Privacy


FACTS


What does FedTrust Federal Credit Union do with your personal Information
 

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all of the sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
 

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security Number and checking account information

  • credit history and employment information

  • Income and payment history
 

How?

All financial companies need to share members' personal information to run their everyday business - to process transactions, maintain member accounts, and report to credit bureaus. in the section below, we list the reasons financial companies can share their members' personal information, the reason FedTrust Federal Credit Union chooses to share, and whther you can limit this sharing.
 
Reasons we can share your information Does Connect Credit Union share? Can you limit this sharing?
For our everyday business purposes -
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus		 YES NO
For our marketing purposes -
to offer our product and services to you		 YES  NO
For joint marketing with other financial companies Yes Yes
For our affiliates’ everyday business purposes -
information about your transactions and experiences		 NO We don't share
For our affiliates’ everyday business purposes -
information about your creditworthiness		 NO We don't share
For our affiliates to market to you NO We don't share
For non-affiliates to market to you NO We don't share
 

Questions?

  Call 877-523-3110 or go to www.fedtrustfcu.com
 

To Limit Our Sharing

  Call toll-free 877-523-3110 or use the mail-in form.

 Please Note:
 If you are a new member, we can begin shring your information 30 days from thedate we sent this notice. When you are no longer our member, we  continue to share your information as described in this notice.

 However, you can contact us at any time to limit our sharing.
 
Who we are
Who is providing this notice? FedTrust Federal Credit Union
 
What we do
How does FedTrust Federal Credit Union protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does FedTrust Federal Credit Union collect my personal information? We collect your personal information, for example, when you:
  • Open an account or deposit money
  • Pay your bills or apply for a loan
  • Use your credit or debit card.

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit only
  • Sharing for affiliates everyday business purposes – information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for non affiliates to market to you

State laws and individual companies may give you additional rights limit sharing.
What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to everyone on your account.
 
Definitions
Affiliates
  • Companies related by common ownership or control. They can be financial or non-financial companies.
  • FedTrust Federal Credit Union has no affiliates.
Non affiliates
  • Companies not related by common ownership or control. They can be financial and non-financial companies.
  • FedTrust Federal Credit Union does not share with non-affiliates so they can market to you.
Joint Marketing
  • A formal agreement between non-affiliated financial companies that together market financial products or services to you.
  • Our joint marketing partners include:
    • FedTrust Federal Credit Union doest not share with non affiliates so they can market to you.
    • CUNA Mutual Group and its affiliates.

 

FedTrust Federal Credit Union (FTFCU) Remote (Mobile) Deposit Terms and Conditions

  • Purpose
    FedTrust Federal Credit Union (FTFCU) offers Mobile Deposit Service (Service) to enhance the Member(s) electronic banking experience. The Service enables you to use FTFCU’s Mobile Deposit Application and certain hardware (iPhone, Android, and/or other mobile devices) approved by FTFCU to (i) create electronic images of the front and back of certain paper items and (ii) transmit those images and other information, including, but not limited to, information captured from the magnetic ink recognition (“MICR”) line, to us for review and processing in accordance with this Addendum. “Electronic Item” means the electronic image of each Paper Item. After we receive your transmission, we will review each Electronic Item. For each Electronic Item that we determine is eligible for processing below, we will:

