PRIVACY POLICY

This Privacy Policy applies to all persons and/or businesses who interact with us in person, online or through our App, and through other channels as described in the Privacy Policy. References to "we," "us," and "our" refer to Orange County’s Federal Credit Union. References to "you," "your" and "yours" mean our members, customers, website visitors and users of our app. References to “app(s)” refers to our mobile applications that run on smartphones, tablets, and other devices, through which you will be able access our services.

The following provides a brief explanation of the contents of this Privacy Policy:

  • Federal Privacy Policy. The Federal Privacy Policy discloses how we collect, use, and share the personal information of individuals who apply for or obtain our financial products and services for personal, family, or household purposes pursuant to the federal Gramm-Leach Bliley Act (“GLBA”).

    Federal Privacy Policy (PDF)
  • Important Privacy Choices for California Consumers. Residents of California who have applied for or obtained our financial products and services for personal, family, or household purposes, may exercise their right to opt-out of our sharing of their personal information with other companies we do business with to provide financial products and services through this form, pursuant to the California Financial Information Privacy Act (“CalFIPA”).

    Important Privacy Choices for Consumers (PDF)
  • Online Privacy Policy. The Online Privacy Policy discloses how we collect, use, and share information from visitors to our website and users of our app.
  • California Consumer Privacy Act (“CCPA”) Privacy Policy. The CCPA Privacy Policy applies to residents of California to the extent that the California Consumer Privacy Act (“CCPA”) is applicable to the type of personal information that we handle. The specific personal information that we collect, use, and disclose relating to a California resident in different contexts covered by the CCPA will vary based on our relationship or interaction with that individual. For example, the CCPA Privacy Policy does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes (i.e., information subject to the GLBA and CalFIPA). For more information about how we collect, disclose, and secure information relating to these customers, please refer to the Federal Privacy Policy.

ONLINE PRIVACY POLICY

Effective Date: March 25, 2026

This Online Privacy Policy (“Online Privacy Policy”) describes Orange County’s Federal Credit Union’s online privacy practices and applies to websites, mobile applications that run on smartphones, tablets, and other devices (“app(s)”), and additional services that we offer which link to this Online Privacy Policy.

By using this website or our apps, you agree to the terms and conditions of this Online Privacy Policy and consent to our online data collection activities as described in this Online Privacy Policy.

The terms “personal information” or “personally identifiable information” used in this Online Privacy Policy refers to information such as your name, mailing address, email address, telephone number, Social Security number, or other information that identifies you. This information may be collected when you voluntarily provide it to us on our website or in our app.

INFORMATION WE COLLECT ONLINE – AND HOW WE COLLECT IT

You may visit our website to find out about products and services and check rates, without giving us any personal information. We may use software tools and/or "cookies" to track and gather information about your browsing activities in order to analyze usage, target areas for improvement, and create marketing programs to benefit our members or potential members that visit our site.

Tracking includes the date and time of visits, pages viewed, time spent on our site, browser types, IP address, and the site visited just before and just after our site. We may also track browsing activities of members who have accounts with us and who use our online banking services.

As part of our security procedures for members using our online banking to conduct account inquiries and transactions, we require personally identifiable information such as a login identification (login ID) and password. We may use a cookie to authenticate your request.

1) Use of Cookies and Similar Tracking Technologies

The use of cookies and similar tracking technologies (including pixels or clear GIFs, tags, and we beacons) is a common internet practice. Cookies are small text files containing small amounts of information which are downloaded to your computer, smartphone, tablet or other mobile device when you visit a website. Cookies are useful in a number of ways, including allowing a site or mobile app you use to recognize your device, save your settings on a site or mobile app, facilitate navigation, display information more effectively and to personalize the user’s experience. Cookies are also used to gather statistical information about how sites and mobile apps are used in order to continually improve design and functionality and assist with resolving questions regarding the sites and mobile apps.

a. Categories of Cookies

Below is a list of the types of cookies that may be used in our sites and mobile apps. We classify cookies into the following categories:

  • Strictly Necessary. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
  • Performance. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
  • Functional. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
  • Targeting. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
  • Social Media. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. These cookies may also be used to facilitate interest-based advertising to you. If you do not allow these cookies, you will experience less targeted advertising.

b. How to Control and Delete Cookies

1. Using Your Browser

Many of the cookies used on our website can be enabled or disabled through our consent tool or by disabling the cookies through your browser. To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.

