Privacy Policy

Information on identity theft call:
1-877-ID-THEFT (1-877-438-4338)
or visit www.ftc.gov

Contact Your Credit Union

Data Privacy Policy

November 2024

CU Anytime, LLC and our subsidiary, CU ATM Services, LLC, are committed to the protection of the privacy to all users of our services.  This privacy notice (“Privacy Notice”) explains how we “CU Anytime, LLC”, (“we”, “our” “us”) collect, use, store, share with other parties, and otherwise process your (collectively, “you”, “your”) personal data (“Personal Data”), as well as the mechanisms we have in place to protect your Personal Data and the rights you have.

  1. Who we are

We are CU Anytime, LLC and CU ATM Services, LLC are organizations incorporated in the State of New Mexico.   We own and operate a fleet of automatic teller machines (ATMs) which are located in the United States.  CU ATM Services, LLC may also process transactions from ATMs and other devices owned and operated by financial institutions.  We may process your Personal Data when you are use one of our ATMs or when you access our Website.   In those situations, we will act as Data Controller, and in this Privacy Notice we will explain you how and why we process your Personal Data.

Whenever we process your Personal Data, either as a Controller or a Processor, we are committed to safeguarding your right to privacy and your Personal Data in accordance with the applicable legislative and regulatory framework.

We encourage you to regularly review this Privacy Notice and check the Website for any updates. By continuing to use our services, you agree to this Privacy Notice and any future modifications.

If you have any questions or concerns regarding the processing of your Personal Data, you may contact us any time at: enquiry@cuanytime.org.

  1. Notice to Website Visitors/Users

In this section we describe how we collect, use, store, share with other parties or otherwise process the Personal Data we obtain as a result of the visit and/or use of our Website by the Website visitors/users.

By visiting or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.

2.1 What Personal Data is collected, how we collect these, and why?

The categories, sources, purposes, and legal bases for collecting and processing your Personal Data when you visit and/or use our Website are listed below. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time.

 2.1.1 Categories of Personal Data we collect.

We collect your Personal Data when you visit and/or use our Website or when you provide your Personal Data to us in connection with your use of the Website. This includes when you visit the Website and complete the online forms provided through it, or when you submit any other requests for information or complaints in relation to the operation or use of this Website, or when content is uploaded by other users in accordance with our Website Terms of Use.

These data may include the following:

  • Identification and contact data: your name (or names), business name, email, telephone number and other contact data, as well as any other Personal Data that may be included in your online enquiry, request for information or complaint in relation to the operation or use of this Website or to content uploaded by other users in accordance with our Website Terms of Use. It is possible that, during the process of responding and processing your online inquiry, request for information or complaint, or at a later stage, especially in the course of correspondence with us or in the course of telephone conversations with our representatives, you will provide us with additional information. In such case, we will process the Personal Data you provided us with as set out in this Privacy Notice.
  • Location Information or Geolocation Data: We may collect information about your location when you visit our Website either through your computer or through your tablet or mobile phone. Your consent will be required before using your location information or geolocation data.
  • Non-identifiable Data: Whenever possible, we use data where you cannot be directly identified (such as anonymous demographic and usage data) rather than Personal Data (“Non-identifiable Data”). These Non-identifiable Data may be used to improve our internal processes or delivery of services, without further notice to you. We may use aggregate data for a variety of purposes, including to analyze, evaluate and improve our Website and its content.

2.1.2. Where do we collect your Personal Data from?

We collect Personal Data from the following sources:

  • Directly from you through your direct interactions and the submission of online forms, requests for information or complaints, as set out above.

2.1.3. Why do we collect and use your Personal Data?

We collect and use your Personal Data to pursue the following purposes:

  1. We may process your Personal Data in the context of your contractual relationship with us (i.e., the Website Terms of Use):
    • For the management of your online inquiry via the Website form (i.e. registering your inquiry, contacting you, updating our records about you, processing and responding to your inquiry).
    • For the management (handling and resolving) of requests for information or complaints in relation to the operation or use of the Website or to content uploaded by other users in accordance with our Website Terms of Use.
  2. We may process your Personal Data for the purposes:
    • To ensure the efficient operation, management, safety and security of our Website. Please note that, amongst other safeguards, we have tools that protect our Website for the purposes of fraud prevention and security controls. This information relates to the IP connection or the device you may be accessing from, and other relevant information that assists in the protection of the Website and the information we process.
    • To undertake activities to verify or maintain the quality of the Website, and to improve, upgrade, or enhance the Website, including to administer the Website for internal operations, such as troubleshooting, data analysis, testing, research, statistical and survey purposes.
    • To pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts.
  3. We may process your Personal Data for purposes of complying with our legal obligations under the applicable legislative and regulatory framework, as well as with the decisions of the competent courts or supervisory authorities.
  1. NOTICE TO CARDHOLDERS

In this section we describe how we collect, use, store, share with other parties, or otherwise process your Personal Data when you use our ATM machines or other devices owned by other financial institutions.

