Privacy Policy
Newark Firemen Federal Credit Union has a duty to protect the confidential nature of non-public personal information our members provide in conjunction with their financial transactions with the credit union. The Board Members employees of this credit union must hold in confidence all transactions of this credit union with its members and all information respecting their personal affairs, except when permitted by state or federal law.
The credit union and any of its affiliates will comply with all applicable laws and regulations governing the privacy, confidentiality, security, and integrity of non-public personal information including the NCUA privacy rule (Part 716), the FTC privacy rule (Part 313) for affiliates, and all other applicable state and federal privacy laws and regulations as amended.
Definitions
AFFILIATE. To be considered an affiliate, the credit union must have the ownership, control, or power to vote 25% of the shares; control election of most of the directors, Power to exercise a controlling influence over the company’s management policies (A credit union has a controlling influence if the CUSO is 67% owned by credit unions).
CONSUMER. An individual or that individual’s legal representative who obtains or has obtained a financial product or service from the credit union for personal, family, or household purposes, or for whom the credit union is acting as fiduciary.
MEMBER. A consumer with whom the credit union has or has had in the past a continuing relationship with the credit union. For purposes of this policy the term member will include certain non-members. For example, the following are considered members:
An individual who meets the definition of member as defined in the credit union’s bylaws.
A non-member who has a share, share draft, or loan account held jointly with a member.
Former members.
NON-PUBLIC PERSONAL INFORMATION. Any information that is not publicly available and that a consumer provides to a credit union to obtain a financial product or service, results from a transaction between the consumer and the credit union involving a financial product or service, or a credit union otherwise obtains about a consumer in connection with providing a financial product or service. Non-public personal information does not include publicly available information.
PERSONALLY IDENTIFIABLE FINANCIAL INFORMATION. Information a member/consumer gives to the credit union (or the credit union gets elsewhere) in order to obtain a product or service or results from any transaction between the credit union and the member/consumer.
Guidelines
1. COLLECTION OF INFORMATION.
In the course of delivering products and services, the credit union obtains non-public personal information, either directly from the member or from outside sources. This non-public personal information is used to comply with federal and state laws and regulations, to provide effective member service and to inform members of products and services which may be of interest to the member.
2. MAINTENANCE OF ACCURATE INFORMATION.
The credit union will exercise reasonable caution in the gathering and maintenance of information to ensure its accuracy. When inaccurate information is discovered, it will be corrected as promptly as possible.
3. DISCLOSING INFORMATION TO THIRD PARTIES.
The credit union will not disclose personal non-public information to third parties without first providing the consumer a clear and conspicuous notice that accurately reflects the credit union’s privacy policies and practices and providing the consumer a reasonable opportunity to opt out of such disclosure (§716.14).
The credit union may share personal non-public information with its affiliate, if applicable. The credit union may also share its experience information about the member with credit bureaus. The credit union’s reporting to credit bureaus is governed by the Fair Credit Reporting Act (FCRA), which offers the member the right to make sure its credit bureau reports are accurate.
The requirement for the credit union to provide notice and a reasonable opportunity to opt out does not apply (exempt to notice and opt out requirements) if the credit union’s disclosure of non-public personal information is necessary to effect, administer, or enforce a transaction a consumer requests or authorizes, or in connection with any of the following (§716.14):
a. Servicing or processing a financial product or service a consumer requests or authorizes (§716.14).
b. Maintaining or servicing the consumer’s account with the credit union, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity (§716.14).
c. A proposed or actual securitization, secondary market sale (including sales of servicing rights) or similar transaction related to a transaction of the consumer (§716.14).
d. With the written consent or direction of the consumer (§6802).
e. To protect the confidentiality or security of the credit union’s records pertaining to the consumer, the service or product, or the transaction; to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; for required institutional risk control, or for resolving consumer disputes or inquires, to persons holding a legal or beneficial interest relating to the consumer; or, to the extent specifically permitted or required under other provisions of law and in accordance with the Right to the Financial Privacy Act, to law enforcement agencies, self-regulatory organizations, or for an investigation on a matter related to public safety (§6802 (e)).
f. To provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the credit union, persons assessing the credit union’s compliance with industry standards, and the institution’s attorneys, accountants, and auditors (§6802 (e)).
g. To a credit reporting agency in accordance with FCRA (§6802 (e)).
h. In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of non-public personal information concerns solely consumers of such business or unit (§6802(e)).
i. To comply with federal, state, or local laws, rules, and other applicable legal requirements, to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by federal, state or local authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law (§6802(e)).
j. Such financial records are disclosed (i) in response to an administrative subpoena; (ii) in response to a search warrant; (iii) in response to a judicial subpoena; or (iv) in response to a formal written request by a proper governmental authority (§3402).
Should the credit union receive non-public personal information under an exception or outside of an exception as noted above, the credit union will refrain from using or disclosing the information in accordance with the limitations established in §716.11.
The credit union may disclose information we collect, as described in Section 1 above, to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. However, to protect our members’ privacy, we will only work with companies that agree to maintain strong confidentiality protections and limit the use of information we provide. We will not permit these companies to sell to other third parties the information we provide to them.
4. RESPONSIBILITY OF SERVICE PROVIDERS.
The credit union will only approve service providers with established policies of privacy similar to those of the credit union. The credit union will require contractual agreements from non-affiliated third parties that will include confidentiality of member information disclosed by the credit union and prohibit the service provider from disclosure and reuse of non-public personal information for any reason other than the intended purpose. All contracts entered into after July 1, 2006 must be in compliance with the provisions of NCUA §716.13 (§716.18(c)).
