Skip to main content.
Mobile Navigation
Link to CEFCU Home Page

If you are using a screen reader or other auxiliary aid and are having problems using this website, please contact us at 1.800.633.7077.

Visit our accessibility help page.

Notice at Collection for California Employees and Applicants

Citizens Equity First Credit Union (“CEFCU”) provides this Notice at Collection (“Notice”) for California Consumers to notify you of our privacy practices as required by the California Consumer Privacy Act, as amended (CCPA). For purposes of this Notice, when we refer to Consumers, we mean you as a potential, current, or former applicant, employee, or independent contractor. 

For additional information about the CEFCU’s data privacy practices, please review our Privacy Policy.

Categories of Personal Information Collected

We may collect or may have collected in the preceding 12 months the following categories of personal information:

Identifiers and personal information described in subdivision (e) of CA Civ Code Section 1798.80. This category includes names, addresses, unique personal identifiers, social security numbers, driver’s license or state identification numbers, passport numbers, telephone numbers, mobile numbers, email addresses, signatures, account names, dates of birth, bank account information, dependent and beneficiary information (names, dates of birth, and social security numbers), and other similar contact information and identifiers.

Protected Classification Information. This category includes characteristics of protected classifications under California or federal law.

Internet or Other Electronic Network Activity Information. This category includes, without limitation:

  • all activity on CEFCU’s information systems, such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames and passwords
  • all activity on communications systems, including phone calls, call logs, voice mails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding an employee’s use of CEFCU-issued devices

Geolocation Data. This category includes GPS location data from CEFCU-owned or CEFCU-issued mobile devices, applications, or vehicles.

Audio, Electronic, Visual, or Similar Information. This category includes, for example, information collected from cameras and similar devices.

Professional and Employment-Related Information. This category includes, without limitation:

  • data submitted with employment applications including employment history, employment recommendations, etc.
  • background check and criminal history
  • work authorization
  • professional licenses
  • educational degrees
  • fitness for duty data and reports
  • performance and disciplinary records
  • salary and bonus data
  • benefit plan enrollment, participation, and claims information
  • leave of absence information, including religious and family obligations, and physical and mental health data, concerning employees and their family members

Education Information. This category includes information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).

Sensitive Personal Information. This category includes sensitive information such as:

  • social security, driver’s license, state identification card, or passport number
  • financial account information that allows access to an account, including financial account numbers
  • precise geolocation
  • racial or ethnic origin
  • content of mail, email, and text messages (unless CEFCU is the intended recipient of the communication)
  • health information
  • information related to sex life or sexual orientation
  • information related to citizenship or immigration status

Inferences Drawn from the Personal Information in the Categories Above.  This category includes engaging in human capital analytics, including, without limitation, identifying correlations between certain characteristics and job success, analyzing data to improve retention, and analyzing employee preferences to inform HR policies, programs, and procedures.

CEFCU may add to the categories of personal information it collects and the purposes for which it uses that information.  CEFCU will inform you in the event it does so.

Purposes Personal Information, Including Sensitive Personal Information, Is Used

CEFCU collects and uses personal information for human resources, employment, benefits administration, health and safety, business-related purposes and for legal compliance. For example, we use your personal information for: 

  • Collecting and processing employment applications, including confirming eligibility for employment, background and related checks, onboarding, and related recruiting efforts.
  • Communicating with applicants about a current application or future job opportunities.
  • Processing payroll, other forms of compensation, and employee benefit plan and program design and administration including enrollment and claims handling and leave of absence administration.
  • Maintaining occupational health programs.
  • Maintaining personnel records and record retention requirements.
  • Communicating with employees and/or employees’ emergency contacts and plan beneficiaries.
  • Complying with applicable state and federal health, labor, employment, benefits, workers’ compensation, disability, equal employment opportunity, workplace safety, and related laws, guidance, or recommendations.
  • Preventing unauthorized access, use, or disclosure/removal of CEFCU’s property, including CEFCU’s information systems, electronic devices, network, and data.
  • Ensuring and enhancing employee productivity and adherence to CEFCU’s policies.
  • Providing training and development opportunities.
  • Investigating complaints, grievances, and suspected violations of CEFCU policy.
  • Complying with applicable state and federal Equal Employment Opportunity laws.
  • Designing, implementing, and promoting CEFCU’s diversity and inclusion programs.
  • Facilitating the efficient and secure use of CEFCU’s information systems.
  • Ensuring compliance with CEFCU information systems policies and procedures.
  • Improving safety of employees, members, and the public with regard to use of CEFCU property and equipment.
  • Improving efficiency and logistics.
  • Improving accuracy of time management systems and attendance, including vacation, sick leave, and other leave of absence monitoring.
  • Evaluating an individual’s appropriateness for a particular position at CEFCU, or promotion to a new position.
  • Managing member engagement and other legitimate business purposes.
  • Responding to and managing legal claims against CEFCU and/or its personnel, including civil discovery in litigation.
  • Facilitating other business administrative functions and strategic activities, such as risk management, information technology and communications, financial management and reporting, workforce and succession planning, merger and acquisition activities, and maintenance of licenses, permits and authorization applicable to CEFCU operations.

