please see the Privacy Notice located here. We reserve
the right to amend this Notice at any time in accordance with internal changes or changes to the law. When
changes are made, we will post the updates on our website and update the effective date. Any continued use
of our products, services, and website following the posting of changes will serve as your acceptance of
member, visitor, user and any others who are a “resident” of the State of California as defined under
Title 18 of the California Code of Regulations Section 17014 and is meant to comply with the California
Consumer Protection Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act
This notice explains how we collect, share, use, and protect your personal information
our other privacy policies that serve different purposes under various laws and regulations that apply to
us. Please note that most information we collect is governed by a federal law called the
Gramm-Leach-Bliley Act or “GLBA”, and as such, the CCPA or CPRA will not govern all of your interactions
with us or the use of your personal information.
HOW WE USE YOUR PERSONAL INFORMATION
We may use or disclose your personal information for the following purposes (“business purpose”):
- To fulfill or meet the reason for which you provided the information. For example, you apply for a
loan, and we use the information in your loan application to give you the loan. We may also use this
information to for new or future applications or to process requested transactions.
- To provide you with information, products, or services that you request from us.
- To provide you with email alerts, event registrations, or other notices concerning our products or
services, events, or news that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between
you and us, including for billing and collections.
- To improve our website and presentment of its contents to you.
- For testing, research, or analysis to improve our products and services.
- To protect the rights, property, or safety of us, our employees, our members or others.
- To detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity;
and prosecuting those responsible for that activity.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other
sale or transfer of some or all of our assets, in which personal information held by us is among the
We also use your personal information to advance our commercial and economic interests (“commercial
purpose”), such as advertising our membership, products and services, or enabling or effecting, directly
or indirectly, a commercial transaction. We will not collect additional categories of personal information
or use the personal information collected for materially different, unrelated, or incompatible purposes
without providing you notice.
INFORMATION WE COLLECT
Bank Fund Federal Credit Union may collect, or has collected, the following categories of personal
information (please note that some categories overlap or may not apply to the financial services you
obtained from us):
||Name or alias; mailing and
email addresses; signature; home phone number or mobile phone number; financial account numbers,
credit card number, debit card number, or other financial information; physical characteristics or
description; account name; tax identification number; driver's license number or state
identification card number; passport number; or other similar identifiers.
|B. Protected classification characteristics under
state or federal law
||Age, race, color, ancestry, national origin,
citizenship, religion or creed, marital status, medical condition, physical or mental disability,
sex (including gender, gender identity, gender expression etc.
|C. Commercial information
||Records of personal property,
products or services purchased, obtained, or considered, or other purchasing or consuming histories
|D. Biometric information
||Physiological, behavioral, and biological
characteristics, or activity patterns used to extract a template or other identifier or identifying
information, such as, fingerprints, faceprints, and voiceprints or other physical traits or
|E. Internet or other similar
||Browsing history, emails,
search history, information on a consumer's interaction with a website, application, or
|F. Geolocation data
||Physical location or movements. For example,
city, state, country, and ZIP code associated with your IP address; and, with your permission in
accordance with your mobile device settings, and precise geolocation information from GPS-based
functionality on your mobile devices.
|G. Sensory data
||Audio, electronic, visual, or
|H. Professional or employment-related information
||Current or past job history, performance
evaluations, disability accommodations, and complaint records.
|I. Non-public education
information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R.
||Educational records directly
related to a student maintained by an educational institution or party acting on its behalf, such as
grades, transcripts, class lists, student schedules, student identification codes, student financial
information, or student disciplinary records.
|J. Inferences drawn from other personal
||Profile reflecting a person’s preference,
characteristics, psychological trends, predispositions, behavior, attitudes, intelligence,
abilities, and aptitudes.
Personal Information does not include publicly available information; de-identified or aggregated
consumer information; or other information excluded from the CCPA.
CATEGORIES OF SOURCES OF INFORMATION WE COLLECT
We obtain the categories of personal information listed above from one or more of the following
categories of sources:
- Direct from you or your agent: We collect information directly from you or your
authorized agent. For example, when you provide us your name and tax identification number to open an
account and become a member.
- Indirectly from you: We collect certain information from your activity on our website
(www.bfsfcu.org) and your use of applications on your mobile device. We collect your IP address, device
and advertising identifiers, browser type, operating system, Internet service provider (“ISP”), pages
that you visit before and after visiting our website, the date and time of your visit, information about
the links you click and pages you view on our website, and other standard server log information. We may
also collect your mobile device’s GPS signal, location, or other information about nearby Wi-Fi access
and other tracking technologies for various purposes, such as fraud. Some of these tracking tools may
detect characteristics or settings of the specific device you use to access our online services. These
cookies are not used to engage in online behavioral advertising.
- Third-party service providers in connection with our services or our business
purposes: We collect information from third-party service providers that interact with us in
connection with the services we perform or for our operational purposes. For example, a credit report we
obtain from a credit bureau to evaluate a loan application. Another example is a third-party service
provider that provides us information to help us detect security incidents and fraudulent activity.
