to obtain a job, housing, credit, education, or other type of opportunity, we will process the request to correct or obtain your consent to delete the information.
In responding to a request to correct, we will inform you whether or not we have complied with your request. If we deny your request to correct in whole or in part, we will do the following:
If the personal information at issue can be deleted pursuant to a request to delete, you can make a request to delete the personal information. See “How to submit a request,” “For all requests, you must provide the following information”,” and “Requests to delete” above.
We may deny your request to correct if we have denied your request to correct the same alleged inaccuracy within the past six months of receiving the request. However, we must treat the request to correct as new if you provide new or additional documentation to prove the information at issue is inaccurate.
We may deny a request to correct if we have a good-faith, reasonable, and documented belief a request to correct is fraudulent or abusive. We will inform you we will not comply with the request and will provide an explanation why we believe the request is fraudulent or abusive.
Where we are not the source of the information you contend is inaccurate, in addition to processing your request, we may, but we are not required to, provide you with the name of the source from which we received the alleged inaccurate information.
Upon request, we will disclose all the specific pieces of personal information we maintain and have collected about you to allow you to confirm we have corrected the inaccurate information that was the subject of your request to correct. This disclosure will not be considered a response to a request to know that is counted towards the limitation of two requests within a 12-month period as set forth in Civil Code section 1798.130, subdivision (b). With regard to a correction to your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answers, or unique biometric data generated from measurements or technical analysis of human characteristics, we will not disclose this information, but we may provide a way to confirm the personal information we maintain is the same as what you have provided.
The following is a general description of the process we use to verify your identity when submitting a request to know, a request to delete, or a request to correct:
By law and regulation, we are required to positively verify your identity prior to responding to your requests.
If you use an authorized agent to submit a request to know information under CCPA, you must verify your own identity with us and provide the agent written permission to submit the request on your behalf unless the agent holds a valid Power of Attorney or Conservatorship of the Person or the Estate for you. An agent’s failure to provide proof of authorization will result in a denial of the request.
The CCPA gives you the right to tell us not to sell or share your personal information with third parties by opting-out of such information sales or sharing. However, the CCPA also states we are not required to provide you with the right to opt-out if we only sell or share your personal information with our service providers or contractors pursuant to a written contract meets specific requirements, such as the requirement that we only sell or share your personal information to the extent that is reasonably necessary for the service provider or contractor to carry-out the contracted for business purpose and provided the service provider or contractor agrees only to use your personal information for that purpose. You do not have the right to opt-out because we do not sell or share your personal information outside of an exception that allows us to do so.
In addition, the CCPA gives you the right to limit our use or sharing of your sensitive personal information. However, the CCPA also states we are not required to provide you with the right to limit our use or sharing of your sensitive personal information so long as we only share it for the specific purposes set forth in Section 7027(m) of the regulations implementing the California Privacy Rights Act. We are not required to provide you with the right to limit our use or disclosure of your sensitive personal information because we only use or disclose such sensitive personal information for the following purpose(s):
If you have questions or concerns about this Privacy Policy, you may contact us by:
To effectively communicate SCE FCU’s policy regarding the privacy of the personal information of persons that visit scefcu.org.
SCE Federal Credit Union (“SCE FCU”) understands the importance of protecting your privacy. Our goal is to maintain your trust and confidence when handling your personal information. We are committed to maintaining the confidentiality of your personal information consistent with state and federal laws. This Online Privacy Policy (“Policy”) describes how SCE FCU collects, uses, shares, and protects information when you visit or use scefcu.org (“the Website”). By using the Website, you consent to the terms and conditions of this Policy, including your consent to our use and disclosure of information about you in the manner described in this Policy. The term “us,” “we” or “our” in this Policy refers to SCE Federal Credit Union.
How we collect information
“Cookies” are pieces of information that are stored directly on your computer, smartphone or other internet access device. Browser cookies are assigned by a web server to the browser on your device. When you return to a website you have visited before, your browser gives this data back to the server. When you visit the Website, we may use cookies and information gathered through their use to personalize your experience with us based on the products, services and other interactions you have with us. Information gathered through the use of cookies may be used to make offers to you via online ads, email, US mail or telephone, subject to the privacy preferences you have on file with SCE FCU. Cookies we use do not contain or capture unencrypted personal information.
