Sascu Privacy Policy

Information Collection

Sascu Credit Union collects personal information that members provide when opening accounts, applying for loans, enrolling in online banking, or using Sascu digital services. This information includes name, address, Social Security number, date of birth, telephone number, email address, employment details, income information, and transaction history. Sascu also collects technical data when you visit the Sascu website or use Sascu online banking, including IP address, browser type, device identifiers, and pages viewed. This technical data assists with fraud prevention, website performance monitoring, and security incident detection.

Sascu obtains additional information from consumer reporting agencies in connection with loan applications and account openings, consistent with the Fair Credit Reporting Act. Sascu may also verify identity information through third-party services as part of compliance with the USA PATRIOT Act and Bank Secrecy Act requirements applicable to NCUA-regulated credit unions.

Data Usage

Sascu Credit Union uses member information to process transactions, service accounts, evaluate loan applications, detect and prevent fraud, comply with legal obligations, and communicate with members about their accounts and Sascu products that may benefit them. Sascu does not sell member personal information to third parties for marketing purposes. Sascu may analyze aggregated, de-identified data to improve Sascu services and develop new financial products responsive to member needs. Account transaction data is used to generate monthly statements, calculate dividends, and provide the services members request through Sascu online banking and Sascu mobile banking.

Information Sharing Practices

Sascu Credit Union may share member information with third-party service providers who perform essential functions on Sascu's behalf — check printing, payment processing, statement delivery, fraud detection, and information technology support. These service providers are contractually bound to use member data solely for the purposes Sascu specifies and to maintain confidentiality and security standards consistent with this privacy policy and applicable federal regulations. Sascu does not share member information with non-affiliated third parties for their independent marketing use.

Sascu may disclose information as required by law, including in response to court orders, subpoenas, or regulatory examinations by the NCUA and other federal agencies. Sascu may also report information to credit bureaus as permitted by the Fair Credit Reporting Act. In the event of a merger or acquisition involving Sascu Credit Union, member information may be transferred to the successor organization, with advance notice provided to affected members as required by applicable law.

Member Rights Under the Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions including Sascu Credit Union to provide members with a clear privacy notice describing information-sharing practices and to offer members the opportunity to opt out of certain information sharing with non-affiliated third parties. Sascu provides this privacy notice to members at account opening and annually thereafter. Sascu members have the right to opt out of information sharing with non-affiliated third parties where such sharing is not otherwise permitted by law. To exercise opt-out rights under GLBA applicable to CFPB-regulated financial privacy protections, members may contact Sascu using the contact information provided at the end of this policy.

Additional member privacy rights may apply under state law. Members residing in California, for example, may have rights under the California Consumer Privacy Act and the California Financial Information Privacy Act. Members with questions about state-specific privacy rights are encouraged to contact Sascu directly.

Data Security

Sascu Credit Union maintains administrative, technical, and physical safeguards designed to protect member personal information against unauthorized access, disclosure, alteration, and destruction. These safeguards include multi-factor authentication for Sascu online banking access, 256-bit SSL/TLS encryption for data in transit, firewalls and intrusion detection systems protecting Sascu servers, restricted physical access to data centers and records storage facilities, employee background checks and ongoing security training, and regular independent security assessments and penetration testing. Sascu's information security program is designed to comply with NCUA regulations and federal interagency guidelines establishing standards for safeguarding customer information.

In the event of a security breach involving member personal information, Sascu will notify affected members in accordance with applicable state and federal breach notification laws. Sascu also maintains a written incident response plan that is tested and updated annually.

Children's Privacy

Sascu Credit Union does not knowingly collect personal information from children under the age of thirteen through the Sascu website or Sascu online banking platform. Sascu offers youth savings accounts that may be opened by a parent or legal guardian on behalf of a minor child, in which case the parent or guardian provides the required information and manages the account. The Children's Online Privacy Protection Act (COPPA) governs the collection of information from children online, and the CFPB provides additional guidance on financial privacy for minors.

Policy Changes

Sascu Credit Union reserves the right to modify this privacy policy at any time. Material changes will be communicated to members through the Sascu website, through Sascu online banking notices, or by direct communication as required by applicable law. Continued use of Sascu services following the effective date of a revised privacy policy constitutes acceptance of the updated terms. Members are encouraged to review this privacy policy periodically. The effective date at the top of this page indicates when the policy was last revised.

Contact Information

Members with questions about this privacy policy, requests to exercise privacy rights, or concerns about how Sascu Credit Union handles personal information may contact Sascu through the following channels:

• Email: privacy@sascucom.gr.com
• Phone: (555) 234-6789
• Mail: Sascu Credit Union, P.O. Box 8492, Austin, TX 78701
• Online: Contact Sascu through the secure messaging center within Sascu online banking after logging in

Members may also file complaints regarding privacy practices with the National Credit Union Administration (NCUA) at ncua.gov or with the Consumer Financial Protection Bureau (CFPB) at consumerfinance.gov.