Privacy Policy
Effective: December 1, 2021
At Iowa Credit Union League (the “League,” “we”, “our” or “us”) we respect your concerns about privacy and value our relationship with you, thus we created this Privacy Policy (“Policy”) to demonstrate our commitment to you. This Policy explains what information we gather and how we use it as related to our website, www.iowacreditunions.com, including its subdomains, subdirectories, and related domains directed to www.iowacreditunions.com (collectively, the “Website” or “Sites”). By using the Website, you acknowledge that your personal data will be processed in accordance with this Policy. Please also see our Terms of Use, which can be found at www.iowacreditunions.com/terms-of-use.
We may revise and update this Policy from time to time in our sole discretion. All changes are effective immediately when we post them to the Website, and apply to all access to and use of the Website thereafter. Your continued use of the Website following the posting of revisions means you acknowledge the changes. You are expected to check this page from time to time so you are aware of any changes.
This Policy applies to information we collect:
- On this Website;
- In email, text, and other electronic messages between you and this Website;
- Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website; or
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Policy.
This Policy does not apply to information collected by:
- The League offline or through any other means, including on any other website operated by any third party (including our affiliates and subsidiaries); or
- Any third party (not affiliated with our Website or services offered through our Website), including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Data protection is a high priority for the League. The use of the Website pages of the League is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our Website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject is in line with the California Consumer Privacy Act (CCPA), and in accordance with other state-specific data protection regulations applicable to the League. By means of this Policy, we like to inform the public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this Policy, of the rights to which they are entitled.
Data Security
We and our service providers have implemented measures designed to secure your personal information from unintentional loss and from unauthorized access, use, alteration, and disclosure. We believe we have taken reasonable precautions necessary to maintain security for this Website.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a user name, password or any other piece of information for access to certain parts of our Website, you are responsible for keeping this information confidential. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
Ultimately, the transmission of information via the Internet is not completely secure. Although we take reasonable precautions to protect your personal information, we cannot guarantee the security of information transmitted to or stored on our Website. Any transmission or storage of information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Website and its contents to you.
- To provide you with information, products, or services you request from us.
- To fulfill any other purpose for which you provide it.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Website or any products or services we offer or provide though it.
- To monitor and identify potential fraudulent or suspicious activity.
- To allow you to participate in interactive features on our Website.
- To contact you when we believe there is an issue that needs to be communicated, such as site outages or planned maintenance.
- To use for marketing and user-evaluation purposes, including marketing of services by our affiliates.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent or such other legal basis as may be relevant, but, where appropriate, only after notifying you in advance with any information that we are required to provide to you.
Cookies
The Website uses cookies, which are text files stored in a computer system via an Internet browser. Many websites use cookies. Many cookies contain a cookie ID, which is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited sites and servers to differentiate the individual browser of the data subject from other web browsers that contain other cookies. A specific Internet browser can be recognized and identified using cookie IDs.
Through the use of cookies, the League can provide users of this website with user-friendly services that would not be possible without the cookie setting.
By means of a cookie, information and offers on our website can be optimized with the specific user in mind. Cookies allow us to recognize our Website users. The purpose of this recognition is to make it easier for users to use our Website.
The data subject may, at any time, prevent the setting of cookies through our Website by use of the corresponding setting of the Internet browser used, and may permanently deny the setting of cookies. Cookies that are already set may be deleted at any time via an Internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our Website may be entirely usable. For more information about the cookies set by our websites, please see INSERT COOKIE POLICY HERE.
Collection of general data and information
Our Website collects general data and information when a data subject calls up the Website. This general data and information are stored in the server log files. Collected information may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our Website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, the League does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our Website correctly, (2) optimize the content of our Website as well as its advertisement(s), (3) ensure the long-term viability of our information technology systems and Website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the League analyzes anonymously collected data and information statistically, with the aim of increasing our data protection and data security, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Disclosure of Your Information
We may use and disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this Policy:
- To our affiliates and third parties to market their products or services to you if you have consented to these marketing disclosures and to receive marketing emails.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To our clients regarding the use of the Website by their employees and representatives.
