Internet Privacy Statement
The purpose of this policy is to ensure that NavyArmy Community Credit Union (NavyArmy) complies with existing federal and state laws with respect to the privacy and security of our members’ nonpublic personal information. NavyArmy is committed to making available financial products and services that will enable our members to meet financial needs and reach financial goals. Protecting personal information and using it in a manner consistent with member expectations is NavyArmy’s highest priority.
NavyArmy shall protect the confidentiality, security, and integrity of each member’s nonpublic personal information in accordance with existing state and federal laws. The credit union will maintain physical, electronic, and procedural safeguards that comply with federal standards to guard members’ nonpublic personal information. The credit union will collect, use and retain only the personal information that we believe is necessary to help provide our products, services and other opportunities to our members.
Information Security Program
NavyArmy’s management shall be responsible for developing, implementing, and maintaining an effective information security program to:
- Ensure the security and confidentiality of member records and information.
- Protect against anticipated threats or hazards to the security or integrity of such records.
- Protect against unauthorized access to or use of such records or information that would result in substantial harm or inconvenience to any member. Management shall report to the board on the status of the credit union’s information security program.
Assessment of Risk
In order to assess the risks that may threaten the security, confidentiality, or integrity of member information or member information systems, the credit union shall:
- Identify all reasonably foreseeable internal as well as external threats that can result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems.
- Determine the likelihood as well as potential damage of the internal and external threats.
- Determine the sufficiency of the credit union’s policies, procedures and member information systems to control the identified risks.
- Implement upgraded security procedures to deal with identified risks as necessary.
Management and Control of Risk
In order to manage and control the risks that have been identified, the credit union shall:
- Establish written procedures designed to implement, maintain and enforce the credit union’s information security program.
- Limit access to the credit union’s member information systems to authorized employees only.
- Establish controls to restrict employees from providing member information to unauthorized individuals.
- Limit access at the credit unions physical locations containing member information, such as buildings, computer facilities, and records storage facilities to authorized individuals only.
- Provide password protection and/or encryption of electronic member information including but not limited to information in transit or in storage on networks or systems to which unauthorized individuals may have access.
- Implement internal control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to member information.
- Monitor the credit union’s systems and procedures to detect actual and attempted attacks on or intrusions into the member information systems.
- Establish response programs that specify actions to be taken when the credit union suspects or detects that unauthorized individuals have gained access to member information systems, including appropriate reports to regulatory and law enforcement agencies.
- Implement measures to protect against destruction, loss, or damage of member information due to environmental hazards, such as fire and water damage or technical failures.
- Regularly test, monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, and internal or external threats to the credit union’s information security systems.
- Regularly test the key controls, systems, and procedures of the information security program.
- Ensure that all contracts with service providers contain appropriate provisions requiring the service providers to protect the confidentiality of the credit union member’s nonpublic personal information. Under no circumstances will we authorize these firms to charge member’s accounts without their expressed consent. NavyArmy Community Credit Union does not sell or otherwise provide member names or other information to third parties for purposes inconsistent with the credit union’s mission.
Employees shall be trained with regard to their responsibilities under this policy. In addition, employees shall be trained to recognize, respond to, and where appropriate, report any unauthorized or fraudulent attempts to obtain member information.
Specific Internet Related Information:
Usage, Collection and Retention of Information
Visitors to our website will remain anonymous. We do not collect personal identifying information about visitors to our site. We will automatically collect standard non identifying information about visits to our site, such as the date and time of your visit, the internet provider address you were assigned, city, state, and country and the pages you access on our website. This information is used to compile standard statistics on site usage. For our members accessing our online banking product we will collect, use and retain only the personal information that we believe is necessary to help provide our products, services and other opportunities to you. Information that is collected automatically from your browser when you visit our online banking website includes, your IP address, your browser type and language, access times, and the content of any undeleted cookies that your browser previously accepted from us (see “Internet Private Browsing” below).
Collection and Retention of Email Addresses
If you have provided identifying information via e-mail (e.g., name and address), the information will only be used to communicate with you to handle your request. It is not sold or transferred to other parties.
Our Online Banking server is not directly connected to the internet. The data that is transmitted to and from the server must first pass through a firewall. A firewall is a hardware or software device that monitors network traffic and blocks inappropriate connections to other computers on a network.
We have a digital ID which allows us to use Secure Sockets Layer (SSL) encryption for all of the traffic between our server and your browser. This protects your information in the unlikely event that a third party intercepts the data. As well, the digital ID allows your browser to verify our identity every time you visit our website.
Private browsing mode doesn’t offer complete privacy, but it does normally prevent your browser from saving your history, searches, cookies, and other private data between browsing sessions. Websites use online tracking software for various reasons. For example, cookies are small text files placed on your computer while visiting certain sites on the internet. Cookies help websites keep track of personal preferences and recognize return visitors.
You can ‘opt-out’ of website tracking or prevent cookies from being placed on your computer by accessing your browser’s preferences menu. There are also commercial programs available to help you manage or disable website tracking; however, you should be aware that when tracking is not enabled, the supplemental services on our website, such as Online Banking, ePay, and WebLoan may not work properly.
We recommend that you complete your online transaction and sign off before surfing to other sites or turning off your PC. We also suggest that you do not surf to other sites during your online banking session.
Looking Out for Children
We do not knowingly market to or solicit information from children under 13, nor do we post offensive material that is harmful to children. We recognize that protecting children’s’ identities and privacy online is important and that the responsibility to do so rests with both the online industry and with the parents. We encourage parents and legal guardians to supervise the activities of children when using websites. We are not responsible for the data collection and use practices of nonaffiliated third parties to which our websites may link.
- We are very sensitive to the safety of children, therefore, we do not collect or store information on users under the age of 13 (this includes contest entry, play games for prizes).
- If a user under the age of 13 contacts NavyArmy, we respond to them by email once, in accordance with the FTC regulations.
- We promise that any personal information provided to us by a user under age 13 will not be sold, distributed to a third party or utilized, other than to contact the user and respond by email.
Email Risk Management, phone (361)986-4500, or postal mail NavyArmy Community Credit Union, Attn: Risk Management, PO BOX 81349; Corpus Christi, TX 78468.
Information Collection and Use
NavyArmy Community Credit Union is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this policy.