Privacy, Accessibility & Disclosures

Introduction
NIH Federal Credit Union (NIHFCU) strives to serve your needs and protect your identity and any information we collect. Our efforts include all interactions you may have with NIHFCU, including but not limited to the use of NIHFCU Online Banking (OLB) and Mobile Applications (Apps).

We currently use the following Mobile Applications and collect and share only the data necessary to further enhance the member usage experience. Current Apps include, but are not limited to:

• ⁱ Android App available in Google Play
• ⁱⁱ iOS App available in Apple App Store
• Zelle ®SDKs requires use of device Contacts and Camera permissions in order to use select features properly. Both Apple & Google Play require the purpose of collecting and using this data in their respective policies and be disclosed.

For example, the NIHFCU Mobile Banking App collects and uploads end-user (Members) contact lists to simplify adding payees for Zelle person to person payments when members are enrolled in Zelle.

While using Zelle ®, to use the QR Code Feature, with your prior permission, NIH Federal Credit Union may collect or access pictures and other information from your device’s Contacts, Camera, and Photos.   Any information collected is used to provide features of the Zelle ® service and/or to improve the customize the user experience.  The information may be uploaded to our servers, or it may be simply stored on your device.   You can enable or disable access to this information at any time, through your device settings.

This Online Privacy Policy:

• Covers your interaction with NIHFCU, its affiliates, and companies engaged by NIHFCU and its affiliates to render online services or services via a mobile application.
• Describes the categories of nonpublic personal information (Personal Information) that we may collect when you are interacting with or using our Apps.
• Describes the categories of other persons or entities with whom we may share your Personal Information.
• Disclosures whether other parties may collect Personal Information about your online activities over time and across different websites when you use NIHFCU Apps.
• Describes how you can review and request changes to any Personal Information we collect.
• Describes how we will inform you of significant changes to our Online Privacy Policy.
• Discloses if we engage in collecting Personal Information about your online activities over time and across different Websites or Apps.
• Describes how we safeguard children’s online privacy.

Privacy Statement
Your trust is essential to NIHFCU success, and we are committed to protecting the privacy of your personal information. The Federal Regulation, 12 CFR Part 716; this notice is provided to disclose the information privacy policies and practices of NIHFCU concerning personal information. This notice applies to current members and other current NIHFCU consumers such as joint account owners and joint loan obligors. It also discloses our online privacy policies and practices related to former members and former consumers of NIHFCU. “You” refers to current members and current consumers.

Collection of Personal Information
NIHFCU may collect Personal Information about you from several sources in providing services to you. These sources include but are not limited to applications for services, in-person, and phone conversations, consumer reporting agencies, and third parties such as employers with whom we confirm application information. Examples of the type of Personal Information we collect include your name, residence and business address, phone numbers, email addresses, Social Security number, date of birth, assets, income, and transaction history. NIHFCU Apps may also collect specific electronic data, such as your geolocation, IP address, and device identifier.

Disclosure of Personal Information
We are committed to maintaining your trust by preserving the privacy of your Personal Information while offering you competitive financial products and services.

NIHFCU discloses Personal Information about you to unaffiliated third parties as allowed or required by law. This may include disclosures:

• to the federal government as required by tax reporting laws and financial transaction reporting laws
• in response to valid subpoenas
• to other financial institutions involved in processing your transactions
• to our auditors, regulatory examiners, and legal advisers
• to consumer reporting agencies
• To third-party vendors such as our statement printer, the Zelle network, and card transaction processors with whom we contract to assist in providing products and services to you.

We reserve the right to disclose Personal Information we have collected as indicated in the NIHFCU Privacy Notice or as required or allowed by law.

Sharing of Personal Information
Per the NIHFCU Privacy Notice, we disclose Personal Information to unaffiliated third-party joint marketing partners. Joint marketing partners are other financial institutions with whom we have made agreements to market and provide financial products and services to you jointly. While we do not warrant the products or services provided by joint marketing partners, we believe they represent excellent value for you. Examples of joint marketing partners include insurance companies that offer low-cost mortgage protection, life insurance, and investment advisors. We reserve the right to disclose Personal Information to joint marketing partners.

Although NIHFCU does not share with unaffiliated third-party companies, except as provided by our Privacy Notice, we are aware that you may choose to do so to use their services.

For example, you may authorize a third-party company to access your Personal Information and account data to enable additional financial recommendations or services. An example would be authorizing Zelle to collect the member’s contact list to expedite the Zelle payments or other similar services or Apps.

Because third-party companies have access to your Personal Information and Account Data and may use your account sign-in credentials to provide the service, we recommend caution when granting such access.

