CHILDREN’S ONLINE PRIVACY PROTECTION ACT POLICY (COPPA)

 

The Credit Union will comply with the Children’s Online Privacy Protection Act (COPPA) in the operation of online services and the website; and diligently protect the privacy of children under thirteen and the online collection of data and information from children using the website or service.

Applicability of COPPA

  1. The Credit Union will comply with COPPA requirements in its operation of a commercial website or an online service directed to children under thirteen that collects personal information from children, or in its operation of a general audience website and has knowledge that personal information about children under thirteen is being collected.

 

    1. Collection. The Credit Union is collecting information if the Credit Union:
      1. Requests, prompts or encourages the submission of information, even if it is optional;
      2. Allows information to be made publicly available before the Credit Union takes reasonable measures to delete all or virtually all personal information before postings are public and delete all information from the Credit Union’s records; or;
      3. Passively tracks a child online.

 

    1. Children’s Personal Information. The personal information that may be collected from children can include:
      1. Full name;
      2. Home address;
      3. Geolocation information sufficient to identify a street name and city or town;
      4. Online contact information;
      5. Telephone number;
      6. Social Security number;
      7. Photo, video, or audio file containing a child’s image or voice
      8. Persistent identifier that can be used to recognize a user over time and across different sites, including a cookie number, an IP address, a processor or device serial number, or a unique device identifier;
      9. Any information that allows someone to identify or contact the child; and
      10. Other data and/or facts that can be tied to individually identifiable information; including:
        1. Hobbies;
        2. Interests; and
        3. Information collected through cookies and other types of tracking mechanisms.

 

Privacy Notice for COPPA

 

    1. Content. The Credit Union’s Children’s Online Privacy Notice will be clearly written, understandable, and will contain:
      1. Credit Union’s name and contact information (address, telephone number and email address);
      2. Names of any other operator that may be collecting or maintaining children’s personal information;
      3. Kinds of personal information collected from children;
      4. How information is collected from children;
        1. If the information is collected directly from the child; and/or
        2. If the information is collected passively through cookies.
      5. How the Credit Union uses the child’s personal information it has collected, including the use of audio files and how they are appropriately deleted.
      6. The parent/guardian’s option to agree to the collection and use of their child’s information.
      7. If the information collected from children is disclosed to a third party; and if so: the kinds of business the third party is engaged in; the purpose for collecting the information and how it will be used; and a statement on the third-party agreements to maintain the confidentiality and security of the information.
      8. The parent/guardian’s right to opt-out of sharing the child’s information with third parties;
      9. The Credit Union will not require children to disclose more information than is reasonably necessary to participate in the Credit Union’s website or online service as a condition of participation; and
      10. The parent/guardian’s right to review the child’s personal information, ask to have it deleted, and refuse to allow any further collection or use of the child’s information.

 

    1. Placement.  The Credit Union will post a link to the Children’s Online Privacy Notice on the homepage of its website or online service and at each area where it collects information from children. The link will be clear and prominent.

 

 

Verifiable Parental Consent for COPPA

 

    1. Consent Requirement. Before collecting, using or disclosing personal information from a child, the Credit Union will obtain verifiable parent/guardian consent from the child’s parent/guardian. The Credit Union will make reasonable efforts (taking into consideration available technology) to ensure that before personal information is collected from a child, a parent/guardian of the child receives notice of the Credit Union’s information practices and consents to those practices.

 

    1. Third Party Consent. The Credit Union will give parents/guardians the option to agree to the collection and use of the child’s personal information without agreeing to the disclosure of that information to third parties. ValleyStar Credit Union does not need to get parental/guardian consent to release information to others who use it solely to provide support for the internal operations of the Credit Union’s website or service, including technical support.

 

    1. Renewed Consent. The Credit Union will send a new notice and request for consent to parents/guardians if there are material changes in the collection, use or disclosure practices to which the parent/guardian had previously agreed.

 

    1. Exceptions. Prior parent/guardian consent is not required when the Credit Union:
      1. Collects a child’s email address for the purpose of:
        1. Providing notice and seeking parent/guardian consent;
        2. Responding to a one-time request from a child and then promptly deleting it;
        3. Protecting the security or liability of the website or service; or to respond to law enforcement.
      1. Collects an audio file with a child’s voice when:
        1. It is collected solely as a replacement of written words, such as to perform a search or to fulfill a verbal instruction or request; and
        2. The recording is held only for a brief time and only for that purpose (not making any other use of the file before it is destroyed).
        3. The audio file exception would not apply when the Credit Union requests information via voice that would otherwise be considered personal information.

 

Parent/Guardian Information Request for COPPA

    1. Parent/Guardian Request. At a parent/guardian’s request, ValleyStar Credit Union will disclose the general kinds of personal information they collect online from children (for example, name, address, telephone number, email address, hobbies), as well as the specific information collected from their children who visit ValleyStar Credit Union’s website or service.
    2. Parent/Guardian Relationship Verification. The Credit Union will use reasonable procedures to ensure they are dealing with the child’s parent/guardian before they provide access to the child’s specific information.

 

Parent/Guardian Consent Revocation for COPPA

 

    1. Revocation. At any time, a parent/guardian may revoke his/her consent and request that the Credit Union delete any information the Credit Union may have retained.
    2. Timing. The Credit Union will promptly delete any information it has about a child after a parent/guardian revokes consent for ValleyStar Credit Union to collect and retain the information.