Some browsers also have Global Privacy Control (“GPC”). The GPC is a technical specification for transmitting universal opt-out signal that communicates a consumer’s choice to opt-out of the sale or sharing of their personal information for behavioral advertising. Where required to do so under applicable law, our website will honor GPC signals.

2. Using Your Mobile Device

Some mobile devices come with a non-permanent advertising identifier or ID which gives companies the ability to serve targeted ads to a specific mobile device. In many cases, you can turn off mobile device ad tracking or you can reset the advertising identifier at any time within your mobile device privacy settings. You may also choose to turn off location tracking on your mobile device. By turning off ad tracking or location tracking on your mobile device, you may still see the same number of ads as before, but they may be less relevant because they will not be based on your interests.

3. Behavioral Advertising on Third-Party Websites

Online activity data collected on our website or apps may be used to advertise our products and services that may be of interest to you on third party websites. Our service providers that deliver these advertisements are subject to their own privacy policies. To explore options for opting out of behavioral advertising, visit http://optout.aboutads.info/ or click on the AdChoices icon in an ad and follow the instructions. You may also use the Network Advertising Initiative's (NAI) Opt-Out Tool by visiting https://optout.networkadvertising.org/?c=1. Furthermore, you may download the Google Analytics opt-out plug in, available at https://tools.google.com/dlpage/gaoptout/, to prevent your data from being collected and used by Google Analytics. Moreover, there may be other tools provided by the publishing platform to enable you to opt-out. Opting out relies on information in the unique cookies placed on your web browser by our service providers, so if you delete cookies, use a different device, or change web browsers, you may need to opt out again. Additionally, we may partner with websites like Google to display ads to you based on search terms you use on those websites. Please review the privacy policies of those websites for instructions on how to limit these ads. Please note that you may still receive general online advertising from us even after you adjust your ad preferences with certain web search engines or opt out of online advertising through AdChoices or the NAI tool. Such advertising, however, should not be based on online activity data or search term information.

However, since we do not own or control these third-party resources, we cannot ensure that you will stop receiving our advertisements by using these tools or that such advertisements will not be based on online activity data or search term information, and we do not guarantee the functionality or availability of such third-party tools. While we work with vendors and service providers who are contractually obligated to comply with our policies to protect information and to comply with all applicable laws regarding the collection, safeguarding, processing and disclosure of personal information, such vendors and service providers are solely responsible for cookies, cookie tracking and your choices for managing cookies.

4. Cookie Consent Tool

You may also opt-out of cookies by adjusting your cookie preferences through our Cookie Consent Tool and by confirming your cookies preference choices. Strictly necessary cookies cannot be disabled, nor can the tool be used to block cookies on third party websites linked from our website. Please note that while your opt-out choices may be effective on the specific device and browser you use when you opt-out, it may not be effective on other devices or browsers that you may subsequently use to visit our website, and you may need to use the Consent Tool feature again when visiting our website from such other browsers or devices.

You can access the Cookie Settings.

5. Third Party Website Cookies That We Cannot Control

When using our website, you may be directed to other websites for such activities as surveys, completing job applications, and to view content hosted on those sites such as an embedded video or news article. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our website.

2) Geolocation

When allowed by you, our app collects your location data to provide you with location-based services, such as identifying branches and ATMs near you, and location-based messages and offers. We also collect location data to help with fraud detection.

Opting out of location tracking. If you do not want us to collect location services, you may decline the collection of your location when prompted or adjust the location services settings on your device. Please note, however, that if you withdraw your consent to our collection of location information, you may no longer be able to use some features of the app.

3) IP Addresses

If you log on to online banking, you pass through a "firewall" used for security purposes and the Internet Protocol (IP) address associated with the computer you are using may be identified. The IP address does not identify you personally. In certain instances, it may also obtain other information about your computer to better identify you as an online user. This information may be retained in case it is needed for security or protection of member information.