Some third-party companies may use other companies to assist in providing services or accessing your Personal Information or Account Data. Anyone or all of these companies may be storing your Personal Information or Account Data. NIHFCU will not be responsible for using or disclosing any Personal Information or Account Data accessed by, or on behalf of, any company or person to whom you provide your NIHFCU sign-in credentials or account information. We do not control the privacy, security, or accuracy of Personal Information that may be held by third-party companies, which are governed by their privacy policy and data security program. We are also not responsible for any fees associated with these third-party services.
When you provide your NIHFCU sign-in credentials to a third party, you will be deemed to have authorized all transactions or actions initiated by that third party using the access information you provided, whether you are aware of the specific transaction or action.

When revoking access authority given to third-party companies, we strongly recommend changing your NIHFCU password to ensure added security. NIHFCU reserves the right to block or disable third-party access to any account without notice for security and other reasons.

We reserve the right to disclose any Personal Information we have collected about former members and former consumers of NIHFCU products and services and will do so only as permitted or required by law.

Keeping Accurate Information
We must have accurate and up-to-date Personal Information about you. If your information is incomplete, inaccurate, or out of date, please contact us at 800-877-6440 or visit a branch. You may also review and request changes to certain Personal Information such as your email address, mailing address, and phone number by submitting a request to update via the Secured Messaging within Online Banking.

Keeping Personal Information Secure
We require all vendors and joint marketing partners to sign written agreements confirming they will maintain commercially reasonable safeguards to preserve Personal Information security and to use the information for purposes we have authorized. Within NIHFCU, we maintain internal controls, policies, and procedures, including physical and electronic data security systems, to maintain your information private. These controls, policies, and procedures are reviewed regularly.

All employees and volunteers preserve the security and confidentiality of members’ Personal Information and receive required training on information security.

General Use
As a general policy, NIHFCU does not automatically collect Personal Information from website or App users. However, NIHFCU may sometimes collect and store non-personal information from website and App users. For example, information that measures the number of visitors to the website and the types of usage of the Apps is beneficial to the credit union. It also tracks the route a user travels within the NIHFCU website or the frequency of usage of the Apps to better serve users through improved design and navigation.

Online Banking (Member-Only Area)
Personal information may be collected when a member has registered to enter the member-only Online Banking area of the website or select an App from the preferred Mobile Application store. This information enables NIHFCU to restrict access to this information, which provides security for the members.

Cookies
The NIHFCU website requires cookies – small pieces of information a website stores on a user’s web browser. For example, cookies are required to help protect the privacy of a member’s transactions by automatically terminating online sessions if the member forgets to log out. Cookies cannot capture a user’s email address, obtain data from the user’s hard drive, or gain confidential or sensitive information about the user. Cookies used by NIHFCU will not contain or capture unencrypted Personal Information.

Cookies allow NIHFCU to collect information such as browser type, time spent on the site, pages visited, language preferences, and your relationship with us. We use the information for security purposes, facilitate navigation, display information more effectively, personalize/tailor your experience with us, and recognize your device to allow online products and services.

NIHFCU collects statistical information about website and App usage to continually improve the design and functionality, monitor responses to our advertisements and content, understand the usage, and assist with resolving questions regarding the site. Users can refuse to accept cookies, and most devices and browsers offer privacy settings for cookies.

Users will need to manage cookie settings for each device and browser; however, if the user does not accept cookies, the user may be inconvenienced using the site and some online products and services. For example, we will not be able to recognize your device, and you will need to answer a challenge question each time you log in.

Online Forms and Applications
NIHFCU provides forms and applications online to serve the needs of its members better. NIHFCU only uses personal information provided via any online form to process members’ service requests.

Email Communication
NIHFCU staff may use Personal Information transmitted to NIHFCU to respond to inquiries for service or information. Since email messages may not be secure against interception by unauthorized individuals, NIHFCU encourages users to seek secured messaging or other secured alternatives when necessary to provide sensitive or Personal Information. Likewise, NIHFCU will not transmit sensitive or Personal Information that can compromise or violate users’ privacy when communicating via email.

Browsers and Encryption
NIHFCU recommends using a 128-bit browser which is available from Microsoft. NIHFCU strongly recommends using a 128-bit browser for all financial activity as it further protects members from potential data interception.

Children’s Online Privacy Protection Act
NIHFCU recognizes its responsibility to protect the privacy of our youngest members, and we are committed to protecting our young members and other users of our website. NIHFCU intends to comply with the Children’s Online Privacy Protection Act (COPPA), which governs and protects the privacy of our youngest members. For these guidelines, our youngest members are children under 13. The online financial services offered through the website are not designated for or directed toward children under 13. Parents of individuals within this age group may register for online accounts.

