U.S. Privacy Notice
WHAT DOES SERVICE FEDERAL CREDIT UNION DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some by not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us.
This information can include:
- Social Security number and income
- Account balances and payment history
- Credit history and credit scores
All financial companies need to share members’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their members’ personal information; the reasons Service Federal Credit Union chooses to share; and whether you can limit this sharing.
REASONS WE CAN SHARE YOUR INFORMATION
|DOES SERVICE CREDIT UNION SHARE?||CAN YOU LIMIT THIS SHARING?|
|FOR OUR EVERYDAY BUSINESS PURPOSES—SUCH AS TO PROCESS YOUR TRANSACTIONS, MAINTAIN YOUR ACCOUNT(S), RESPOND TO COURT ORDERS AND LEGAL INVESTIGATIONS, OR REPORT TO CREDIT BUREAUS||YES||NO|
|FOR OUR MARKETING PURPOSES—TO OFFER OUR PRODUCTS AND SERVICES TO YOU||YES||NO|
|FOR JOINT MARKETING WITH OTHER FINANCIAL COMPANIES||YES||NO|
|FOR OUR AFFILIATES’ EVERYDAY BUSINESS PURPOSES—INFORMATION ABOUT YOUR TRANSACTIONS AND EXPERIENCES||NO||WE DON'T SHARE|
|FOR OUR AFFILIATES’ EVERYDAY BUSINESS PURPOSES—INFORMATION ABOUT YOUR CREDITWORTHINESS||NO||WE DON'T SHARE|
|FOR NONAFFILIATES TO MARKET TO YOU||NO||WE DON'T SHARE|
Who we are
Who is providing this notice?
Service Federal Credit Union
What we do
How does Service Federal Credit Union protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
We only work with companies that undertake security measures that will protect your non-public personal information.
How does Service Federal Credit Union collect my personal information?
We collect your personal information for example, when you
- Open an account or deposit money
- Pay your bills or apply for a loan
- Use your credit or debit card
Why can’t I limit all sharing?
Federal law gives you the right to limit only
- Sharing for affiliates’ everyday business purpose information about your creditworthiness
- Affiliates from using your information to market to you
- Share for non-affiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
Companies related by common ownership or control. They can be financial and non-financial companies.
- Our affiliates include financial companies with a Service name including Service Financial Advisors, LLC.; Service Insure, LLC.; Service Capital, LLC.; and Service Exchange, LLC.
Companies not related by common ownership or control. They can be financial and non-financial companies.
- Non-affiliates we share with can include insurance companies, payment networks, and credit card companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
- Our join marketing partners include payment networks and credit card companies.
European Union Privacy Notice
Service Federal Credit Union is a New Hampshire federally-chartered credit union headquartered at 3003 Lafayette Road, Portsmouth, New Hampshire, 03801 USA. We are a member-owned cooperative financial institution offering a wide variety of financial products and services to our members throughout the world.
We understand that the privacy of your personal information and data is very important to you, and Service Federal Credit Union is fully committed to protecting and using the personal data of its members and all individuals lawfully, fairly, and transparently.
In addition to complying with United States and New Hampshire privacy and data protection laws, the credit union intends to comply with the European Union’s General Data Protection Regulation (“GDPR”), and the German Federal Data Protection Act, to the extent applicable to our members currently living in a European Union country, as soon as feasible, and where those obligations do not conflict with United States law and regulations with which the credit union must comply.
This European Union Privacy Notice applies to any information relating to an identified or identifiable person in the European Union (generally someone living in the European Union) in the credit union’s capacity as either controller or processor of that personal information. The credit union does not apply the GDPR protections and standards to the information of individuals not living in the European Union.
For the purposes of this European Union Privacy Notice, the following definitions apply:
- “Personal Data” means any information relating to an identified or identifiable individual potential member, member, former member, joint account holder, beneficiary, and in limited circumstances non-members. Personal Data includes but is not limited to your name, address, identification number such as Social Security Number, and account number.
- “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or making available, alignment or combination, restriction, erasure, or destruction.
