Online Privacy Policy

From You or Your Authorized Agent

We may collect information directly from you or your authorized agent. For example, when you provide us your name and Social Security number to open an account and become a member. We also collect information indirectly from you or your authorized agent. For example, through information we collect from our members in the course of providing services to them.

From Our Website and Applications That You Access on Your Mobile Device

We collect certain information from your activity on our website activity on our website wescom.org and your use of applications on your mobile device. We may collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider ("ISP"), pages that you visit before and after visiting our website, the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information. We may also collect your mobile device's GPS signal, or other information about nearby Wi-Fi access points and cell towers.

The Role of Cookies and Other Online Tracking Technologies

We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and to promote our products and services to you. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.

"Cookies" are small amounts of data a website can send to a visitor's web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us or our service providers and other companies we work with to relate your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies, but doing so may degrade your experience with our online services.

Clear GIFs, pixel tags, or web beacons-which are typically one-pixel, transparent images located on a webpage or in an email or other message-or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns, and measure site or campaign engagement.

Local Shared Objects, sometimes referred to as "flash cookies" may be stored on your hard drive using a media player or other software installed on your device. Local Shared Objects are similar to cookies in terms of their operation but may not be managed in your browser in the same way. For more information on managing Local Shared Objects, click here.

"First party" cookies are stored by the domain (website) you are vising directly. They allow the website's owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. "Third-party" cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:

• Essential Cookies: These cookies are technically necessary to provide website functionality. They are a website's basic form of memory, used to store the preferences selected by a user on a given site. As the name implies, they are essential to a website's functionality and cannot be disabled by users. For example, an essential cookie may be used to prevent users from having to log in each time they visit a new page in the same session.
• Performance and Function Cookies: These cookies are used to enhance the performance and functionality of a website, but are not essential to its use. However, without these cookies, certain functions (like videos) may become unavailable.
• Analytics and Customization Cookies: Analytics and customization cookies track user activity, so that website owners can better understand how their site is being accessed and used.

Online Advertising & Online Behavioral Advertising

You may see advertisements when you use many of our online services. These advertisements may be for our own products or services (including pre-screened offers of credit) or for products and services offered by third parties. Which advertisements you see may be determined using the information we or our affiliates, service providers and other companies that we work with have about you, including information about your relationships with us (e.g., types of accounts held, transactional information, location of banking activity). To that end, where permitted by applicable law, we may share with others the information we collect from and about you.

Third-party service providers in connection with our services or our business purposes

We collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application. Another example is a third-party service provider that provides us information to help us detect security incidents and fraudulent activity.

Information we collect from third-parties for a commercial purpose

We collect information from third-parties for our commercial purposes. We partner with a limited number of third-party analytics and advertising firms. These third parties may use cookies or code processed by your browser to collect public information about your visits to our and other websites in order to provide customized experiences, advertisements or services. These parties may also collect information directly from you by contacting you telephonically, via email or through other communication channels. We do not disclose any information about you to such third-parties except as permitted by applicable laws and regulations, and we require such third-parties to follow applicable laws and regulations when they collect information from you to transfer such information to us.

Exceptions

We will first address the exceptions where your rights and choices in this Section VI do not apply to you:

• If you are not a California resident.
• If we collected personal information covered by certain financial sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. How we collect, share, use and protect your personal information covered under the GLBA is covered under our federal GLBA privacy policy here.
• “Aggregated information” that relates to a group or category of consumers, from which consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device.
• “Deidentified information” that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to you, provided that we have: (i) implemented technical safeguards that prohibit reidentification of your information; (ii) implemented business processes that specifically prohibit reidentification of the information; (iii) have business processes to prevent inadvertent release of deidentified information; and (iv) make no attempt to reidentify the information.
• The information we have is publicly available from government records.

Access to Specific Information and Data Portability Rights

If the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months from the date we receive your request. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties to whom we sold or disclosed the category of personal information for a business or commercial purpose.
• The business or commercial purpose for which we sold or disclosed the category of personal information.
• The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”).

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, Deletion and Correction Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at 1-888-4WESCOM (1-888-493-7266)
• Visiting wescom.org

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

When we receive a verifiable request from your “authorized agent,” which is any person or legal entity registered with the California Secretary of State that you have authorized to act on your behalf, we will require:

• Submission of a written document signed by you with your permission for the authorized agent to submit a verifiable request on your behalf and require the authorized agent to verify its own identity to us; or
• Require your authorized agent to furnish a copy of a power of attorney pursuant to California Probate Code sections 4000 to 4465 and require the authorized agent to verify its own identity to us.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf and cannot verify their own identity to us.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing delivered by the USPS.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request.

Right of Non-Discrimination

We will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws. Unless permitted by law, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price for goods or services or a different level or quality of goods or services.