We do not knowingly solicit or collect data from children, and we do not knowingly market to children online without express parental consent or notification. Suppose we receive online information from someone we know is a child, including Personal Information such as name, address, email, account number, phone, and social security number. In that case, we will only use the information to respond directly to the child’s request, seek parental consent, or provide parental notice. We will not sell, give, or share the Personal Information to/with any third-party vendor or any other organization.

A parent or guardian has the right to review the Personal Information collected on a child under 13 years old. If requested, the parent or guardian may have the information deleted and refuse to allow further collection or use of the child’s information. To make such requests, please get in touch with NIHFCU at 800-877-6440.

NIHFCU may collect information on domain names, dates and times of visits, and the number of page views. This information contains no personal information and will only be used to keep track of usage of our site and help improve members’ overall website experience. Visitor information is never sold, given, or discussed with third parties. For more information about COPPA, visit the FTC website, www.ftc.gov.

Policy Updates
NIHFCU may change or update this policy from time to time and notify members by providing the appropriate notification via the published policy. The published version will include a revision date and a last revised date. Any changes to the Online Privacy Policy will become effective when posted unless indicated otherwise.

^{i The “Android” Operating System name, the Android logo, the “Google Play” brand, and other Google trademarks, are the property of Google LLC.
ii Apple® iDevice Operating System, the Apple brand, and other Apple trademarks are the property of Apple Inc}

At NIH Federal Credit Union, we strive to create a positive online experience for all our members, including those who use assistive technologies or have disabilities. We believe that every person has the right to live with dignity, equality, comfort and independence. It’s all part of what we call Banking with Heart.

If you have any questions or comments about our website’s accessibility standards, or if you are having difficulty accessing nihfcu.org, or any of our other digital tools, please contact us and we will assist you with the issue or work to make other arrangements for you to access the desired content.
                    Phone: 1-800-877-6440
                    E-mail: nihfcu@nihfcu.org
                    Postal Address: PO Box 6475 (ATTN: Website Mktg) Rockville, MD 20849-6475

NIHFCU Official Accessibility Policy
At NIHFCU, we are committed to accessibility and digital inclusion. To assist us, we have chosen UserWay as our accessibility partner. UserWay’s Accessibility Widget is powered by a dedicated accessibility server and facilitates compliance with accessibility guidelines. The widget contains a variety of accessibility tools and can be accessed by selecting the accessibility menu icon that appears in the lower left corner of every page on our website.

Accessibility Standards
The W3C’s Web Content Accessibility Guidelines (WCAG) define a series of standards to improve accessibility for people with disabilities. NIH Federal Credit Union strives to maintain standards in line with the Web Content Accessibility Guidelines Level A and AA.

Browsers, Operating Systems, and Assistive Technologies
At NIHFCU we recommend using the most current versions of all browsers, operating systems, and assistive technologies to access our website. Keeping these updated will ensure that you have the most options available for accessibility.

Technical Requirements
nihfcu.org relies on HTML, CSS, and JavaScript for it to work properly. If any of these technologies are not supported by, or turned off in your web browser, computer/mobile device, operating system, or assistive technology, it may cause nihfcu.org to behave in an unintended way.

Please note that our website does contain links to web pages hosted by third parties. We do not make representations regarding the accessibility of third-party websites and we are not able to resolve accessibility barriers on such websites. Although it is our goal to maintain the standards outlined above, it is possible that due to ongoing changes to our website’s content or accessibility standards, some content may not have yet been fully adapted to these standards. If you encounter a barrier in accessing any of our website content, please contact us and we will assist you with the issue or work to make other arrangements for you to access the desired content.

At certain places on this website, there are links to other websites. NIH Federal Credit Union does not operate these other sites, nor is NIHFCU responsible for the content of such sites.

NIHFCU does not represent either the third party or the member should the two enter into a transaction.

Privacy and security policies may differ from those practiced by NIHFCU.

We’re on social media to better communicate with the biomedical & healthcare community. The National Institutes of Health Federal Credit Union (NIHFCU) welcomes member and non-member participation on its sites as a means of sharing experiences, suggesting improvements, and contributing to conversations. In order to maintain focused, respectful, and informative communication, and a minimum standard for expectations of conduct, we have established the following social media usage guidelines and limitations.