- To a buyer or other successor in the event of a merger, reorganization, dissolution, or other sale or transfer of some or all of the League's assets, in which personal information held by the League about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our Terms of Use, any license or other similar agreement between you or your organization and the League, and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the League or its affiliates, our clients, or others.
Subscription to Newsletters, Events, and other Marketing Emails
Our Website contains information that enables a quick electronic contact to the League, as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the League by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the League are stored for the purpose of processing or contacting the data subject. Your personal data may be stored in a third-party marketing management platform to facilitate the delivery of marketing emails and materials to you.
Users of our Website may request to receive a variety of services, including but not limited to:
- Submissions through the Website’s “Contact Us” form
- Registering for events, and
- Subscribing to marketing emails or notifications
You may also opt in to receive marketing emails by engaging with the League through various ways, including:
- Clicking on links through advertising and social media platforms,
- Engaging with us directly through social media platforms, and
- Responding to marketing forms through email to which you have already subscribed
The database(s) storing the list of subscribed users resides on systems within the United States of America for users located in the United States of America.
Our newsletter is available for members with a password to view on our Website, but email notifications of new newsletters or other marketing updates may be received if (1) you have a valid e-mail address and (2) you register to receive email notifications.
When opting into newsletter notifications, a confirmation e-mail will be sent to the registered e-mail address. This confirmation e-mail is used to prove the owner of the e-mail address is the data subject authorized to receive the notifications.
During the registration for these services, we may also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. Your computer’s IP address may be stored in a marketing management platform, but is not directly accessible by our administrators or marketing staff. The collection of this data is necessary to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves to protect the controller.
The personal data collected as part of registration for these services will be used to send the requested information and may also be used to contact you about service offerings. In addition, subscribers to newsletters may be informed by e-mail, as long as this is necessary for the operation of the newsletter or a registration in question, as this could be the case in the event of modifications to the newsletter, or in the event of a change in technical circumstances.
Personal data may be transferred to a third party for purposes of facilitating delivery of the marketing messages and notifications. The subscription to receive marketing messages may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for delivering the messages or notifications, may be revoked at any time. For the purpose of revocation of consent, a link to manage your preferences and unsubscribe from the marketing messages is found in each email message.
Emails-Tracking
Our marketing emails contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the League may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the emails are stored and analyzed by the controller in order to optimize the delivery of the emails, as well as to adapt the content of future marketing messages to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke their consent issued by means of the opt-out procedure. After a revocation, the user’s information will be marked to be unsubscribed from any marketing messages or notifications. The League automatically regards a withdrawal from the receipt of the marketing messages as a revocation.
Notice to California Residents
This California Privacy Notice is effective as of December 1, 2021.
This notice supplements the Privacy Policy and applies only to California, United States of America residents. This notice sets forth the disclosures and rights for California consumers regarding their personal information, as required by the California Consumer Privacy Act ("CCPA"). Terms used in this California Privacy Notice have the same meanings given in the CCPA and the regulations of the Attorney General implementing the CCPA, unless otherwise defined.
Outlined below are the categories of information that we collect from California residents (in general terms), the sources of the information, the purposes for which the information is used, and the categories of third parties to whom we disclose the information for business purposes (and information on how to opt-out).
The CCPA defines personal information ("Personal Information") as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.
The following are the categories of Personal Information that we have collected from our users over the last 12 months (and examples of the types of information those include), the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, the categories of third parties with whom we disclose the information for a business purpose, and the categories of third parties to whom this type of personal information is sold. Note, we do not sell personal information to any third parties.