4) Social Media

We may collect information, such as your likes, interests, feedback, and preferences when you interact with our official pages on social media websites such as Facebook, Twitter, LinkedIn, YouTube, and Instagram or from our social media partners (but only if you choose to share with them and they, in turn, share that information with us). Please refer to the policies of those companies to better understand your rights and obligations with regard to your activity on those websites.

5) Contact Information and Images

With your permission, our app may be granted access to your phonebook or contact information in your mobile device to provide various features like Zelle Payments. We will only disclose this information as necessary to enable such features and to comply with federal, state, or local laws, or other legal requirements.

Our app may request access to your camera for you to be able to use our remote deposit capture service. The front and back pictures of the checks you sent will only be used for our remote deposit capture service. Such images will only be accessible by us and our service providers that help enable our remote deposit capture service. We will only disclose the check photos to third parties if necessary to process your remote deposit and to comply with federal, state, or local laws, or other legal requirements.

Additionally, if you are applying for membership or a loan on our website or mobile application, we may ask you to upload a copy of your government issued identification card for us to comply with our regulatory requirements. We will only use this information to open your account and disclose this information to third parties as necessary to process your membership application and to comply with federal, state, or local laws, or other legal requirements.

6) Chat Feature

By using a chat feature on our website for mobile application, you acknowledge and agree that your communication may be monitored and recorded by us and our service providers for any lawful purpose, such as quality assurance to maintain service quality and to ensure your inquiries are efficiently addressed; training and development to train our staff and improve our services based on your feedback and interactions; and security and compliance to prevent unauthorized use of our chat feature, ensure the security of our communication channels, and to comply with legal obligations.

7) Financial Information and Government Identification

Our online banking service on our website and mobile application collects financial and payment information to process transactions such as bill payments. Furthermore, our website and mobile application may prompt you to provide a copy of your government issued identification card or collect government identification numbers in connection with an application for membership or a loan with us. We will never publicly disclose any of your financial information, payment information or government issued identification card or card number. Such information may be disclosed only to our service providers for the purpose of processing transactions you request from us or maintaining your accounts with us, and such service provides are restricted from forward transfers of such information to other parties except in furtherance of processing your requested transactions or compliance with federal, state, or local laws, or other legal requirements.

HOW WE USE INFORMATION WE COLLECT

We use information we collect from your online activity on our website and app for a variety of reasons, including:

  • to present the contents of our website and app to you;
  • to enable you to use online tools or perform certain online transactions;
  • to service and manage your account, including responding to or updating you on inquiries, or to contact you about your accounts or feedback;
  • to offer you special products and services and deliver advertisements to you in the form of banner ads, interstitial pages (ads that appear as you sign in or sign out of your online accounts) or other promotions;
  • to analyze whether our ads, promotions, and offers are effective;
  • to help us determine whether you might be interested in new products or services, and to improve existing products and services;
  • to verify your identity and/or location to allow access to your accounts and conduct online transactions;
  • to manage fraud and data security risk;
  • to personalize and optimize your website browsing and app experiences by examining which parts of our website you visit or which aspect of our apps you find most useful;
  • to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • to audit our internal processes for compliance with legal and contractual requirements, as well as our internal policies;
  • to comply with federal, state or local laws; civil, criminal or regulatory investigations; or other legal requirements; and
  • to share with trusted third parties who are contractually obligated to keep such information confidential and to use it only to provide the services we have asked them to perform.

WHO WE SHARE INFORMATION WE COLLECT WITH

We share information we collect from your online activity on our website and app to third parties for only our business purposes and to comply with our legal requirements. The general categories of third parties that we share with are as follows:

  • our third-party service providers;
  • other companies to bring you co-branded services, products, or programs;
  • third parties that help us advertise our products or services;
  • third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you;
  • third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation, or merger of our company or affiliated business; and
  • other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security, or technical issues; to respond to an emergency; or otherwise, to protect the rights, property, or security of our customers or third parties.

MISCELLANEOUS

Updating Your Personal Information: Keeping your account information up-to-date is important. You can access and/or update your personal information in connection with your account or application by logging on to your account online or contacting us.