3.1. Who is responsible for processing my Personal Data and whom can I contact?

We, “CU Anytime, LLC”, provide services to any person that has been issued a card by a financial institution.  In order to process the transaction, both CU Anytime and the financial institution must be affiliated with the same ATM network. CU Anytime, the financial institution, and the ATM network has access to the Personal Data required to process a transaction.

This means that we do not own the Personal Data processed when you use our ATM’s, but we process it in accordance with the instructions provided by the controller of that data.  The Processing of your Personal data is necessary to allow you to use the ATM and to comply with any contractual and legal requirements.

Any request regarding your Personal Data while using our ATM’s will be redirected to the financial institution which issued your card used at the ATM. The financial institution which issued the card will have additional Personal Data which CU Anytime will not have access to.

3.1.1. What Personal Data are collected, how we collect these, and why?

The categories, sources, purposes, and legal bases for collecting and processing your Personal Data in the above-described context are set out in this section.

3.1.2 Categories of Personal Data we collect.

In providing our ATM services, we process the following Personal Data:

  • Card Data (data stored on your card): Primary Account Number (PAN) of the card used to process a transaction
  • Transaction Data: Amount of the transaction, date, time, identifier of the payment terminal (location, company, and branch where you are making the payment), your signature where applicable.
  • Check Data: CU Anytime has access to both the physical check and a check image for all checks deposited at our ATMs or in support of other devices owned by other financial institutions. Information on the check includes the drawer information, drawee including routing and transit number and account number, payee name, amount, and date.  Additional information may be printed on the check.
  • Information about an outstanding claim, e.g., your name, address, bank fees, reminder fees, reason for the direct debit return, customer number with your contracting party (not the content of your purchases).

3.1.3. Where do we collect your Personal Data from?

We collect the above Personal Data from the following sources:

  • The Card Data are read from your card by the ATM or provided to CU Anytime through the ATM network.

3.1.4. Why do we collect and use your Personal Data?

We process your Personal Data for the following purposes and relying on the legal bases set out below:

Purpose of processing Legal basis
Provision of the usage of our ATM’s. Legal obligation
Archiving of documents as required by law. Legal obligation
Secure transmission of your data in accordance with legal provisions. Legal obligation
Protecting our legal rights in connection with legal claims where processing of your information is required. Legal obligation
Processing for purposes of complying with our legal obligations under the applicable legislative and regulatory framework, as well as with the decisions of the competent courts or supervisory authorities. Legal obligation

3.2. Who receives the Personal Data?

We will share your Personal Data with other persons/entities or authorities only to the extent necessary to pursue the above-described purposes.

In addition to the payment processing, other entities require your data to carry out the payment or to comply with legal regulations. Your data will only be shared to the extent necessary with the following entities:

  • Parties involved in the processing of your payment transaction: The ATM network, the financial institution which issued the card, and any third party organization involved with processing the transaction.
  • Law enforcement authorities or competent regulators: in cases where this is required for purposes of complying with our legal obligations provided for by the applicable laws (e.g., the anti-money laundering authorities).
  1. GENERAL PROVISIONS

4.1. How long do we keep Personal Data?

Personal Data are kept for as long as it is necessary to achieve the purposes for which the Personal Data were collected and is subject to different standards and regulations. In general, Personal Data are retained for as long as necessary to process your enquiry, request for information or complaint to manage our contractual relationship or process your transaction or as otherwise may be required for purposes of complying with applicable legal and regulatory obligations. The retention period is determined based on the applicable requirements and obligations, which may include (to the extent relevant):

  • Legal and Regulatory Requirements: We will retain your Personal Data if required to comply with all our legal and regulatory obligations, compliance procedures and statutory limitation periods. While we store your Personal Data only for the purposes of complying with legal and regulatory obligations, your Personal Data will be restricted such that they cannot be used for any other purpose, and they will be accessed only when necessary. We will take all reasonable steps to delete the data you have requested us to delete. Please note, however, that some data may be retained for legal or regulatory purposes, or for the purposes of protecting our business or other legal interests.
  • Customer Service and Contractual relationship (administration of customer relationship, complaint handling, etc.): If you provide us with your Personal Data, we may (subject to any legal or regulatory considerations) retain your Personal Data for as long as necessary to deal with your online enquiry, or request of information or complaint (as set out in Section 2) or to manage our contractual relationship (as set out in Section 3). Please note that in the latter case, if your application is not accepted, we will delete all Personal Data you have shared with us.
  • Marketing: We will process your Personal Data for marketing purposes if you have given your consent and you haven’t opted out or until we become aware that you are no longer interested or that your data is not accurate.  We do not use any data from cardholders for marketing purposes.