This European Union Privacy Notice generally describes Service Federal Credit Union’s policies and practices regarding its collection and use of your Personal Data, and summarizes your privacy rights under the GDPR. Because the GDPR is very lengthy and complex, this European Union Privacy Notice does not detail all GDPR privacy rights or the limits to those rights.
Data Protection Officer
Service Federal Credit Union has appointed an internal data protection officer whom you may contact if you have any questions or concerns about Service Federal Credit Union’s personal data policies or practices, or its compliance with GDPR. The following is the contact information:
Service Federal Credit Union
Data Protection Officer
3003 Lafayette Road
Portsmouth, New Hampshire 03801 USA
Collection and Processing of Personal Data
Service Federal Credit Union collects and processes Personal Data only to market and provide financial products and services to individuals, including but not limited to opening and maintaining deposit accounts, making personal loans, and providing payment services.
The credit union’s Personal Data subject to the GDPR is:
- Processed lawfully, fairly, and transparently;
- Collected for specified, explicit and legitimate purposes, and not further Processed in a manner incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are Processed;
- Accurate, and where necessary, kept up to date;
- As soon as feasible, kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are Processed; and,
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical security measures.
Service Federal Credit Union also minimizes the risk to your rights and freedoms by not collecting or storing sensitive personal information about you, such as racial or ethnic origin, political opinions, or religious beliefs.
Legal Basis for Processing Personal Data
Service Federal Credit Union processes your Personal Data only to provide financial products and services the credit union has contractually agreed to provide you, where necessary with your consent, or to comply with laws.
Transferring Personal Data from the EU to the US
Service Federal Credit Union is headquartered in the United States, and the Personal Data we collect from you may be Processed in the United States. The United States has not received a finding of information security “adequacy” from the European Union under Article 45 of the GDPR. Therefore, Service Federal Credit Union relies on the specific grounds in GDPR Article 49 to transfer your Personal Data from the European Union to the United States. In particular, the credit union transfers Personal Data collected in the European Union to its Portsmouth, New Hampshire, headquarters for Processing only to provide financial products and services the credit union has contractually agreed to provide to you, where necessary with your consent, or to comply with laws.
Service Federal Credit Union applies appropriate safeguards to protect the privacy and security of your Personal Data while in transit to the United States.
Disclosure of Personal Data to Third Parties
Service Federal Credit Union discloses Personal Data to independent third parties only for the credit union’s everyday business purposes to serve you, including but not limited to account opening and maintenance, transaction processing, loan origination and processing, payment processing, credit bureau reporting, responding to court orders or valid subpoenas or other information requests, and to market the credit union’s products and services to you. For example, to process your debit or credit card transactions, the credit union must share your Personal Data with various payment network providers. Service Federal Credit Union never sells your Personal Data to third parties.
Data subject rights
Under the GDPR, you have the following rights regarding your Personal Data:
- To confirm that the credit union is Processing your Personal Data;
- To access your Personal Data;
- To request correction of inaccurate Personal Data or to have incomplete Personal Data completed;
- To require the erasure of your Personal Data, subject to United States and New Hampshire record retention laws and regulations, which may require data retention for a specified time;
- To block or restrict the Processing of your Personal Data;
- To receive your Personal Data in a format which may be transferred to another company;
- To object to a decision based solely on automated Processing or your Personal Data, including profiling, unless necessary for entering into, or performing, a contract between you and the credit union; and,
- To file a complaint with your local European Union state data protection authority.
Personal Data of Children
Service Federal Credit Union Processes Personal Data of children under the age of 16 only with the written consent of the holder of parental responsibility over the child prior to Processing the child’s Personal Data. The credit union only Processes the Personal Data of a child over the age of 16 with that child’s explicit consent.
Security of your information
Considering the state of the art of data security, the implementation costs, and the nature, scope, context and purpose of Processing, as well as the likelihood and severity of the risks to your rights and freedoms, Service Federal Credit Union has implemented appropriate technical and organizational measures to ensure a level of information security appropriate to the risks. We also continually invest in testing and updating our security technology and procedures.
