PRIVACY POLICY (for Bill Presentment, Bill Payment, Account-to-Account (A2A) Transfers and Person-to-Person (P2P) Payments Services)

1. Introduction. The following privacy disclosures are provided by Aspen Federal Credit Union (hereinafter "we" or "us") in connection with the Bill Payment and Bill Presentment Services, and as applicable, the Account-to-Account (A2A) and Person-to-Person (P2P) Payments Services (collectively, the "Services") offered through our online banking site (the "Site"), and describe the types of "Personal Information" (information that is identifiable to a particular person) that we (directly or through our service providers) collect in connection with the Services, and how we use, share and protect that Personal Information. These disclosures supplement the disclosures that you have already been provided in connection with our Site and the other services offered through the Site. Some of this information is required by U.S. federal law or other law. Please read this Privacy Policy carefully to understand what we do.
   
   
2. Eligibility. The Site and the Services are offered pursuant to the restrictions and eligibility requirements as described in the Terms of Service or other disclosures on the Site. We do not knowingly offer the Services to nor collect any Personal Information from or about individuals under 18 years of age. Please do not submit such information to us, and as a parent or legal guardian, please do not allow your children to submit personal information without your permission. By using the Site and/or the Services, you represent that you meet these requirements and that you agree to the terms of this Privacy Policy.
   
   
3. Scope. This Privacy Policy applies only to the Services as offered on this Site. For more details on what your rights and obligations are when using the Services, please also refer to the Terms of Service and other notices and disclosures regarding the Services. See the Site home page for disclosures regarding the rest of the Site.
   
   
4. Cookies, Browser Information and Related Issues.
   1. When you visit the Site or use the Services, we may receive certain standard information that your browser sends to every website you visit, such as the originating IP address, browser type and language, access times and referring website addresses, and other such information. This data may be used, among other uses, to improve the operation of the Site and Services and to improve the security of the Site and Services by assisting in "authenticating" who you are when you access the Site or Services, particularly if you register for a Service and are issued or create a username and password.
   2. We may also receive additional information about your visit to the portion of the Site that hosts the Services, including the pages you view, the links you click and other actions you take. This data may be used among other uses to improve the operation of the Services and the portion of the Site that hosts the Services.
   3. Like most websites, the portion of the Site that hosts the Services uses "cookies," which are small data files placed on your computer or other device by the web server when you visit the Site. Most such cookies are "session" cookies that are only used for a specific period during which you are on the Site in order to maintain the session, but a few are "persistent" cookies that stay on your device and are read by the web server when you return to the Site(unless you erase them). The portion of the Site that hosts the Services uses cookies to store your preferences and other information on your device in order to recognize the device through which you accessed the Site for security purposes and to save you time by eliminating the need to repeatedly enter the same information, and to display your personalized content on your later visits. These cookies may be linked to Personal Information about you, such as your email address. We may also use cookies on an aggregated basis to see which parts of the Site and Service our customers use and do not use. Cookies will not be used to deliver or run programs on your device. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, you may not be able to sign in (or you may need to take additional steps to sign in) or you may not be able to use other interactive features of the Services that depend on cookies.
   4. We may also receive additional technical data about the device being used to access the Site or Services ("Device Data") (such as device IDs, device models, operating system version, application types and versions, browser type, language, and plug-ins, originating IP address, and time zone and geolocation information). Device Data may be used as part of our security controls to uniquely identify the device, authenticate the user when accessing the Site and Services, and shared (along with information about any fraudulent transactions using the device) with one or more third party service providers, that will compare and add the Device Data and fraud data from and about you to a database of similar device and fraud information in order to provide fraud management and prevention services, which include, but are not limited to, identifying and blocking access to the Services by devices associated with fraudulent or abusive activity. We will not share with service providers any information that personally identifies the user of the applicable device.
   5. With respect to personally identifiable information about an individual consumer's online activities over time and across different Web sites or online services when a consumer uses this Service, except as required by law: (1) parties other than the operator of this Service are not permitted to collect such information, and (2) the operator of this Service does not collect such information (except any such information that is reasonably necessary to process and document user transactions, such as payment history). Therefore, this Service has no need to respond and does not respond to Web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of such information.
   
