Privacy Act & Disclosures

Your privacy is important to us. This Privacy Policy explains how we collect, share, use, and protect your personal information through your online and offline interactions with us. This Privacy Policy is adopted in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”).

Personal Information We Collect

As used in this Privacy Policy, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Personal information does not include:

• publicly available information.
• de-identified or aggregated consumer information.
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”) and the Gramm-Leach-Bliley Act (GLBA).

Categories of Personal Information We Collect

As a financial institution, Monterra Credit Union collects and discloses personal information to provide products and services to our members and for business, security, or operational purposes compatible with the context in which the personal information was collected and this privacy policy. In the preceding 12-months, we have collected the following categories of personal information.

• Identifying information (real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers).
• Personal information categories listed in the California Consumer Records statute (Cal. Civ. Code Section 1798.80(e)).
• Protected classifications required under state or federal law (name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information).
• Commercial information (records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
• Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
• Internet or other similar network activity. Internet or similar network activity (browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement).
• Professional or employment-related information (current or past job history or performance evaluations).

We obtain the categories of personal information from the following categories of sources:

• Directly from you. For example, from forms you complete, when you perform transactions, when you purchase products or services or when you contact us about our business opportunity.
• Indirectly from you. For example, from observing your actions on our website, when you use your debit or credit card, when you make deposits or withdrawals to/from your accounts, or when you pay your bills.
• We also receive information from third parties, such as credit reporting agencies, government agencies, law enforcement authorities, or service providers.

Use of Personal Information

We may collect, use, or disclose personal information for one or more of the following purposes:

• To fulfill or meet the reason for which the information is provided.
• To provide you with information, products, or services that you request from us.
• To provide you with email alerts and other notices concerning our products or services, events, or news, which may be of interest to you.
• To carry out our obligations and enforce our rights arising from a contract entered into between you and us, including billing and collections.
• To improve our website and present its contents to you.
• For testing, research, analysis, and product development.
• To protect the rights, property or safety of us, our employees, our members, or others.
• To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sale of Personal Information

Monterra Credit Union does not sell personal information.

Sharing Personal Information

We only share your personal information subject to the Gramm-Leach-Bliley Act. Please see our Federal Privacy Policy and our California Financial Information Privacy Act to understand how we comply with the Federal Privacy Polity and California Financial Information Privacy Act or opt-out.

Disclosing Personal Information for a Business Purpose

We may disclose your personal information to a third party for a business purpose or commercial purpose. When we disclose personal information for a business or commercial purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not to use it for any purpose except performing the contract.

In the preceding 12-months, we have disclosed the categories of information listed in the section above, for a business or commercial purpose. We disclose your personal information for a business or commercial purpose to the following categories of third parties:

• Service providers, including statement printers, and mailing houses.
• Outside companies or organizations that host, maintain, manage, or provide other services to us in relation to our products and services.
• Third parties that provide financial products and services to our members such as our card processors, online banking provider, and bill pay provider.
• Companies related by common ownership or control. These companies can be financial and nonfinancial companies.
• Government agencies, which include public authorities and law enforcement agencies, to respond to a lawful request, or to provide information we believe is important or required under applicable law.
• For other legal reasons, such as to monitor compliance with and to enforce our terms and conditions; to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others; to protect against potential or actual fraud, money laundering, terrorism, or other illegal activity; and for risk management purposes.
• We may also share information with outside accountants, auditors, lawyers, and other outside professional advisors to the Credit Union, subject to a requirement that such advisors keep your information confidential.
• Outside companies or organizations, including credit bureaus and other consumer reporting agencies, for routine and required reporting.
• Mortgage companies, securities broker-dealers, insurance companies, and direct marketing companies.

Your Rights and Choices

Monterra Credit Union uses this personal information to provide financial products and services, service loans, and complete transactions as requested by our members. In order to do this, Monterra Credit Union must disclose our members’ personal information to our third-party service providers and as allowed by applicable federal and state laws and regulations. While Monterra Credit Union may disclose our members’ personal information, Monterra Credit Union does not and will not sell this information, and we take the utmost care to ensure the protection and security of our members’ personal data.

Right to Know and Right to Delete

Monterra Credit Union does not collect personal information subject to the right-to-know or the right-to-delete due to an exemption for personal information that is deidentified and an exemption for personal information that is subject to existing federal and state privacy laws, specifically the Gramm Leach Bliley Act (GLBA).

