|Title:||Website Management Policy|
|Revised:||April 20, 2021|
|Next Board Review:||April 2022|
IRCO Community Federal Credit Union (“IRCO”), (the “Credit Union”) respect your privacy and are committed to protecting it through our compliance with this policy. This policy covers your interaction with the Credit Union, its affiliates, and companies engaged by the Credit Union and its affiliates to render online services when you visit any mobile or online site or application that we own, including, but not limited to, (www.ircocu.com), and our mobile applications (the “Sites”).
This policy describes the types of information we may collect from you or that you may provide when you visit the Sites, including when you log into our online banking platform (“Virtual Branch”).
This policy also describes our practices for collecting, using, maintaining, protecting, and disclosing that information.
IRCO Community Federal Credit Union (IRCO), (the Credit Union), maintains a website that is hosted by Hosting.com, 650 Pencader Drive, Newark, DE 19702. All content is developed and maintained by Hosting.com in conjunction with IRCO Community Federal Credit Union.
The Credit Union offers the following services electronically:
- Online Banking
- Online Bill Pay
- Online Applications
- Mobile Banking
- Remote Deposit Check Capture
- Web Signatures
- Access to 3rd party vendor sites including but not limited to, Facebook, Instagram, Twitter, VISA Online, etc.
- Informational details regarding the credit union’s products and services.
The Credit Union has designated the following employees to maintain and monitor the Credit Union’s website:
- Compliance Officer
Any new Website ideas or initiatives will be reviewed, prioritized, developed, acquired, and maintained by approved website applications. Management has also established an e-commerce policy that has been approved by the Board of Directors. Regular reports are generated that provides management with details regarding website transactions.
The Credit Union regularly reviews the efficiency of its e-commerce systems to ensure proper working order and to prevent security weaknesses. Management has classified the level of data sensitivity, as well as the potential security risks in the event of a security breach. An Incident Response Plan is in place to review and handle the different levels of intrusion. The Credit Union regularly monitors security risks associated with technological and operational changes in
The credit union ensures that its website will comply with all applicable laws and regulations. We will also monitor all changes in laws and regulations that affect e-commerce and update those policies, practices, and systems accordingly.
The credit union has secured bond coverage through Cuna Mutual Insurance Co. for all of its website policies and procedures. Management has ensured that bond coverage is sufficient in the event of any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage. The credit union will also periodically provide various website contracts and agreements with vendors, partnerships, and affiliates to legal counsel for review, as necessary.
The credit union provides links to Internet sites maintained by third parties on our website, over which the credit union has no control. When opting to follow a link to another website, a disclosure will automatically pop up and must be accepted to continue to the linked site.
The credit union provides disclosures regarding its website policies and procedures to members who have entered into e-Commerce relationships with us. The credit union maintains a website privacy disclosure that is available to all members who visit our website. The credit union monitors and enforces compliance with our website privacy disclosures and ensures that all disclosures are accurate and up-to-date.
The credit union’s website activities will be subject to periodic internal audits and quality reviews. At a minimum, these reviews will cover website security, regulatory compliance and privacy. Management will correct the issues of concern uncovered by the audit and/or quality review and notify the Board of any irregularities discovered.
IRCO has a contract with 3rd party vendor Hosting.com to maintain its website. In addition, we utilize the online banking product Virtual Branch, provided by Fiserv, to administer member access to their IRCO accounts online. We will exercise due diligence in selecting these vendors to ensure that proper security measures are in place to protect member account information. We have developed procedures to monitor vendor relationships to ensure they continue to meet our needs (i.e., hardware, software, network services, content accuracy, availability, usability, security, and privacy). IRCO will periodically review security procedures employed by vendors to ensure they meet the credit union’s minimum requirements.
Management has established procedures and practices for promptly resolving member support issues, such as password recovery, account access, etc. Management will monitor reports generated periodically to ensure member service levels are met.
The credit union discloses to its members the terms and conditions by which its e-Commerce and website transactions are conducted, such as:
- The credit union’s website is secure and member account information is kept confidential;
- How member information can be corrected;
- How member information is used;
- How members can receive additional credit union services (advertisements of other credit union products), and how they can opt out of those services;
- When payment will be posted to the member’s account (for after-hours transactions);
- How members can stop payments on share draft/checks;
- The sources of information (i.e., interest rates);
- Inform members of maintenance or other technical issues that may affect access to e-Commerce or Website activities through online messages;
- Where members can go to resolve errors, pose questions, or register complaints;
- Inform members of their right to receive paper copies of member account information and procedure to obtain paper copies.
If you are An IRCO employee, you MUST disclose your employment status when you submit a comment or question. When participating in online communities, do not misrepresent yourself. Whether you are at home or in the office, working for IRCO is a material fact that may influence content, and community members have a right to know you work for the Credit Union. When commenting on the Credit Union, unless you are authorized to speak on behalf of IRCO, you must state that the views expressed are your own. If we feel the nature of your comment is confidential, shares information not generally available, or recommends an action which could adversely affect our members, we reserve the right to remove comment from a blog or social media site. Thank you for helping maintain the integrity of our community by disclosing your employment relationship.