What You Can Do to Help Protect Your Information: We are committed to protecting your privacy. We suggest you follow these guidelines:

  • Protect your account numbers, card numbers, personal identification numbers (PINs), and passwords. Never keep your PIN with your debit or credit card which would provide access to your accounts if your card is lost or stolen.
  • Use caution when disclosing your account numbers, Social Security numbers, and other confidential information to other persons. If someone calls you, explains the call is on behalf of us and asks for your account number, you should beware. Our staff will have access to your information and will not need to ask for it.
  • It is important that we have your current information so we may reach you. If we detect potentially fraudulent or unauthorized activity or use of any account, we will attempt to contact you immediately. If your address, phone number, or email changes, please let us know.

Linking to Other Websites: Our websites, online services, online or mobile banking may contain links to third party websites. Although these links were established to provide you with access to useful information, we do not control and are not responsible for any of these websites or their contents. We do not know or control what information third-party websites may collect regarding your personal information. We provide these links to you only as a convenience, and we do not endorse or make any representations about using such third-party websites or any information, software or other products or materials found there, or any results that may be obtained from using them. We encourage you to review the privacy statements of websites you choose to link to from our websites so that you can understand how those websites collect, use, and share your information. We are not responsible for the security or privacy practices of the linked websites.

Protecting Children’s Privacy: We respect the privacy of children and comply with the practices established under the Children’s Online Privacy Protection Act (“COPPA”). Our website and mobile application does not target children. We do not knowingly collect or retain personally identifiable information from consumers under the age of thirteen. We may, however, collect information about consumers under the age of thirteen on our website or mobile application directly from their parents or legal guardians in connection with the financial products and service that we offer to our members, such as, without limitation, adding children as beneficiaries to bank accounts. For more information about COPPA please visit the Federal Trade Commission website: www.ftc.gov.

Data Retention: We may retain your personal information and online activity data even if you decide to terminate your membership with us, close your accounts with us, and/or delete our app or cease use of our websites based on the following:

  • Laws and Regulations. We are a regulated financial institution that is subject to laws and regulations governing our retention of information pertaining to our members, applicants for credit union membership, loans and other financial products and services. We are also an employer and, thus, we are subject to labor laws governing how long we must retain information about applicants for employment and current and former employees. Therefore, applicable laws and regulations will govern how long we retain information pertaining to you.
  • Fraud Prevention and Security. We will retain information that we need for fraud prevention and security purposes.
  • Contracts. We will retain information for as long as necessary to comply with our contractual obligations to you, our service providers, and other third parties, as permitted by law.
  • Legal Claims and Defenses. We may retain information for such a period as necessary or advisable to preserve legal claims and defenses.

Opting Out of Email or SMS Communications. If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email or other electronic communication. Alternatively, you can opt out of receiving marketing communications by contacting us at the contact information under “Contact Us” below. If you provide your phone number through the online banking services, we may send you notifications by SMS, such as providing a fraud alert. You may opt out of SMS communications by unlinking your mobile phone number through the online banking services.

Contact Us: You may contact us regarding any question, concern or matter pertaining to this Policy at:

Toll-Free Number: (888) 354-6228.   For TDD hearing-impaired assistance through Relay Service dial 7-1-1, through the Relay Operator dial 1-800-238-4486, or through Teletypewriter (TTY) dial 1-800-826-7345.

Mail:   

Orange County’s Federal Credit Union
P.O. Box 11777
Santa Ana, CA 92711-1777

Updates to this Policy: From time to time, we may change this Policy. The effective date of this Policy, as indicated above, reflects the last time this Policy was revised. Any changes to this Policy will become effective when we post the revised Policy on our website. Your use of our websites, online services, or online or mobile banking following these changes means that you accept the revised Policy.