It is the responsibility of all Service Federal Credit Union employees to protect and insure the confidentiality of all Personal Data, and the credit union regularly trains our employees on the importance of maintaining the privacy and security of your Personal Data. We are also committed to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Service Federal Credit Union’s information security policies, processes or technology do not guarantee absolute security of your Personal Data. You should take all normal personal information security steps to protect your Personal Data such as using and not sharing your secure passwords, closing browsers after use, and not using insecure public networks.
Data storage and retention
Service Federal Credit Union is implementing a program where it retains your Personal Data only for as long as it is required to do so under United States federal and state law applicable to the credit union.
Changes and updates to the Privacy Notice
Service Federal Credit Union and its membership, products and services change from time to time, and information security threats and security technologies also constantly evolve. Accordingly, we reserve the right to amend this European Union Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended European Union Privacy Notice on our website. You should check our website frequently to see the current European Union Privacy Notice that is in effect and any changes we may have made to it.
Questions, concerns or complaints
If you have any questions, concerns, or complaints about your Personal Data and Service Federal Credit Union, or this European Union Privacy Notice, please contact Service Federal Credit Union’s AVP of Regulatory Compliance at GDPR@servicecu.org.
California Privacy Notice
This California Consumer Privacy Act (CCPA) Notice (“Notice”) is provided by Service Federal Credit Union (“Service CU”, “we” or “us”). This Notice explains how we collect, use, and disclose personal information about California residents. The Notice also explains certain rights that California residents have under the California Consumer Privacy Act.
Collection and Disclosure of Personal Information
In the past 12 months, we have collected the following categories of Personal Information about California residents:
- Identifiers, such as name and government-issued identifier (e.g., Social Security Number);
- Personal information, as defined by Cal. Civ. Code § 1798.80, such as contact information or financial information;
- Certain characteristics, such as sex, age, military status, and/or marital status;
- Commercial information, such as transaction information and purchase history;
- Biometric information, such as fingerprints and voiceprints;
- Internet or network activity information, such as browsing history and interactions with our website, applications, and emails;
- Geolocation data, such as device location and Internet Protocol (IP) location;
- Audio, electronic, visual, and similar information, such as call and video recordings;
- Professional and employment-related information, such as work history and prior employer;
- Education information; and
- Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.
We collected such Personal Information from the following sources:
- Directly from California residents or their representatives;
- Third party companies or organizations from whom we collect personal data as part of providing products and services, completing transactions, and supporting our everyday operations and business development;
- Third party companies or organizations that provide data to support activities such as fraud prevention, underwriting, collections, and marketing (like credit bureaus or address tracing companies);
- Public records or widely available sources, including social and news media or federal, state, or local government sources;
- Consumer data resellers;
- Service Federal Credit Union Affiliates (for example Service Insure);
- Indirectly from California Residents, for example regarding activity on our website and mobile app or through social media; and
- Third party companies or organizations from whom we collect Personal Information to support human resource and workforce management activities
We have disclosed some of the above categories of Personal Information for business purposes to the following third parties:
- Vendors and service providers that provide services to Service Federal Credit Union as part of providing products and services, completing transactions, and supporting everyday operations, such as website hosting, data analysis, payment processing, information technology and related infrastructure, fraud prevention and data security, customer service, and marketing activities;
- Third party companies or organizations in connection with routine or required reporting, including consumer reporting agencies;
- Our affiliates and subsidiaries, including Service Insure;
- Individuals or organizations that represent California residents, such as a power of attorney, guardian, or legal counsel;
- Other third parties authorized by our members to access their personal information, such as data aggregators, and those authorized to conduct transactions online and via mobile devices, and to support loan fulfillment services; and
- Government agencies, including law enforcement, to support regulatory and legal requirements.
Use of Personal Information
In the past 12 months, we have used Personal Information relating to California residents for one or more of the following business purposes:
- Performing services and offering products, including maintaining or servicing accounts, processing applications, providing member service, verifying your identity, and processing transactions;
- Engaging in advertising or marketing activities;
- Preventing, detecting, and responding to fraud or other security incidents;
- Undertaking activities, including internal research and analysis, to derive consumer insights and to maintain or enhance the quality of our products and services, including our website;
- Maintaining the integrity and the functionality of our information technology systems;
- Responding to legal requests for information, such as subpoenas, warrants, and court orders; and
- And complying with other legal requirements, such as maintaining information for required retention periods.