The browsers of most computers, smartphones and other internet access devices are set up to accept cookies. You can refuse to accept these cookies through your browser settings. You will need to manage your cookie settings for each device and browser you use. If you choose to reject cookies, you may not be able to use the full functionality of the Website. For example, if we are not able to recognize your device, you will need to answer a challenge question each time you log on. You also may not receive customized advertising or other offers from us that may be relevant to your interests and needs.
How we respond to “do not track” signals
“Do Not Track” (“DNT”) refers to an HTTP header used by Internet web browsers to request that a web application disable its tracking or cross-site user tracking. When DNT is enabled, a user’s web browser adds a header to content requests indicating that the user does not want to be tracked. Applicable law requires us to disclose how we respond to web browser DNT signals. We do not respond to or take any action with respect to a DNT configuration set in your internet browser, and therefore, there is no reason to disable tracking related to SCE FCU’s online presence.
Personal information we collect
When you interact with us via our Website, we will not obtain personal information about you unless you choose to provide such information. Personal information that we may collect about you through online interaction includes information that you provide, such as your name, mailing address, email address and other contact information; data resulting from your activity, such as transaction information; and limited location information (for example, a zip code to help you find a nearby ATM).
We will retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Other information we collect
In addition to the personal information described above, we also collect anonymous demographic information, which is not unique to you, such as your ZIP code, region, preferences, interests, and favorites. We may also automatically collect information about your computer hardware, such as the IP address of the device you use to connect to the Website, the type of operating system and browser you use, search engine used, access times, referring website addresses, the parts of our Website you access, and the site you visit next.
We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and to promote our products and services to you. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.
Clear GIFs, pixel tags or web beacons – which are typically one-pixel, transparent images located on a webpage or in an email or other message – or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns and measure site or campaign engagement.
“First party” cookies are stored by the domain (website) you are vising directly. They allow the website’s owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. “Third-party” cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:
We may allow certain widgets (e.g., social share buttons) on our Website that allow users to easily share information on another platform, such as a social media platform. The third parties that own these widgets may have access to information about your browsing on pages of our Website where these widgets are placed. You may wish to review information at the third party sites, such as social media platforms where you have an account, to determine how these third parties collect and use such information.
In addition to the uses described above, we use the information for purposes as allowed by law, such as:
If you are an SCE FCU member, we will use and share any information that we collect from or about you in accordance with our Privacy Policy.
SCE FCU may share the information we collect from and about you with service providers with whom we work, such as data processors and companies that help us market products and services to you. When permitted or required by law, we may share information with additional third parties for purposes including response to legal process. Where appropriate, we will limit sharing of your information in accordance with our Privacy Policy.
We do not partner with third parties for the purposes of engaging in online behavioral tracking, nor do we permit third parties to collect from the SCE FCU Website personally identifiable information about your online activities.
Our website is not intended for children under the age of 13. We do not knowingly collect, maintain, or use personally identifiable information from our Website about children under the age of 13 without parental consent. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission website.
Keeping your account information up-to-date is important. You can access and/or update your personal information in connection with your account or application by logging on to your account online or by calling our Contact Center at 800.866.6474.
Security measures have been implemented to improve Online Banking security. The login security uses a verification code to authenticate yourself via text message and/or a voice call to ensure that it’s you trying to access your Online Banking accounts. The options on how to receive your verification codes are provided during the login security setup. Login Security allows us to recognize you as the true owner of your account by recognizing not only your login information but also your computer. If we don’t recognize your computer, you will be requested to receive a new verification code. This adds an additional layer of protection from fraud and identity theft by preventing unauthorized access to your secure financial information.
The SCE FCU Website may contain links to third party websites. Although these links were established to provide you with access to useful information, SCE FCU does not control and is not responsible for any of these websites or their contents. We do not know or control what information third-party websites may collect regarding your personal information. SCE FCU provides these links to you only as a convenience, and SCE FCU does not endorse or make any representations about using such third party websites or any information, software or other products or materials found there, or any results that may be obtained from using them. We encourage you to review the privacy statements of websites you choose to link to from the SCE FCU Website so that you can understand how those websites collect, use, and share your information. SCE FCU is not responsible for the security or privacy practices of the linked websites.
From time to time, we may change this Policy. The effective date of this Policy, as indicated above, reflects the last time this Policy was revised. Any changes to this Policy will become effective when we post the revised Policy on our Website. Your use of the Website following these changes means that you accept the revised Policy.