5. SAFEGUARDING MEMBER INFORMATION.
We understand members/consumers furnish sensitive information to the credit union in the course of daily business, and the credit union is committed to treating such information responsibly. The credit union will Privacy Policy Page 3 of 6take all the necessary steps to safeguard information that has been entrusted to us by members/consumers.
The credit union maintains strict policies and security controls to assure that non-public personal information in the credit union’s computer systems and files is protected.
Credit union employees and certain contractors are permitted access to non-public personal information they may need to perform their jobs and to provide service to the members/consumers.
Credit union employees and contractors will have access to such non-public personal information only as necessary to conduct a transaction or respond to member/consumer inquiries.
All credit union employees and contractors will be required to respect member/consumer privacy through confidentiality and information security provisions included in the credit union’s policy manual and service agreements with the contractors.
No one except credit union employees and authorized contractors will have regular access to the credit union computer system and records storage. The credit union has established internal security controls, including physical, electronic and procedural safeguards to protect the member/consumer non-public personal information provided to the credit union and the information the credit union collects about the member/consumer. The credit union will continue to review its internal security controls to safeguard member/consumer non-public personal information as the credit union employs new technology in the future.
6. PRIVACY OF ELECTRONIC TRANSACTIONS.
a. Encryption. Electronic interfaces with members (such as internet transactions) will be encrypted using Secure Socket Layer (SSL) 128-bit encryption or greater.
b. Account Access. Member account information and transactions will be protected by a password that must be used in conjunction with a username or account number. Members will be registered with the credit union for authentication purposes.
c. Cookies. The credit union uses “cookies” as part of its website interface. A “cookie” is a small file that is placed on the user’s computer. While it contains no member information, it identifies the member’s computer and allows the credit union to measure usage of the website and customize the website experience.
d. Links. The credit union will frequently link to other sites as a convenience to our members. The credit union will seek to link with other sites that adhere to similar privacy standards. However, the credit union is not responsible for the content of linked sites, or for their policies on the collection of member information.
e. Online Privacy of Children’s Information. The credit union will not collect, use, or disclose online information received from children under age 13 without prior parental notification and consent, which will include an opportunity for the parent to prevent use of information and participation in the activity. Online information will only be used to respond directly to the child’s request and will not be used for other purposes without prior parental consent.
The credit union will not distribute to third parties, other than its affiliate, personally identifiable information without prior parental consent.
The credit union will not post or otherwise distribute personally identifiable information without prior parental consent.
The credit union will not entice by the prospect of a special game, prize or other activity, to divulge more information than is needed to participate in the activity.
Any personally identifiable information collected online from children may be reviewed by a parent or guardian upon written request. The parent or guardian has the right to have information deleted and instruct the credit union to cease collecting further information from their child.
7. DISCLOSURE OF PRIVACY POLICY.
The credit union will disclose its privacy policy as required by law, in a form that the members can keep. This disclosure will be in the form of an initial disclosure and will also be provided to the members annually.
a. New Member Privacy Policy. The credit union will deliver a privacy policy to each new member who establishes a relationship on or after July 1, 2001. The privacy policy will be provided at or before an establishment of a member relationship. A new privacy policy need not be given for each subsequent account opening, if the privacy policy provided for the one-time mailing to existing members or the policy at new account opening has not changed from the previously provided privacy policy.
b. Annual Notice. The credit union will provide a privacy policy to all members at least annually (once during any 12 consecutive months). The credit union need not provide an annual notice to members who no longer have a relationship with the credit union.
c. Privacy Policy May Be Combined With or In Other Documents. The credit union’s privacy policy may be printed in a document containing other information, so long as the privacy policy is set apart from the other content by using graphics, a different type style, or any other method to set it apart.
8. MEMBERS’ RIGHT TO OPT OUT.
Privacy regulations allow members to opt out of having their information disclosed to third parties in certain situations. Before the credit union discloses any member information to a non-affiliated third party that is not otherwise covered by a disclosure exception under Part 716 the credit union will properly and reasonably inform members of their right to opt out and record and honor opt out requests. Notice will include the address and toll-free phone number of the appropriate notification system used for processing notices of opt out and will be presented in a format acceptable to the National Credit Union Administration and the Federal Trade Commission.
9. DELIVERY.
The credit union may reasonably expect a consumer will receive notice of the privacy notice and opt out right (if applicable) if the credit union uses one of the following methods of delivery:
a. Hand delivery or mailing a printed copy to the member/consumer’s last known address;
b. For annual notices if the member uses the credit union’s website to access products and services, the credit union will continuously post the current privacy notice on the website in a clear and conspicuous manner.
10. ADMINISTRATION AND AMENDMENTS.
Protecting member privacy is an ongoing process, and the credit union will continue to evaluate and review the measures taken to safeguard member information.
a. The credit union will provide training to employees on how to recognize and control risk to non-public personal information, how to handle non-public personal information, and how to report unauthorized or fraudulent attempt to gain access to non-public personal information.
b. The credit union will create controls and procedures whereby any new product, service, or delivery method shall be reviewed and modified to insure that it conforms to existing credit union privacy policies with regards to non-public personal information.
c. If non-public personal information is shared with vendors for a business purpose, all contracts and agreements between the vendors and the credit union will include a guarantee that the vendor will safeguard such information.
d. Since no policy can address every possible contingency and circumstance, credit union management shall use its good faith business judgment in administering this privacy policy and expects that all officers, volunteers, and employees will use good faith in their actions to protect the privacy of credit union members.
e. Any employee who violates the credit union’s privacy policy and procedures will be subject to disciplinary action.
f. The credit union reserves the right to amend this privacy policy in any respect with disclosure to members as required by law.