By accessing our sites, you agree to be bound by and comply with these terms, all applicable laws and regulations, and any other applicable policies, terms and guidelines and existing agreements established by NIHFCU and those of any third parties that host our sites (which may include, but are not limited to, Facebook, YouTube, Yelp, Instagram, LinkedIn, Google+, Pinterest, Twitter). If you do not agree with any of these terms, do not use or access our sites. Any unauthorized use of our sites or misuse of any information posted to a site is strictly prohibited.

Please note, our social media pages are public pages, meaning anyone online can see your posts and your posts could even show up in the results of a search-engine like Google. Because all social media pages are public, NIHFCU is not responsible for any views expressed on our page other than our own.

When posting on any NIHFCU, we reserve the right to review any and all comments at its discretion and to delete comments that are, or include:

1. Spam: Comments focused on selling a product or service, or comments posted for a purpose of driving traffic to a particular website for personal, political or monetary gain will be removed.
2. Personal Attacks: If you disagree with the content, we would like to hear from you, but ask that you refrain from personal attacks or being disrespectful to others. Malicious intent and/or participation not in the spirit of civil conversation will be removed.
3. Illegal: Posts must not violate laws that govern use of copyrights, trademarks and trade secrets, etc.
4. Offensive Language: Comments including, but not limited to, profane or provocative language will be removed. Comments that contain threatening, hateful, offensive, derogatory, obscene or sexually explicit language will not be tolerated.
5. Private or Confidential Information: Please do not provide any of your specific account details or other personal information when posting comments. This includes but is not limited to account usernames and numbers, passwords, pins, social security numbers, or other account details. If you have immediate service needs, please contact our Contact Center at 301-718-0208, 800-877-6440 or 301-881-5822 (TDD/TTY), or visit one of our local branches for assistance.
6. Posts in HTML Format (or URLs) will be removed. Please only use plain text when submitting your comments.
7. Posts from Individuals Under the Age of 13 cannot be accepted.
8. Posts Containing Photos will not be accepted, unless specifically requested by an authorized representative of NIHFCU for a contest or other business related purpose. In these instances, pictures will be reviewed and will not be posted if deemed inappropriate.

Endorsements: NIHFCU does not endorse any comments made by its employees, unless they are made in an authorized representative capacity. Statements and opinions expressed in the comments are strictly those of the commenter alone, and do not constitute an official position of NIHFCU, unless they are posted by the original
author (who is an authorized representative of the credit union) or by a subject matter expert responding on behalf of that authorized representative.

NIHFCU Employees: If you are an NIHFCU employee, you MUST disclose your employment status when you submit a comment or question. When participating in online communities, do not misrepresent yourself. Whether you are at home or in the office, working for NIHFCU is a material fact that may influence content, and community members have a right to know you work for NIHFCU. When commenting on the credit union, unless you are authorized to speak on behalf of NIHFCU, you must state that the views expressed are your own. If we feel the nature of your comment is confidential, shares information not generally available, or recommends an action which could adversely affect our members, we reserve the right to remove comment from a blog or social media site. Thank you for helping maintain the integrity of our community by disclosing your employment relationship.

Disclaimer: The materials on NIHFCU sites are provided “As is”. NIHFCU makes no warranties, express or implied, regarding merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, NIHFCU does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its sites or otherwise relating to such materials or on any sites linked to these sites. The information and content provided on our sites is intended for informational purposes only. NIHFCU is not responsible for any content posted by users, including posts made by employees or agents who are not authorized administrators of our sites. Content posted by others is not edited by NIHFCU and does not necessarily represent its views or opinions.

Limitations/Indemnification: In no event shall NIHFCU, its affiliates or suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on NIHFCU sites, or for loss or damage that results from your failure to comply with these terms or other applicable guidelines, or from any technical, human or software errors or failures found within our sites. You agree to indemnify, defend and hold harmless NIHFCU, its officers, employees and agents from any and all liability with respect to any claims from any third parties arising from your use of our sites or violations of these terms or applicable guidelines.

Privacy: Your use of NIHFCU social media-based websites constitutes your consent to NIHFCU use of information obtained through your site visits. With respect to content collected through our sites, NIHFCU follows the applicable privacy policies of the third party hosts of our sites. Please note that when visiting any NIHFCU site, you are also subject to the terms and conditions of NIHFCU’s privacy, security and legal notices, the privacy policy and terms of the respective social media site and third-party hosts, when applicable

Third-Party Links: NIHFCU has not reviewed all of the third-party sites linked from its sites and is not responsible for the contents of any such linked site. The inclusion of any third-party link does not imply endorsement by NIHFCU. Use of any such linked website is at the user’s own risk. You understand that, when going to a third-party website, that site is governed by the third party’s privacy and terms of use, and the third party is solely responsible for the content and offering presented on its website.