Employees with access to member account information will receive a copy of the credit union’s website policy, must sign a compliance policy statement (confidentiality and information security) when hired by the credit union. Employees are notified of the importance of maintaining the confidentiality of member account information and are made aware of the credit union’s policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with privacy and information security policies and procedures. The credit union policy prohibits staff from inappropriately disclosing member account information to any third party.
IRCO limits access to sensitive information to specific employees to ensure confidentiality of member account information. Employees have been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the credit union’s stated policies, procedures, and standards. Employees involved with the credit union’s website transactions are kept up-to-date with changes in the policies and procedures.
IRCO maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems.
IRCO has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.
The credit union maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member information. Procedures are in place to protect member information systems in the event of natural disasters, intentional destruction, or technical failure.
Management monitors employees with access to member account information to ensure they are in compliance with the credit union’s established security policies and procedures.
Access to member accounts is restricted to members through the use of user ID’s and passwords. Account passwords that are not entered correctly after the third attempt will result in an automatic log-off of the session.
Client information is secured with an in-depth architecture utilizing multi-vendor, multi-layered techniques and technologies. These layers are constructed with firewalls, detection/monitoring systems, filtering devices and management systems that are strategically located throughout the network and allow for constant data and system protection. The Fiserv Monitoring center aggregates, correlates and analyzes security alerts and events from IDS systems, firewalls, network devices, data loss prevention and other systems.
SSL Certificates for our website are issued though Trustwave. SSL stands for Secure Socket Layers and is a public key infrastructure that uses the RSA method of encryption and authentication via security certificates. It helps to establish a secure connection between our website and the server through the secure protocol https.
The following disclosure appears whenever an outside link is accessed from our site:
The link you have selected is located on another server. The linked site contains information that has been created, published, maintained, or otherwise posted by institutions or organizations independent of this organization. We do not endorse, approve, certify, or control any linked websites, their sponsors, or any of their policies, activities, products, or services. We do not assume responsibility for the accuracy, completeness, or timeliness of the information contained therein. Visitors to any linked websites should not use or rely on the information contained therein until they have consulted with an independent financial professional.
Please click “Go to URL…” to leave this website and proceed to the selected site.
IRCO Community Federal Credit Union is committed to protecting the privacy of its members and other users of this website. Keeping financial and personal information secure is our most important responsibility.
Your use of the Credit Union’s social media-based websites constitutes your consent to the Credit Union’s use of information obtained through your site visits. With respect to content collected through our sites, IRCO follows the applicable privacy policies of the third-party hosts of our sites. Please note that when visiting any IRCO site, you are also subject to the terms and conditions of IRCO’s privacy notices, as well as the terms of service and privacy policies of third-party hosts, when applicable.
Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyze how users use the Site. The information generated by the cookie about your use of our Site (including your IP address) will be transmitted to and stored by Google on their servers. Google will use this information for the purpose of evaluating the Site activity and Internet usage. Google may also transfer this information to third parties when required to do so by law, or where third parties process the information for Google.
Children and Collection of Personal Information
In compliance with federal government regulations, IRCO does not collect personal information from children under the age of 13. We recognize that protecting children’s identities and privacy on-line is important and the responsibility to do so rests with both the online industry and parents.
If you believe your child has provided personally identifiable information to IRCO online and you wish to review and delete such information, please contact us at 800-538-1572.
Third Party Link Notice
IRCO Credit Union has provided links to Internet sites maintained by third parties, over which the credit union has no control. When following a link to another website from any of our website pages, we cannot be held responsible for any information that may be gathered at a linked site. IRCO reserves the right to change these Terms at any time at its sole discretion. Please note:
- IRCO Credit Union is not endorsing or guaranteeing the products, information, or recommendations provided by linked sites.
- The credit union is not liable for any failure of products or services advertised on those sites.
- The linked third-party website may provide less security than the credit union’s website.
SOCIAL MEDIA PUBLIC USE POLICY
IRCO utilizes social media to reach a broader audience and to further connect with our members. The Credit Union encourages dialogue amongst the members of our communities and welcomes you to participate in these conversations. The following is the official policy for everyone participating in the IRCO online communities.
These terms govern IRCO’s social media-based websites, accounts, pages and applications (collectively, “sites”). By accessing our sites, you agree to be bound by and comply with these terms, all applicable laws and regulations, and any other applicable policies, terms and guidelines and existing agreements established by IRCO and those of any third parties that host our sites (which may include, but are not limited to, Facebook, Instagram, Pinterest, Twitter). If you do not agree with any of these terms, do not use or access our sites. Any unauthorized use of our sites or misuse of any information posted to a site is strictly prohibited.
While we welcome member and non-member participation as a means of sharing experiences, suggesting improvements, and contributing to conversations, we have established the following use limitations. IRCO reserves the right to review any and all comments at its discretion and to delete comments that are, or include:
- Spam: Comments focused on selling a product or service, or comments posted for a purpose of driving traffic to a particular website for personal, political or monetary gain will be removed.