CCPA PRIVACY POLICY

Revised: March 25, 2026

The CCPA Privacy Policy applies to residents of California to the extent that the California Consumer Privacy Act (“CCPA”) is applicable to the type of personal information that Orange County’s Federal Credit Union (“we”, “our”, “us”) handles. The specific personal information that we collect, use, and disclose relating to a California resident in different contexts covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this CCPA Privacy Policy does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes, as such information is already governed by financial-sector privacy laws like the federal Gramm-Leach-Bliley Act (“GLBA”), Fair Credit Reporting Act (“FCRA”) and the California Financial Information Privacy Act (“CalFIPA”). Additionally, the CCPA does not cover information that is considered publicly available or information that is deidentified or aggregated in such manner that it cannot reasonably identify a person or household. Accordingly, this CCPA Privacy Policy does not apply to such information as well.

Accordingly, to the extent that personal information of California residents does not fall within any one of the above exceptions, this CCPA Privacy Policy describes the categories of personal information we collect, the sources from which such personal information is collected, the business or commercial purpose of our collection of such personal information, how we share and disclose such personal information, and California residents’ rights under the CCPA.

I. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

In the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):

  • Identifiers, such as name, address, social security number, driver’s license number, email address or other similar identifiers.
  • Personal information categories described in Cal. Civ. Code § 1798.80(e), such as signatures, physical characteristics, bank account number, credit card number, and other financial information.
  • Protected traits under state or federal law, such as age, race, color, citizenship, religion, sexual orientation, marital status and medical condition.
  • Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric information, such as fingerprints and voiceprints.
  • Geolocation data, such as location information associated with your IP address or derived through Wi-FI triangulation or precise geolocation from GPS-based functionality on your mobile device.
  • Sensory data, such as audio, electronic, visual or similar information.
  • Professional or employment related information, such as current or past job history, emergency contact information, and personal information needed from you or another person related to you (e.g., your spouse and dependants) to administer job-related benefits.
  • Non-public education information, such as college transcripts and letters of recommendation.
  • Inferences drawn from other personal information, such as a profile reflecting a person’s preferences, characteristics, behavior, intelligence, and aptitude.
  • Sensitive personal information, which includes the following information under the CCPA: A consumer’s social security, driver’s license, state identification card, or passport number; A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; A consumer’s precise geolocation; A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; A consumer’s genetic data; A consumer’s neural data; The processing of biometric information for the purpose of uniquely identifying a consumer; Personal information collected and analyzed concerning a consumer’s health; and Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation; Personal information of consumers that the business has actual knowledge are less than 16 years of age.

II. CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from consumers or their agents. For example, from forms you complete, when you perform transactions, and when you purchase products or services.
  • Indirectly from consumers or their agents. For example, when you use your debit or credit cards, when you make deposits or withdrawals to/from your accounts, or when you pay your bills.
  • Directly and indirectly from activity on our website or our mobile applications. For example, from submissions through our website, application portals, or website usage collected automatically.
  • From third-parties, such as credit reporting agencies, government agencies, law enforcement agencies, and service providers.

III. BUSINESS OR COMMERCIAL PURPOSE FOR COLLECTING PERSONAL INFORMATION

We may collect, use and disclose your personal information for one or more of the following business or commercial purposes:

  • To fulfill or meet the reason for which the information is provided. For example, you apply for a loan, and we use the information in your loan application to give you the loan.
  • To provide you with information, products or services that you request from us.
  • To evaluate your candidacy for employment or for an independent contractor engagement, and to administer employment-related benefits for you, your spouse or domestic partner, and your dependents.
  • To provide you with email alerts, event registrations or other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to you.
  • For testing, research, analysis to improve our products and services and for developing new ones.
  • To protect the rights, property or safety of us, our employees, our members or others.
  • To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.
  • As otherwise permitted by law.

We do not use or disclose your sensitive personal information for any purpose other than, as reasonably necessary and proportionate, for the following purposes:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods and services.
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
  • To ensure the physical safety of natural persons.
  • For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside of your current interaction with us.
  • For our service providers or contractors to perform services on our behalf, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
  • To verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
  • To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about you.

