ProFed’s Online Privacy Practices

Revised 04/19

ProFed Federal Credit Union (ProFed) understands the importance of privacy when you visit our web site or use ProFed Online Banking, our Internet Banking service. For this reason, we have developed the following privacy statement explaining how we collect and use confidential information.

Our Collection of Information

We collect information from you only where we feel it will assist us in providing you with superior service and quality products. Additionally, we may compile statistics regarding geographical data, what pages are visited, time spent on the site, browser and Internet service provider types, and other information that we may use to improve our web site.

On ProFed Online Banking, we may collect additional data including which members are logging in, what pages they use, and bill payment information. If you send us an email, we may save your email address, the email, and our reply. If you use our text or chat services, we may save your correspondence and our replies. Some of our programs and applications track your geolocation, device type, phone number, IP address, and session information to aid in security and to provide you with appropriate services. We may use any information collected as a reference for other questions, to track any problems with your account, or to ensure we are providing quality member service.

Use of Information

ProFed will not provide nor sell your personal information to any private party for independent use. We will only share personal information with non-affiliated companies under one of the following circumstances: you have authorized it; you have requested a transaction requiring it; we are reporting your information to a credit reporting agency; or we are required or permitted by law to disclose the information. Your information may be shared with ProFed’s affiliated companies for the purpose of providing you with special products or services. For example, we contract with other companies for ProFed Online Banking and Bill Payment services that require some of your personal information. These companies have agreed not to share any of this information with any third party.

Analytics – Display Advertising

ProFed and third-party vendors, including Google, use first-party cookies (Google Analytics cookie) and third-party cookies together to inform, optimize, and serve ads based on past visits to our web site. More specifically, our web site has implemented and uses display advertising, and we utilize Google Analytics to implement a specific feature called remarketing. Remarketing is a feature of Google’s AdWords that allows us to optimize the delivery of ad content specifically targeted to a visitor’s interests based upon previous visits to our site. If you would like more information about remarketing lists in Google Analytics please visit the following site – Google Analytics.

Opting out of Online Advertising

If you do not wish to participate in our Google AdWords Remarketing, you may opt out by visiting Google’s Ads Preferences Manager. You can also opt out of any third-party vendor’s use of cookies by visiting Google Ads opt-out page at Google Advertising Choices.

Use of Cookies

A cookie is a text file that is placed on your hard disk by a web page server. Cookies do not give us access to your computer and cannot be used to deliver a virus or run programs on your computer. The purpose of a cookie is to indicate to other websites that you have previously visited a particular web page. For example, if you visit the ProFed web site, a cookie helps us recall your specific information on subsequent visits. When you return to our website, the information you previously provided can be retrieved, so you can easily use the features that you customized. Most web browsers automatically accept cookies but may be set to decline cookies. If you choose to decline cookies, you may not be able to access some of the tools and services offered on the ProFed site.

Security Measures for Transmission of Information

ProFed Online Banking uses a three-tiered security system. Each security level governs a unique aspect of the member’s session and transactions with the credit union by implementing both software and hardware solutions. When combined, this security forms a system that enables members to conduct business with the credit union via the Internet with a high degree of security. Our security consists of:

  • Data Source Security
  • Data Transmission Security
  • Account Protection Security

Data Source Security

ProFed’s database cannot be directly accessed via the Internet. Appropriate security measures, such as firewalls, logs, and monitoring are in place to guard against invalid activity.

Data Transmission Security

All transmissions via the Internet between the user and the credit union are protected by Secure Socket Layering (SSL). SSL utilizes authentication and encryption technology developed by RSA Data Security, Inc. This method of cryptography (also known as Public Key Encryption) provides for:

  • Server Authentication (stopping impostors)
  • Privacy using Encryption* (stopping eavesdroppers)
  • Data Integrity (stopping vandals)

*Encryption is the process of taking valid data and scrambling it into a meaningless combination of numbers and letters. The scrambled or encrypted data is then transmitted across the Internet to our secure site where the data is unscrambled or decrypted.

Specifically, we are using public key encryption. This encryption technique creates a pair of asymmetric keys for encryption and decryption. One is called the public key, and is called the private key. When data is encrypted using the public key, it can only decrypted using the private key. Conversely, when data is encrypted using the private key, it can only be decrypted using the public key.

Account Protection Security

Account protection security utilizes multifactor authentication through a knowledge-based challenge (a password) and a possession-based challenge (one-time access code sent via text or voice message to the phone number previously registered with the credit union).

Login

At first login, users will be required to select a username which cannot be the same as the account number.

• The username is required to be at least six characters and cannot be all numbers.

• The username can contain letters, numbers, or the special characters: @$_-+.!~

Password. Users will be required to select a password at least six characters long.

  • The password must contain characters from at least two of the following categories: letters, numbers, and special characters.
  • The password cannot be part of the username.
  • Passwords are case sensitive.

When logging in for the first time from an unrecognized device, users will be required to enter a one-time access code sent via text or voice message to the phone number previously registered with the credit union.

Users may elect to register a device or a trusted computer to bypass the one-time based access code in the future.

By choosing this option, the system will tag the user’s machine with a device identifier and will record a fingerprint of the user’s system for security purposes.

Inactivity

Inactive user sessions will automatically terminate after ten minutes. A timeout warning message will appear approximately one minute before the session times out to allow the user to renew the session for another ten minutes.

Security Measures after Reception of Information

Any data or statistics that ProFed gathers from its web site or ProFed Online Banking site is kept in strict confidentiality. Only certain employees have access to this information, and employees may only view the data for legitimate business purposes. The same restrictions apply to all of ProFed’s affiliated companies.

Children’s Online Privacy

ProFed complies with the Children’s Online Privacy Protection Act (COPPA) to protect children’s privacy online. COPPA requires us to inform parents or legal guardians how we collect, use and disclose personal information from children who are under 13 years of age. Children can view activities, links, games and stories while on ProFed’s web site without any personal information being collected. We do not collect personal information from children unless they register as an online account user and provide an email address. Cookies are used to facilitate access to our web site; but we do not use them for marketing purposes. We do not purposefully market to children. Parents, please be aware that by allowing your child to have an online account, you are consenting to your child viewing our normal marketing messages, which may display to all accounts. For more information about our privacy policies please contact 260- 483-0514 ext. 1633.

Contact Information

If you have any problems or questions about our privacy practices or ProFed Online Banking, please contact us by email at [email protected]. You will receive a reply within one business day. You may also reach us by U.S. mail at: ProFed Federal Credit Union, 1710 St. Joe River Drive, P.O. Box 5466, Fort Wayne, IN 46895-5466