Sources of Personal Information. We may collect your personal information from the following sources:

  • You. We may collect Personal Information directly from you or your device, such as through your use of our website, facilities or systems, when you send us an email, contact us by phone, or otherwise communicate or interact with us. We collect information when you are an applicant for employment with us or employed by us.
  • Related Entities and Affiliates. We may collect information about you from our related parties and affiliates.
  • Social media and related services. We may collect information about you through your social media services consistent with your settings on such services.
  • Third parties. We may collect information about you from third parties such as your references, background check vendors, staffing agencies, clients, or other third-party sources that are lawfully entitled to share your data with us. This may include service providers or contractors who collect or process your PI on our behalf.

Retention. We retain your personal information for as long as is necessary in accordance with CEFCU’s data retention schedule.  We may retain your personal information for longer if it is necessary to comply with legal or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, enforce our legal agreements and policies, address other legitimate business needs, or as permitted or required by applicable law.  We may also retain your personal information in a deidentified or aggregated form so it can no longer be associated with you.  To determine the appropriate retention period for your personal information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we collect or process your personal information; and applicable legal requirements.  Personal information does not include certain categories of information, such as publicly available information from government records, and deidentified or aggregated consumer information. 

Disclosure.  To carry out the purposes outlined above, CEFCU may disclose personal information to service providers or other third parties, such as background check vendors, third-party human resources and information technology vendors, staffing vendors, information technology vendors, professional services providers, and state or federal governmental agencies. We may also disclose your personal information to third parties, if necessary, to: (1) comply with federal, state, or local laws; (2) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws; or (4) exercise or defend legal claims.

Lastly, we may transfer personal information to a third party as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control or acquires all or part of the assets of our business.

We may disclose or may have disclosed in the preceding 12 months the following categories of personal information to these categories of third parties:

Categories of Personal Information Categories of Third Parties to Whom Disclosed

Address and personal information described in subdivision (e) of CA Civ Code Section 1798.80– such as name, postal address, email address, phone number, account name, date of birth, Social Security number, driver’s license number, photograph, passport number, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers

NOTE: The information in this category may include the following elements of Sensitive Personal Information: Social Security number, driver’s license number, state identification card number, and/or passport number. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Protected status – such as citizenship, ethnic background, gender, or other similar identifiers

NOTE: The information in this category may include the following elements of Sensitive Personal Information: racial, ethnic, or national origin. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Commercial and Financial information – such as bank account details, credit history, income details or other similar identifiers

NOTE: The information in this category may include the following elements of Sensitive Personal Information: log-in, financial account in combination with any required security or access code, password, or credential allowing access to an account. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Education or professional and employment information, including veteran status or other similar identifiers

NOTE: The information in this category may include the following elements of Sensitive Personal Information: union membership. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Internet or other electronic network activity – such as browsing history, search history, a consumer’s interaction with an internet website, application, or advertisement

NOTE: The information in this category may include the following elements of Sensitive Personal Information: the contents of mail, email, or text messages, to which the business was not the intended recipient.

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Geolocation data

NOTE: The information in this category may include the following elements of Sensitive Personal Information: precise geolocation. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Audio, electronic, visual or similar information.

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Sensitive information

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

Inferences drawn from personal information – such as individual profiles, preferences, characteristics, behaviors or other similar identifiers

NOTE: The information in this category may include the following elements of Sensitive Personal Information: racial or ethnic origin, religious or philosophical beliefs, union membership, health information. 