- Information we collect from third-parties for a commercial purpose: We collect
information from third-parties for our commercial purposes. We partner with a limited number of
your browser to collect public information about your visits to our and other websites in order to
provide customized experiences or services. We do not disclose any information about you to such
third-parties except as permitted by applicable laws and regulations, and we require such third-parties
to follow applicable laws and regulations when they collect information from you to transfer such
information to us.
SHARING PERSONAL INFORMATION
We disclose your personal information to third party service providers for our business and commercial
purposes. When we disclose personal information to service providers, we enter a contract that describes
the purpose and requires the recipient to keep that personal information confidential and not to use it
for any purpose except performing the contract.
In the preceding 12-months, we may have disclosed
the following categories of personal information for a business purpose:
- Category A: Identifiers
- Category B: Personal information categories listed in the (Cal. Civ. Code § 1798.80(e))
- Category C: Protected classification characteristics under state or federal law
- Category D: Commercial Information
- Category E: Biometric Information
- Category F: Internet or other similar network activity
- Category G: Geolocation Data
- Category H: Sensory Data
- Category I: Professional or employment-related information
- Category J: Non-public education information
- Category K: Inferences drawn from other personal information
We do not sell your personal information for monetary consideration. In the preceding 12-months, we have
not sold any personal information and, going forward, we will not sell your information. If this changes,
we will notify you in accordance with applicable law. We will not sell, and to our knowledge have not
sold, the personal information of minors under 16 years of age without authorization from a parent or
YOUR RIGHTS AND CHOICES
This section describes your rights and choices under the CCPA regarding how we collect, share, use, and
protect your personal information, how to exercise those rights, and limits and exceptions to your rights
Access to Specific Information
If an exception does not apply, and you have not made
this request more than twice in a 12-month period, you have the right to request that we disclose certain
information to you about our collection and use of your personal information over the past 12 months from
the date we receive your request. Once we receive and confirm your request and verify that the request is
coming from you or someone authorized to make the request on your behalf, we will disclose to you or your
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information. We do not sell your
- The categories of third parties to whom we sold or disclosed the category of personal information.
- The business or commercial purpose for which we sold or disclosed the category of personal
- The specific pieces of personal information we collected about you in a form that you can take with
you (also called a “data portability request”).
Deletion Request Rights
You have the right to request that we delete any of your
personal information that we collect from you and retained, subject to certain exceptions. Once we receive
and verify your request, we will delete (and direct our service providers to delete) your personal
information from our records, unless an exception applies. We may deny your deletion request if retaining
the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service
that you requested, take actions reasonably anticipated within the context of our ongoing business
relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and
prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free
speech, or exercise another right provided for by law.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public
interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of
the information is likely to render impossible or seriously impair the achievement of such research, if
you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your
relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which
you provided it.
Right of Correction
You have the right to request changes to any of your personally
identifiable information that we have collected through our website and online
Exercising Access, Deletion and Correction Rights
To exercise the
rights described above, please submit a verifiable consumer request to us by either:
Only you or someone legally authorized to act on your behalf may make a verifiable consumer request
related to your personal information. You may also make a verifiable consumer request on behalf of your
minor child. We will follow our normal member verification procedures to ensure the safety of your
You may only make a verifiable consumer request for access or data portability twice within a
We cannot respond to your request or provide you with personal information if we
cannot verify your identity or authority to make the request and confirm the personal information relates
to you. Making a verifiable consumer request does not require you to create an account with us. We will
only use personal information provided in a verifiable consumer request to verify the requestor’s identity
or authority to make the request.
When we receive a verifiable request from your or your authorized
agent, we will require:
- Submission of a written document signed by you with your permission for the authorized agent to submit
a verifiable request on your behalf and require the authorized agent to verify its own entity to us; or
- Require your authorized agent to furnish a copy of a power of attorney pursuant to California Probate
Code sections 4000 to 4465 and require the authorized agent to verify its own identity to us.
We will deny a request from an agent that does not submit proof that they have been authorized by you to
act on your behalf and cannot verify their own identity to us.
Response Timing and Format
We endeavor to respond to a verifiable consumer request
within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason
and extension period in writing. If you have an account with us, we will deliver our written response to
the email or physical address associated with that account. If you do not have an account with us, we will
deliver our written response by mail or electronically, at your option.
Any disclosures we provide
will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we
provide will also explain the reasons we cannot comply with a request, if applicable. For data portability
requests, we will select a format to provide your personal information that is readily useable and should
allow you to transmit the information from one entity to another entity without hindrance.
not charge a fee to process or respond to your verifiable consumer request unless it is excessive,
repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why
we made that decision and provide you with a cost estimate before completing your request.
Right of Non-Discrimination
We will not discriminate against you for exercising any
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or
other benefits, or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price for goods or services or a different level or quality
of goods or services
If you have any questions about this or about Privacy at BFSFCU, please contact [email protected].