Privacy & Security
BioMetric Information Privacy Policy and Consent
Privacy Statement
VIEW COMPLETE PRIVACY POLICY
A Private Note to Our Members:
Credit Union is owned by its members and run by a Board of Directors elected by the membership. You can be confident that your financial privacy is a top priority of this credit union.
Information We Collect
We collect nonpublic personal information from many sources, including member applications and other applications for products and services, from those who do business with us or with our vendors, and from consumer reporting agencies. Credit Union will collect only the personal information that is necessary to conduct our business.
Information We Disclose
We do not disclose or sell information to non-affiliated businesses or third parties desiring access to our member information. We may disclose information we collect about you under circumstances as permitted or required by law. These disclosures typically include information to process transactions on your behalf, conduct the operations of our credit union, follow your instructions as you authorize, or protect the security of our financial records.
We are committed to provide you with competitive products and services to meet your financial needs, which necessitates that we share information about you with our affiliates, to complete your transactions and to provide you with certain financial opportunities. We have also entered into agreements with other companies that provide either services to us or additional financial products for you to consider. Under these agreements, we may disclose information we collect to companies that perform marketing or other services on our behalf or to other financial institutions with whom we have joint marketing agreements. To protect your privacy, we require these companies to agree to maintain strong confidentiality protections and we prohibit their use of this information other than to carry out the purposes for which it is disclosed.
If you terminate your membership with Credit Union, we will not share information we have collected about you, except as permitted or required by law.
Steps We Take To Protect Your Information
We restrict access to nonpublic personal information about you to those employees who have a specific business purpose in utilizing your data. Our employees, members of the Board of Directors and Committee Members shall maintain confidentiality and member privacy. We maintain physical, electronic, and procedural safeguards that comply with federal regulations and industry practices to safeguard your nonpublic personal information.
Loan Applications
Our web site will be checked every day that we are open for lobby business. The loan department will treat an application received via our web site the same as a loan application taken by phone or in person and it will be processed as quickly as possible. You will be contacted regarding the approval or denial of the loan request. You may also be contacted if further information is necessary to process your application.
E-mail
Personal information contained in e-mail sent by members and non-members will be reviewed by AAC Credit Union staff and used to improve the level of service we provide. Unless specified, appropriate follow-up will be determined by the nature of the question, comment, or complaint. Please be advised that we cannot guarantee the security of e-mail messages against interception by unauthorized individuals.
Linking to Other Web Sites
AAC Credit Union is not responsible for the content of any third party Web site or the privacy practices of such third parties. In addition, a link from our Web site to another Web site does not indicated that Credit Union endorses the services or policies of such third party Web site. You should always investigate the information practices of all Web sites that you access and carefully examine the privacy policies, if any, of the Web sites appearing on or linking to or from our Web site. Information collected from the linked Web sites will be subject to the information practices of those Web sites.
Privacy
When your member conduct their credit union business (transactions) through your Web site they should feel as comfortable as they do when they visit you in person.
At AAC Credit Union we understand the need to serve our members privately and appropriately.
After all, members' information is personal; it's proprietary and ought to stay that way. With our security features, we ensure that it does.
AAC CREDIT UNION PRIVACY POLICY
AAC Credit Union's policies and procedures for handling customer information have been created with the understanding that Internet technologies are still evolving and that Internet business methods are continuing to evolve to meet the needs and opportunities of the changing technologies. As a result, these policies and procedures are subject to change.
