Categories of Information We Collect
In the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):
Category Examples A. Identifiers A real name or alias; postal address; signature; home phone number or mobile phone number; bank account number, credit card number, debit card number, or other financial information; physical characteristics or description; email address; account name; Social Security number; driver’s license number or state identification card number; passport number; or other similar identifiers. B. Protected classification characteristics under state or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). C. Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. D. Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. E. Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. F. Geolocation data Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and, with your permission in accordance with your mobile device settings, and precise geolocation information from GPS-based functionality on your mobile devices. G. Sensory data Audio, electronic, visual, thermal, olfactory, or similar information. H. Professional or employment-related information Current or past job history, performance evaluations, disciplinary records, workplace injury records, disability accommodations, and complaint records. I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Educational records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records J. Inferences drawn from other personal information Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
Categories of Sources of Information We Collect
We obtain the categories of personal information listed above from one or more of the following categories of sources:
a. From You or Your Authorized Agent
We may collect information directly from you or your authorized agent. For example, when you provide us your name and Social Security number to open an account and become a member. We also collect information indirectly from you or your authorized agent. For example, through information we collect from our members while providing services to them.
b. From Our Website and Applications That You Access on Your Mobile Device
We collect certain information from your activity on our website activity on our website (insert website address) and your use of applications on your mobile device. We may collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider (“ISP”), pages that you visit before and after visiting our website, the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information. We may also collect your mobile device’s GPS signal, or other information about nearby Wi-Fi access points and cell towers.
- “Cookies” are small amounts of data a website can send to a visitor’s web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us or our service providers and other companies we work with to relate your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies but doing so may degrade your experience with our online services.
- Clear GIFs, pixel tags or web beacons—which are typically one-pixel, transparent images located on a webpage or in an email or other message—or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns and measure site or campaign engagement.
- “First party” cookies are stored by the domain (website) you are visiting directly. They allow the website’s owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. “Third-party” cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:
- Essential Cookies: These cookies are technically necessary to provide website functionality. They are a website’s basic form of memory, used to store the preferences selected by a user on a given site. As the name implies, they are essential to a website’s functionality and cannot be disabled by users. For example, an essential cookie may be used to prevent users from having to log in each time they visit a new page in the same session.
- Performance and Function Cookies These cookies are used to enhance the performance and functionality of a website, but are not essential to its use. However, without these cookies, certain functions (like videos) may become unavailable.
- Analytics and Customization Cookies: Analytics and customization cookies track user activity, so that website owners can better understand how their site is being accessed and used.
- Advertising Cookies: Advertising cookies are used to customize a user’s ad experience on a website. Using the data collected from these cookies, websites can prevent the same ad from appearing again and again, remember user ad preferences, and tailor which ads appear based on a user’s online activities.
c. Third-party Service Providers in Connection with Our Services or Our Business Purposes
We collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application. Another example is a third-party service provider that provides us information to help us detect security incidents and fraudulent activity.
d. Information We Collect from Third Parties for a Commercial Purpose
How We Use Your Personal Information
We may use or disclose personal information we collect for one or more of the following operational or other notified purpose (“business purpose”):
- To fulfill or meet the reason for which the information is provided. For example, you apply for a loan, and we use the information in your loan application to give you the loan.
- To provide you with information, products, or services you request from us.
- To provide you with email alerts, event registrations, or other notices concerning our products, services, events, or news that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, and analysis to improve our products or services, or for developing new ones.
- To protect the rights, property, or safety of us, our employees, our members, or others.
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets in which personal information held by us is among the assets transferred.
We also use your personal information to advance our commercial or economic interests (“commercial purpose”), such as advertising our membership, products, and services or enabling or affecting, directly or indirectly, a commercial transaction.
Sharing Personal Information
We disclose your personal information to a third party for business or commercial purposes. When we disclose personal information, we enter a contract that describes the purpose and requires the recipient to keep that information confidential and not use it for any purpose except performing the contract.
In the preceding 12-months, we have disclosed personal information relating to the categories outlined in Section I for a business or commercial purpose.
We disclose your personal information for a business or commercial purpose to the following categories of third parties:
- Our third-party service providers
- Our affiliated websites and businesses to bring you improved service across our family of products and services when permissible under relevant laws and regulations
- Other companies to bring you co-branded services, products, or programs
- Third parties that help us advertise, products, services, or membership with us to you
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you
- Third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation, or merger of our financial institution or affiliated business; and
Selling Personal Information
In the preceding 12-months, we have sold personal information relating to the categories outlined in Section I for a business or commercial purpose. We do not sell the personal information of minors under 16 years of age without authorization from a parent or legal guardian.
Your Rights and Choices
This section describes your rights and choices regarding how we collect, share, use, and protect your personal information, how to exercise those rights, and limits and exceptions to your rights and choices.
