Effective: July 1, 2023
We may revise and update this Policy from time to time in our sole discretion. All changes are effective immediately when we post them to the Website, and apply to all access to and use of the Website thereafter. Your continued use of the Website following the posting of revisions means you acknowledge the changes. You are expected to check this page from time to time so you are aware of any changes.
This Policy applies to information we collect:
- On this Website;
- In email, text, and other electronic messages between you and this Website;
- Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website; or
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Policy.
This Policy does not apply to information collected by:
- The League offline or through any other means, including on any other website operated by any third party (including our affiliates and subsidiaries); or
- Any third party (not affiliated with our Website or services offered through our Website), including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Data protection is a high priority for the League. The use of the Website pages of the League is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our Website, processing of personal data could become necessary.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject is in line with the California Consumer Privacy Act (CCPA), and in accordance with other state-specific data protection regulations applicable to the League. By means of this Policy, we like to inform the public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this Policy, of the rights to which they are entitled.
We and our service providers have implemented measures designed to secure your personal information from unintentional loss and from unauthorized access, use, alteration, and disclosure. We believe we have taken reasonable precautions necessary to maintain security for this Website.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a user name, password or any other piece of information for access to certain parts of our Website, you are responsible for keeping this information confidential. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this Website or portions of it using your user name, password or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
Ultimately, the transmission of information via the Internet is not completely secure. Although we take reasonable precautions to protect your personal information, we cannot guarantee the security of information transmitted to or stored on our Website. Any transmission or storage of information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Website and its contents to you.
- To provide you with information, products, or services you request from us.
- To fulfill any other purpose for which you provide it.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Website or any products or services we offer or provide though it.
- To monitor and identify potential fraudulent or suspicious activity.
- To allow you to participate in interactive features on our Website.
- To contact you when we believe there is an issue that needs to be communicated, such as site outages or planned maintenance.
- To use for marketing and user-evaluation purposes, including marketing of services by our affiliates.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent or such other legal basis as may be relevant, but, where appropriate, only after notifying you in advance with any information that we are required to provide to you.
By means of a cookie, information and offers on our website can be optimized with the specific user in mind. Cookies allow us to recognize our Website users. The purpose of this recognition is to make it easier for users to use our Website.
Collection of general data and information
Our Website collects general data and information when a data subject calls up the Website. This general data and information are stored in the server log files. Collected information may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our Website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, the League does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our Website correctly, (2) optimize the content of our Website as well as its advertisement(s), (3) ensure the long-term viability of our information technology systems and Website technology, and (4) provide information necessary for investigation, civil claims and /or criminal prosecution in case of a cyber-attack. Therefore, the League analyzes anonymously collected data and information statistically, with the aim of increasing our data protection and data security, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Disclosure of Your Information
We may use and disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this Policy:
- To our affiliates to market their products or services to you if you have consented to these marketing disclosures and to receive marketing emails.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To our clients regarding the use of the Website by their employees and representatives.
- To a buyer or other successor in the event of a merger, reorganization, dissolution, or other sale or transfer of some or all of the League's assets, in which personal information held by the League about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the League or its affiliates, our clients, or others.
Subscription to Newsletters, Events, and other Marketing Emails
Our Website contains information that enables a quick electronic contact to the League, as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the League by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the League are stored for the purpose of processing or contacting the data subject. Your personal data may be stored in a third-party marketing management platform to facilitate the delivery of marketing emails and materials to you.
Users of our Website may request to receive a variety of services, including but not limited to:
- Submissions through the Website’s “Contact Us” form
- Registering for events, and
- Subscribing to marketing emails or notifications
You may also opt in to receive marketing emails by engaging with the League through various ways, including:
- Clicking on links through advertising and social media platforms,
- Engaging with us directly through social media platforms, and
- Responding to marketing forms through email to which you have already subscribed
The database(s) storing the list of subscribed users resides on systems within the United States of America for users located in the United States of America.
Our newsletter is available for members with a password to view on our Website, but email notifications of new newsletters or other marketing updates may be received if (1) you have a valid e-mail address and (2) you register to receive email notifications.
When opting into newsletter notifications, a confirmation e-mail will be sent to the registered e-mail address. This confirmation e-mail is used to prove the owner of the e-mail address is the data subject authorized to receive the notifications.
During the registration for these services, we may also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. Your computer’s IP address may be stored in a marketing management platform, but is not directly accessible by our administrators or marketing staff. The collection of this data is necessary to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves to protect the controller.
The personal data collected as part of registration for these services will be used to send the requested information and may also be used to contact you about service offerings. In addition, subscribers to newsletters may be informed by e-mail, as long as this is necessary for the operation of the newsletter or a registration in question, as this could be the case in the event of modifications to the newsletter, or in the event of a change in technical circumstances.
Personal data may be transferred to a third party for purposes of facilitating delivery of the marketing messages and notifications. The subscription to receive marketing messages may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for delivering the messages or notifications, may be revoked at any time. For the purpose of revocation of consent, a link to manage your preferences and unsubscribe from the marketing messages is found in each email message.
