Stay Secure: Be cautious of phone calls claiming to be from UNFCU reporting fraud on your accounts.  Contact us directly to verify.
Maintenance: On 14 July, Digital Banking will be unavailable from 9:30 to 14:00 New York time.

Privacy Policy

Your privacy is important to us. This Privacy Policy explains how the United Nations Federal Credit Union (UNFCU) collects, protects, uses, and shares information. We may update this Privacy Policy from time to time as we adopt new privacy policies or personal data practices.

Types of personal information we collect

The types of personal information we collect and share depend on the product or service you have with us. Personal information means personally identifiable information such as:

  • Information you provide via forms, applications, or other online fields. This includes names, addresses, phone numbers, and email addresses.
  • Sensitive information you provide to us via secure channels. This includes your personal identification, social security number, birth date, income, proof of employment or retirement status, and account balances.
  • Information we collect from others. This includes your payment history, credit history, letters of introduction, and proof of membership in an eligible association or organization.

If you have a debit or credit card with UNFCU, we are responsible for the security of cardholder data we possess or otherwise store, process, or transmit on your behalf, or to the extent we could impact the security of your cardholder data environment.

Children’s personal information

Parents or guardians may open a savings account in their child’s name. The personal information we collect about children is limited to the information they provide to open such an account. We do not market products or services to children. We do not knowingly collect personal information from individuals under the age of 13 on the UNFCU website.

How UNFCU obtains personal information about you

In most cases, you provide us with your personal information directly. We also learn about you from your use of our systems, interactions with our communications, and our other dealings. In some cases, we receive your personal information from a member. This may be when a member designates you as a joint account holder or a beneficiary.

You may have joined UNFCU based on your employment or membership in an eligible employer or association (“Organization”). Your Organization also gives us some personal data about you. This includes your date of birth; title and job description; business email and physical address; and your business telephone number. We also sometimes require other information for anti-money laundering and/or sanctions checking purposes. This includes copies of your passport or a copy of your signature.

We obtain some personal information about you from publicly available data sources such as international sanctions lists, websites, and databases. We also sometimes collect your personal information from others, such as consumer reporting agencies, affiliates, or other companies.

Why we process your personal information

We use the information you have provided us to:

  • Verify your identity
  • Answer your questions
  • Provide and/or improve a service
  • Meet relevant industry standards
  • Comply with and enforce legal obligations
  • Follow up on suggestions or complaints
  • Inform you about products and services
  • Promote UNFCU
  • Measure consumer interest in our various services
  • Prevent fraud and theft
  • Manage and maintain the security of our information technology systems
  • Process applications and transactions
  • Ensure proper billing
  • Comply with our contractual obligations and policies
  • Apply towards any other purposes we specifically disclose at the time you provide or we collect your information

In most cases we do not rely on consent as the legal basis for processing your personal information. If we do rely on your consent we will make this clear to you at the time we ask for your consent. If you do not provide information that we request, we may not be able to provide you with relevant solutions. We may also not be able to do business with you or your Organization.

One of the reasons we use your personal information is to help us comply with laws and regulations. We sometimes go beyond the strict requirements of the law or regulation. We only do so as necessary to protect our business and pursue our legitimate interests. Our interests include cooperating with our regulators and other authorities, complying with foreign laws, and preventing or detecting crimes and regulatory breaches. This involves processing your personal information in order to:

  • Cooperate with, respond to requests from, and report transactions and/or other activity to third parties. These include government, tax, or regulatory bodies; financial markets; brokers or other intermediaries or counterparties; or courts;
  • Monitor and analyze the use of our products and services for risk assessment and control purposes (including detection, prevention, and investigating fraud);
  • Conduct compliance activities such as audit and reporting, maintenance of accounting and tax records, and fraud and anti-money laundering (AML) prevention. They also include measures relating to sanctions, antiterrorism laws and regulations, and fighting crime. Such measures include know your client (KYC) screening (which involves identity checks and verifying address and contact details); politically exposed persons screening (which involves screening member records against internal and external databases to establish connections to ‘politically exposed persons’ (PEPs) as part of member due diligence and onboarding); and sanctions screening (which involves the screening of members and their representatives against published sanctions lists); and
  • Record and/or monitor telephone conversations with our staff. This is to maintain service quality, for staff training, and for fraud monitoring. The recordings may also be used to deal with complaints, disputes, and potential and/or actual criminal activity. To the extent permitted by law, these recordings are our sole property.

How we protect your information

To protect the data and personally identifiable information you provide to UNFCU, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to employees who need the information to provide you with benefits or services. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We take measures to ensure our employees uphold their privacy responsibilities.

We protect your account information by placing it on Digital Banking, which is the secure portion of our website. That is why you have to use your unique and secure login credentials to access your account information. Our website is protected with Secure Sockets Layer (SSL) encryption that prohibits your information from being viewed by an unauthorized party. We also maintain administrative, technical, and physical security measures to protect your personal information from unauthorized access and use. The measures include computer safeguards, as well as secured files and buildings.

Where UNFCU processes your personal information

Although UNFCU maintains representative offices outside the US, we conduct operations from our headquarters in New York, USA. When you provide personal information to UNFCU, you consent to the transfer of that information to the United States. You also consent that we can process and store your information on our data servers in the United States.

