|
Your privacy is important to us.This Consumer Privacy Policy (“Privacy Policy”) explains how we collect, share, use, and protect your personal information through your online and offline interactions with us. For California residents, this Privacy Policy is adopted in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA and CalOPPA have the same meaning when used in this Privacy Policy. As used in this Privacy Policy, “personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include: (i) publicly available information; (ii) deidentified or aggregated consumer information; or (iii) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”) and the Gramm-Leach-Bliley Act (“GLBA”). This Privacy Policy also includes references and links to our other privacy policies which serve different purposes under various laws and regulations that apply to us. I. CATEGORIES OF PERSONAL INFORMATION WE COLLECTIn the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):
II. CATEGORIES OF SOURCES OF INFORMATION WE COLLECTWe obtain the categories of personal information listed above from one or more of the following categories of sources: a. From You or Your Authorized AgentWe may collect information directly from you or your authorized agent. For example, when you provide us your name and Social Security number to open an account and become a member. We also collect information indirectly from you or your authorized agent. For example, through information we collect from our members in the course of providing services to them. b. From Our Website and Applications That You Access on Your Mobile DeviceWe collect certain information from your activity on our website activity on our website (www.merco.org) and your use of applications on your mobile device. We may collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider (“ISP”), pages that you visit before and after visiting our website, the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information. We may also collect your mobile device’s GPS signal, or other information about nearby Wi-Fi access points and cell towers. i. The Role of Cookies and Other Online Tracking TechnologiesWe, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects, and other tracking technologies for various purposes, such as fraud prevention and to promote our products and services to you. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services. “Cookies” are small amounts of data a website can send to a visitor’s web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us or our service providers and other companies we work with to relate your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies but doing so may degrade your experience with our online services. Clear GIFs, pixel tags or web beacons—which are typically one-pixel, transparent images located on a webpage or in an email or other message—or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns and measure site or campaign engagement. “First party” cookies are stored by the domain (website) you are vising directly. They allow the website’s owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. “Third-party” cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:
ii. Online Advertising & Cross Context Behavioral AdvertisingYou may see advertisements when you use many of our online services. These advertisements may be for our own products or services (including pre-screened offers of credit) or for products and services offered by third parties. Which advertisements you see is often determined using the information we or our affiliates, service providers and other companies that we work with have about you, including information about your relationships with us (e.g., types of accounts held, transactional information, location of banking activity). To that end, where permitted by applicable law, we may share with others the information we collect from and about you. Our advertising service providers may deliver our advertisements to you on non-affiliated websites. Such service providers control the manner in which the advertisements are delivered to you on such non-affiliated websites. You should generally be able to opt-out of receiving such advertisements from the service provider responsible for delivering the advertisement. Cross-context behavioral advertising refers to the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly branded websites, applications, or services, other than the business, distinctly branded website, application, or service with which the consumer intentionally interacts. We do not engage in cross-context behavioral advertising. c. Third-party service providers in connection with our services or our business purposesWe collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application. Another example is a third-party service provider that provides us information to help us detect security incidents and fraudulent activity. d. Information we collect from third-parties for a commercial purposeWe collect information from third-parties for our commercial purposes. We partner with a limited number of third-party analytics and advertising firms. These third parties may use cookies or code processed by your browser to collect public information about your visits to our and other websites in order to provide customized experiences, advertisements or services. These parties may also collect information directly from you by contacting you telephonically, via email or through other communication channels. We do not disclose any information about you to such third-parties except as permitted by applicable laws and regulations, and we require such third-parties to follow applicable laws and regulations when they collect information from you to transfer such information to us. III. HOW WE USE YOUR PERSONAL INFORMATIONWe may use or disclose personal information we collect for one or more of the following business purposes:
We also use your personal information to advance our commercial or economic interests (“commercial purpose”), such as advertising our membership, products and services, or enabling or effecting, directly or indirectly, a commercial transaction. We do not use or disclose your sensitive personal information for any purpose other than, as reasonably necessary and proportionate, for the following purposes:
IV. DISCLOSURE OF PERSONAL INFORMATIONa. Disclosure for Business or Commercial PurposesWe disclose your personal information for our business or commercial purposes to the following parties:
In the preceding 12-months, we have disclosed the following categories of personal information for our business and commercial purposes and, for each category, the following categories of third-parties to whom such personal information was disclosed:
b. Sharing Your Personal Information for Cross-Context Behaviorial AdvertisingWe have not shared your personal information to third-parties for cross-context behavioral advertising. c. Selling Personal InformationIt is not our policy to sell personal information and we have not done so in the preceding 12-months. V. RIGHTS AND CHOICES FOR CALIFORNIA RESIDENTSIf you are a California resident, this section describes your rights and choices regarding how we collect, share, use, and protect your personal information, how to exercise those rights, and limits and exceptions to your rights and choices under the CCPA. a. Exceptions
b. Access to Specific Information and Data Portability RightsIf the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:
c. Deletion Request RightsYou have the right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
d. Right of CorrectionYou have the right to request changes to any of your personally identifiable information that we have collected through our website and online services. e. Exercising Access, Data Portability, Deletion and Correction RightsTo exercise the access, data portability, deletion and correction rights described above, a consumer or a consumer’s authorized agent may submit a verifiable consumer request to us by either:
f. General Statement Regarding Identity VerificationWe cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we may consider requests made through a password protected account with us sufficiently verified when the request relates to personal information associated with that specific account. If we receive a request through and authorized agent of the consumer, we will require:
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it. We will ask you to complete the CCPA Request Form which will ask you for information that will help us verify your identity. The verification process includes matching the information you provide us with the information we have in our records. The stringency of the verification process depends on the sensitivity of the request, whether or not the consumer is a current customer with a password-protected account, the need to prevent unauthorized access and disclosure of personal information and other factors. Within 10-days of your submission of your CCPA request, we will notify you of any additional information we might need to verify your identity. g. Response Timing and FormatWe endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request. h. Right to Opt-Out of the Sale or Sharing of Personal InformationYou have the right opt-out of the sale of your personal information or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please click on the “Do Not Sell or Share My Personal Information” link on our website or mobile application. (www.merco.org/california-consumer-privacy-policy) i. Right of Non-DiscriminationWe will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws. Unless permitted by law, we will not:
VI. DO NOT TRACK SIGNALSIndustry standards are currently evolving, and we may not separately respond to or take any action with respect to a “do not track” configuration set in your internet browser. VII. CCPA OPT-OUT PREFERENCE SIGNALSThe following expresses how we address opt-out preference signals to comply with our obligations to California consumers under the CCPA. The CCPA defines an “opt-out preference signal” as a signal that is sent by a platform, technology or mechanism, on a consumer’s behalf, that communicates the consumer’s choice to opt-out of the sale and sharing of personal information for cross-context behavioral advertising purposes and that complies with certain technical requirements. Since we do not sell or share your personal information for cross-context behavioral advertising purposes, we do not respond to opt-out preference signals. VIII. CHANGES TO OUR PRIVACY POLICYWe reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will notify you by email or through a notice on our website homepage. IX. CHILDREN’S ONLINE INFORMATION PRIVACYOur website is not intended for children under the age of 13. We do not knowingly collect, maintain, or use personally identifiable information from our website about children under the age of 13 without parental consent. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission website: www.ftc.gov. X. LINKING TO THIRD-PARTY WEBSITESWe may provide links to websites that are owned or operated by other companies ("third-party websites"). When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked third-party website before providing any information on that website. We are not responsible for the third-party website’s use, collection, sale or sharing of your personal information. X. SECURITYWe use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings. XI. CONTACT INFORMATIONIf you have any questions or comments about this Privacy Policy, the ways in which we collect and use your personal information, your choices, and rights regarding such use, or wish to exercise your rights, or to request changes to any of your personally identifiable information that we have collected, please do not hesitate to contact us at: Phone: 800-273-4993 |