Rev. 03/23/2022

At SchoolsFirst Federal Credit Union ("SchoolsFirst FCU", "Credit Union", "we", "our", "us"), we respect your right to privacy and understand the importance of maintaining the security of your personal information. This SchoolsFirst FCU Privacy Policy (“Privacy Policy”) explains how we, including our wholly-owned affiliates, SchoolsFirst Insurance Services, LLC and SchoolsFirst Plan Administration, LLC, collect, share, use, and protect your personal information through your online and offline interactions with us.

For California residents, this Privacy Policy is adopted in accordance with the California Consumer Privacy Act of 2018 ("CCPA"), and the California Online Privacy Protection Act ("CalOPPA"), and any terms defined in the CCPA and CalOPPA have the same meaning when used in this Privacy Policy.

This Privacy Policy also includes references and links to our other privacy policies that serve different purposes under various laws and regulations that apply to us.


  • Names;
  • Addresses;
  • Phone Numbers;
  • Government-Issued Identification Numbers;
  • Tax Identification Numbers; and
  • Other Personal Information Included in the Following Section Categories of Information We Collect.


In the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):

Category Examples
A. Identifiers A real name or alias; postal address; signature; home phone number or mobile phone number; bank account number, credit card number, debit card number, or other financial information; physical characteristics or description; email address; account name; Social Security number; driver's license number or state identification card number; passport number; or other similar identifiers.
B. Protected classification characteristics under state or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
C. Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
D. Biometric information Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
E. Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
F. Geolocation data Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and, with your permission in accordance with your mobile device settings, and precise geolocation information from GPS-based functionality on your mobile devices.
G. Sensory data Audio, electronic, visual, thermal, olfactory, or similar information.
J. Inferences drawn from other personal information. Profile reflecting a person's preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


We obtain the categories of personal information listed above from one or more of the following categories of sources:

  • From You or Your Authorized Agent
    We may collect information directly from you or your authorized agent. For example, when you provide us your name and Social Security number to open an account and become a Member.  We also collect information indirectly from you or your authorized agent.  For example, through information, we collect from our Members in the course of providing services to them.
  • From Our Website and Applications That You Access on Your Mobile Device
    We collect certain information from your activity on our website and your use of applications on your mobile device. We may collect your IP address, device and advertising identifiers, browser type, operating system, Internet service provider ("ISP"), pages that you visit before and after visiting our website, the date and time of your visit, information about the links you click and pages you view on our website, and other standard server log information.  We may also collect your mobile device’s GPS signal or other information about nearby Wi-Fi access points and cell towers.
    • The Role of Cookies and Other Online Tracking Technologies
      We, or our service providers and other companies we work with, may deploy and use cookies, web beacons, local shared objects, and other tracking technologies for various purposes, such as fraud prevention. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.

      "Cookies" are small amounts of data a website can send to a visitor's web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us or our service providers and other companies we work with to relate your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies, but doing so may degrade your experience with our online services.

      Clear GIFs also known as (pixel tags or web beacons) are typically one-pixel, transparent images located on a webpage or in an email or other message—or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements, or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns, and measure site or campaign engagement.

      Local Shared Objects, sometimes referred to as "flash cookies" may be stored on your hard drive using a media player or other software installed on your device. Local Shared Objects are most often used to enhance your web-browsing experience. For example, by allowing you to personalize the look of a website that you frequently visit. Local Shared objects, by themselves, are not able to do anything to or with the data on your computer. More important, shared objects can never access or remember your email address or other personal information unless you willingly provide such information.

      "First-party" cookies are stored by the domain (website) you are visiting directly. They allow the website's owner to collect analytics data, remember language settings, and perform useful functions that help provide a good experience. "Third-party" cookies are created by domains other than the one you are visiting directly, hence the name third-party. They may be used for cross-site tracking, retargeting and ad-serving. We also believe that cookies fall into the following general categories:
      • Strictly Necessary Cookies:
        These cookies are necessary for the website and cannot be switched off in our systems.  They are usually in response to actions made by you, which amounts to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will then not work.  These cookies do not store any personally identifiable information.  If you do not allow these cookies, then some or all of these services may not function properly.
      • Social Media Cookies: 
        These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks.  They are capable of tracking your browser across other sites and building up a profile of your interest. This may impact the content you see on other websites you visit.  If you do not allow these cookies, you may not be able to use or see these sharing tools.
      • Targeting Cookies:
        These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.  They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
    • Online Advertising & Online Behavioral Advertising
      You will see advertisements when you use many of our online services. These advertisements may be for our own products or services (including pre-screened offers of credit) or for products and services offered by third-parties. Which advertisements you see is often determined using the information we or our affiliates, service providers and other companies that we work with have about you, including information about your relationships with us (e.g., types of accounts held, transactional information, location of banking activity). To that end, where permitted by applicable law, we may share with others the information we collect from and about you.