- Personal Attacks: If you disagree with the content, we would like to hear from you, but ask that you refrain from personal attacks or being disrespectful to others. Malicious intent and/or participation not in the spirit of civil conversation will be removed.
- Illegal: Posts must not violate laws that govern use of copyrights, trade secrets, etc.
- Offensive Language: Comments including, but not limited to, profane or provocative language will be removed. Comments that contain threatening, hateful, offensive, derogatory, obscene or sexually explicit language will not be tolerated.
- Private or Confidential Information: Please do not provide any of your specific account details or other personal information when posting comments. If you have immediate service needs, please contact our Phillipsburg, NJ office at 908-859-1811, or visit one of our local branches for assistance.
- Posts in HTML Format (or URLs) will be removed. Please only use plain text when submitting your comments.
- Posts from Individuals Under the Age of 13 cannot be accepted.
- Posts Containing Photos will not be accepted, unless specifically requested by an authorized representative of IRCO for a contest or other business-related purpose. In these instances, pictures will be reviewed and will not be posted if deemed inappropriate.
- Endorsements: IRCO does not endorse any comments made by its employees, unless they are made in an authorized representative capacity. Statements and opinions expressed in the comments are strictly those of the commenter alone, and do not constitute an official position of IRCO, unless they are posted by the original author (who is an authorized representative of the credit union) or by a subject matter expert responding on behalf of that authorized representative.
IRCO asks that you do not send confidential information to us via e-mail. E-mail is not necessarily safe against interception by unauthorized individuals. NEVER will IRCO solicit you for passwords, PINs or other confidential information. If your communication is sensitive, or includes personal information such as account numbers, credit card numbers, personal identification numbers, social security numbers, or date of birth, you should log into Virtual Branch and send emails via Secure Email. IRCO will, likewise, not transmit sensitive or personal information that can compromise or violate a user’s privacy when communicating via e-mail.
Personal information disclosed to us by way of applications or forms transmitted via a secured site will be accessed by an authorized IRCO employee. Personal information will be held in strict confidence except in cases of reporting to the credit bureau, as required by law.
The materials on IRCO’s sites are provided “As is”. The Credit Union makes no warranties, express or implied, regarding merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, IRCO does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its sites or otherwise relating to such materials or on any sites linked to these sites. The information and content provided on our sites is intended for informational purposes only. IRCO is not responsible for any content posted by users, including posts made by employees or agents who are not authorized administrators of our sites. Content posted by others is not edited by IRCO and does not necessarily represent its views or opinions.
We reserve the right to disclose personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with judicial proceeding, court order or legal process.
In no event shall IRCO, its affiliates or suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on the Credit Union’s sites, or for loss or damage that results from your failure to comply with these terms or other applicable guidelines, or from any technical, human or software errors or failures found within our sites. You agree to indemnify, defend and hold harmless the Credit Union, its officers, employees and agents from any and all liability with respect to any claims from any third parties arising from your use of our sites or violations of these terms or applicable guidelines.
|FACTS||WHAT DOES IRCO COMMUNITY FEDERAL CREDIT UNION
DO WITH YOUR PERSONAL INFORMATION?
|Why?||Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share and protect your personal information. Please read this notice carefully to understand what we do.|
|What?||The types of personal information we collect and share depend on the product or service you have with us. This information can include:
When you are no longer our customer, we continue to share your information as described in this notice.
|How?||All financial companies need to share members’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their members’ personal information; the reasons IRCO Community FCU chooses to share; and whether you can limit this sharing.|
|Reasons we can share your personal information||Does IRCO CFCU share?||Can you limit this sharing?|
|For our everyday business purposes – Such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus||
|For our marketing purposes – To offer our products and services to you||
|For joint marketing with other financial companies||
|For our affiliates’ everyday business purposes –
Information about your transactions and experiences
We don’t share
|For our affiliates’ everyday business purposes –
Information about your creditworthiness
We don’t share
|For non-affiliates to market to you||
We don’t share
|QUESTIONS?||Call 908-859-1811 or go to www.ircocu.com|
|Who we are|
|Who is providing this notice?||IRCO Community Federal Credit Union|
|What we do|
|How does IRCO Community FCU protect my personal information?||To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
|How does IRCO Community FCU collect my personal information?||We collect your personal information, for example, when you:
We also collect your personal information from others, such as credit bureaus. Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyze how users use the Site. The information generated by the cookie about your use of our Site (including your IP address) will be transmitted to and stored by Google on their servers. Google will use this information for the purpose of evaluating the Site activity and Internet usage. Google may also transfer this information to third parties when required to do so by law, or where third parties process the information for Google.
|Why can’t I limit all sharing?||Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing.
|Affiliates||Companies related by common ownership or control. They can be financial and nonfinancial companies.
|Non-affiliates||Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|Joint Marketing||A formal agreement between non-affiliated financial companies that together market financial products or services to you.