   
   
5. What Types of Personal Information We May Collect. In addition to the types of information described in Section 4 above, we may also collect Personal Information about you. This information may include:
   1. Social Security number, date of birth, name, postal address, email address, telephone number, and other information that we can use to contact you, verify your identity, and manage risks, such as information maintained about you by identity verification services and consumer reporting agencies, including credit bureaus;
   2. names of billers for bills that you would like to view and/or pay online, contact information for those billers, and billing account information, including billing account numbers;
   3. name, email address and telephone number that you provide us for other persons to whom you would like to send payments;
   4. bank account information (checking, money market or other direct deposit account, credit card account, or debit card account) including any required routing information, account numbers, transaction history, card expiration date and billing address for accounts that you designate for funding or receiving payments, fees, debits and credits for the Services;
   5. username, password, secret questions and secret answers for resetting passwords, and other authentication credentialing used to verify that only authorized users access the Services;
   6. any Personal Information that you may enter in response to surveys about the Services or into information blocks within in the Services; and
   7. payment and other transaction information, payment information and other transaction history for payments and other transactions in which you participate through the Services;
   
   
   
6. How We May Collect Personal Information About You. We may collect Personal Information about you from the following sources:
   1. Enrollment applications, survey responses, and other electronic or paper forms that you fill out in connection with the Services;
   2. Your use of the Site and Services (such as when you send a payment or initiate a payment instruction), and your interactions with customer care, including information you enter or speak, and information transmitted by your computer, mobile phones and other devices you use to connect to the Site or Services; and
   3. We also collect Personal Information about you from others, as permitted by law, such as individuals financial institutions using the Services, credit bureaus, Affiliates or other companies (such as identity verification services and consumer reporting agencies, and companies (such as your billers) that provide content (such as electronic bills) to the Services).
   
   
   
7. How We May Share Personal Information About You. We share Personal Information about you only as permitted by law. For Personal Information that is nonpublic and that we collect in connection with a financial service, U.S. federal law permits us to share the information only for the purposes shown in the table below:
   
   

   Reasons we can share your Personal Information	Do We share?	Can you limit this sharing?
   a. For our everyday business purposes - such as to process your transactions, maintain your accounts, respond to court orders and legal investigations, and report to credit bureaus;	Yes	No
   b. For our marketing purposes - to offer our products and services to you;	Yes	No
   c. For Joint Marketing with other financial companies;	Yes	No
   d. For our Affiliates' everyday business purposes (information about your transactions and experiences);	Yes	No
   e. For our Affiliates' everyday business purposes (information about your creditworthiness);	No	We Do Not Share
   f. For our Affiliates to market to you;	No	We Do Not Share
   g. For Nonaffiliates to market to you	No	We Do Not Share

   
   

   Before we can lawfully share such Personal Information as described in (e), (f) or (g), we are required to offer you an opportunity to opt out, and we will do so if we ever intend to share such Personal Information. For California residents, and for residents of any other states where it is required, we will obtain your consent prior to sharing Personal Information as described in (g) unless otherwise required or permitted by law. We may lawfully share such Personal Information as described in (a), (b), (c) and (d) without offering an opt-out, and we may do so. For example, to process your transactions (an "everyday business purpose"), we may share a small amount of Personal Information about you to a biller to whom you send a payment, or a Receiver identified in your Payment Instructions, including your name, email address, telephone number and anything you type into the "message" field, or to a Sender who has sent you a payment that you accepted (including your name, email address, telephone number, and the payment amount). However, the Terms of Service require a person who receives information about another person through the Services to keep the information confidential and only use it in connection with the Services.

