Data Subject Access Rights for GDPR

The GDPR is a new set of rules that aims to give people in the European Union (EU), including those assigned to military bases in the EU, more information about and control over their Personal Data and how it is used and processed by businesses serving the EU. The rules focuses on your Personal Data and maintaining its confidentiality, integrity and accuracy.

The GDPR became effective May 25, 2018.

The GDPR affects any person—referred to as a “Data Subject”—that is physically in the European Union (EU). It also affects businesses such as Andrews Federal Credit Union, that collect or process the Personal Data of any Data Subject. Data Subjects may also include citizens or residents of non-EU countries such as the United States—for example, if a U.S. citizen is temporarily living in the EU.

As it relates to Andrews Federal Credit Union, “Personal Data” means any information relating to an individual member, potential member, former member, joint account holder, beneficiary and, in limited circumstances, non-members. Personal Data includes but is not limited to your name, address, identification number (such as Social Security Number) and account number.

The GDPR also extends the definition of Personal Data to any information that could lead someone to identify an individual—for example, an IP address, which could determine your location. It also includes sensitive Personal Data such as genetic data and biometric data, all of which could be further used to uniquely identify an individual.

In terms of your relationship with Andrews Federal Credit Union, you will need to opt in to communications from us and confirm how you want to be contacted. If you want to continue being notified of the credit union’s promotions, you will need to opt in to receive those communications. In general, business emails cannot be sent to a European Union member who has not opted in. Visitors to our website will also have the option to consent to, or block Andrews Federal from using cookies to track their activity.

The Personal Data that we collect and process from or on you will vary based on the Andrews Federal services you choose to use. Personal Data is only collected and used when it is relevant to providing those products or services. Andrews Federal does not collect Personal Data that is not related to the financial services we provide you.

Examples of Personal Data we may collect include your name, address, date of birth, government identification number, contact information (phone number and email), signature, security questions and answers, current debt and income information, credit history and banking history, and transactional behavior information.

The Personal Data that we collect is used to identify you and maintain your account securely. We share this data with vetted third-party vendors only when it is necessary for our everyday business purposes to serve you, such as when issuing a new debit card, offering online banking services or processing account statements. Additionally, through the cookies on our website, Andrews Federal uses your unique information to enhance your browsing experience and to refine our marketing both to you and others like you.

We understand that the privacy of your Personal Data is very important to you, and Andrews Federal is, and has always been, fully committed to protecting and using the Personal Data of all individuals lawfully, fairly, transparently and securely. Andrews Federal has implemented appropriate technical measures to ensure a high level of information and data security. We also continually invest in testing and updating our security technology and processes to maintain a high level of security. Finally, independent auditors and examiners annually review Andrews Federal Credit Union's information security practices, further ensuring this high level of security.