UNFCU has not sought a finding of "adequacy" under the EU-U.S. Data Privacy Framework. UNFCU relies on derogations for specific situations outlined in Article 49 of the GDPR. In particular, we collect and transfer your personal information to the US only with your consent, to perform a contract with you, or to fulfill a compelling legitimate interest of UNFCU. We strive to apply suitable safeguards to protect the privacy and security of your personal information. We will use your personal information only as described in this Privacy Policy.

When and how we share information with others

Information about your account(s), products, and services is maintained under your membership profile. The personal information we collect from you is stored on our databases in the United States. The databases may be hosted by us or by our contracted third parties. These third parties only have access to your personal information for cloud storage, retrieval, or to facilitate a transaction.

We sometimes share your information with our affiliates and other third parties in accordance with our Privacy Notice (PDF). This includes the sharing of information with our service providers for the purpose of marketing our products and services to you through various channels. The channels include direct mail, email, and digital advertising on other websites and social media platforms. There are two ways you can opt out of receiving such marketing communications. You can submit the Personal Information Opt-Out Agreement form in Digital Banking or call us at +1 347-686-6000. Our menu will prompt you through your choice(s).

How long we keep your personal information

We keep your personal information for as long as is necessary for the purposes of:

  • Our relationship with you or your Organization
  • Performing an agreement with you or your Organization
  • Complying with a legal or regulatory obligation
  • Internal administrative or security needs

How the unfcu.org website uses personal information

Like most other websites, UNFCU’s website automatically collects and stores certain information. This includes internet protocol (IP) addresses; the region or general location from which your computer or device is accessing the internet; browser type; operating system; and a history of the pages you view on our website. We use this information to help us design our site to better suit our users’ needs. We also use your IP address to help administer our website, analyze trends, track navigation, and gather broad demographic information. The UNFCU website also uses cookies. It does not track you when you cross to third party websites, does not provide targeted advertising to you, and therefore does not respond to Do Not Track (DNT) signals.

(A) General website pages
When you browse the UNFCU website and have not registered for any online service, you browse anonymously. Personal information—such as your name, address, phone number, or email address—is not collected as you browse.

(B) Secure website pages
Personal information is collected when a member registers for Digital Banking to access their UNFCU account(s). This information enables us to regulate entry to the restricted portions of our website. We do not share any personal identifying information we gather during your registration with third parties.

(C) Online tracking and “Do Not Track”
We use “cookies” to track the number of visitors to the various pages of our website. This helps us improve our online services. A cookie is a small piece of data. It is created by a website to recognize you and keep track of your preferences. The use of cookies makes your online experience easier and more personal. If you want to limit our use of cookies or enable a “Do Not Track” signal or similar mechanism, please refer to your browser settings. You can delete cookies within your browser settings. By disabling cookies or enabling your browser’s “Do Not Track” signal, some online features and content may not work properly.

We use Google Analytics to understand how visitors engage with our website. For information on how Google uses the data it collects, and how to control the information sent to Google, please visit Google’s Privacy & Terms. We occasionally use Google AdWords for online advertising. Google AdWords uses cookies to serve ads based on your past visits to our online services. To opt out of Google's use of cookies, please visit Google’s Ads Settings.

(D) Third party websites
We will disclose when information is being collected for transfer to or use by other parties. On the UNFCU website, we have links that direct visitors to a website hosted by another party. When you access these links, you will no longer be subject to or under the protection of UNFCU's privacy and security policies. We are not responsible for other websites' content, any use of other websites, or the privacy practices of other websites. We encourage you to read and evaluate the privacy and security policies on the sites you are entering.

Your rights in relation to the personal information UNFCU collects

Our members have the right to know what data we collect, and how we collect and use the data. Members also have the right to make requests regarding their personal data. To make a request related to your personal data, complete our online form. When completing the form, please select one of these Data Privacy options listed under the ‘Area of Interest’ field:

  • Access your personal information
  • Correct your personal information
  • Object to processing
  • Request data deletion (subject to UNFCU review)

Right to access and rectify
You have the right to request access to your personal information from UNFCU. This right is subject to UNFCU's membership disclosures and agreements, and to US legal or regulatory restrictions on sharing such data. If the data UNFCU has collected is inaccurate, you have the right to request that we correct the error.

Right to erasure (“right to be forgotten”) and restriction
In some cases, UNFCU is legally required to keep a copy of your personal information. In all other cases, you can request that we erase your personal information or restrict how we use that information.

Right to object
You have the right to object to the use of your information for direct marketing purposes. You also have the right not to be subject to a decision based solely on the automated processing of your personal information. If we use automated processing to determine your eligibility for any services, we will first ask for your consent. If you consent, you will still retain the right to contest the results of the processing and to have a person review those results.

Exercising your rights

To exercise your personal data rights, contact us.

You can choose not to provide personal information to UNFCU by refraining from using our online services. If you do not provide personal information when requested, you will not benefit from our full range of solutions. We will not be able to provide you with information about products, services, and promotions. You can opt out of having certain information shared by visiting unfcu.org/optout.

Updates to the Privacy Policy

As UNFCU products and services change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason, without notice. We may email periodic reminders of our privacy policies and may email members and consumers of material changes. However, you should check our website frequently to see the current Privacy Policy that is in effect. We will revise the effective date stated at the bottom of this page when any material changes are made to the policy.

Please contact us with any questions.

EFFECTIVE DATE: 3 March 2023

View privacy notice (PDF)