ONLINE PRIVACY AND COOKIE NOTICE

Effective December 4, 2025

This Online Privacy and Cookie Notice (“Online Privacy Notice”) describes Chaffey Federal Credit Union’s online and mobile privacy practices and applies to our website (https://chaffey.com//) and our mobile banking app that run on smartphones, tablets, and other devices, and additional services that we offer, which link to this Online Privacy Notice.

By using this website or our mobile app, you agree to the terms and conditions of this Online Privacy Notice and consent to our online data collection activities as described in this Online Privacy Notice. In addition to this Online Privacy Notice, please review our federal Privacy Policy, which discloses how we collect, use, and share the personal information of individuals who apply for or obtain our financial products and services for personal, family, or household purposes as well as other associated individuals, such as joint account holders and account beneficiaries, pursuant to the federal Gramm-Leach Bliley Act (“GLBA”).

The terms “personal information” or “personally identifiable information” used in this Online Privacy Notice refers to information such as your name, mailing address, email address, telephone number, Social Security number, or other information that identifies you. This information may be collected when you voluntarily provide it to us on our website or in our app. The term “online activity data” refers to such information as IP address, browser type, and display/screen settings; how you interact with our website and app; mobile device and advertising IDs; social media preferences and other social media data; location data (if you have enabled location services on your device); and other data that may be aggregated and that does not identify individual consumers/customers.

INFORMATION WE COLLECT ONLINE – AND HOW WE COLLECT IT

You may visit our website to find out about products and services and check rates, without giving us any personal information.  We may use software tools and/or “cookies” to track and gather information about your browsing activities in order to analyze usage, target areas for improvement, and create marketing programs to benefit our members or potential members that visit our site. Tracking includes the date and time of visits, pages viewed, time spent on our site, browser types, IP address, and the site visited just before and just after our site. We may also track the browsing activities of members who have accounts with us and who use our online banking services.  As part of our security procedures for members using our online banking to conduct account inquiries and transactions, we require personally identifiable information such as login identification (login ID) and password.  We may use a cookie to authenticate your request.

1. Use of Cookies and Similar Tracking Technologies

The use of cookies and similar tracking technologies (including pixels or clear GIFs, tags, and beacons) is a common internet practice. Cookies are small text files containing small amounts of information which are downloaded to your computer, smartphone, tablet or other mobile device when you visit a website. Cookies are useful in a number of ways, including allowing a site or mobile app you use to recognize your device, save your settings on a site or mobile app, facilitate navigation, display information more effectively and to personalize the user’s experience. Cookies are also used to gather statistical information about how sites and mobile apps are used in order to continually improve design and functionality and assist with resolving questions regarding the sites and mobile app.

a. Attributes of Cookies

Cookies set by us are called first-party cookies. We may also have third-party cookies, which are cookies from a domain different than the domain of the website you are visiting, for our advertising and marketing efforts. There can be first-party and/or third-party cookies within any of the below Categories of Cookies.

Cookies have a duration period. Cookies that expire at the end of a browser session are called “session” cookies. Cookies that are stored longer are called “persistent” cookies. There can be session and/or persistent cookies within any of the below Categories of Cookies.  Persistent cookies are stored on your system and can be accessed again for multiple visits. Persistent cookies usually have an expiration date and will be automatically deleted from your system at that time.

b. Categories of Cookies

Below is a list of the types of cookies that may be used on our sites. We classify cookies into the following categories:

Necessary Cookies. These cookies are necessary for the sites to function and cannot be switched off in our systems. Without these cookies, the sites and mobile apps will not work properly. Examples include setting up your privacy preferences, setting up your language preferences, or logging in a secured area requiring authentication. Strictly necessary cookies may also detect transmission errors or data loss or distribute network traffic across different servers to ensure accessibility.  You can set up your browser to block or alert you about these cookies, but that will cause some parts of the site to not work.