Sale of Personal Information
California Residents have the right to opt-out of the sale of their Personal Information by a business. It is Service CU’s policy not to sell Personal Information, and we have not done so in the past 12 months. Because Service CU does not sell your Personal Information, we do not offer an opt-out under the CCPA.
Rights Under the CCPA
If you are a California resident, you have the right to:
- Request that we disclose to you the following information covering the 12 months preceding your request (“request to know”):
- the categories of Personal Information that we collected about you and the categories of sources from which we collected such Information;
- the business or commercial purpose for collecting Personal Information about you;
- the categories of Personal Information about you that we disclosed to third parties for a business purpose and the categories of third parties to whom we disclosed such Personal Information; and
- the specific pieces of Personal Information we collected about you.
- Request that we delete Personal Information that we collected from you, subject to applicable exceptions (“request to delete”). As stated above, we do not sell your Personal Information.
- Be free from unlawful discrimination for exercising your rights under the CCPA.
You also have the right to use an authorized agent to make a request under the CCPA on your behalf. Your agent will need to submit documentation, such as written permission or a valid California Power of Attorney, along with their request proving the legal authority of the authorized agent making the request on their behalf. We may deny the agent’s request if the agent does not submit proof that they have been authorized by you to act on your behalf.
Parents/legal guardians making requests on behalf of their minor children will need to include a description of their relationship to the minor child and include a certified copy of the birth certificate or legal documentation to provide proof of their status.
How to Make Requests
If you are a California resident (or an authorized agent thereof), you may make a request for the disclosures described above or make a request to delete Personal Information we collected from you using one of the below methods.
- Using our online portal, you may submit a secure request electronically.
- Calling us toll-free at 1-800-936-7730 to initiate your request.
- Mailing a written request to the following address. Your written request must include your name, the last 4 digits of your account number or SSN/TIN, address, relationship to Service CU (member, non-member, applicant, etc.), the nature of your request, your address, and a phone number where you can be reached.
ATTN: Compliance Dept.
Service Federal Credit Union
3003 Lafayette Rd
Portsmouth, NH 03801
Upon submission of your request, we will take steps to verify your identity or, if applicable, the authorized agent. This may be accomplished by asking you to verify details about your account and information we have on file or by reviewing your signature. Those steps may vary, however, depending on your relationship with Service Federal Credit Union and the intake method.
Further, in rare cases we may require you to visit a Service Federal Credit Union branch or acknowledge your identity before a notary public.
We will work to process all verified requests within 45 days. If we need an extension in order to process your request, we will reach out to you.
Privacy and data protection laws, other than the CCPA, apply to much of the Personal Information that we collect, use, and disclose. When these laws apply, Personal Information may be exempt from, or outside the scope of, Requests to Know and Deletion Requests. As a result, in some instances, we may decline all or part of a Request to Know or Deletion Request related to this Personal Information. This means that we may not provide some or all of this Personal Information when you make a Request to Know. Also, we may not delete some or all of this Personal Information when you make a Deletion Request.
In some instances, we may not be able to honor your request; for example, we will not honor your request if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we may not honor your request where an exception applies, such as where we are required to maintain the information to comply with state or federal law or where the Personal Information that we maintain about you is not subject to the CCPA’s rights.
We will advise you in our response if we are not able to honor your request. We will not provide Social Security Numbers, driver’s license numbers or government-issued identification numbers, financial account numbers, healthcare or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
Contact for More Information
For any questions or concerns regarding the CCPA or Service Federal Credit Union’s CCPA request process, please call us at 800-936-7730 or send an email to our Assistant Vice President of Compliance, Stephanie Kinnett at firstname.lastname@example.org.
Changes to This Notice
We may change or update this Notice in the future. When we do, we will post the revised CCPA Disclosure on this website. This CCPA Disclosure was last updated and became effective on the following date: August 21, 2020.
Notice for California Residents: Collection & Use of Personal Information
Why are you getting this notice?