    1. Create a substitute check that we will present directly or indirectly to the financial institution (a) on which the original Paper Item to which the Electronic Item relates is drawn, or (b) at or through which the Paper Item is payable (each, the “Paying Financial Institution (FI)”); and/or
    2. Include the Electronic Item in an electronic file for presentment directly or indirectly to the Paying FI; or
    3. Present or post any Electronic Item for which we are the Paying FI.
  • Qualifications
    In order to enroll in the Service, you must be designated as an authorized signer or owner of a FedTrust Federal Credit Union Account (the “Account”) that is eligible for this service, be approved by FTFCU, and must accept this Addendum. By electronically accepting this Addendum during enrollment, you signify your acceptance of these Terms and Conditions.
  • Condition of the Service
    As a condition of using the Service, you shall maintain all Account(s) in good standing and comply with such restrictions on the Service as we may communicate to you from time to time.
  • Your warranties to FTFCU
    You represent and warrant to FedTrust Federal Credit Union that:FAILURE TO PROTECT YOUR HARDWARE AND SECURITY CREDENTIALS MAYALLOW AN UNAUTHORIZED PARTY TO ACCESS THE SERVICE AND TRANSMIT AN ELECTRONIC ITEM FOR DEPOSIT. ALL USES OF THE SERVICE THROUGH YOUR SECURITY CREDENTIALS WILL BE DEEMED TO BE USES AUTHORIZED BY YOU AND BINDING UPON YOU. YOU ASSUME THE ENTIRE RISK FOR THE FRAUDULENT OR UNAUTHORIZED USE OF YOUR SECURITY CREDENTIALS. YOU AGREE TO (i) EXERCISE RESPONSIBLE BEHAVIOR WHEN USING THE SERVICE (ii) FOLLOW THE INSTRUCTIONS AND RECOMMENDATIONS THAT FEDTRUST FEDERAL CREDIT UNION PROVIDES YOU WITH RESPECT TO THE SERVICE AND (iii) USE MAXIMUM CAUTION IN PROTECTING YOUR HARDWARE AND SECURITY CREDENTIALS FROM UNAUTHORIZED ACCESS. YOU AGREE TO NOTIFY FTFCU IMMEDIATELY IF YOU BECOME AWARE OF ANY LOSS OR THEFT OF, OR ANY UNAUTHORIZED USE OF THE SERVICE OR YOUR SECURITY CREDENTIALS.

    1. You will use the Service only for Paper Items that are as follows:
      • payable to you; or
      • payable to FedTrust Federal Credit
        Union;
        and
      • endorsed by you as follows:

      FOR MOBILE DEPOSIT ONLY AT FEDTRUST FCU
      JOHN Q. MEMBER (signature)
      123456789 (account or loan number)