The Personal Information we collect about you will depend upon how you use our Website or otherwise interact with us. Accordingly, we may not collect all of the below information about you. We may also collect and/or use additional types of information after providing notice to you before collection and obtaining your consent (to the extent such notice and consent is required by the CCPA). The following are examples of Personal Information we may collect as categorized by the CCPA:
- Identifiers
- Name, postal address, phone numbers,
- Customer records information
- Characteristics of protected classifications under California or US federal law
- Commercial information
- Product interest, purchase history
- Biometric information
- We do not collect biometric information
- Internet or other electronic network activity information
- Browsing data while on the website, IP address used to access the website, cookie information (see our Cookie Policy)
- Geolocation data
- Audio, electronic, visual, thermal, olfactory, or similar information
- We do not collect this type of information
- Professional or employment-related information
- Professional certifications, work history
- Education information
- Inferences: such as preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes
- We do not collect this type of information
CCPA Rights to Access and Deletion and “Do Not Sell” Rights
California residents have rights to know what Personal Information we collect, use, disclose, and sell. Additionally, California residents have the right to request that we provide the specific pieces of Personal Information we have collected about you in the prior 12 months and you have the right to ask us to delete the Personal Information we collect about you ("Right to Know" and "Right to Delete"), with some exceptions set forth in the CCPA. Note, we do not sell consumer data to third parties.
California residents also have the right to opt-out from the sale of their Personal Information. These rights are also subject to limitations, such as when a company retains data to comply with its own legal obligations. You will not be required to create an account with us in order to submit a request. If we do not receive adequate proof that the agent is authorized to act on your behalf, we may deny the request.
Right to Access
Making a Request
When you request access to the Personal Information we have collected or request deletion of your Personal Information, we will provide the requested information within 45 days. You will be notified within that time period if we need additional time to process your request. When you opt-out from the sale of your Personal Information, we will affirm your request as soon as feasibly possible, typically no later than 15 days from the date the request is received.
To request the specific pieces of Personal Information we have collected about you in the prior 12 months, send a message to support@iowacreditunions.com or call us toll-free at 1-800-860-6180. You will be provided the requested information up to two times in a twelve month period. Unfounded, repetitive, or excessive requests may be declined.
Verifying Requests to Access
We will take steps to verify your identity in order to fulfill your request. We will verify your email address is active and we will take steps to verify the information you provide to us. In order to verify your identity we will request the following pieces of information: your name, email address, and ZIP code.
Right to Deletion
The CCPA provides the right to request the deletion of personal information collected about you and for us to direct service providers to do the same (with some exceptions listed in the CCPA).
In response to a deletion request, we may erase some information and we may de-identify some information. To de-identify information, we use technical safeguards and business processes that prevent re-identification. Business processes prevent the inadvertent release of de-identified information and no attempt will be made to re-identify information.
Making a Request
For California residents to submit a request for deletion, please send an email to support@iowacreditunions.com or call our toll-free number 1-800-860-6180.
Verifying Requests to Delete
To safeguard against fraudulent requests, after submitting your request we will take steps to confirm that you want your information deleted.
To verify your identity, we will request you provide: name, email address, and ZIP code. If we are unable to verify your identity (or the identity of someone submitting a request on your behalf) we will not delete the information.
Right to Opt-Out
The CCPA provides the right to opt-out of the sale of your personal information. The League does not engage in online advertising practices that could be considered ‘sales’ under the CCPA via the collection of cookies, mentioned above.
Users under the Age of 16
The League does not knowingly collect personal information of children under the age of 16.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
California residents have the right to not receive discriminatory treatment for exercising CCPA rights. The League will not discriminate against you for exercising your CCPA rights.
More Information
For more information, you can write to us at Iowa Credit Union League, Attn: Marketing, 7745 Office Plaza Drive North, Suite 170, West Des Moines, IA 50266 or call us on 1-800-860-6180.
Other California Privacy Rights
Further to California Civil Code Section 1798.83, California residents who provide us with personal information (as covered by California’s Civil Code Section 1798.83), have the right to request and obtain from us one time per calendar year, information about the customer information we shared, if any, with third parties for their own direct marketing purposes during the preceding year. If applicable this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately preceding calendar year.
If you wish to obtain this information from us and are a California resident, please email or write to us at the following address: Iowa Credit Union League, Attn: Marketing 7745 Office Plaza Drive North, Suite 170, West Des Moines, IA 50266 or support@iowacreditunions.com Include ‘Your California Privacy Rights’ in the subject field of your email or include it in your writing if you choose to write to us at the above mailing address. Please also include: your name; street address; city; state; and ZIP code. Please note, we are not responsible for notices that are not labeled or sent properly, or do not have complete information.