Performance and Analytics Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.  They help us know which pages are most and least popular and see how visitors move around the site.  All information these cookies collect is aggregated and therefore do not personally identify the visitor.  If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance. 

Advertising Cookies.  These cookies may be set through our site by our advertising partners.  They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.  They don’t store directly personal information but may be based on uniquely identifying your browser or internet device.  By opting out of targeting cookies, you may still see the same number of ads as before, but they may be less relevant because they will not be based on your interests.

c. How to Control and Delete Cookies

1. Using Your Browser

Many of the cookies used on our website can be enabled or disabled through our consent tool or by disabling the cookies through your browser. To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.

A growing number of browsers have adopted Global Privacy Control (“GPC”). The GPC is a technical specification designed to allow internet users to notify businesses of their privacy preferences, such as whether they want their personal information to be sold or shared for behavioral advertising purposes. Where required to do so under applicable law, our website will honor GPC opt-out signals.

2. Using Your Mobile Device

Some mobile devices come with a non-permanent advertising identifier or ID which gives companies the ability to serve targeted ads to a specific mobile device. In many cases, you can turn off mobile device ad tracking, or you can reset the advertising identifier at any time within your mobile device privacy settings. You may also choose to turn off location tracking on your mobile device. By turning off ad tracking or location tracking on your mobile device, you may still see the same number of ads as before, but they may be less relevant because they will not be based on your interests.

3. Behavioral Advertising on Third-Party Websites

Online activity data collected on our website or apps may be used to advertise our products and services that may be of interest to you on third-party websites. Our service providers that deliver these advertisements are subject to their own privacy policies. To explore options for opting out of behavioral advertising, visit http://optout.aboutads.info/ or click on the AdChoices icon in an ad and follow the instructions. You may also use the Network Advertising Initiative’s (NAI) Opt-Out Tool by visiting https://optout.networkadvertising.org/?c=1. Furthermore, you may download the Google Analytics opt-out plug in, available at https://tools.google.com/dlpage/gaoptout/, to prevent your data from being collected and used by Google Analytics. Moreover, there may be other tools provided by the publishing platform to enable you to opt-out. Opting out relies on information in the unique cookies placed on your web browser by our service providers, so if you delete cookies, use a different device, or change web browsers, you may need to opt out again. Additionally, we may partner with websites like Google to display ads to you based on search terms you use on those websites. Please review the privacy policies of those websites for instructions on how to limit these ads. Please note that you may still receive general online advertising from us even after you adjust your ad preferences with certain web search engines or opt out of online advertising through AdChoices or the NAI tool. Such advertising, however, should not be based on online activity data or search term information.

However, since we do not own or control these third-party resources, we cannot ensure that you will stop receiving our advertisements by using these tools or that such advertisements will not be based on online activity data or search term information, and we do not guarantee the functionality or availability of such third-party tools. While we work with vendors and service providers who are contractually obligated to comply with our policies to protect information and to comply with all applicable laws regarding the collection, safeguarding, processing and disclosure of personal information, such vendors and service providers are solely responsible for cookies, cookie tracking and your choices for managing cookies.

4. Cookie Consent Tool

You may also opt-out of cookies by adjusting your cookie preferences through our cookie consent tool, which may be accessed through our cookies banner when first vising our site by clicking “Opt Out of Non Essential Cookies” and toggling the cookie preferences “on” or “off” after browsing through various tabs that describe the various types of cookies that run on our site.   Strictly necessary cookies cannot be disabled, nor can the tool be used to block cookies on third party websites linked from our website.  Please note that while your opt-out choices may be effective on the specific device and browser you use when you opt-out, it may not be effective on other devices or browsers that you may subsequently use to visit our website, and you may need to use the consent tool feature again when visiting our website from such other browsers or devices.  You can access the cookie consent information anytime from this https://chaffey.com/cookies-consent-info

5. Third Party Website Cookies That We Cannot Control

When using our website, you may be directed to other websites for such activities as surveys, completing job applications, and viewing content hosted on those sites such as an embedded video or news article. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our website.