4.2. Do we disclose your Personal Data?

Except as may otherwise be provided in this Privacy Notice, we may disclose your Personal Data for business purposes or to meet legal obligations as outlined below:

  1. Legal and regulatory: We may also disclose your Personal Data with entities that are entitled to request it under applicable law, including judicial or supervisory authorities as well as other public authorities within the scope of their competence.
  2. Necessary Partners: We will share your Personal Data with advisers, lawyers, consultants, auditors, or accountants to comply with our legal obligations and to perform our contractual obligations and provide our services in accordance with best practices.

IMPORTANT NOTICE TO CARDHOLDERS: In the context of and for the purposes of processing your transactions, it may be necessary that we transfer your Personal Data (e.g., to the card-issuer bank, the payment card schemes). Please note that in such cases the third parties act as independent data controllers. We strongly advise you to carefully read their Privacy Notice to be informed as to how they process your Personal Data.

4.3. Minors

We do not provide services directly to children under 18 or proactively collect their personal information. If you are under 18, please do not use our Website or offerings or share Personal Data with us. If you learn that anyone younger than 18 has unlawfully provided us Personal Data, please contact us at enquiry@cuanytime.org.

 4.4. How do we keep your Personal Data safe?

We are committed to protecting your Personal Data and have put in place commercially reasonable and appropriate safeguards to prevent any loss, abuse, and alteration of the information you have entrusted us.

We will always strive to ensure your Personal Data are well protected, in accordance with international best practices. We maintain this commitment to data security by implementing appropriate physical, electronic, and managerial measures to safeguard and secure your personal information.

To safeguard our systems from illegal access we use secure, cutting-edge physical and organizational security measures which are continuously enhanced to ensure the highest level of security in accordance with international best practices and cost efficiency. All Personal Data are kept in a secure location protected by firewalls and other sophisticated security mechanisms with limited administrative access.

Personnel who have access to your Personal Data as well as the processing activities surrounding your Personal Data are contractually bound to keep your data private and adhere to the Privacy Policy we have implemented in our organization.

We aim to achieve the highest standard of data protection by adopting industry-standard measures to protect your privacy.

4.5. Description of Personal Data Rights

Depending on where you live, your Personal Data Rights under applicable law may include:

  1. Right to Know: the right to know what Personal Data is being collected, sold or shared and to whom.
  2. Right to Access: the right to request access to a copy of your Personal Data.
  3. Right to Correct Inaccuracies: the right to request correction of inaccuracies in your Personal Data.
  4. Right to Deletion: the right to request deletion of your Personal Data where certain conditions apply.
  5. Opt-Out Rights:
    • The right to opt-out of the processing of Personal Data for the purposes of targeted advertising.
    • The right to opt-out of the processing of Sensitive Personal Data.
    • The right to opt out of the processing of personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the Data Subject.
  6. The right to limit sensitive personal data use and disclosures to specifically permitted purposes.
  7. Right to Restrict Processing: the right to restrict processing where certain conditions apply.
  8. Right to Data Portability: the right to receive Personal Data in a structured, commonly used and machine-readable format and have the right to transmit the Personal Data to another controller under certain conditions.
  9. Right to Object: the right to object to the processing of Personal Data (i.e., for direct marketing purposes).
  10. Rights related to Automated Individual Decision-Making: the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on the individual.
  11. Right of No Retaliation: a business shall not discriminate against an individual for exercising their Personal Data rights.

We will respond to your request as soon as possible and within the timeframe stated in the applicable law.

To exercise any of your rights, you must send an email to enquiry@cuanytime.org.  To help protect your privacy and maintain security we will take necessary steps to verify your identity and may ask you to provide other details before granting you access to your Personal Data or initiating a modification of any Personal Data. When required, if we don’t have a copy of your ID or any legal valid document that proves your identity, we will not be able to answer your request.

Some rights may not be enforceable due to business needs or legal obligations while providing you with the service. Your rights may be limited to comply with other legal obligations such as anti-money laundering, contractual and compliance obligations. Notwithstanding that you will always be responded to when exercising any of the rights stated above and/or any additional right you may have depending on your jurisdiction. If your rights can’t be enforced, you will always receive a proper explanation.

4.8. Privacy Complaints

If you have a complaint regarding our processing of your Personal Data, you may contact us at enquiry@cuanytime.org.

Depending on the applicable privacy law, you may have the right to make a complaint to a Data Protection Authority or other regulatory body if you believe we have failed to comply with our obligations under this Privacy Notice or the applicable law.