Third parties as directed by you.

Affiliates.

Our business partners. For example, we might disclose your personal information to one of our business partners for payroll, employment, benefits, or leave purposes. 

Third parties that perform services on our behalf. For example, we may disclose information to certain service providers, information technology providers, payroll and benefits managers, and data storage companies. We might also authorize our service providers to collect personal information on our behalf.

Successors to all or portions of our business. If all or part of our business is sold, we may disclose personal information in preparation for or as part of that transaction.

Governmental entities, legal service providers.

CEFCU does not sell or share, as those terms are defined under applicable law, the above categories of personal information.  

CEFCU does not use or disclose your sensitive personal information for purposes that, with limited exceptions, are not necessary for the application or employment related purpose for which we collect it or as reasonably expected by an average individual in this context or for other permitted purposes under the CCPA or as authorized by regulation.

California Resident Individual Rights Requests. Individuals who are residents of the State of California have the following rights, subject to certain limitations.

Right To Know About Personal Information Collected or Disclosed. As a California resident, you have the right to request additional information beyond that disclosed above regarding the following, to the extent applicable:

  • the categories of Personal Information CEFCU collected about you
  • the categories of sources from which that Personal Information was collected
  • the business or commercial purposes for which that information was collected, sold, or shared
  • the categories of third parties to whom the information was disclosed
  • the specific pieces of Personal Information collected

Upon receipt of a verifiable Request to Know (see below), and as required by applicable law, we will provide a response to such request.

Right To Request Deletion of Your Personal Information. You have the right to request that we delete the Personal Information we collected or maintain about you. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records and will direct any service providers and contractors to whom we disclosed your Personal Information to also delete your Personal Information from their records.

There may be circumstances where we cannot delete your Personal Information or direct service providers or contractors to delete your Personal Information from their records. Such instances include, without limitation, when the information at issue is maintained: (a) to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company and compatible with the context in which you provided the information, or (b) to comply with a legal obligation. 

Upon receipt of a verifiable Request to Delete (see below), and as required by applicable law, we will provide a response to such requests.

Right to Request Correction. You have the right to request that the Company correct any inaccurate Personal Information we maintain about you, taking into account the nature of that information and purpose for processing it. Upon receipt of a verifiable Request to Correct (see below), and as required by the CCPA, we will provide a response to such requests.

Right to Non-Discrimination for the Exercise of Your Privacy Rights. We will not discriminate or retaliate against you for exercising any of the rights described above.

Submitting CCPA Rights Requests. To submit a CCPA Rights request, please contact CEFCU’s California Human Resources Manager by calling 800-633-7077 or emailing us at hrccpa@cefcu.com.

We reserve the right to only respond to verifiable Requests to Know, Delete, or Correct that are submitted as instructed. A verifiable consumer request is one made by any individual who is:

  • the individual who is the subject of the request,
  • an individual on behalf of the individual’s minor child, or
  • the authorized agent of the individual.

What to submit. If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the individual. In general, we may ask you to provide identifying information that we already maintain about you or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive Personal Information to verify your identity. We may not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  However, making a verifiable request does not require you to create an account with us.

Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond.  We will not use the Personal Information we collect from an individual to determine a verifiable request for any other purpose, except as required or permitted by law.

Our response. We reserve the right to charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will attempt to notify you as to why we made that decision and provide a cost estimate before completing your request. We will endeavor to respond to a verifiable request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

Authorized Agent. You may authorize a natural person or a business (the Agent) to act on your behalf. When you submit a Request to Know, Correct, or Delete, the Agent must provide proof that you gave the Agent signed permission to submit the request, and you either must (i) verify you own identity with the business or (ii) directly confirm with us that you provide permission to the Agent. However, these steps are not required when you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Spouses, Dependents, and Associates.  If you have knowledge that CEFCU collected personal information related to your spouse, dependent, or associate, please share a copy of this notice with all such individuals.

We reserve the right to amend this notice at any time without advance notice.  Please direct questions about this notice to CEFCU’s California Human Resources Manager by calling 800-633-7077 or emailing us at hrccpa@cefcu.com.

Last updated: 03/28/2024