2. Location Data

When allowed by you, our mobile app collects your location data to provide you with location-based services, such as identifying branches and ATMs near you, and location-based messages and offers. Location access can be allowed once, only while using the app, or you can choose not to allow location data to be collected.

3. IP Addresses

If you log on to our online banking page, you pass through a “firewall” used for security purposes, and the Internet Protocol (IP) address associated with the computer you are using may be identified. The IP address does not identify you personally. In certain instances, it may also obtain other information about your computer to better identify you as an online user. This information may be retained in case it is needed for security or protection of member information.

4. Social Media

We may collect information, such as your likes, interests, feedback, and preferences when you interact with our official pages on social media websites such as Facebook, X (formerly Twitter), LinkedIn, YouTube, and Instagram or from our social media partners. Please note that these platforms are governed by their own privacy policies and practices, which we do not control or manage. We encourage you to review their respective privacy policies to understand how your information may be collected, used, and shared, as well as your options for managing your privacy settings on those platforms.

HOW WE USE INFORMATION WE COLLECT

We do not and will not sell your personal information. We share your information as required to meet legal and regulatory obligations. We share your personal information that you have provided to us in connection with applying for membership and/or financial products with us (“personally identifiable financial information”) with affiliates and third parties in accordance with the practices set forth in our Privacy Policy.
With respect to other information that we collect from you online, which includes personal information as well as online activity data that does not personally identify you or your household, we use such information for a variety of reasons, including:

• to present our website and its contents to you;
• to enable you to use online tools or perform certain online transactions;
• to service and manage your account, including responding to or updating you on inquiries, or to contact you about your accounts or feedback;
• to offer you special products and services and deliver advertisements to you in the form of banner ads, interstitial pages (ads that appear as you sign in or sign out of your online accounts) or other promotions;
• to analyze whether our ads, promotions, and offers are effective;
• to help us determine whether you might be interested in new products or services, and to improve existing products and services;
• to verify your identity and/or location to allow access to your accounts and conduct online transactions;
• to manage fraud and data security risk;
• to personalize and optimize your website browsing and app experiences by examining which parts of our website you visit or which aspect of our apps you find most useful;
• to comply with federal, state or local laws; civil, criminal or regulatory investigations; or other legal requirements;
• to share with trusted third parties who are contractually obligated to keep such information confidential; and
• to use it only to provide the services we have asked them to perform.

WHO WE SHARE INFORMATION WE COLLECT WITH

We disclose your personal information and non-personally identifiable online activity data to third parties only for our business purposes and to comply with our legal requirements.  The general categories of third parties that we share with are as follows: 

• our third-party service providers;
• other companies to bring you co-branded services, products or programs;
• third parties that help us advertise our products or services;
• third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you;
• third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation or merger of our company or affiliated business; and
• other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise, to protect the rights, property or security of our customers or third parties.

MISCELLANEOUS

App Permissions: Depending on your device or app permission settings, the app may have access to the following information from your mobile device: Contacts (may have access to your contact information), location (may include precise or approximate location), stored information and photos/media/files (the app may be able to read, modify, or delete the contents of your USB storage), camera (may allow the app to take pictures and videos), Wi-Fi connection information (view your Wi-Fi connections to connect and disconnect from Wi-Fi), phone (may directly call phone numbers), and other information (for example, the app may be able to receive data from the Internet, prevent your device from sleeping, identify your network connections, and obtain full network access).

These app permission settings allow you to access or use certain features within the app. For example, in order to locate the nearest branch to you, the app may need access to your precise location. You may change your app’s permission settings. By changing your app’s permission settings, you may affect your ability to access or use certain features on the app. Additionally, you may be able to log into the app using your device’s login features such as using a passcode or your fingerprint. These device login features are facilitated through your device, and we have no control over such features, which you can change by accessing your device settings and preferences.