Right to Correct

You have the right to request that we correct personal information that we maintain about you. If we cannot verify your identity, we may deny the request to correct. In such case, the Credit Union will inform you that your identity cannot be verified. In determining the accuracy of the personal information that is the subject of your request to correct, the Credit Union will consider the totality of the circumstances relating to the contested personal information. We may deny your request to correct if we determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not collect or process sensitive personal information for the purpose of inferring characteristics about consumers. We also do not disclose sensitive personal information for purposes other than those specified in section 7027(m) of the CCPA regulations promulgated by the California Privacy Protection Agency. Therefore, we do not offer consumers the option to limit the use of their sensitive personal information.

Right of Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

Contact Information

If you have further questions regarding these rights, please contact Monterra Credit Union by mail at PO Box 910, Redwood City, CA 94064-0910, or by phone at (650) 363-1725 or toll-free (888) 363-1725 or contact Monterra Credit Union.

Effective Date

September 21, 2023

Respecting your privacy is our priority.

These policies outline the type of information that Monterra Credit Union shares and allows you to opt out of information that we share with third parties.

When you open a membership and annually thereafter, you will receive our Federal and State Privacy Policies.

Federal Privacy Policy (GLBA)

You can view the Federal Privacy Policy (GLBA) to see what information Monterra Credit Union shares and what you can limit.

Respecting your privacy is our priority.

These policies outline the type of information that Monterra Credit Union shares and allows you to opt out of information that we share with third parties.

When you open a membership and annually thereafter, you will receive our Federal and State Privacy Policies.

California Financial Information Privacy Act (SB-1)

You can view the California Privacy Policy to see what information Monterra Credit Union shares and what you can limit.

To opt-out of third-party sharing, do one of three things:

1. Complete the form and fax it back to us at (650) 364-0330 or mail it to:
   Monterra Credit Union
   P.O. Box 910
   Redwood City, CA 94064-0910
2. Call (650) 363-1725 or toll-free (888) 363-1725 and tell us you’d like to “opt-out of third-party sharing.”
3. Email optout@monterracu.org and tell us you’d like to “opt-out of third-party sharing.”

If you have any questions or would like to change your sharing preferences, please call (650) 363-1725 or toll free at (888) 363-1725.

How We Collect and Use Your Information

You may interact with us in a variety of ways online, including through a mobile device. We offer sites and applications that permit browsing and do not require registration. We also offer the ability to access your accounts online, which requires you to register and securely login. Information we may collect about you through online interaction includes information you input, such as your name, address, email address, other contact information; data resulting from your activity, such as transaction information; and location information. We may also gather additional information, such as the type of device and browser you are using, the IP address of your device, information about your device’s operating system, and additional information associated with your device. We may also gather information collected through cookies and other technologies, as described further below. This information allows us to better understand your needs, so we can serve you better.

Cookies

Cookies are pieces of information stored directly on the device you are using. We use cookies and information gathered through their use to make your experience with Monterra Credit Union more personalized based on the products, services, or other interactions you have with us and other sites. Cookies allow us to collect information such as browser type, time spent on the site, pages visited, language preferences, and your relationship with us. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while engaging with us, and to recognize your device to allow your use of our online banking products and services. We collect statistical information about the usage of the site in order to continually improve the design and functionality, to monitor responses to our advertisements and content, to understand how Members and visitors use the site, and to assist us with resolving questions regarding the site. We also utilize cookies for advertising purposes. Google Analytics is used to collect much of this information. For more information about Google Analytics, view Google’s Privacy Policy.

Cookie Settings and Do Not Track Signals

You can refuse to accept cookies and enable “Do Not Track” signals as most devices and web browsers offer their own privacy settings. You will need to manage your privacy settings for each device and browser you use. If you do not accept cookies, you may be unable to use many features of our site, including online products and services. For example, you will not be able to access our online banking services if all cookies are blocked. In addition, if you only block third-party cookies, you will not be able to access Bill Pay, Monterra Rewards, loan applications, Visa® online access, and eStatements within online or mobile banking. Our website does not honor “Do Not Track” signals and any use of tracking software does not result in the collection of personally identifiable information.

“Do Not Track” signals and cookie settings may vary among browsers and devices. We attempt to create a consistent experience for members, but we may be unable to recognize all privacy settings due to the evolution of industry standards and technological advancement.

