- Providing member privacy notices
UIECU will provide member privacy notices as required by the GLB Act. Members will be sent initial privacy notices to current accurate addresses. Thereafter, members will be sent privacy notices at least annually. New members and persons adding joint relationships will receive privacy notices at the time of application or approval of membership or services. Privacy notices will be provided in a form that the member may keep.
- Collection of Member Information
UIECU collects information about members in many ways. Information is provided by members on applications for membership, accounts, loans, and a variety of other products and services. Information is also provided with requests for transactions of many kinds. UIECU also receives information when processing member transactions such as clearing checks, ACH transfers, debit transactions, and more. Members also provide information in response to questions posed by the Credit Union or in their correspondence to the Credit Union. All member information collected is considered nonpublic personal information and is subject to the confidentiality provisions of this policy.
- Confidentiality and Security of Member Information
UIECU will undertake reasonable measures to protect the confidentiality and security of member information. Physical security of documents, restricted access to information, and proper handling of information form the basis of the credit union’s procedures.
UIECU employees will verify members’ identity before releasing information or processing transactions for members.
Employees will also maintain control and security of documents that contain member information. After processing, documents with nonpublic personal information will be properly filed or will be designated for shredding.
Employees are allowed access to members’ information as needed to fulfill members’ requests or conduct credit union business as may be appropriate.
The Credit Union maintains physical, electronic, and procedural safeguards to protect member information.
Providing nonpublic personal information to nonaffiliated third parties.
UIECU does not provide nonpublic personal information to nonaffiliated third parties.
Credit Union Affiliates
UIECU may share information with another company that is controlled by the Credit Union. Credit Union control is defined as ownership of the power to vote at least 25% of the outstanding shares; control in any manner over the election of a majority of the directors; or the power to exercise a controlling influence of the company (in cases of Credit Union Service Organizations (CUSO), the CUSO must be 67% owned by credit unions).
Agreements with Others: Financial Institutions, Service Providers, Third Parties to process members’ request.
UIECU may enter into joint marketing agreements with other financial institutions as defined by the GLB Act. Various products and services may be offered under these agreements.
UIECU may also enlist firms or individuals to provide service for or market on behalf of the credit union. These service providers are authorized to assist the Credit Union in marketing its products and services.
UIECU may also utilize third party processors, information providers, and service providers as needed to facilitate the requests of members to provide Credit Union services.
In any arrangement with parties as named above, the Credit Union will require agreements that protect the confidentiality of any nonpublic personal information. The agreement will also prohibit the use of information for any purpose except to the extent necessary to perform, effect, administer or enforce any transactions or services requested by the Credit Union or its members. Furthermore, the agreement will also prohibit the re-use of any information in any manner.
All contracts entered into after July 1, 2000 will contain clauses as referenced above. By July 1, 2002, all Credit Union contracts will be revised to include clauses as referenced above.
Sharing of Information in Other Circumstances
The Credit Union may disclose nonpublic personal information as allowed as exceptions in the regulation. Nonpublic personal information will be shared in appropriate situations to the extent permitted by law. Examples of these situations includes, but is not limited to:
With the consent of or at the direction of a member.
To protect the confidentiality of security of our records pertaining to the member, service, product, or transaction.
To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978, to law enforcement agencies, and others as provided for by the regulation.
To a consumer reporting agency in accordance with the Fair Credit Reporting Act.
In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit.
To comply with federal, state, or local laws, rules and other applicable legal requirements.
With others who request credit references in accordance with customary business practices.
With regulatory agencies or auditors as required and allowed.
UIECU prohibits its employees from obtaining, attempting to obtain, or causing to be disclosed, member financial information relative to another person by use of false or fraudulent practices. These practices include: (1) Making a false statement to an officer or agent of a financial institution, (2) making a false statement to a customer of a financial institution, or (3) providing, to an officer or agent of a financial institution, a document that person knows is false, stolen, fraudulently obtained, or contains a false representation.
Inquiries made to the credit union shall require the verification of the identity of the requesting party, a determination of the reasons information is being requested, and a determination of the authorization of the member to disclose the information. Authorization by the member may include the issuance of a check, an application for credit, an express authorization for verification, or other means that may be deemed reasonable.
Employees are trained to respect members’ privacy through compliance with the Credit Union’s policies and procedures. Failure to comply will subject employees to disciplinary action.
Security of Technology
Online services are delivered under the security measures that are described in UIECU’s I-Branch Security Statement. This environment includes measures including data encryption, authentication, password requirements, and profile controls such as timed logoffs.
Regular non-encrypted Internet email is not secure. In the instances where UIECU Internet email addresses are provided, these are provided for information inquiries of a non-sensitive and non-confidential nature. UIECU will not include confidential account information in an email response. Messages sent through UIECU’s I-Branch are secure and use Secure Socket Layer (SSL) encryption.
Use of “Cookies”
UIECU uses "cookies" as part of our interaction with members’ browsers when accessing our website or I-Branch. These cookies do not collect personally identifiable information, and we do not combine information collected through cookies with other personal information to determine members’ identities.
Children’s Online Privacy
UIECU does not knowingly solicit data from children under 13, and we do not knowingly market to children. Our website section devoted to youth, “Googolplex,” is provided through CUNA, and includes a full disclosure regarding compliance with the Children’s Online Privacy Protection Act.
Should you have any questions or comments about this privacy statement, please contact us at firstname.lastname@example.org or call the Vice President of Member Services at 217-278-7700.
The University of Illinois Employees Credit Union