 

IV. HOW WE SHARE AND DISCLOSE PERSONAL INFORMATION

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose your personal information in the following situations:

  • Service Providers. We may share your information with service providers. Among other things, service providers may help us to administer our website, conduct surveys, provide technical support, process payments, assist in the fulfillment of services, and help us market our own products and services.
  • Joint Marketing Partners. We may share your information with other companies to offer you co-branded financial products and services.
  • Advertising Networks. We may share your information with advertising networks such as Google and Meta to help deliver our advertisements to you as you are browsing online.
  • Compliance with Laws and Other Lawful Uses. We may disclose information to law enforcement agencies and other government entities or private parties in litigation in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information with this parties to establish or exercise our rights, to defend against a claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies. We may also disclose your personal information with our acquisition or merger partners in the event of an acquisition or merger. Furthermore, we may disclose your personal information as permitted by applicable law. All of the categories of personal information we collect from you may disclosed for this purpose.
  • Your Consent. All the categories of personal information we collect from you may be disclosed to third parties with your consent or direction.

In addition to the information above, California law requires that organizations disclose whether the specific categories of personal information defined in the CCPA have been disclosed to third parties for a “business purpose,” or “sold” or transferred for “valuable consideration, or “shared” for purposes of cross-context behavioral advertising. We do not have actual knowledge of selling or sharing personal information of minors under 16 years of age for cross-context behavioral advertising.

The table below indicates which of these specified categories we may collect and transfer in a variety of contexts.

CATEGORY OF PERSONAL INFORMATION CATEGORY OF RECIPIENTS (FOR BUSINESS PURPOSE) CATEGORY OF RECIPIENTS (FOR “SALE” OR “VALUABLE CONSIDERATION” CATEGORY OF RECIPIENTS (CROSS-CONTEXT BEHAVIORAL ADVERTISING)
Identifiers such as name, address, unique personal identifier, email address, or account name. Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Advertising networks.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Protected classification characteristics under state or federal law Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Commercial information Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Biometric information Service providers;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Internet or other similar network activity Service providers;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent		 Not sold. Advertising networks.
Geolocation data Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Sensory data Service providers;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Professional or employment-related information Service providers;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Non-public education information Service providers;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Inferences drawn from other personal information Service providers;
Joint marketing partners;
Advertising networks;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared.
Sensitive personal information Service providers;
Third parties for compliance with laws and other lawful purposes; and
Third parties with your consent.		 Not sold. Not shared

 

V. YOUR RIGHTS AND CHOICES

This section describes your rights and choices regarding how we collect, share, use, and protect your personal information, how to exercise those rights, and limits and exceptions to your rights and choices.

1. Exceptions

The rights and choices in this section do not apply:

  • If you are not a California resident.
  • If we collected personal information covered by certain financial sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA). Such laws govern how we collect, share, use and protect your personal information instead of the CCPA.
  • To aggregate consumer information.
  • To deidentified personal information.
  • To publicly available information.

2. Right to Know

If the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting, sharing or selling that personal information.
  • The categories of third parties to whom we disclosed, shared or sold your personal information.
  • The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”).

3. Right to Delete

You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Help to ensure security and integrity to the extent the use of the your personal information is reasonably necessary and proportionate for those purposes.
  3. Debug to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent.
  7. To enable solely internal uses that are reasonably aligned with your expectation based on your relationship with the us and compatible with the context in which the you provided the information.
  8. Comply with a legal obligation.

 

4.    Right to Correct

You have the right to request changes to any of your personally identifiable information that we have collected through our website and online services.

5. Right to Opt-Out of the Sale of Personal Information or Sharing of Personal Information for Cross-Context Behavioral Advertising

The CCPA defines “sale” more broadly than the term is commonly understood. Under the CCPA, a “sale” means the disclosure of personal information to a third party for monetary or other valuable consideration. However, disclosures of personal information to our service providers or contractors are not considered a “sale” when we have a written agreement in place that meets the requirements of the CCPA.

We do not sell your personal information for monetary consideration. Nevertheless, our sharing of personal information with third parties for purposes of cross-context behavioral advertising may be considered a “sale” or “sharing” under the CCPA.

You may opt out of the sale or sharing of your personal information for cross-context behavioral advertising by visiting our Cookie Settings and disabling all cookies that enable advertising, such as social media and targeting cookies. In addition, if you enable opt-out preference signals such as Global Privacy Control (“GPC”) in a particular web browser, we will automatically honor that signal as a request to opt out of the sale or sharing of your personal information for cross-context behavioral advertising when you access our website using that browser. Please note that GPC signals are browser-specific and must be enabled separately on each browser or device; enabling GPC in one browser will not apply to other browsers or devices you may use.

