California Consumer Privacy Act
This is BMI Federal Credit Union (BM FCU) privacy notice for all members of BMI FCU who are California residents. This privacy notice supplements BMI FCU general Privacy Notice and applies solely to members who reside in the State of California (“you”). BMI FCU adopts this notice to comply with the California Consumer Privacy Act of 2018, as amended (“CCPA”) and other applicable California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA was passed by the State of California in 2018 and provides California residents with the following rights over their personal information: (a) the right to access, transfer, edit and delete their personal data with a verifiable consumer request; and (b) the ability to opt out of certain data-processing practices. In addition, California residents have the right to: (a) know what information is being collected about them; (b) know if their personal information is sold or disclosed, and to whom; (c) say “no” to the sale of personal information; and (d) equal service and price, even if they exercise their privacy rights under the CCPA.
BMI FCU does not and will not discriminate in any way against any members who choose to exercise their rights under the CCPA.
Information Collected
BMI FCU collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular member as part of our normal business practices and to best serve you. Specifically, we have collected (in the preceding 12 months) and are collecting the following categories of personal information from members:
- Personal Identifiers. These include: member’s real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security Number, driver’s license number, passport number, state identification number, and other similar identifiers.
- Personal Information Categories in the California Customer Records Statute. These include: name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license number, state identification number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.
- Protected Classification Characteristics Under California and/or Federal Law. These include: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status.
- Employment-Related Information. These include: current or past job history or performance evaluations.
- Internet Activity. These include: browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
BMI FCU did not (within the preceding 12 months) and currently does not collect the following personal information:
- Commercial Information. These include: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric Information. These include: genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
- Geolocation Data. These include: physical location or movements.
- Sensory Data. These include: audio, electronic, visual, thermal, olfactory, or similar information.
- Non-Public Education Information. These include: education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
- Inferences Drawn from Other Personal Information. These include: profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
How We Collect Your Information
We collect your personal information from the foregoing categories: (a) directly from you when you complete required agreements and disclosure forms; (b) indirectly from you when we collect the information during the course of services that we provide to you, that you have consented to receive and that are necessary to support our services to you; (c) information that you provide when interacting with our website (www.bmifcu.org), including when you sign up for our online banking service; and (d) from third-parties that interact with us in connection with the services that we provide to you.
How Does BMI FCU Use Your Personal Information?
BMI FCU uses the personal information we collect from you for the following business purposes: (a) to provide you with information, products, or services that you have expressly requested of us and that are integral to your membership with BMI FCU; (b) to provide you with notices, whether by e-mail or text (depending on what services you have consented to receive); (c) to improve our website; (d) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, or between third-party vendors and us, including for billing and collections; (e) to respond to court orders and legal requests; and (f) as necessary to protect our interests and the interests of our members.
Sharing Your Personal Information
BMI FCU can and does disclose your personal information to third-parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purposes and requires the recipients to both keep that personal information confidential and not use it for any purpose except for the performance of the contract. We may disclose your personal information to the following categories of third-parties: (a) our affiliates; (b) vendors; (c) third-parties whom you or your agent has authorized to receive your personal information; and (d) the courts and other authorities who have requested your personal information via a subpoena or court order.
In the preceding 12 month period, we have disclosed, for a business purpose, the following categories of personal information to third-parties: (a) Personal Identifiers; (b) Personal Information Categories in the California Customer Records Statute; (c) Protected Classification Characteristics Under California and/or Federal Law; (d) Employment-Related Information; and (e) Internet Activity.
Your Rights and Choices Under the CCPA
You have the following rights under the CCPA by submitting a verifiable consumer request:
- The right to request that we disclose certain information to you about BMI FCU collection and use of your personal information over the past 12 months;
- The right to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Please keep in mind that should you ask that we delete your personal information, this may hinder or impair our ability to render certain or all services to you. Should the deletion of such information hinder or impair our ability to serve you, we will inform you of such difficulty. Should you choose to proceed, we may require that your membership with BMI FCU be terminated. However, under the CCPA, we are not required to comply with your request to delete your personal information if retaining your personal information is necessary to: complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
-
complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
-
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
-
debug products to identify and repair errors that impair existing intended functionality;
-
exercise free speech, ensure the right of another member to exercise their free speech rights, or exercise another right provided for by law;
-
comply with the California Electronic Communications Privacy Act;
-
enable solely internal uses that are reasonably aligned with member expectations based on your relationship with us;
-
comply with a legal obligation; and
-
make other internal and lawful uses of that information that we are compatible with the context in which you provided it.
You may exercise you right to access or delete the personal information we have of you by making a verifiable consumer request, during business hours, at 800.233.6880. You may also write to us:
BMI Federal Credit Union
Attn: Compliance Services
6165 Emerald Parkway
Dublin, Ohio 43016
A verifiable consumer request requires the following:
- sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- description of your request with sufficient detail to allow BMI FCU to properly understand, evaluate and respond to the request. Should your verifiable consumer request require more information, we will contact you to request such information.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You are allowed to make a verifiable consumer request twice within a 12-month period. Under the CCPA, we cannot respond to your request or provide you with the requested information if we are unable to verify your identity or authority to make the request and confirm the personal information relates to you.
BMI FCU will provide you with the requested information once we receive a verifiable consumer request from you. We may, at our sole discretion, provide the requested information to you via mail or electronically. If we elect to send the requested information to you electronically, we will provide the information in a portable, and to the extent technically feasible, in a readily useable format that allows you to transmit the information to another party without hindrance. BMI FCU will attempt to respond to a verifiable consumer request within 45 days of receipt. If we require more time (up to 90 days) we will inform you in writing of the reason for requiring more time and the additional time required to respond. We do not charge for this service.
Selling Your Personal Information
BMI FCU does not and will not sell your personal information to third-parties.
Financial Incentives for Providing Data or Not Exercising Your Rights
BMI FCU does not provide any financial incentives for providing your personal information to BMI FCU, or for not exercising your rights under the CCPA.