FRAUD ALERT: UECU will never make unsolicited calls asking you for private information such as your SSN, driver’s license number, online user name or password, your debit/credit card expiration date, CVV or PIN. PROTECT YOURSELF: Do not give out private information to random unsolicited callers.

PRIVACY POLICY FOR CALIFORNIA RESIDENTS
UECU has developed this privacy policy for California residents in response to the California Consumer Privacy Act of 2018 (CCPA). This document supplements UECU’s privacy policy and applies to California residents as defined in the CCPA. Any terms defined in the CCPA have the same meaning when used in this policy.

INFORMATION UECU COLLECTS
UECU collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). UECU may have collected the following categories of personal information from our consumers within the last twelve (12) months. Not all examples listed in the table are collected from every consumer.

Category
Examples
A. Identifiers and personal information categories listed in the California Customer Records law (Cal. Civ. Code §1798.80(e))
A real name or alias, postal address, signature, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver’s license number, passport number, state identification card number, physical characteristics or description, telephone number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information, medical information, health insurance information, or other similar identifiers.
B. Characteristics of protected classifications under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
C. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
D. Biometric information
Genetic, physiological, behavioral, and biological characteristics (hair color, eye color, height, etc.). Activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints/recognition, and voiceprints/recognition, iris or retina scans, keystroke, gait, or other physical patterns, such as sleep, health, or exercise data, and other biometric data.
E. Internet or other electronic network activity information
Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
F. Geolocation data
Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and, with your permission in accordance with your mobile device settings, and precise geolocation information from GPS-based functionality on your mobile devices.
G. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
H. Professional or employment-related information
Current or past job history, performance evaluations, disciplinary records, workplace injury records, disability accommodations, and complaint records.
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
Educational records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
J. Inferences drawn from other personal information
Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

EXCEPTIONS
This policy does not apply to you if you are not a California resident.
This policy does not apply to personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, and implementing regulations, or the California Financial Information Privacy Act.

This policy does not apply to an activity involving the collection, maintenance, disclosure, sale, communication, or use of any personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency, by a furnisher of information, who provides information for use in a consumer report, and by a user of a consumer report. This exemption will apply only to the extent that such activity involving the collection, maintenance, disclosure, sale, communication, or use of such information by that agency, furnisher, or user is subject to regulation under the Fair Credit Reporting Act, and the information is not used, communicated, disclosed, or sold except as authorized by the Fair Credit Reporting Act.

This policy does not apply to information collected as part of a job application or employment information.

This policy does not apply to publicly available information that is lawfully made available to the general public from federal, state, or local government records.

This policy does not apply to de-identified or aggregated information.

CATEGORIES OF SOURCES OF INFORMATION WE COLLECT

UECU collects information in the categories listed above from the following categories of sources:

Collection Category Source

Examples

Consumer
Information collected from you or your authorized agent. Examples include documents provided to UECU related to the products and services UECU provides to you.

Advertising networks
Information UECU purchases from advertising networks to identify prospective members.
Data analytics providers

Information collected while accessing our website, using our mobile application, or how you use our products and services. Examples include information collected when using our website used to provide a customized experience on our website.

Third parties
Information used to provide the financial services we provide. Examples include information obtained from credit bureaus when credit products are offered to you.

USE OF PERSONAL INFORMATION
UECU uses the personal information we collect about you for the following business or commercial purposes:

To fulfill or meet the reason for which the information is provided. For example, you or your agent apply for a loan, and we use the information in your loan application to give you the loan.
To provide you with information, products or services that you request from us.
To market and sell UECU products and services to you.
To provide you with email alerts, event registrations or other notices concerning our products or services, or events or news, that may be of interest to you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and UECU, including for billing and collections.
To communicate with you via email or text message (with your consent, where required by law).
To provide, support, personalize, and develop our website, products, and services.
For testing, research, and analysis to improve our products and services and for developing new ones.
To protect the rights, property or safety of us, our employees, our members or others.
To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
To process your requests, purchases, transactions, payments, and prevent fraud.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.

UECU does not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice to you.

UECU DOES NOT SELL PERSONAL INFORMATION
UECU does not “sell” member or consumers’ personal information for monetary consideration as defined under the CCPA. For this reason, UECU does not offer an opt-out for selling information.

UECU SHARING OF PERSONAL INFORMATION
UECU only shares personal information with vendors (third parties) and service providers who are under contract to provide specific services. These contracts define the business or commercial purpose and use of the data, and restrict the vendor from selling any data provided by UECU. UECU shares information with these categories of third parties:

Service providers

Advertising networks
Government or regulatory authorities (as required by law (federal, state, and local) or regulation)

Social networks
In the past twelve (12) months, UECU has disclosed or shared the following categories of personal information to third parties for business or commercial purposes:

Category A: Identifiers
Category B: Personal information categories listed in the California Customer Records law
Category C: Characteristics of protected classifications under California or federal law
Category D: Commercial information
Category E: Biometric information
Category F: Internet or other electronic network activity information
Category G: Geolocation data
Category H: Audio, electronic, visual, thermal, olfactory, or similar information
Category I: Professional or employment-related information
Category J: Education information

CALIFORNIA RESIDENTS’ RIGHTS AND CHOICES
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

California residents have the right to request that UECU disclose information to you about the collection and use of your personal information over the past 12 months. If an exception does not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months from the date we receive your request. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:

The categories of personal information we collected about you;
The categories of sources from which the personal information is collected;
The business or commercial purpose for collecting or selling your personal information;
The categories of third parties with whom we have shared your personal information; and
The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”).

DELETION REQUEST RIGHTS
California residents have the right to request that UECU delete any of your personal information we collected from you and retained, subject to the exceptions outlined in this policy. Once your verifiable consumer request is received and confirmed, UECU will delete, and where applicable, direct our service providers to delete your personal information from our records, unless an exception applies. UECU may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

Debug to identify and repair errors that impair existing intended functionality.

Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent.

Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

Comply with a legal obligation.

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

DO NOT SELL RIGHTS
California residents have the right to opt out of the sale of their personal information. UCEU does not sell personal information about our members or other consumers

EXERCISING ACCESS, DATA PORTABILITY AND DELETION RIGHTS
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request (as described more fully below) to us by either:

Using the CCPA Request Form
Calling us at 800.288.6423 and using the reference “CCPA request”
Visiting our branch located at 11 Meridian Blvd, Wyomissing, PA 19610
Only you, or a person registered with the California Secretary of State who you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

UECU cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

UECU RESPONSE TIMING AND FORMAT
UECU will respond to a verifiable consumer request for access to personal information within 45 days of receiving it. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. UECU will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

NON-DISCRIMINATION
California consumers have the right to exercise their access, deletion, and other rights without discrimination. Discrimination may exist where a business takes or suggests that it will take the following actions in response to a consumer exercising rights under the CCPA, unless doing so is reasonably related to the value provided to the consumer by the consumer’s data:

Deny access to, or use of, goods or services.
Charge different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide a different level or quality of goods or services.
Suggest that you may receive a different price for goods or services or a different level or quality of goods or services.

CHANGES TO THIS PRIVACY NOTICE
UECU reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you through a notice on our website’s homepage.

CONTACT INFORMATION
If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by: Email: compliance@uecu.org or Phone: 800.288.6423. Use the reference “CCPA request.”