      Online behavioral advertising (also known as "OBA" or "interest-based advertising") refers to the practice of collecting information from a computer or device regarding a visitor's web-browsing activities across non-affiliated websites over time in order to deliver advertisements that may be of interest to that visitor based on their browsing history. We do not engage in OBA.
  • Third-party service providers in connection with our services or our business purposes
    We collect information from third-party service providers that interact with us in connection with the services we perform or for our operational purposes. For example, a credit report we obtain from a credit bureau to evaluate a loan application. Another example is a third-party service provider that provides us information to help us detect security incidents and fraudulent activity.
  • Information we collect from third-parties for a commercial purpose
    We collect information from third-parties for our commercial purposes. We partner with a limited number of third-party analytics and advertising firms. These third-parties may use cookies or code processed by your browser to collect public information about your visits to our and other websites in order to provide customized experiences, advertisements, or services. These parties may also collect information directly from you by contacting you telephonically, via email or through other communication channels. We do not disclose any information about you to such third-parties except as permitted by applicable laws and regulations, and we require such third-parties to follow applicable laws and regulations when they collect information from you to transfer such information to us.


We use Google Analytics to understand how visitors engage with our website. For information on how Google uses the data it collects and how to control the information sent to Google please visit: Google's Privacy & Terms.


We use Google AdWords for online advertising. AdWords' remarketing uses cookies to serve ads based on someone's past visits to our website. To opt-out of Google's use of cookies, please visit: Google's Ads Settings.


Currently, the standards regarding DNT signals and appropriate responses are not defined. As a result, we do not respond to DNT signals.


We may use or disclose personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided. For example, when you apply for a loan, and we use the information in your loan application to give you the loan, or to process a transaction over an Automated Teller Machine ("ATM").
  • To provide you with information, products, or services that you request from us.
  • To provide you with email alerts, event registrations, or other notices concerning our products or services, or events or news that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to you.
  • For testing, research, analysis to improve our products and services and for developing new ones.
  • To protect the rights, property, or safety of us, our employees, our Members, or others.
  • To detect security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you, when collecting your personal information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.
  • Advertising our Membership, products, and services to you. 
  • Enabling or affecting, directly or indirectly, a commercial transaction.
  • We also use your personal information to advance our commercial or economic interests (“commercial purpose”), such as advertising our Membership, products and services, or enabling or affecting, directly or indirectly, a commercial transaction.


We disclose your personal information to a third-parties for our business purposes. The general categories of third-parties that we share with are as follows:

  1. Our third-party service providers;
  2. Our affiliated websites and businesses in an effort to bring you improved service across our family of products and services, when permissible under relevant laws and regulations.
  3. Other companies to bring you co-branded services, products or programs;
  4. Third-parties that help us advertise products, services or Membership with us to you;
  5. Third-parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you;
  6. Third-parties or affiliates in connection with a corporate transaction, such as a sale, consolidation or merger of our financial institution or affiliated business; and
  7. Other third-parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third-parties.

In the preceding 12-months, we have disclosed the following categories of personal information for a business purpose and, for each category, the following categories of third-parties with whom such personal information was shared:

Category of Personal Information 
(Represented in alphabetical form from the categories listed in Section I)
Category of Third-Parties
(Represented in numerical form from the categories of third- parties identified in this Section VII)
A 1, 2, 3
B 1, 2, 4, 5, 6, 7
C 5, 6
D 7


It is not our policy to sell personal information, and we have not done so in the preceding 12-months.

For more information on how we manage your personal information, see our see our Consumer Privacy Notice.


If you are a California resident, this section describes your rights and choices regarding how we collect, share, use, protect your personal information, and how to exercise those rights. This section also discloses the limits and exceptions to your rights and choices under the CCPA.

