Policy, Forms, & Disclosures
General data protection regulation privacy notice
This Privacy Policy ("Privacy Policy") is designed to help you understand how Pentagon Federal Credit Union ("PenFed", "we", "us" or "our") collects and processes the information that you share when you use our website located at www.penfed.org, and each of their associated domains (together, the "Sites"), our mobile applications (the "Apps,"), and other services of ours that you use when you communicate with us (collectively, the "Services"). This privacy notice is applicable only to individuals located in the European Economic Area ("EEA"). You can view PenFed's general privacy policy by visiting www.penfed.org.
For the purpose of the General Data Protection Regulation, PenFed is a Data Controller, as we determine the means and/or purposes of the processing of Personal Information when performing services. PenFed is located at 7940 Jones Branch Drive, McLean, Virginia 22102, U.S.A.
When you access or use the Services, we may collect Personal Information from you. "Personal Information" refers to any information relating to an identified or identifiable individual who is the subject of the information. Depending on the products or services we provide to you, we may collect the following types of Personal Information about you:
We collect any information you voluntarily provide when using our Services, including, for example, your name, address, telephone number, email address, Social Security number, account balances, credit history, payment history, transaction history, overdraft history, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data.
When you use our Services, our servers automatically record information ("Log Data"), including information that your browser sends whenever you visit Sites or that your applications (Apps) send when you're using it. This Log Data may include your Internet Protocol (IP) address, browser type and settings, the date and time of your request, how you used the Services, and pixel data, and cookie data.
Depending on how you're accessing our products, we may use "cookies" (small text files sent by your computer each time you visit our Sites, unique to your PenFed account or your browser) or similar technologies to record Log Data. We use cookies to make your website experience more efficient and personal. You can delete cookies that have already been sent within your browser settings. By disabling certain cookies or enabling your web browser's "Do Not Track" signal or similar mechanism, some of our online features and content may not work properly or be accessible.
In addition to Log Data, we may also collect information about the device you're using to access the Services, including what type of device it is, what operating system you're using, device settings, unique device identifiers and crash data. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
In some cases, such as when a member designates you as a joint account holder, authorized signatory, beneficiary, guardian, custodian, or agent, we receive your personal information from that member.
We may also obtain information about you from other sources and combine that information with information we collect from you directly. For example, we collect your Personal Information from international sanctions lists, third-party websites, government authorities, consumer reporting agencies, affiliates, other companies, or business partners for our everyday business purposes such as to verify your identity, comply with legal requirements, combat fraud, process your transactions, maintain your account(s), or determine your eligibility for products or services.
PenFed restricts the personal information it collects about children to the information their parents or guardians provide to open an account in their name or designate them as beneficiaries on an account. We do not market products or services to children. We do not knowingly collect personal information from individuals under the age of 16 on any Sites.
PenFed uses your Personal Information as necessary (a) in order to perform its obligations under the applicable membership agreements, disclosures, or other documents you agree to; (b) where legally required; and (c) where necessary for the legitimate performance of our business interests provided there is no overriding impact on your interests or rights.
Additionally, PenFed processes your Personal Information for the following purposes:
The Personal Information PenFed collects from you is stored in one or more databases hosted by PenFed or its contracted third parties located in the United States (U.S.). These third parties generally do not use or have access to your personal information for any purpose other than cloud storage, retrieval, or to facilitate a transaction.
We sometimes share the information we collect from and about you with other third parties in accordance with our general privacy policy. Additionally, we share information with public and governmental authorities as required by law or as necessary to investigate illegal conduct or misuse.
You have the right to request access to your Personal Information from PenFed, including, but not limited to, confirmation as to whether PenFed is processing your Personal Information and the following:
You have the right to rectify or correct inaccurate or incomplete Personal Information concerning you, taking into account the purposes of the processing, and the right to have incomplete Personal Information completed.
You have the right to request that we erase your Personal Information where:
Provided PenFed is not required to use your Personal Information to comply with legal or business obligations, you have the right to restrict or limit how we use your Personal Information where:
Should we ask for your consent for the processing of your Personal Information, you have the right to withdraw consent. If you do not provide information that we request, we may not be able to provide (or continue providing) relevant products or services to you or otherwise do business with you.
You also have the right to object to how we use your Personal Information, provided there are no compelling and overriding legitimate grounds for the use of your Personal Information. You also have a right to object to automated decision-making, including profiling and direct marketing. If PenFed uses automated processing to determine your eligibility for any of its products or services, we will generally give you an opportunity to provide consent, as necessary, or opt-out of such activity. If you consent, you will still retain the right to contest the results of the processing and to have a person review those results.
If you are not satisfied with our response, you have the right to complain to or seek advice from an appropriate supervisory authority in the EEA.
If you would like to exercise any of your rights mentioned above, please contact us at the contact information listedin this Privacy Policy. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights. Further, your exercise of these rights may be subject to PenFed's membership disclosures and agreements and legal or regulatory obligations with which PenFed is required to comply.
PenFed may use automated decision-making tools and profiling to serve our legitimate interests, to perform our contract with you, and provide you with products and services in an efficient manner. For example, automated decision-making tools or profiling may be used to assess your eligibility for membership or evaluate your application for credit. If we use your data for automated decision-making or profiling, you will be provided with an opportunity to provide consent, as necessary, or opt-out of such activity. If you do not provide necessary consent or opt-out of these activities, we may not be able to provide or continue providing relevant products and services or otherwise do business with you.
We may use analytics providers to understand how visitors engage with our Sites. Our analytics providers include Google. For additional information on how these providers use your information, please visit Google's privacy policy at https://policies.google.com/privacy. We may also allow others to provide you with advertisements on our behalf across the Internet and to provide analytics services. These entities may use cookies, web beacons and other technologies to collect information about your use of the Sites and other websites, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on the Sites and other websites and better understand your online activity.
The security of your information is important to PenFed. We have implemented commercially reasonable technical, physical and administrative security measures intended to protect your Personal Information from unauthorized access, disclosure, alteration or destruction. Please keep in mind, however, that no data transmitted over the Internet is one hundred percent secure and any information disclosed online can potentially be collected and used by persons other than the intended recipient.
If you would like to learn more about how we protect your Personal Information, please contact us at the information we provide below.
We keep your personal information for as long as is necessary for the purposes of:
To better serve you, PenFed or its data processors may require the transfer of your Personal Information across borders as permitted by applicable laws. PenFed has a compelling legitimate interest in the processing and transfer of your Personal Information across borders for internal business purposes including the fulfilment of our contract with you and compliance with applicable U.S. state and federal laws and regulations.
Should you initiate a transaction outside of the U.S. or a transaction that requires the transfer of your Personal Information from a country outside of the U.S., you consent to the transfer of your Personal Information across borders and the processing of your Personal Information as necessary to complete such transactions. You also consent to the storage of your Personal Information on our data servers in the U.S.
As a general matter, PenFed endeavors to employ suitable safeguards to protect the privacy and security of your Personal Information and to use it in a manner consistent with this Privacy Policy.
If you have questions or complaints about our treatment of your Personal Information, or about our privacy practices in general, please feel free to contact PenFed's Data Protection Officer at privacy@penfed.org or call us toll-free at 1-800-339-9922.