We will first address the exceptions where your rights and choices in this Section VI do not apply to you:
If you are not a California resident:
- “Aggregated information” that relates to a group or category of consumers, from which consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device
- “Deidentified information” that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to you, provided that we have: (i) implemented technical safeguards that prohibit reidentification of your information; (ii) implemented business processes that specifically prohibit reidentification of the information; (iii) have business processes to prevent inadvertent release of deidentified information; and (iv) make no attempt to reidentify the information
- The information we have is publicly available from government records
b. Access to Specific Information and Data Portability Rights
If the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months from the date we receive your request. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:
- The categories of personal information we collected about you
- The categories of sources for the personal information we collected about you
- Our business or commercial purpose for collecting or selling that personal information
- The categories of third parties to whom we sold or disclosed the category of personal information for a business or commercial purpose
- The business or commercial purpose for which we sold or disclosed the category of personal information
- The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”)
c. Authorized Agents
You also have the right to use an authorized agent to make a request under the CCPA on your behalf. California residents who have a relationship with AllSouth Federal Credit Union may rely on a valid general power of attorney already on file that appoints the Authorized Agent as Attorney-in-Fact. California residents who do not have a valid general power of attorney already on file, or do not have a relationship with AllSouth Federal Credit Union, must designate their authorized agent using the Limited CCPA Power of Attorney Form.
Parents/legal guardians making requests on behalf of their minor children will need to complete the Parent/Legal Guardian Cover Sheet and include a certified copy of the birth certificate or legal document to provide proof of their status.
Completed limited CCPA POA Forms and Parent/Legal Guardian Cover Sheets may be mailed to: AllSouth Federal Credit Union, 730 Elmwood Avenue, Columbia South Carolina 29201.
When we receive a verifiable request from your “authorized agent,” which is any person or legal entity registered with the California Secretary of State that you have authorized to act on your behalf, we will require:
- Submission of a written document signed by you with your permission for the authorized agent to submit a verifiable request on your behalf and require the authorized agent to verify its own identity to us; or
- Require your authorized agent to furnish a copy of a power of attorney pursuant to California Probate Code sections 4000 to 4465 and require the authorized agent to verify its own identity to us.
We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf and cannot verify their own identity to us.
d. Deletion Request Rights
You have the right to request that we delete any of your personal information that we collect from you and retain, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech or exercise another right provided for by law.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
e. Right of Correction
You have the right to request changes to any of your personally identifiable information that we have collected through our website and online services.
f. Exercising Access, Data Portability, Deletion and Correction Rights
To exercise the access, data portability, deletion, and correction rights described above, please submit a verifiable consumer request to us by either:
- Writing us at AllSouth Federal Credit Union, 730 Elmwood Avenue, Columbia, South Carolina 29201.
- Calling us at 803-736-3110 or toll-free at 1-800-272-0695.
- Visiting one of our branches
You may only make a verifiable consumer request for access or data portability twice within a
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
g. Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. The Credit Union will provide the notice by mail to account holders and non-account holders by mail.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we may not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another individual or where the Personal Information that we maintain about you is not subject to the CCPA’s rights.
We will advise you in our response if we are not able to honor your request. We will not provide Social Security Numbers, driver’s license numbers or government-issued identification numbers, financial account numbers, healthcare or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
h. Right to Opt-Out of the Sale of Personal Information
You have the right to opt-out of the sale of your personal information. To exercise this right, please complete the opt-out form.
Notice of Right of Opt-Out
The terms “sell,” “selling,” “sale,” or “sold,” are defined in the California Consumer Privacy Act as the act of selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by a business to another business or a third party for monetary or other valuable consideration.
We do not sell your personal information for monetary consideration. However, there may be instances where we disclose or share your information with a third party for other valuable consideration. When we refer to “sell,” “selling,” “sale” or “sold” in this Notice of Right of Opt-Out, we are referring to disclosure or sharing of personal information for valuable consideration other than money.
You have the right to opt-out of the sale of your personal information. To exercise this right, please complete the opt-out form.
If your authorized agent will be submitting an opt-out form on your behalf, we will require your authorized agent’s full legal name, a government-issued identification to verify the identity of your authorized agent, and proof of the source of your authorized agent’s authority (e.g., Power of Attorney, conservatorship, your written instruction, etc.).
i. Right of Non-Discrimination
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price for goods or services or a different level or quality of goods or services
Do Not Track ("DNT") Signals
Currently, the standards regarding the DNT signals and appropriate responses are not defined. As a result, we do not respond to DNT signals generally except, however, we will treat DNT signals from user-enabled privacy controls, such as a browser plug in or privacy setting or other mechanism, that communicate or signal your choice to opt-out of the sale of your personal information as a valid request to opt-out of the sale of personal information for that browser or device, or, if identifiable, the consumer’s personal information.
Children's Online Information Privacy
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
If you believe we might have any information from or about a child under 13, please contact us at [email protected].
Linking to Third-Party Websites
We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings.
Please note that the information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information (such as your Social Security number) to us.
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) became operative. Under the CCPA, covered businesses that collect the personal information of California residents must provide notice regarding their data collection and sharing practices. In addition, the CCPA confers upon California residents the right to make certain requests with respect to their data.
Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural, and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.