Under the 2020 finalized regulations of the California Consumer Privacy Act (“CCPA”), this notice must be provided at or before collection of Personal Information from a California resident. This notice explains the categories of personal information that we may collect from or about you and what we do with those categories of information.
What personal information does Service CU collect and how do we use it?
The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes (i.e., information subject to the Gramm-Leach-Bliley Act (“GLBA”)). For more information about how we collect, disclose, and secure information relating to these customers, please refer to our U.S. Privacy Notice. The following table covers all categories that we may collect on you, depending on your individual membership:
|Identifiers||Your name, SSN, DOB, email address, physical address, IP address, nickname, driver's license number, passport information, or other similar identifiers||This information is necessary for regulatory purposes and to identify you and your account. We also use this information to verify your identity, monitor your activity for potential fraud or identity theft, and to provide you with products and services that fit your needs.|
|Personal Information, as defined by the CCPA||Under the CCPA, Personal Information covers any information that identifies, relates to, or can be associated with any individual. For example, your signature, employment information, and any other financial information specific to you.||This information is necessary for regulatory purposes and to identify you and your account. We also use this information to verify your identity, monitor your activity for potential fraud or identity theft, and to provide you with products and services that fit your needs.|
|Certain Characteristics||Your marital status, age, or gender, for example.||We may use this information to create a member profile in order to target advertising and products that may be most relevant to you.|
|Commercial information||Records of your personal property like the vehicle or home you finance with us, products or services of ours that you have used or considered in the past, transactional information, or other purchasing or consuming histories or tendencies||This information is necessary for regulatory and lending purposes. We also may use this information to create a member profile in order to provide you with products and services that fit your needs.|
|Internet or other electronic network activity information||Your browsing history per our cookie consent policy, stored pixels, or information regarding your interactions with our own website, applications, or advertisements||We use this information to track our website usage, optimize site layout, and also to create a member profile in order to provide you with products and services that fit your needs.|
|Geolocation data||IP address, transaction location, and other information that could be used to identify the location of an electronic device that you are using||This information may be used for creating targeted communications, offering you products or services that fit your needs, determining your closest Service CU Branch or ATM, or determining where you are performing your banking transactions from. This last piece is useful for detecting fraudulent activity.|
|Biometric information||Fingerprint, Face ID, Eye print, voiceprint, palm scan||You may opt-in to using biometric scans to access your account, for example logging in to online banking.|
|Audio, electronic, visual, or similar recorded information||Security footage on our closed-circuit cameras, audio recordings of our phone conversations, electronic records of our chat sessions||This information is maintained for security and quality assurance purposes. We may also use this information in Fraud case reviews.|
|Professional, employment-related, and Education information||Your current employer, income, education level, school attended, previous employers, and time at your profession||This information is collected and used for regulatory lending purposes when we assess your ability to repay a loan.|
|Inferences drawn from any of the information identified here to create a member-profile||Information that we infer about you based on observed product usage and responses to our surveys||We use this information to optimize the products and services we offer and also to create a member profile in order to provide you with products and services that fit your needs.|
Does Service Credit Union sell any of this information?
Where can I learn more about Service Credit Union’s privacy practices for CCPA-covered individuals?
You can find more information in our California Privacy Notice here.
Additional Information On Our Mobile Application
The Service CU Mobile App (“the App”) accesses the following information about your activity and device location. The App collects location data to enable “Pulsate” messaging, even when the App is closed or not in use. Specifically, the following pieces of information are collected by the App:
- Location – Used for geofencing and beacon scanning essential for advertising/marketing campaign delivery
- UserID – Pulsate creates a random user GUID upon initial app access, which is later used during every connection with Pulsate. This GUID is unique for each device/app and changes after every app reinstall. This ID is used for identifying a user and sending campaigns.
- Product Interaction – Pulsate tracks user’s app entry, app exit, and pages viewed within the app.
- Name – Pulsate collects user’s first name for product personalization purposes.
This information may be used for creating targeted communications, offering you products or services that fit your needs, determining your closest Service CU Branch or ATM, or determining where you are performing your banking transactions. This last piece is useful for detecting fraudulent activity.