Confirm Your Information Is Accurate: Keeping your account information up to date is important. If you are enrolled in online services, mobile banking, or electronic banking, you may review and maintain your information by logging in with your username and password. You may also contact us at 833-282-1033 or by emailing us at chaffeymail@chaffey.com.

Security:We take the protection of personal and financial information seriously and implement a range of administrative, technical, and physical safeguards that are intended to reduce the risk of unauthorized access or disclosure. While we utilize various security features—such as secure servers, device safeguards, access limitations, and contractual requirements with certain third-party service providers—no system can guarantee absolute security. Information security measures may change over time in response to evolving threats and operational needs. References to our practices are for informational purposes only and do not constitute a representation or warranty regarding the security of your information.

What You Can Do to Help Protect Your Information: We are committed to protecting your privacy. We suggest you follow these guidelines:

• Protect your account numbers, card numbers, personal identification numbers (PINs), and Passwords. Never keep your PIN with your debit or credit card which will provide free access to your accounts if your card is lost or stolen.
• Use caution when disclosing your account numbers, social security numbers, and other confidential information to other people. If someone calls you, explains the call is on behalf of Chaffey Federal Credit Union and asks for your account number; you should beware. Our staff will have access to your information and will not need to ask for it.
• It is important that we have your current information so we can reach you. If we detect potentially fraudulent or unauthorized activity or use of any account, we will attempt to contact you immediately. If your address, phone number, or email changes, please let us know.

Linking to Other Websites: The website, online services, electronic banking, or mobile banking may contain links to third-party websites. Although these links were established to provide you with access to useful information, we do not control and are not responsible for any of these websites or their contents. We do not know or control what information third-party websites may collect regarding your personal information. We provide these links to you only as a convenience, and we do not endorse or make any representations about using such third-party websites or any information, software or other products or materials found there, or any results that may be obtained from using them. We encourage you to review the privacy statements of websites you choose to link to from the website so that you can understand how those websites collect, use, and share your information. We are not responsible for the security or privacy practices of the linked websites.
Chat Sessions: Please note that chat sessions may be monitored and/or recorded for quality assurance or other lawful purposes. You agree and consent to such monitoring and recording through your continued use of chat. If you prefer another method of communication, please feel free to contact us via the additional options provided in the “Contact Us” link on our website or visit one of our branches for further assistance.
Protecting Children’s Privacy: We respect the privacy of children and comply with the practices established under the Children’s Online Privacy Protection Act (COPPA). Our online services are not directed to children under the age of thirteen, and wWe do not knowingly collect, use or retain personally identifiable information from consumers under the age of thirteen. During our online registration process, we may request a user’s date of birth solely to verify age and prevent access by children under the age of thirteen. For more information about COPPA please visit the Federal Trade Commission website: www.ftc.gov.

Data Retention: We may retain your personal information and online activity data even if you decide to terminate your membership with us, close your accounts with us, and/or delete our app or cease use of our website based on the following:

• Laws and regulations.  We are a regulated financial institution that is subject to laws and regulations governing our retention of information pertaining to our members, applicants for credit union membership, loans and other financial products and services.  We are also an employer and, thus, we are subject to labor laws governing how long we must retain information about applicants for employment and current and former employees.  Therefore, applicable laws and regulations will govern how long we retain information pertaining to you. 
• Fraud Prevention and Security: We will retain information that we need for fraud prevention and security purposes. 
• Contracts.  We will retain information for as long as necessary to comply with our contractual obligations to you, our service providers and other third parties, as permitted by law. 
• Legal Claims and Defenses.  We may retain information for such a period as necessary or advisable to preserve legal claims and defenses.

Contact Us: If you have any questions regarding this policy, call us at 833-282-1033 or email us at chaffeymail@chaffey.com.

Updates to this Policy: From time to time, we may change this Online Privacy Notice. The effective date of this Online Privacy Notice, as indicated above, reflects the last time this policy was revised.  Any changes to this policy will become effective when we post the revised policy on our website. Your use of the website, online services, or mobile app following these changes means that you accept the revised Online Privacy Notice.