California Consumer Privacy Act (CCPA)
California Consumer Privacy Act
CALIFORNIA CONSUMER PRIVACY ACT FAQ
What is the CCPA?
What does the CCPA require of MIT Federal Credit Union (MIT FCU)?
CCPA requires MIT FCU to respond to requests of eligible California residents when they choose to exercise their rights under the law, with respect to their personal data. A California resident has the right to request that we:
- Disclose to you the following information covering the 12-month period prior to your request (“Request to Know & Delete”):
- The categories of personal data we collected about you and the categories of sources from which we collected the personal data;
- The business or commercial purpose for collecting personal data about you;
- The categories of third parties to whom we disclosed personal data about you, and the categories of personal data disclosed;
- The specific pieces of personal data we collected about you; and
- Delete personal data we collected from you (“Request to Know & Delete”).
- If you are a California resident, a business may not discriminate against you for exercising your rights under the CCPA.
What personal information is collected by MIT Federal Credit Union?
- Identifiers, such as:
- Real name or alias
- Postal address
- Unique personal identifier
- Online identifier
- Internet Protocol address
- Email address
- Account name
- Social security number
- Driver's license number
- Passport number
- Or other similar identifiers
How does MIT Federal Credit Union protect my personal information?
We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to your personal data. This includes device safeguards and secured files and buildings. To learn more about our practices as they relate to your privacy, please review our “Privacy Notice.”
How does MITFCU use my personal data?
We may use or disclose personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, you apply for a loan, and we use the information in your loan application to give you the loan.
- To provide you with information, products or services that you request from us.
- To evaluate your candidacy for employment or for an independent contractor engagement, and to administer employment-related benefits for you, your spouse or domestic partner, and your dependents.
- To provide you with email alerts, event registrations or other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis to improve our products and services and for developing new ones.
- To protect the rights, property or safety of us, our employees, our members or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.
Does MIT FCU sell my information?
MIT FCU does not “sell” personal data subject to the CCPA, including personal data of minors under the age of 16.
Why does MITFCU share my information?
MIT FCU shares your data only when necessary to offer you a product or service and as necessary to comply with our legal obligations. We share information with third-parties to provide services such as: website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities, payment processing, member communications, storage, legal expertise, auditors, transaction processing, products enabling our members to conduct transactions online and via mobile banking, mortgage services, credit card services, and Government Agencies as required by applicable laws and regulations.
What are the categories of personal information (identifiers)?
The CCPA broadly defines that personal data is protected, no matter when the data was collected online or offline. The categories of personal information that we collect are:
- Identifiers and consumer records information
- Protected classification characteristics under California and Federal Law
- Commercial information
- Biometric information
- Internet or other similar network activity
- Geolocation data
- Sensory data
- Professional or employment related information
- Non-Public education information
Does CCPA apply to me?
If you are a resident of the State of California, CCPA applies to you. The specific personal data that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that consumer.
How do I submit a Request, as permitted under CCPA?
You may submit your request by electronically completing this form, visiting one of our branch locations, printing out, completing, and mailing a copy of this form, or by calling us at 617-253-2845.
Why am I being asked to verify my identity?
We might not have been able to verify your identity for several reasons: The information you provided for verification didn't match what we have on file, we didn't have enough info on you in our files to make a match, or you did not respond to our request for verification of your identity.
How long will it take to receive a response to my CCPA request?
We will respond to your requests within 45 calendar days. If we require additional time to complete your request, we will provide you with an explanation and may take up to another 45 calendar days to respond, for a total of 90 calendar days.
Can MIT FCU delete my information upon my request?
MIT FCU cannot delete information that we have gathered from you in order to meet our contractual obligations to provide you with products or services that you have requested, or to comply with our legal obligations to maintain such data.
Why was my request declined?
Privacy and data protection laws, other than the CCPA, apply to the personal data that we collect, use, and disclose. Since MIT FCU is subject to the other privacy and data protection laws, personal data may be exempt from, or outside the scope of Request to Know & Delete. As a result, in some instances, we may decline all or part of a Request to Know & Delete related to this personal data. This means that we may not provide some or all of this personal data when you make a Request to Know & Delete. Also, we may not delete some or all of this personal data when you make a Request to Know & Delete.