   We may share certain Personal Information and Device Data about you and your devices with third party service providers, who will compare and add the Device Data and fraud data from and about you to a database of similar device and fraud information in order to provide fraud management and prevention services, which include, but are not limited to, identifying and blocking access to the applicable Service or Site by devices associated with fraudulent or abusive activity. Such information may be used by us and our third party service providers to provide similar fraud management and prevention services for services or Web sites not provided by us. We will not share with service providers any information that personally identifies the user of the applicable device.

   Identity and Location Verification: You authorize your wireless carrier to disclose information about your account, such as subscriber status, payment method and device details, if available, to support identity verification, fraud avoidance and other uses in support of transactions for the duration of your business relationship with us. This information may also be shared with other companies to support your transactions with us and for identity verification and fraud avoidance purposes.

   In the “Lookup” feature of the P2P Service, other users of the Service who enter your contact information will be shown whether or not you are “In-Network” (a registered user of the Service).

   
   
   
8. How We May Use Personal Information About You. We use Personal Information about you only as permitted by law, including but not limited to the following purposes:
   1. To complete transactions and render services authorized by you;
   2. Other everyday business purposes of ourselves and our Affiliates, such as to maintain your accounts, to authenticate you when you log in, to send you information about the Services that you have subscribed to and other Services offered on the Site, to effect, administer and enforce transactions, to perform fraud screening, to prevent actual and potential fraud and unauthorized transactions, to verify your identity, to determine your transaction limits, to determine your credit history, to report to credit bureaus, to perform collections, to comply with laws, regulations, court orders and lawful instructions from government agencies, to protect the personal safety of subscribers and the public, to prevent and defend claims, to resolve disputes, to troubleshoot problems, to enforce our Terms of Service, to protect our rights and property, and to customize, measure, and improve the Services and the content and layout of the Site including pattern recognition, modeling, enhancement and improvement, system analysis, and Service performance analysis; and
   3. For marketing purposes - to offer products and services to you, although you may opt-out of receiving commercial email marketing messages from us by following the opt-out processes described in those messages.
   
   
   
9. Other Important Information.

   California: Under California law, we will not share information we collect about you with Nonaffiliates, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our Affiliates to the extent required by California law.

   Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our Affiliates, unless the law allows. We will not share information about your creditworthiness with our Affiliates except with your consent, but we may share information about our transactions or experiences with you with our Affiliates without your consent.

   
   
   
10. Definitions.
    1. Affiliates: Companies related by common ownership or control. They can be financial or nonfinancial companies.
    2. Nonaffiliates: Companies not related by common ownership or control. They can be financial or nonfinancial companies.
    3. Joint Marketing: A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
    
    
11. Updating Information About You. You may update the Personal Information maintained about you by contacting us at 844-228-7126
    
    
12. How We Protect Personal Information About You. To protect Personal Information about you from unauthorized access and use, we maintain physical, electronic, and procedural safeguards, including but not limited to security measures that comply with applicable federal and state laws. We also require our service providers and business partners to whom we disclose the information to do the same.
    
    
13. Protection for Former Customers. When you are no longer using the Services, we continue to protect, use, and share Personal Information about you as described in this Privacy Policy and as required by law.
    
    
14. Keeping Up to Date with Our Privacy Policy. We may amend this Privacy Policy at any time by posting a revised version on the Site, which will be effective at the time it is posted unless a delayed effective date is expressly stated in the revision. You may (in our discretion) also be provided with an email notification of such amendments. You may (in our discretion) be required to affirmatively acknowledge or accept the revised Privacy Policy in order to continue using the Services. Any use of the Services after a notice of change (whether by Site posting, email, or express acknowledgment or acceptance) will constitute your express agreement to such changes.
    
    
15. Contacting Us. If you have any questions about this Privacy Policy, you may contact us at :

    In writing: Aspen Federal Credit Union
    ATTN: Privacy Management
    4956 5th Street
    Rapid City, SD 57701
    Email: info@aspenfcu.com
    Telephone number: 844-228-7126
    

23.4