Skip to Sitemap
Andrews Federal Credit Union
  1. Home
  2. Privacy Center

European Union Privacy Notice

These documents explain how we collect and use your personal information for our European services.

Introduction

Andrews Federal Credit Union is a full-service financial institution with stateside locations in Washington, D.C., Maryland, Virginia and New Jersey, as well as overseas locations in Germany, Belgium and the Netherlands. We are a member-owned cooperative financial institution offering a wide variety of financial products and services to our members throughout the world.

Keeping your personal information safe and secure is Andrews Federal Credit Union’s top priority. Andrews Federal is fully committed to protecting and using the personal data of its members and all individuals lawfully, fairly, and transparently.

In addition to complying with United States privacy and data protection laws, Andrews Federal will also comply with the European Union’s General Data Protection Regulation (“GDPR”). This applies to all Andrews Federal members currently living in a European Union country.

This European Union Privacy Notice applies to any information relating to an identified or identifiable person in the European Union (generally someone living in the European Union) in the credit union’s capacity as either controller or processor of that personal information. The credit union does not apply the GDPR protections and standards to the information of individuals not living in the European Union.

For the purposes of this European Union Privacy Notice, the following definitions apply:

  • “Personal Data” means any information relating to an identified or identifiable individual potential member, member, former member, joint account holder, beneficiary, and in limited circumstances non-members. Personal Data includes but is not limited to your name, address, identification number such as Social Security Number, and account number.
  • “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or making available, alignment or combination, restriction, erasure, or destruction.

This European Union Privacy Notice generally describes Andrews Federal Credit Union’s policies and practices regarding its collection and use of your Personal Data, and summarizes your privacy rights under the GDPR. Because the GDPR is very lengthy and complex, this European Union Privacy Notice does not detail all GDPR privacy rights or the limits to those rights.

Data Protection Officer

Andrews Federal Credit Union has appointed an internal data protection officer whom you may contact if you have any questions or concerns about Andrews Federal personal data policies or practices, or its compliance with GDPR. The following is the contact information:

Andrews Federal Credit Union
Data Protection Officer
5711 Allentown
Suitland, Maryland
estegner@andrewsfcu.org

Collection and Processing of Personal Data

Andrews Federal Credit Union collects and processes Personal Data only to market and provide financial products and services to individuals, including but not limited to opening and maintaining deposit accounts, making personal loans, and providing payment services.

The credit union’s Personal Data subject to the GDPR is:

  1. Processed lawfully, fairly, and transparently;
  2. Collected for specified, explicit and legitimate purposes, and not further Processed in a manner incompatible with those purposes;
  3. Adequate, relevant and limited to what is necessary for the purposes for which they are Processed;
  4. Accurate, and where necessary, kept up to date;
  5. As soon as feasible, kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are Processed; and,
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical security measures.

Andrews Federal Credit Union also minimizes the risk to your rights and freedoms by not collecting or storing sensitive personal information about you, such as racial or ethnic origin, political opinions, or religious beliefs.

Legal Basis for Processing Personal Data

Andrews Federal Credit Union processes your Personal Data only to provide financial products and services the credit union has contractually agreed to provide you, where necessary with your consent, or to comply with laws.

Transferring Personal Data from the EU to the US

Andrews Federal Credit Union is headquartered in the United States, and the Personal Data we collect from you may be Processed in the United States. The United States has not received a finding of information security “adequacy” from the European Union under Article 45 of the GDPR. Therefore, Andrews Federal Credit Union relies on the specific grounds in GDPR Article 49 to transfer your Personal Data from the European Union to the United States. In particular, the credit union transfers Personal Data collected in the European Union to its Suitland, Maryland, headquarters for Processing only to provide financial products and services the credit union has contractually agreed to provide to you, where necessary with your consent, or to comply with laws.

Andrews Federal Credit Union applies appropriate safeguards to protect the privacy and security of your Personal Data while in transit to the United States.

Disclosure of Personal Data to Third Parties

Andrews Federal Credit Union discloses Personal Data to independent third parties only for the credit union’s everyday business purposes to serve you, including but not limited to account opening and maintenance, transaction processing, loan origination and processing, payment processing, credit bureau reporting, responding to court orders or valid subpoenas or other information requests, and to market the credit union’s products and services to you. For example, to process your debit or credit card transactions, the credit union must share your Personal Data with various payment network providers. Andrews Federal Credit Union never sells your Personal Data to third parties.

Data subject rights

Under the GDPR, you have the following rights regarding your Personal Data:

  • To confirm that the credit union is Processing your Personal Data;
  • To access your Personal Data;
  • To request correction of inaccurate Personal Data or to have incomplete Personal Data completed;
  • To require the erasure of your Personal Data, subject to United States record retention laws and regulations, which may require data retention for a specified time;
  • To block or restrict the Processing of your Personal Data;
  • To receive your Personal Data in a format which may be transferred to another company;
  • To object to a decision based solely on automated Processing or your Personal Data, including profiling, unless necessary for entering into, or performing, a contract between you and the credit union; and,
  • To file a complaint with your local European Union state data protection authority.

Personal Data of Children

Andrews Federal Credit Union Processes Personal Data of children under the age of 16 only with the written consent of the holder of parental responsibility over the child prior to Processing the child’s Personal Data. The credit union only Processes the Personal Data of a child over the age of 16 with that child’s explicit consent.

Security of your information

Your Personal Data is stored in a state of the art of data security center. Andrews Federal Credit Union has implemented appropriate technical and organizational measures to ensure a high level of information security appropriate to risks. We also continually invest in testing and updating our security technology and procedures.

It is the responsibility of all Andrews Federal Credit Union employees to protect and insure the confidentiality of all Personal Data, and the credit union regularly trains our employees on the importance of maintaining the privacy and security of your Personal Data. We are also committed to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Andrews Federal Credit Union’s information security policies, processes or technology do not guarantee the absolute security of your Personal Data. You should take all normal personal information security steps to protect your Personal Data. Slways use a secure password, and do not share your passwords, closing browsers after use, and not using public Wi-Fi networks.

Changes and updates to the Privacy Notice

Andrews Federal Credit Union reserves the right to amend this European Union Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended European Union Privacy Notice on our website. Please visit our website frequently to see the current European Union Privacy Notice that is in effect.

Questions, concerns or complaints

If you have any questions, comments, or concerns about your Personal Data and Andrews Federal Credit Union, or this European Union Privacy Notice, please contact Andrews Federal Credit Union’s Director of Information Risk.