Our marketing emails contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the League may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the emails are stored and analyzed by the controller in order to optimize the delivery of the emails, as well as to adapt the content of future marketing messages to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke their consent issued by means of the opt-out procedure. After a revocation, the user’s information will be marked to be unsubscribed from any marketing messages or notifications. The League automatically regards a withdrawal from the receipt of the marketing messages as a revocation.
Information for California Residents
Effective: July 1, 2023.
Outlined below are the categories of information that we collect from California consumers (in general terms), the sources of the information, the purposes for which the information is used, and the categories of third parties to whom we disclose the information for business purposes (and information on how to opt-out).
The CCPA defines personal information ("Personal Information”) as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
The following are the categories of Personal Information that we have collected from our users over the last 12 months (and examples of the types of information those include), the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, the categories of third parties with whom we disclose the information for a business purpose, and the categories of third parties to whom this type of personal information is sold. Note, we do not sell, and in the past 12 months we have not sold, personal information to any third parties.
The Personal Information we collect about consumers will depend upon how you use our Website or otherwise interact with us. Accordingly, we may not collect all of the below information about you. We may also collect and/or use additional types of information after providing notice to you before collection and obtaining your consent (to the extent such notice and consent is required by the CCPA). The following are examples of Personal Information we may collect as categorized by the CCPA:
| A. Identifiers
Name, physical address, email address; phone number
| B. Personal information categories listed in the CCPA
Name, address, telephone number, email address; account password; signature; credit card number; gender; race/ethnicity; veteran
Some personal information included in this category may overlap with other categories
C. Protected classification characteristics under California or US federal law
Age, race, gender, ethnicity or national origin
D. Commercial information
| Product interest; purchase history
E. Biometric information
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns
| F. Internet or other electronic network activity information
G. Geolocation data
| Physical location or movement
| H. Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information
I. Professional or employment-related information
Professional certifications, work history
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records
| K. Inferences drawn from other personal information.
preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes; attendance history; food preferences/dietary restrictions to the extent disclosed
Use of Personal Information
Please see the “How We Use Your Information” section to learn more about how we use the information we collect.
Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
Within the last 12 months, we have disclosed Personal Information for our business purposes. To learn more about the categories of third parties with whom we share Personal Information, please see the “Disclosure of Your Information” section.
Your California Privacy Rights
If you are a California consumer, you have certain rights related to your Personal Information, including:
1. The right to know what Personal Information we have collected about you within the last 12 months:
- the categories of Personal Information we collected about you and the categories of sources from which we collected the Personal Information,
- the business or commercial purpose for collecting, selling, or sharing Personal Information we collected,
- the categories of third parties to whom we disclose Personal Information about you, and
- the specific pieces of Personal Information we collected about you.
2. The right to correct inaccurate Personal Information we collected about you.
3. The right to delete Personal Information that we have collected from you, subject to certain exceptions.
4. The right to opt out of the sale or the sharing of Personal Information.
- We do not sell Personal Information
5. The right to limit the use or disclosure of your sensitive personal information.
- We do not use or disclose sensitive personal information
6. The right not to receive discriminatory treatment by a business for exercising your CCPA privacy rights, including the right not to be retaliated against for exercising your CCPA rights.
Making a Request
You may make a request to know, correct, or delete by:
- Contacting us at 1-800-860-6180, or
2. Submitting you request at firstname.lastname@example.org
When you request access to the Personal Information we have collected or request correction or deletion of your Personal Information, we will provide the requested information within 45 days, subject to verifying as described below. You will be notified within that time period if we need additional time to process your request.
You may only submit a request to know twice within a 12-month period.
Verifying Requests to Access
We will take steps to verify your identity to fulfill your request. We will verify your email address is active and we will take steps to verify the information you provide to us. In order to verify your identity we will request the following pieces of information: your name, email address, and ZIP code.
To safeguard against fraudulent requests, after submitting your request we will take steps to confirm that you want your information deleted.
Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. To the extent permitted by law, we may require you to verify your own identity in response to a request, even if you choose to use an agent. If we are unable to verify your identity (or the identity of someone submitting a request on your behalf) we will not delete the information.
In response to a deletion request, we may erase some information and we may de-identify some information. To de-identify information, we use technical safeguards and business processes that prevent re-identification. Business processes prevent the inadvertent release of de-identified information and no attempt will be made to re-identify information.
Users under the Age of 16
We do not knowingly collect personal information of children under the age of 16.
Information for Virginia, Connecticut, Colorado, and Utah Residents
US state privacy regulations provide Virginia, Connecticut, Colorado, and Utah residents with specific rights regarding their personal information. For more information, please see the Connecticut Data Privacy Act, Colorado Privacy Rights Act, Virginia Consumer Data Protection Act, and Utah Consumer Privacy Rights Act.
Consumers in these states can exercise their rights via the methods described in Exercising Right to Know, Data Portability, Right to Deletion, and Right to Correct. To appeal our decision as a Controller with regard to a consumer request, or to contact US, please view the Contact Us About Questions section.
Making a Request
You may make a request to know, correct, or delete by:
- Contacting us at 1-800-860-6180, or
- Submitting you request at email@example.com
For more information, you can write to us at Iowa Credit Union League, Attn: Support, 7745 Office Plaza Drive North, Suite 170, West Des Moines, IA 50266 or call us at 1-800-860-6180.