Online Privacy Policy

Introduction
NIH Federal Credit Union (NIHFCU) strives to serve your needs and protect your identity and any information we collect. Our efforts include all interactions you may have with NIHFCU, including but not limited to the use of NIHFCU Online Banking (OLB) and Mobile Applications (Apps).

We currently use the following Mobile Applications and collect and share only the data necessary to further enhance the member usage experience. Current Apps include, but are not limited to:

• ⁱ Android App available in Google Play

• ⁱⁱ iOS App available in Apple App Store

• Zelle ®SDKs requires use of device Contacts and Camera permissions in order to use select features properly. Both Apple & Google Play require the purpose of collecting and using this data in their respective policies and be disclosed.

For example, the NIHFCU Mobile Banking App collects and uploads end-user (Members) contact lists to simplify adding payees for Zelle person to person payments when members are enrolled in Zelle.

While using Zelle ®, to use the QR Code Feature, with your prior permission, NIH Federal Credit Union may collect or access pictures and other information from your device’s Contacts, Camera, and Photos.   Any information collected is used to provide features of the Zelle ® service and/or to improve the customize the user experience.  The information may be uploaded to our servers, or it may be simply stored on your device.   You can enable or disable access to this information at any time, through your device settings.

This Online Privacy Policy:

• Covers your interaction with NIHFCU, its affiliates, and companies engaged by NIHFCU and its affiliates to render online services or services via a mobile application.

• Describes the categories of nonpublic personal information (Personal Information) that we may collect when you are interacting with or using our Apps.

• Describes the categories of other persons or entities with whom we may share your Personal Information.

• Disclosures whether other parties may collect Personal Information about your online activities over time and across different websites when you use NIHFCU Apps.

• Describes how you can review and request changes to any Personal Information we collect.

• Describes how we will inform you of significant changes to our Online Privacy Policy.

• Discloses if we engage in collecting Personal Information about your online activities over time and across different Websites or Apps.

• Describes how we safeguard children’s online privacy.

Privacy Statement
Your trust is essential to NIHFCU success, and we are committed to protecting the privacy of your personal information. The Federal Regulation, 12 CFR Part 716; this notice is provided to disclose the information privacy policies and practices of NIHFCU concerning personal information. This notice applies to current members and other current NIHFCU consumers such as joint account owners and joint loan obligors. It also discloses our online privacy policies and practices related to former members and former consumers of NIHFCU. “You” refers to current members and current consumers.

Collection of Personal Information
NIHFCU may collect Personal Information about you from several sources in providing services to you. These sources include but are not limited to applications for services, in-person, and phone conversations, consumer reporting agencies, and third parties such as employers with whom we confirm application information. Examples of the type of Personal Information we collect include your name, residence and business address, phone numbers, email addresses, Social Security number, date of birth, assets, income, and transaction history. NIHFCU Apps may also collect specific electronic data, such as your geolocation, IP address, and device identifier.

Disclosure of Personal Information
We are committed to maintaining your trust by preserving the privacy of your Personal Information while offering you competitive financial products and services.

NIHFCU discloses Personal Information about you to unaffiliated third parties as allowed or required by law. This may include disclosures:

• to the federal government as required by tax reporting laws and financial transaction reporting laws

• in response to valid subpoenas

• to other financial institutions involved in processing your transactions

• to our auditors, regulatory examiners, and legal advisers

• to consumer reporting agencies

• To third-party vendors such as our statement printer, the Zelle network, and card transaction processors with whom we contract to assist in providing products and services to you.

We reserve the right to disclose Personal Information we have collected as indicated in the NIHFCU Privacy Notice or as required or allowed by law.

Sharing of Personal Information
Per the NIHFCU Privacy Notice, we disclose Personal Information to unaffiliated third-party joint marketing partners. Joint marketing partners are other financial institutions with whom we have made agreements to market and provide financial products and services to you jointly. While we do not warrant the products or services provided by joint marketing partners, we believe they represent excellent value for you. Examples of joint marketing partners include insurance companies that offer low-cost mortgage protection, life insurance, and investment advisors. We reserve the right to disclose Personal Information to joint marketing partners.

Although NIHFCU does not share with unaffiliated third-party companies, except as provided by our Privacy Notice, we are aware that you may choose to do so to use their services.

For example, you may authorize a third-party company to access your Personal Information and account data to enable additional financial recommendations or services. An example would be authorizing Zelle to collect the member’s contact list to expedite the Zelle payments or other similar services or Apps.

Because third-party companies have access to your Personal Information and Account Data and may use your account sign-in credentials to provide the service, we recommend caution when granting such access.

Some third-party companies may use other companies to assist in providing services or accessing your Personal Information or Account Data. Anyone or all of these companies may be storing your Personal Information or Account Data. NIHFCU will not be responsible for using or disclosing any Personal Information or Account Data accessed by, or on behalf of, any company or person to whom you provide your NIHFCU sign-in credentials or account information. We do not control the privacy, security, or accuracy of Personal Information that may be held by third-party companies, which are governed by their privacy policy and data security program. We are also not responsible for any fees associated with these third-party services.
When you provide your NIHFCU sign-in credentials to a third party, you will be deemed to have authorized all transactions or actions initiated by that third party using the access information you provided, whether you are aware of the specific transaction or action.

