Skip to main content Skip to main content

Privacy Policy for
California Residents

BankFund Privacy Policy for California Residents

Thank you for choosing to be part of our community at Bank-Fund Staff Federal Credit Union (“BankFund”). We are committed to protecting your Personal Information and your right to privacy. 

This California Privacy Policy applies to any consumer, member, visitor, user, and any others who are a resident of the State of California and is meant to comply with the California Consumer Protection Act of 2018 (CCPA) as amended by the California Privacy Rights Act. 

This California Privacy Policy explains how Bank-Fund Staff Federal Credit Union (BankFund) collectsusesshares, and protects your Personal Information through your online and offline interactions with us. This Policy supplements BankFund’s general Privacy Policy. Please note that most financial Personal Information we collect is governed by a federal law called the GrammLeachBliley Act (GLBA), and so this California Privacy Policy may not cover all your interactions with us or the use of your financial Personal Information. For information regarding our treatment of financial Personal Information, please see our GLBA Privacy Notice.

HOW WE USE YOUR PERSONAL INFORMATION

We may use or disclose your Personal Information for the following business purposes:
 

  • To fulfill the purpose for which you provided the information. For example, to provide you with information, products, or services that you request from us. 
  • To provide you with email alerts, event registrations, or other notices concerning our products, services, events, or news that may be of interest to you. 
  • To carry out our obligations and enforce our rights arising from any contracts between you and us. 
  • To improve the functionality and design of our website. 
  • For testing, research, or analysis to improve our products and services. 
  • To protect the rights, property, or safety of us, our employees, our members, or others. 
  • To detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; and prosecute those responsible for such activity. 
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. 
  • As described to you when collecting your Personal Information. 
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which Personal Information held by us is among the assets transferred. 

We also use your Personal Information to advance our commercial and economic interests, such as advertising our membership, products, and services, or enabling commercial transactions.  

We will not collect additional categories of Personal Information or use the Personal Information we collect for significantly different, unrelated, or incompatible purposes without telling you. 

 

INFORMATION WE COLLECT

BankFund may collect the following categories of Personal Information (please note that some categories overlap or may not apply to the financial services you obtained from us): 

Category Examples
A. Identifiers Name or alias; mailing and email addresses; signature; phone number; financial account numbers, credit card number, debit card number; physical characteristics or description; account name; tax identification number; driver's license number or state identification card number; passport number; or other similar identifiers. 
B. Protected classification characteristics under state or federal law Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender identity). 
C. Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. 
D. Biometric information Physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints or other physical traits or patterns. 
E. Internet or other similar network activity Browsing history, emails, search history, information on a consumer's interaction with a website, application, or advertisement. 
F. Geolocation data

Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address; and, with your permission in accordance with your mobile device settings, precise geolocation information from GPS-based functionality on your mobile devices. 

G. Sensory data Audio, electronic, visual, or similar information.
H. Professional or employment-related information

Current or past job history, performance evaluations, disability accommodations, and complaint records. 

I. Non-public education information Educational records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. 
J. Inferences drawn from other personal information Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

 

Personal Information does not include publicly available information; de-identified or aggregated consumer information; or other information excluded from the CCPA. 

We collect the following types of sensitive Personal Information:  

  1. Social Security Number or Taxpayer Identification Number, 
  2. Financial information, 
  3. Identification documents, 
  4. Precise geolocation data, 
  5. Racial or ethnic origin, and 
  6. Biometric information. 

SOURCES OF PERSONAL INFORMATION WE COLLECT 

We obtain the categories of personal information listed above from the following categories of sources: 

  • Directly from you or your agent: We collect information directly from you or your authorized agent. For example, when you provide us your name and tax identification number to open an account and become a member.
  • Indirectly from you:  We collect certain information from your activity on our website and your use of applications on your mobile device. We collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider (“ISP”), information about how you found our website (potentially including the site that referred you to us), the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information. We may also collect your mobile device’s GPS signal, location, or other information about nearby Wi-Fi access points and cell towers. In addition, we may deploy and use cookies, web beacons, local shared objects, and other tracking technologies for various purposes, such as detecting fraud. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services. 
  • Referring Members: BankFund members may refer eligible people to become members of the credit union. If you are referred to us, we collect your basic contact information from the referring member. 
  • Third-party service providers in connection with our services or our business purposes: We collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application, or information to help us detect security incidents and fraudulent activity. 
  • Information we collect from third parties for a commercial purpose: We collect information from third parties for our commercial purposes. We partner with a limited number of third-party analytics and advertising firms. These third parties may use cookies or code processed by your browser to collect public information about your visits to our and other websites in order to provide customized experiences or services. We do not disclose any information about you to such third parties except as permitted by applicable laws and regulations, and we require such third parties to follow applicable laws and regulations when they collect information from you to transfer such information to us. 