 

6. Right of Non-Discrimination

We will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws. Unless permitted by law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price for goods or services or a different level or quality of goods or services.
  • Retaliate against you as our employee, applicant for employment, or independent contractor.

 

7. Your Rights Regarding Automated Decision-Making Technology

Under the CCPA, California residents have the right to request information about, opt out of, and appeal certain uses of automated decision-making technology (“ADMT”). ADMT refers to any technology that processes personal information and uses computation to replace or substantially replace human decision-making. The use of ADMT may significantly affect individuals in areas such as eligibility for financial products, services, or employment.

At present, we do not use ADMT with respect to any personal information subject to the CCPA. Our current use of ADMT is limited to financial products and services regulated by the GLBA and CalFIPA, which are expressly exempt from the CCPA. Accordingly, there is no use of ADMT on CCPA-covered data, and therefore no information to provide in response to requests to access, opt out of, or appeal ADMT decisions.

If, in the future, we begin using ADMT with respect to CCPA-covered personal information, we will update this disclosure and provide the corresponding ADMT rights.

 

8. How to Exercise Your CCPA Rights

To exercise the Right to Know, Right to Delete, or Right to Correct, a consumer or a consumer’s authorized agent may submit a verifiable consumer request to us by either:

  • Calling us at (888) 354-6228. For TDD hearing-impaired assistance through Relay Service dial 7-1-1, through the Relay Operator dial 1-800-238-4486, or through Teletypewriter (TTY) dial 1-800-826-7345.
  • Completing the CCPA Request Form

You may opt-out of the sharing of your personal information for cross-context behavioral advertising through the following link: Do Not Sell or Share My Personal Information

This link is also available on the homepage of our website and mobile application. In addition, if you enable opt-out preference signals such as Global Privacy Control (“GPC”) in a particular web browser, we will automatically honor that signal as a request to opt out to the sharing of your personal information for cross-context behavioral advertising when you access our website using that browser. Please note that GPC signals are browser-specific and must be enabled separately on each browser or device; enabling GPC in one browser will not apply to other browsers or devices you may use.

9. General Description Regarding Identity Verification Requirements and Response Time Applicable to Requests to Know, Delete, or Correct

We cannot respond to a Request to Know, Delete, or Correct without first verifying the identity of the requestor. Making a verifiable consumer request does not require you to create an account with us. However, we may consider requests made through a password protected account with us sufficiently verified when the request relates to personal information associated with that specific account.

If we receive a request through an authorized agent of the consumer, we will require:

  1. Submission of a written document signed by the consumer with the consumer’s permission for the authorized agent to submit a verifiable request on their behalf and require the authorized agent to verify their own identity to us; or
  2. The consumer to directly verify with us that they have authorized the agent to submit the request.
  3. We will not require either of the above if the authorized agent provides a copy of a power of attorney pursuant to California Probate Code sections 4121 to 4130 and we are able to verify authorized agent’s identity.

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it. We will ask you to complete the CCPA Request Form which will ask you for information that will help us verify your identity. The verification process includes matching the information you provide us with the information we have in our records. The stringency of the verification process depends on the sensitivity of the request, whether or not the consumer is a current customer with a password-protected account, the need to prevent unauthorized access and disclosure of personal information and other factors. Within 10-days of your submission of your CCPA request, we will notify you of any additional information we might need to verify your identity.

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.  We do not charge a fee to process or respond to your verifiable consumer request.

 

VI. CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will notify you by email or through a notice on our website homepage.

 

VII. CONTACT INFORMATION

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights, or to request changes to any of your personally identifiable information that we have collected, please do not hesitate to contact us at:

Toll-Free Number: (888) 354-6228. For TDD hearing-impaired assistance through Relay Service dial 7-1-1, through the Relay Operator dial 1-800-238-4486, or through Teletypewriter (TTY) dial 1-800-826-7345.

Mail:
Orange County’s Federal Credit Union
P.O. Box 11777
Santa Ana, CA 92711-1777