 

California Consumer Privacy Act Notice  (CCPA)

This notice supplements the CU Anytime, LLC and our subsidiary CU ATM Services, LLC Privacy Policy, Privacy Notice, and Cookie Policy by providing California consumers (“consumer”, “consumers”, “you”, “your”) with information about rights under the California Consumer Privacy Act (“CCPA”). CU Anytime, LLC (“we”, “us”, “our”) respects consumers’ privacy and is committed to protecting it. In addition to disclosing your rights under the CCPA, this notice explains how and why we collect, use, disclose, and share data about you based on your use of our products and services, your visits to and/or use of our website, and related online activity. Please read the following carefully to understand our practices regarding your personal data.

California Consumers’ Rights under the CCPA

Right to Notice

  • As of January 1, 2020, you shall be informed, before or at the point of collection, about the personal information that is being collected.

Right to Know

  • You have the right to request disclosure of the kinds of personal information that have been collected, used, disclosed, and sold. You have the right to request this information up to twice in a 12-month period at no charge and to receive the information in a form that is readily accessible.

Right to Opt-Out

  • You have the right to opt-out of the sale of your personal information to third-parties with whom we do business. However, we may share personal information as necessary to comply with federal law and for our ordinary business purposes.

Right to Request Deletion

  • You may request the deletion of certain personal information. However, we may not comply with the request for deletion if the personal information is maintained for lawful reasons, such as providing a good or service you requested or complying with obligations under federal, state, or local law.

Right to Non-Discrimination

  • We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
    • Deny you products or services;
    • Charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of products or services; or
    • Suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Here are specific categories of personal information we may collect, depending on which CU Anytime products and services you access or use.

Category Examples of the Kinds of Information We May Collect, Depending on the CU Anytime Products and Services Accessed or Used
Identifiers A real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80) A name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.
Protected classification characteristics under California or federal law Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status.
Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information Genetic, physiological, behavioral, and/or biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, handprints, faceprints, and voiceprints.
Internet or other electronic network activity Internet activity such as browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.
Geolocation data Physical location or movements based on internet activity or website interaction.
Sensory data Audio, electronic, visual, thermal, or similar information.
Professional or employment-related information Current or past job history.
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. §1232g, 34 C.F.R. Part 99)) CU Anytime does not collect any non-public education information.
Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Categories of Sources of Personal Information Collected

We obtain the personal information listed above from the following categories of sources:

  • Directly from consumers when they enter data into our website, automatic teller machine (ATM) or interactive teller machine (ITM); and
  • Indirectly from consumers. For example, we collect information when we process a check that has been entered at an ATM, a digital banking platform, or a remote deposit capture platform.

Use of Personal Information for Our Business Purposes

We use the personal information we collect for one or more of the following business purposes:

  • To fulfill and provide you the service(s) and/or product(s) for which the personal information was collected;
  • To communicate with you about issues or inquiries submitted on our website
  • To audit the quality and efficacy of our work;
  • To detect, investigate, and prevent potentially fraudulent transactions and other illegal activities, and protect the rights and property of CU Anytime  and
  • To carry out any other purpose described to you at the time the information was collected.

Categories of Third Parties with Whom Personal Information is Shared

We share your personal information as follows or as otherwise described in this notice:

  • With financial institutions and other intermediaries in order to process a transaction at an automatic teller machine (ATM), interactive teller machine (ITM) or a check

Categories of Personal Information Shared for Business Purpose

To effectuate our business purposes, CU Anytime shares all of the categories of personal information identified in the table further above. Those categories are:

  • Identifiers;
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80);
  • Commercial information;
  • Geolocation data;

Categories of Personal Information Sold

CU Anytime, LLC and CU ATM Services, LLC do not sell any personal information

Exercising Your CCPA Rights

You may exercise your right to know, right to opt-out, and/or right to delete at any time by submitting your name, account number, and request to CU Anytime as follows:

  1. Use the contact us form on this website;
  2. Call us toll-free at 877-809-9829; or
  3. Email us at enquiry@cuanytime.org

Your opt-out and deletion choice(s) will remain in place unless you state otherwise. However, the CCPA does not prohibit the sharing of information necessary for us to follow the law or for our ordinary business purposes. This includes sending you information about our products and services.

Request Response Timing and Format

CU Anytime, LLC endeavors to verify and respond to each verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  Any response we provide will only cover the 12-month period preceding the verifiable consumer request. If applicable, the response will also explain the reasons we cannot comply with a request.

Children

Most of our services are not designed for children. Unless a parent or guardian chooses to open a primary or custodial account for a minor, we will not knowingly collect the personal information of a minor. If you have reason to believe that a child has provided personal data to us without the consent of a parent or guardian, please contact us and we will endeavor to delete that information from our databases. We do not sell the personal information.

Links to Other Websites

Our website contains links to other websites. Please note that CU Anytime is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you visit via our website.

Changes to This Notice

From time to time, we may revise this notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of our products and services, among other reasons. This notice was last updated in November 2024.