Privacy & Security:  Please note that when visiting any of NIH Federal Credit Union’s social media pages, you are subject to both the terms and conditions of NIHFCU’s Privacy, Security & Legal policies, as well as the social site’s privacy policy and terms of use.

The NIHFCU reserves the right to change these Terms at any time at its sole discretion.

The National Institutes of Health Federal Credit Union (NIHFCU) will take appropriate action in response to member behavior that is illicit, threatening, abusive, or otherwise overly disruptive to NIHFCU operations or any activity that causes a financial loss or is associated with fraud or increased reputational or regulatory compliance risk to the NIHFCU.

Along with the NIHFCU bylaws, which require a membership to be terminated if the share account falls below the $1 par value for longer than six months, the NIHFCU will address unacceptable conduct for the protection of its members, employees, and property.

MEMBER EXPECTATIONS

All members are entitled to attend, participate, and vote at the annual and special meetings of the members and must maintain Par value in the regular share account. Access to other products, services, or facilities is not a membership right.

A Member in Good Standing:

Members in good standing retain all their rights and privileges in the NIHFCU. A member that meets all of the following is considered a Member in Good Standing:

1. Maintains a minimum regular share par value of $1 as defined within the NIHFCU’s bylaws and this policy.
2. Has no account with an active limitation of service notation.
3. Has not caused an unrecovered monetary loss to NIHFCU.
4. Has not engaged in violent, belligerent, disruptive, or abusive activities such as:

• Violence, intimidation, threats, harassment, or physical or verbal abuse of duly elected or appointed officials or employees of the NIHFCU, members, or agents of the NIHFCU. This includes actions only on NIHFCU premises and through communication by telephone, mail, email, or other electronic methods.
• Causing or threatening damage to NIHFCU property.
• Permitting or engaging in unauthorized use of, or access to, NIHFCU property.
• Knowingly disseminating incorrect, misleading, confidential, or proprietary information regarding the NIHFCU.
• Taking any actions that may cause the NIHFCU material risk or financial harm.
• Any action deemed as an attempt to defraud the NIHFCU, such as using counterfeit or altered IDs or misrepresenting personal nonpublic information.

Member Not in Good Standing-Limitation of Services

At a minimum, a member that is not in good standing will be subject to a limitation of NIHFCU services and may be subject to expulsion from membership.

Expulsion from Membership
NIHFCU may terminate your membership in one of three ways.

• Special Meeting: The first way is through a special meeting. Under this option, we may call a special meeting of the members, provide you an opportunity to be heard, and obtain a two-thirds vote of the members present at the special meeting in favor of your expulsion.

• Nonparticipation Maintaining Par Value in Regular Share Account: The second way to terminate your membership is when a membership is found to not be in good standing, specifically related to not maintaining par value. Once the regular share account has been below par value for 6 months, the membership will automatically close.

• For Cause: The third way to terminate your membership is by a two-thirds vote of a quorum of the directors of the credit union for cause (i.e., when a membership is not in good standing)

Cause is defined as follows:
(A) a substantial or repeated violation of the Membership and Account Agreement with NIHFCU.
(B) a substantial or repeated disruption, including dangerous or abusive behavior, to the credit union’s operations; or
(C) fraud, attempted fraud, or a conviction of other illegal conduct that a member has been convicted of in relation to NIHFCU, including in connection with our employee’s conducting business on behalf of us.

Before the board votes on an expulsion, NIHFCU must provide written notice to your mail address (or email, if applicable) on record or personally provide the written notice. NIHFCU must provide the specific reasons for the expulsion and allow you an opportunity to rebut those reasons through a hearing if you choose. It is your responsibility to keep your contact information with NIHFCU up to date, and to open and read notices from NIHFCU.

Unless the NIHFCU determines to allow otherwise, there is no right to an in-person hearing with the board. If you fail to request a hearing within 60 calendar days of receipt of the notice, you will be expelled.

You may submit any complaints about your pending expulsion or expulsion to NCUA’s Consumer Assistance Center if the complaint cannot be resolved with the credit union. NIHFCU will confirm any expulsion with a letter with information on the effect of the expulsion and how you can request reinstatement.

Expulsion or withdrawal from membership does not relieve a member of their liability to the credit union, and we may demand immediate repayment of the money you owe to us after expulsion, subject to any applicable contract terms and conditions.

For additional information on the limitation of services or expulsion, see the Membership and Account Agreement Sections 28 and 29, The NIHFCU Membership Limitation and Expulsion Policy or Article XIV of the NIHFCU Bylaws.

View our Privacy Statement.