In the course of serving its customers, AAC CREDIT UNION may acquire, store and transmit customer communications and information that customers may regard as private or sensitive. Some of this information - such as the customer's name, address, telephone number, and credit card data - is provided to AAC CREDIT UNION by its customers in order to establish service. Other information - such as the customer's account status, choice of services, and customer logs - is created and maintained by AAC CREDIT UNION in the normal course of providing service. AAC CREDIT UNION also use cookies, which are small pieces of information that a Web site can store in a designated file on a user's computer for various reasons. For example, AAC CREDIT UNION uses cookies on the landing pages of products sold online which record the customer information that is required on the order form. This information is then forwarded to an internal sales tracking database within AAC CREDIT UNION database. In addition, AAC CREDIT UNION may store customers' electronic mail and other communications as a necessary incident to the transmission and delivery of those communications. AAC CREDIT UNION may share limited customer contact information with selected partners to provide customers with information about products or special that might be of interest to the customer. AAC CREDIT UNION will not otherwise disclose its customers' personal and account information unless AAC CREDIT UNION has reason to believe that disclosing such information is necessary to identify, make contact with, or bring legal action against someone who may be causing harm or interfering with the rights or property of AAC CREDIT UNION, or AAC CREDIT UNION's customers, or others, or where AAC CREDIT UNION has a good faith belief that the law requires such disclosure. Furthermore, AAC CREDIT UNION also will not, except for reasons stated below, disclose to third parties the contents of any electronic mail or other electronic communications that AAC CREDIT UNION stores or transmits for its customers. The circumstances under which AAC CREDIT UNION will disclose such electronic customer communications are when:
- it is necessary in order to provide service to the customer;
- it is necessary to protect the legitimate interests of AAC CREDIT UNION and our customers;
- it is required to cooperate with interception orders, warrants, or other legal process that AAC CREDIT UNION determines in its sole discretion to be valid and enforceable; and
- it is necessary to provide to a law enforcement agency when the contents are inadvertently obtained by AAC CREDIT UNION and appears to pertain to the commission of a crime
Protecting Children's Privacy Online
The Children's Online Privacy Protection Act (COPPA) was passed by Congress in October 1998, with a requirement that the Federal Trade Commission (FTC) issue and enforce rules concerning children's online privacy. The primary goal of the Act and the Rule is to place parents in control over what information is collected from their children online. The Rule was designed to be strong, yet flexible, to protect children while recognizing the dynamic nature of the Internet. Click here to read the Frequently Asked Questions about the Children's Online Privacy Protection Rule.
http://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online
What These Privacy Rules Mean to YOU:
AAC Credit Union is committed to protecting the privacy of children (and everyone) who visits our site. You probably noticed that we don't ask you for your name, we don't ask you for your e-mail address, and we don't have a chat room where other people can ask you for personal information.
Why don't we care about all of your personal information? Because we want you to be a safe cyber-surfer…and we want you to have fun and learn while you're at our site. That's all…just have some fun and learn a few things!
Security
AAC Credit Union will protect the confidentiality of its customers' information, account information and personal communications to the fullest extent possible and consistent with the law and the legitimate interests of AAC Credit Union, its partners, its employees and other customers of AAC Credit Union's services. To guard against the loss, misuse, and alteration of information that is collected from customers, AAC Credit Union has appropriate physical, electronic, and managerial procedures in place.
AAC Credit Union's Web hosting servers are 'hardened' against hackers with proprietary tools, OS tweaks, network procedures and constant monitoring. This is not a guarantee that a hacker could not succeed.
Through Verio, we have System Administrators that are dedicated to Web hosting security. They insure that we are current with all OS security patches. We have very high-level software maintenance contracts with our Vendors (SGI, Cisco, Foundry) so that we are sure to have the latest patches and support staff available to us 24x7x365 for fixes.
Security audits are run regularly on our servers. This supplements our internal efforts to keep our servers as protected as possible. We do record and monitor illegal port accesses both on the networking hardware and the servers. We log all accesses to our servers that allows us to check the accesses for intrusion attempts. Additional technologies are also used to ensure notification of any active attacks.
For Denial of Service attacks, a new procedure that our System Administrators implemented called "ipfilterd" allows us to block attacks directed at a single Web site on a server rather than a network level giving us better granularity. "spamd" is another tool used to minimize the effect of attacks on the system - specifically email. Blocking spam makes us less of a target for those hackers that target Spammers. We also have the following implemented services:
- Triple data backup
- Accessible 24-hour user volume backup
- Regularly scheduled digital tape backups
- Each Virtual Server resides in a protected sandbox
- Potentially insecure programs are disabled or removed
- Hacking alert system immediately notifies system administrators
- Redundant OC12, OC3, and DS3 Internet connectivity
- Cisco routers and switches
- Redundant power backup
- 24/7 data center monitoring
- Security hardened operating systems
Security Statement
AAC Credit Union is constantly concerned about our member’s critical information and privacy. With this in mind, we have the following security services installed on our Internet server:
- Each server is behind a Firewall. Our servers block critical ports and IP addresses on servers from external attack and access.
