THEFCU MOBILE Privacy Notice
Last Updated: May 2023
THEFCU MOBILE (the “App”) helps you manage your money, view your transactions and accounts, making it easy to manage your finances on the go.
The app provides the Services to users on behalf of their financial institution (“Your Financial Institution”) as a service provider. This Privacy Notice, in combination with relevant privacy notices that Your Financial Institution provides to you (e.g., pursuant to financial privacy laws), informs you of the policies and practices regarding the collection, use and disclosure of any personal information that the app collects from or about users in connection with our mobile application (the “Services”). The specific capabilities of the Services available to you vary depending on Your Financial Institution. You can find more information about Your Financial Institution’s privacy policies and your choices at your Financial Institution’s website or by contacting Your Financial Institution.
Depending on the services offered by Your Financial Institution the app may allow you to:
• get real-time balances for your accounts
• manage your money
• view your transactions and statements
• make transfers
• pay your bills and manage billers
• pay other people
• deposit a check
• manage cards
• locate branches and ATMs
• receive alerts
THE TYPES OF INFORMATION THEFCU MOBILE COLLECTS
The app may collect personal information from you in the following ways:
(a) Personal Information You or Your Financial Institution Provide to us.
• THEFCU MOBILE may collect personal information from you or your financial institution, such as your first and last name, address, e-mail, User IDs, telephone number, and social security number when you open a new financial account or register for other financial services. Device images/videos may be accessed when you deposit a check or use a QR code to make peer to peer payments using Zelle or other payments functionality. Device contacts may be accessed when you make peer to peer payments using Zelle or other payments functionality. Device location may be accessed to detect and prevent card transaction fraud and also to provide branch and atm locations.
• The app may collect the financial and transaction information necessary to provide you with the Services, including account numbers, payment card expiration date, payment card identification, verification numbers, and transaction and payment history.
• If you provide feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
• We also collect other types of personal information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.
(b) Personal Information Collected from Third Parties. We may collect certain information from identity verification services and consumer reporting agencies, including credit bureaus, in order to provide some of our Services.
(c) Personal Information Collected Via Technology. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
• Local storage technologies, like HTML5 that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that an email was accessed or opened, or that certain content was viewed or clicked.
• Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect your location information when you use the Services; for example, to provide our fraud detection services. If you do not want the app to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.
HOW THE APP USES YOUR INFORMATION
(a) General Use. In general, the app uses your personal information to respond to your requests as submitted through the Services, to provide you the Services you request, and to help serve you better. The app uses your personal information in the following ways:
• facilitate the creation of, secure and maintain your account;
• identify you as a legitimate user in our system;
• provide improved administration of the Services;
• provide the Services you request;
• improve the quality of experience when you interact with the Services;
• send you administrative e-mail and/or push notifications, such as security or support and maintenance advisories; and
• send surveys, offers, and other promotional materials related to the Services.
(b) Compliance and protection. We may use your personal information to:
• comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities;
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements and internal policies;
• enforce the terms and conditions that govern the Service; and
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
(d) Creation of Non-Identifiable Data. The app may create de-identified information records from personal information by excluding certain information (such as your name) that makes the information personally identifiable to you. We may use this information in a form that does not personally identify you to analyze request patterns and usage patterns to enhance our products and services. We reserve the right to use and disclose non-identifiable information to third parties in its discretion.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We disclose your personal information as described below.
(a) At the Direction of Your Financial Institution. We may share your information with Your Financial Institution or with third parties at the direction of Your Financial Institution. Other than as described in this Privacy Notice in connection with the Services, this Privacy Notice does not apply to the processing of your information by Your Financial Institution or third parties with whom we share information at Your Financial Institution’s direction.
(b) Third Party Service Providers. We may share your personal information with third party or affiliated service providers that perform services for or on behalf of us, for the purposes described in this Privacy Notice, including: to provide you with the Services; to conduct quality assurance testing; to facilitate the creation of accounts; to optimize the performance of the Services; to provide technical support; and/or to provide other services to the App.
(c) Corporate Restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If our company, business or assets is acquired by another company, that company will possess the personal information collected by us and the company will assume the rights and obligations regarding your personal information as described in this Privacy Notice.
(d) Authorities and Others. Regardless of any choices you make regarding your personal information, the app may disclose your personal information to law enforcement, government authorities, and private parties, for the compliance and protection services described above.
LINKS TO OTHER SITES
The Services may contain links to third party websites. When you click on a link to any other website or location, you will leave the Services and go to another site and another entity may collect personal and/or anonymous information from you. The app’s provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. We have no control over, does not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Notice do not apply to these outside websites. We encourage you to read the privacy notice of every website you visit.
YOUR CHOICES REGARDING YOUR INFORMATION
You have several choices regarding use of information on the Services.
(a) How We Respond to Do Not Track Signals. Some web browsers transmit “do not track” signals to the websites and other online services with which your web browser communications. There is currently no standard that governs what, if anything, websites should do when they receive these signals. We currently do not take action in response to these signals. If and when a standard is established, we may revise its policy on responding to these signals.
(b) Access, Update, or Correct Your Information. You can access, update or correct your information by changing preferences in your account. To do so, you should contact Your Financial Institution. For additional requests, please contact Your Financial Institution on whose behalf we are providing the Services to you.
(c) Opting Out of Email or SMS Communications. If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the "unsubscribe" link included at the bottom of the email or other electronic communication. Alternatively, you can opt out of receiving marketing communications by contacting us at the contact information under "Contact Us" below. If you provide your phone number through the Services, we may send you notifications by SMS, such as provide a fraud alert. You may opt out of SMS communications by unlinking your mobile phone number through the Services.
(d) Opting Out of Location Tracking. If you initially consented to the collection of geo-location information through the Services, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of the Services.
SAFEGUARDS AND RETENTION
We implement reasonable administrative, technical and physical measures in an effort to safeguard the information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.
Federal laws and regulations require that US financial institutions retain original, active and historical records. Your personal and financial data will be retained for a period of five to ten years, depending on applicable laws, regulations and legitimate business needs.
A NOTE ABOUT CHILDREN
The Services are not directed towards individuals under the age of 18, and we do not intentionally gather personal information about visitors who are under the age of 18. If a child under 18 submits personal information to us and we learn that the personal information is the information of a child under 18, we will attempt to delete the information as soon as possible.
PRIVACY NOTICE UPDATES
This Privacy Notice is subject to occasional revision. Your Financial Institution may notify you, in their sole discretion, of any material changes in its collection, use, or disclosure of your personal information by posting a notice on the Services. Any material changes to this Privacy Notice will be effective thirty (30) calendar days following notice of the changes on the Services or immediately where no notice is given. These changes will be effective immediately for new users of the Services. If you object to any such changes, you must notify us prior to the effective date of such changes that you wish to deactivate your account. Continued use of the Services following notice of any such changes (or use of the Services after any such changes) shall indicate your acknowledgement of such changes.
If you have any questions or complaints about this Privacy Notice or The App’s data collection or processing practices, or if you want to report any security violations to us, please contact us by email at: email@example.com or by mail at:
The Health and Education Federal Credit Union
424 Park Place
Lexington, KY 40511