SHARING PERSONAL INFORMATION

We do not and will not sell your Personal Information. We do disclose your personal information to third party service providers for our business and commercial purposes, as described above. When we disclose Personal Information to service providers, we enter into a contract that requires the service provider to keep that Personal Information confidential and not to use it for any purpose except performing the contract. 

In the preceding 12 months, we may have disclosed the following categories of Personal Information for a business purpose: 

  • Category A: Identifiers 
  • Category B: Protected classification characteristics under state or federal law 
  • Category C: Commercial Information 
  • Category D: Biometric Information 
  • Category E: Internet or other similar network activity 
  • Category F: Geolocation Data 
  • Category G: Sensory Data 
  • Category H: Professional or employment-related information 
  • Category I: Non-public education information 
  • Category J: Inferences drawn from other Personal Information 

We may also share your information with public and governmental authorities as required to meet legal and regulatory obligations or as necessary to investigate illegal conduct or misuse. 

We sometimes share the financial Personal Information we collect from and about you with third parties for joint marketing in accordance with our GLBA Privacy Notice.  

As part of providing you the services, we also share your Personal Information with certain partners who process it for their own purposes, such as for anti-fraud checks or advertising. 

We otherwise only share your Personal Information with your consent, to provide you with services, to protect your rights, or to fulfill business obligations. 

 

RETENTION OF PERSONAL INFORMATION 

We retain your Personal Information according to our retention policies for as long as reasonably necessary to achieve the above purposes, or as required by law. Retention periods vary by the type of transaction, interaction, or relationship for which the Personal Information was collected. 

We may retain your Personal Information for a longer period, if required or permitted by law, such as in the event of a complaint, if we reasonably believe there is a prospect of litigation with you, or to fulfill our legal obligations. 

 

YOUR RIGHTS AND CHOICES

This section describes your rights and choices under the CCPA regarding how we collect, use, and share your personal information and how to exercise those rights, subject to certain exceptions. 

Access to Personal Information

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months from the date we receive your request. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative: 

  • The categories of Personal Information we collected about you. 
  • The categories of sources for the Personal Information we collected about you. 
  • Our business or commercial purpose for collecting that Personal Information. We do not sell your Personal Information. 
  • The categories of third parties to whom we disclosed the category of Personal Information. 
  • The business or commercial purpose for which we disclosed the category of Personal Information. 
  • The specific pieces of Personal Information we collected about you in a form that you can take with you (also called a “data portability request”). 

Deletion of Personal Information 

You have the right to request that we delete the Personal Information that we collect from you, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. Potential exceptions include completing a transaction with you, detecting security incidents, protecting against fraud or illegal activity, or complying with legal obligations. 

  • Correction of Personal Information 

You have the right to request corrections to the Personal Information that we have collected about you. 

Exercising Access, Deletion, and Correction Rights 
To exercise the rights described above, please submit a consumer request to us by either: 

Only you or someone legally authorized to act on your behalf may make a consumer request related to your Personal Information. You may also make a consumer request on behalf of your minor child. We will follow our normal member verification procedures to ensure the safety of your data. 

You may only make a consumer request for access or data portability twice within a 12-month period. 

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a consumer request does not require you to create an account with us. We will only use Personal Information provided in a consumer request to verify the requestor’s identity or authority to make the request. 

When we receive a request from your authorized agent, we will require the agent to provide proof it has the authority to submit a request on your behalf and may need you to verify that the request is genuine. 

 

Response Timing and Format 

We try to respond to a consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the email or physical address associated with that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

Disclosures we provide may only cover the 12-month period before we receive the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

We do not charge a fee to process or respond to your consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

Right to Opt Out 

Because BankFund does not sell your Personal Information, we do not offer an option to opt out of sales. 

You have a right to opt out of sharing personal information for targeted advertising purposes. You can opt out of the sharing of your Personal Information by adjusting your cookie settings below. 

We also respond to and abide by opt-out preference signals sent by the Global Privacy Control (GPC) when enabled in your browser. GPC is a setting that allows you to enable a privacy signal for websites to use when you visit. When we detect a GPC signal from a browser, our web services will not share Personal Information for certain targeted advertising purposes in accordance with applicable laws. Please note that your preferences will apply only to the specific browser from which you opt out, so you will need to opt out separately on all your browsers. If you disable cookies, change web browsers, or use a different device, you may need to opt out again. 

Right of Non-Discrimination

We will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws. Unless permitted by law, we will not: 

  • Deny you goods or services 
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties 
  • Provide you a different level or quality of goods or services 
  • Suggest that you may receive a different price for goods or services or a different level of quality of goods or services 

CONTACT US

If you have any questions about this or about privacy at BankFund, please contact [email protected]. 


Date Last Updated:  April 2026