- Each server runs proprietary software that constantly monitors the servers for unauthorized use and attempts to "hack" into information. Administrators are contact when forced attacks are committed, and countermeasures can be applied to stop these instances.
- All administrative activity requires user login and authentication. All administrative updates are logged into files that can be reviewed later.
- Our web site servers come with a Global Verisign Certificate (RSA) for digitally encrypted communications between the Web server and your member. Information passed in applications cannot be decrypted by third parties attempting to "pick" information being passed across the Internet backbone.
Biometric Information Privacy Policy and Consent
Effective Date: August 1, 2024
Scope and Overview
This policy outlines how AAC Credit Union, its vendors, and/or the licensor of the AAC Credit Union’s consumer verification software processes biometric data collected from you for identity verification and fraud prevention purposes.
Biometric Data Defined
As used in this policy, biometric data includes “biometric identifiers” and “biometric information”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. As the term is used in this policy, the selfie photograph you upload to the software for use in the biometric algorithm is considered a "biometric identifier." “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
Disclosure and Authorization Policy
To the extent that AAC Credit Union, its vendors, and/or the licensor of the AAC Credit Union’s consumer verification software collect, capture, or otherwise obtain biometric data relating to a consumer, AAC Credit Union must first:
Inform each consumer that AAC Credit Union, its vendors, and/or the licensor of the AAC Credit Union’s consumer verification software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and that the AAC Credit Union is providing such biometric data to its vendors and the licensor of the AAC Credit Union’s consumer verification software;
Inform the consumer of the specific purpose and length of time for which the consumer’s biometric data is being collected, stored, and used; and
Receive consent by the consumer authorizing AAC Credit Union, its vendors, and/or AAC Credit Union’s consumer verification software to collect, store, and use the consumer’s biometric data for the specific purposes disclosed by the AAC Credit Union, and for AAC Credit Union to provide such biometric data to its vendors and the licensor of the AAC Credit Union’s consumer verification software.
AAC Credit Union, its vendors, and/or the licensor of the AAC Credit Union’s consumer verification software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, that the AAC Credit Union’s vendors and the licensor of the AAC Credit Union’s consumer verification software may be paid for products or services used by AAC Credit Union that utilize such biometric data.
This policy is intended to comply with all federal, state, and local laws.
Purpose for the Collection of Biometric Data
AAC Credit Union, its vendors, and/or the licensor of AAC Credit Union’s consumer verification software collect, store, and use biometric data solely for identity verification and fraud prevention purposes.
Disclosure
AAC Credit Union will not disclose or disseminate any biometric data to anyone other than its vendors and the licensor of the AAC Credit Union’s consumer verification software providing products and services using biometric data without/unless:
First obtaining consumer consent to such disclosure or dissemination;
The disclosed data completes a financial transaction requested or authorized by the consumer;
Disclosure is required by law or ordinance; or
Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
Security
AAC Credit Union shall use a commercially reasonable standard of care to store, transmit and protect from disclosure any biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which AAC Credit Union stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.
Retention
AAC Credit Union shall retain consumer biometric data only until, and shall request that its vendors and the licensor of AAC Credit Union’s consumer verification software permanently destroy such data when, the first of the following occurs:
The initial purpose for collecting or obtaining such biometric data has been satisfied, such as verification of consumer identity;
Request of consumer to destroy the biometric data; or
Within 30 days of consumer’s provisioning of biometric data.
Contact Information
If you have any questions about our use, storage, or security of your biometric data you can contact us at: msr@goaac.com
BIOMETRIC INFORMATION CONSUMER CONSENT
As outlined in the “Biometric Information Privacy Policy”, I understand and consent to the collection, use, retention, storage, and/or disclosure or re-disclosure of data or images from biometric verification technology by AAC Credit Union, its vendors, and/or the licensor of the AAC Credit Union’s consumer verification software. I acknowledge that I have been given a copy of the Policy, or that the Policy has been made accessible to me, and I have had an opportunity to review it and request any additional information concerning the AAC Credit Union’s procedures and safeguards for collecting, maintaining, using, disclosing, sharing, storing, and/or destroying this data.