When revoking access authority given to third-party companies, we strongly recommend changing your NIHFCU password to ensure added security. NIHFCU reserves the right to block or disable third-party access to any account without notice for security and other reasons.

We reserve the right to disclose any Personal Information we have collected about former members and former consumers of NIHFCU products and services and will do so only as permitted or required by law.

Keeping Accurate Information
We must have accurate and up-to-date Personal Information about you. If your information is incomplete, inaccurate, or out of date, please contact us at 800-877-6440 or visit a branch. You may also review and request changes to certain Personal Information such as your email address, mailing address, and phone number by submitting a request to update via the Secured Messaging within Online Banking.

Keeping Personal Information Secure
We require all vendors and joint marketing partners to sign written agreements confirming they will maintain commercially reasonable safeguards to preserve Personal Information security and to use the information for purposes we have authorized. Within NIHFCU, we maintain internal controls, policies, and procedures, including physical and electronic data security systems, to maintain your information private. These controls, policies, and procedures are reviewed regularly.

All employees and volunteers preserve the security and confidentiality of members’ Personal Information and receive required training on information security.

General Use
As a general policy, NIHFCU does not automatically collect Personal Information from website or App users. However, NIHFCU may sometimes collect and store non-personal information from website and App users. For example, information that measures the number of visitors to the website and the types of usage of the Apps is beneficial to the credit union. It also tracks the route a user travels within the NIHFCU website or the frequency of usage of the Apps to better serve users through improved design and navigation.

Online Banking (Member-Only Area)
Personal information may be collected when a member has registered to enter the member-only Online Banking area of the website or select an App from the preferred Mobile Application store. This information enables NIHFCU to restrict access to this information, which provides security for the members.

Cookies
The NIHFCU website requires cookies – small pieces of information a website stores on a user’s web browser. For example, cookies are required to help protect the privacy of a member’s transactions by automatically terminating online sessions if the member forgets to log out. Cookies cannot capture a user’s email address, obtain data from the user’s hard drive, or gain confidential or sensitive information about the user. Cookies used by NIHFCU will not contain or capture unencrypted Personal Information.

Cookies allow NIHFCU to collect information such as browser type, time spent on the site, pages visited, language preferences, and your relationship with us. We use the information for security purposes, facilitate navigation, display information more effectively, personalize/tailor your experience with us, and recognize your device to allow online products and services.

NIHFCU collects statistical information about website and App usage to continually improve the design and functionality, monitor responses to our advertisements and content, understand the usage, and assist with resolving questions regarding the site. Users can refuse to accept cookies, and most devices and browsers offer privacy settings for cookies.

Users will need to manage cookie settings for each device and browser; however, if the user does not accept cookies, the user may be inconvenienced using the site and some online products and services. For example, we will not be able to recognize your device, and you will need to answer a challenge question each time you log in.

Online Forms and Applications
NIHFCU provides forms and applications online to serve the needs of its members better. NIHFCU only uses personal information provided via any online form to process members’ service requests.

Email Communication
NIHFCU staff may use Personal Information transmitted to NIHFCU to respond to inquiries for service or information. Since email messages may not be secure against interception by unauthorized individuals, NIHFCU encourages users to seek secured messaging or other secured alternatives when necessary to provide sensitive or Personal Information. Likewise, NIHFCU will not transmit sensitive or Personal Information that can compromise or violate users’ privacy when communicating via email.

Browsers and Encryption
NIHFCU recommends using a 128-bit browser which is available from Microsoft. NIHFCU strongly recommends using a 128-bit browser for all financial activity as it further protects members from potential data interception.

Children’s Online Privacy Protection Act
NIHFCU recognizes its responsibility to protect the privacy of our youngest members, and we are committed to protecting our young members and other users of our website. NIHFCU intends to comply with the Children’s Online Privacy Protection Act (COPPA), which governs and protects the privacy of our youngest members. For these guidelines, our youngest members are children under 13. The online financial services offered through the website are not designated for or directed toward children under 13. Parents of individuals within this age group may register for online accounts.

We do not knowingly solicit or collect data from children, and we do not knowingly market to children online without express parental consent or notification. Suppose we receive online information from someone we know is a child, including Personal Information such as name, address, email, account number, phone, and social security number. In that case, we will only use the information to respond directly to the child’s request, seek parental consent, or provide parental notice. We will not sell, give, or share the Personal Information to/with any third-party vendor or any other organization.

A parent or guardian has the right to review the Personal Information collected on a child under 13 years old. If requested, the parent or guardian may have the information deleted and refuse to allow further collection or use of the child’s information. To make such requests, please get in touch with NIHFCU at 800-877-6440.

NIHFCU may collect information on domain names, dates and times of visits, and the number of page views. This information contains no personal information and will only be used to keep track of usage of our site and help improve members’ overall website experience. Visitor information is never sold, given, or discussed with third parties. For more information about COPPA, visit the FTC website, www.ftc.gov.

Policy Updates
NIHFCU may change or update this policy from time to time and notify members by providing the appropriate notification via the published policy. The published version will include a revision date and a last revised date. Any changes to the Online Privacy Policy will become effective when posted unless indicated otherwise.