IP Address

Your IP address is a number that is automatically assigned to the device that you are using by your Internet service provider (ISP). An IP address is identified and logged automatically in our server log files whenever a user visits the site, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice on the Internet and is done automatically by many web sites. We use IP addresses for several purposes, such as calculating site usage levels, helping diagnose server problems, personalizing/tailoring your experience while engaging with us online and offline, for compliance and security purposes, for advertising, and for administering the site.

Remarketing Monterra Credit Union’s website uses Google AdWords and Google Analytics

Monterra Credit Union’s website uses the Google remarketing service to advertise on third-party websites (including Google) to previous visitors to our site. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to Monterra Credit Union’s website. Google is not used during access to online banking or during mobile application activity. Please be assured any data collected will be used in accordance with our own privacy policy and Google’s Privacy Policy.

You can set preferences for how Google advertises to you using the Google Preferences Page, and if you want to, you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin. You can also use the Google Analytics Opt-Out Browser Add-On to provide you the ability to prevent your data from being used by Google Analytics. Alternatively, you can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising initiative opt-out page.

Third-Party Widgets

We may allow certain widgets (e.g., social share buttons) on our site to provide Members with the ability to easily share information to another platform, usually social media platforms. These platforms may access your cookies and other information once you have logged on to their platform. Please note that third parties' use of cookies and information that you provide to them is subject to their own privacy policies, and not the Monterra Credit Union Online Privacy Practices.

Third-Party Disclosure

We do not disclose or sell personal information about you or our former Members to non-affiliated third parties, except as permitted or required by law or regulation or as specified above (See Google AdWords and Third-Party Widgets). We may disclose all of the information we collect to companies with whom we have a financial services agreement to offer financial products and services to you.

Children’s Online Privacy

Our site is not directed to individuals under the age of 13, and we request that these individuals do not provide personal information through the site. We do not knowingly collect information from children under 13 without parental consent. The Children’s Online Privacy Protection Act of 1998 (COPPA) restricts the collection, use, or disclosure of personal information from and about children under the age of 13 on the Internet. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission website.

Monterra Credit Union is committed to protecting our members' financial and user information. We use state-of-the-art security technology and are confident that your personal information will remain secure.

Virtual security

Virtual security is the prevention of data interception upon transmission. The security of the communications between you (your browser) and our servers is ensured using cryptography. Cryptography scrambles messages exchanged between your browser and our online banking server. Encryption happens as follows: When you go to the sign-on page for online banking, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to descramble (decrypt) the messages when they are received. The SSL protocol, not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window and the URL (website address) changing from http to https.

The numbers used as encryption keys are analogous to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have.

As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Today's browsers offer 128-bit encryption. We require the use of 128-bit capable browsers.

Physical security

Physical security refers to objects and measures that insure the security of our site, server and databases. The network architecture used to provide the online banking service was designed by certified network security professionals. While the architecture is too complex to explain here, it is important to point out that the computers that store your actual account information are not directly connected to the Internet. The requests you make through the Internet are handled by our servers, which retrieve the information you requested from our mainframe via proxy-based firewall servers. These servers act as the go-between you and our mainframe computers. Our data center is a physically secure and protected area from access by unauthorized persons.

Application security

It is also important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center. We allow you to enter your password incorrectly five (5) times. If you enter your password incorrectly five (5) times, your online banking account will be temporarily locked for 1 hour. If you need to access your account right away, you can call the Member Contact Center or simply wait the 1 hour before attempting to login again. After 1 hour, you can attempt to log into online banking again. Should you enter your password incorrectly five (5) more times, you will be prompted to call the Member Contact Center. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e., someone trying to guess your password).

We provide a number of additional security features in online banking. Online banking will "timeout" after ten (10) minutes of inactivity. This prevents other persons from continuing your online banking session in case you have left your computer unattended without signing out. However, we recommend that you always sign out when you have completed your online banking session. Active online banking users will be signed out after 24 hours. Active mobile banking users will not be signed out.

User security

You play a crucial role in preventing others from logging on to your account. Never use passwords that are easy to guess. Examples of bad passwords are: birth dates, first names, pet names, addresses, phone numbers, Social Security numbers, etc. Never reveal your password to another person. You should periodically change your online banking password