In the following instances, the rights and choices in this Section IV do not apply to you:

  • For Credit Union Members, Insurance Services, and Plan Administration clients, the Gramm-Leach-Bliley Act (GLBA) exempts nearly all personal information we collect for conducting normal Member- or client-related Credit Union, Insurance Services, and Plan Administration business.
  • Collected personal information is covered by certain financial sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994. How we collect, share, use, and protect your personal information under these privacy laws is disclosed in our Consumer Privacy Notice
  • Aggregate consumer information
  • Deidentified personal information.
  • Publicly available information.

Right to Know Personal Information Collected
If the above exceptions do not apply, and you have not made this request more than twice in a 12-month period, you have the right to request to know about our collection and use of your personal information over the past 12 months. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third-parties to whom we sold or disclosed the category of personal information for a business or commercial purpose.
  • The business or commercial purpose for which we sold or disclosed the category of personal information.
  • The specific pieces of personal information (in a format permitted by the CCPA) we collected about you in a form that you can take with you (also called a "data portability request").

Right to Delete Personal Information Collected
You have the right to request that we delete any of your personal information that we collect from you and retain, subject to certain exceptions.  Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.  We may deny your deletion request if retaining the information is necessary for us, or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech or exercise another right provided for by law.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.   
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right of Non-Discrimination
We will not discriminate against you for exercising any of your rights in this Privacy Notice and under applicable laws. Unless permitted by law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price for goods or services or a different level or quality of goods or services.

Submitting a Request to Know or Delete
To submit a request(s) to Know and, or to Delete your personal information we have collected about you, you or your authorized agent may submit a verifiable consumer request to us by either method below:

  1. A request by phone - By calling us at 888.862.8328.
  2. A request by mail - By downloading and printing a CCPA Submission Form. Then mail the completed form to SchoolsFirst FCU; Attention: General Compliance; 1485 Response Road, Suite 126; Sacramento, CA 95815.

To process your request(s) to Know and, or to Delete personal information we have collected about you, we are required to verify your identity. We are also required to confirm your request(s) and may do so by reaching out to you at the number you provided on your request. We work to process all requests within 45 days of the date requests are received. If we need an extension to process your request(s), we will reach out to you. We will notify you of the results of your request in writing by mail.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request.

Authorized Agent
An authorized agent is any person or legal entity registered with the California Secretary of State that you have authorized to act on your behalf. If we receive a request through your authorized agent, we may require:

  • Submission of a written document signed by you with your permission for the authorized agent to submit a verifiable request on your behalf and require the authorized agent to verify its own identity to us; or
  • You to directly verify with us that you have provided the authorized agent to submit the request.

We may not require either of the above if your authorized agent provides a copy of a power of attorney pursuant to California Probate Code, and we are able to verify the authorized agent’s identity.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf and cannot verify their own identity to us.


The Children's Online Privacy Protection Act of 1998 ("COPPA") restricts the collection, use, or disclosure of Personal Information from and about children under the age of 13 on the internet. SchoolsFirst FCU is committed to protecting the online privacy of the children who visit our site and complying with COPPA.

In general, our site is not directed to children under the age of 13, and we request that children under the age of 13 not provide Personal Information through the site. We may, however, elect to provide contest information on our site for our youth Members, which includes children under the age of thirteen. Youth Members who identify themselves to be under the age of 13 will not be permitted to submit any Personal Information on our contest site.

We may collect information on domain names, dates and times of visits, and the number of page views. This information contains no Personal Information and will only be used to continue to improve the overall value of our site. We do not knowingly collect, use, or disclose Personal Information from children under 13 on the internet without prior parental consent. Visit the Federal Trade Commission website for more information about COPPA: FTC COPPA.


We may provide links to websites that are owned or operated by other companies ("third-party websites"). When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use, and security practices of the linked third-party website before providing any information on that website. We are not responsible for the third-party website’s use, collection, sale, or sharing of your personal information.


We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will notify you by email or through a notice on our website homepage.


We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings.

Please note that the information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecured channels to communicate sensitive or confidential information (such as your Social Security number) to us.


If you have any questions regarding this Policy call us at 800.462.8328 or write to us at:

SchoolsFirst FCU
RE: Privacy Policy
P.O. Box 11547
Santa Ana, CA 92711-1547