    2. You will properly secure all hardware you use in connection with the Service (including, but not limited to, securing the hardware with Security Credentials to prevent unauthorized use). You will maintain control over and be responsible for secure retention, storage, and destruction of original Paper Items for which you have created an Electronic Item. After transmitting the Electronic Item to us, you will retain the original Paper Items for a minimum of five (5) calendar days, but no longer than fourteen (14) calendar days, from the transmission date (“Retention Period”). You will retain and store the original Paper Items in a secure and locked container that is only accessible by persons needing access to such Paper Ite0ms. During the Retention Period and upon our request, you agree to provide us with the original Paper Item(s). Once the Retention Period has expired, you will securely and irretrievably destroy original Paper Items from which you have previously created and submitted to us as an Electronic Item.
    3. You will not submit any duplicate Electronic Items to us.
    4. You will not deposit to your Account or otherwise negotiate any original Paper Item from which you have previously created and submitted to us as an Electronic Item, unless we have notified you that the Electronic Item is an Exception Item.
    5. You will transmit to us only Electronic Items that are suitable for processing, including, but not limited to, Electronic Items that are legible and contain machine- readable MICR data.
    6. You will review and verify for accuracy the information contained in the Electronic Item(s) before you transmit it to us.
    7. You agree to scan and deposit only “checks” as that term is defined in Federal Reserve Regulation CC (“Reg. CC”). When the image of the check transmitted to the FTFCU is converted to an Image Replacement Document for subsequent presentment and collection, it shall thereafter be deemed an ‘item” within the meaning of Articles 3 and 4 of the Uniform Commercial Code. The following items are items not acceptable for deposit and will be rejected:
      • Checks payable to any person or entity other than the person or entity that owns the account that the check is being deposited to.
      • Checks drawn on the member’s own account or member’s business affiliate’s account.
      • Checks containing an alteration on the front of the check or item, or which you know or suspect, or should know or suspect, are fraudulent or otherwise not authorized by the owner of the account on which the check is drawn.
      • Checks payable jointly, unless deposited into an account in the name of all payees.
      • Any third party check or check in which the payer is an insurance company.
      • Checks previously converted to a substitute check, as defined in Reg CC.
      • Checks drawn on a financial institution located outside the United States.
      • Checks that are remotely created checks, as defined in Reg. CC.
      • Any item that is stamped with a “non-negotiable” watermark or one that is marked “without recourse”.
      • Checks not payable in United States currency.
      • Checks dated more than six (6) months prior to the date of deposit (“stale dated checks”).
      • Check’s or items prohibited by FTFCU’s current procedures relating to the services or which are otherwise not acceptable under the terms of your FTFCU account.
      • Checks payable on site or payable through Drafts, as defined in Reg. CC.
      • Checks with any endorsement on the back other than that specified in this agreement. Checks that have previously been submitted through the Service or through a remote deposit capture service offered at any other financial institution.
      • Checks or items that are drawn or otherwise issued by the U.S. Treasury Department.
      • Traveler’s Checks, money orders, and U.S. Savings Bonds.
    8. Errors. You agree to notify FTFCU of any suspected errors regarding items deposited through the Services right away, and in no event later than 30 days after the applicable FTFCU account statement date. Unless you notify FTFCU within 30 days, such statement regarding all deposits made through the Services shall be deemed correct, and you are prohibited from bringing claim against FTFCU for such alleged error.
    9. You will not store or make a back-up copy of the Electronic Item(s).
  • Fees.
    The Service is provided at no charge to you. We may, upon at least thirty (30) days prior notice to you, to the extent required by applicable law, charge a fee for use of the Service. If you continue to use the Service after the fee becomes effective, you agree to pay the service fee that has been disclosed to you, as may be amended from time to time. Further, you will be required to designate an account at FedTrust Federal Credit Union from which fees for the Service will be debited (your “Billing Account”). Any applicable fees for the Service may be changed by us at our discretion at any time upon at least thirty (30) days prior notice to you, to the extent required by applicable law. If the Billing Account is closed, or if the Billing Account does not have sufficient available funds to cover the fees, you authorize us to charge any such fees to any other deposit account you maintain with us.
  • Creating and Transmitting Electronic tems to FTFCU.
    You shall use hardware approved (Android & iPhone devices) by FTFCU to create electronic images of checks that you wish to deposit to your Account by means of the Service, and to transmit your Electronic Items to us.
  • Processing Your Electronic Item(s).
    If you transmit your Electronic Item(s) to FTFCU before the cut-off time we separately disclose to you (the “Cut-Off Time”) on any Business Day, we Shall review and process your Electronic Item(s) on that Business Day. If you transmit your Electronic Item(s) to us after the Cut-Off Time on any Business Day we shall review and process your Electronic Item(s) on the next Business Day. Your Electronic Item(s) is deemed to have been received by the Credit Union when the Service generates a confirmation message.
  • Exception Items
    Each Business Day on which we review and process your Electronic Item(s), We will use commercially reasonable efforts to review each Electronic Item and to reject any Electronic Item that we in our sole discretion determine to be ineligible for the Service (each, an “Exception Item”). “Exception Item” includes, without limitation, an Electronic Item that (i) is illegible or contain MICR data that is not machine-readable, (ii) was previously processed as an Electronic Item, or (iii) is drawn on financial institutions located outside the United States and are not payable at or through a financial institution located within the United States, or (iv) is a transaction that is outside of your parameters. We will notify you of each exception Item via phone call or email at our discretion. If you wish to attempt to deposit any Exception Item to your Account, you shall do so only by depositing the original Paper Item on which the Exception Item is based or as otherwise agreed between us. Even if we do not initially identify an Electronic Item as an Exception Item the Electronic Item, substitute check, or the purported substitute check created by us nevertheless may be returned to us because, among other reasons, the Paying Financial Institution (FI) determines that such item or check is illegible or missing an image. Our failure to identify an Exception Item shall not preclude or limit the obligation of you to FedTrust Federal Credit Union under Paragraph J. If an item is returned for any reason, the item will be returned to you and your Account will be charged for the amount of the Substitute Check plus any associated fee as disclosed in the Credit Union’s Fee Schedule.
  • Deposits to the Account.
    Subject to the Credit Union’s right to identify and reject Exception Items, We shall be deemed to have accepted each Electronic Item that is not an Exception Item for deposit to the Account on the Business Day that we process the Electronic Item, provided its transmission to us is prior to the Cut-Off Time and is within the default daily deposit limit.
  • Security Procedures
    Any individual authorized by you to access the Service (a “User”) shall do so by entering a user name and a password, or other unique identifier that may be required (collectively referred to herein as “Security Credentials”). From time to time, we may require you to use additional security and authentication procedures, as specified in these TERMS AND CONDITIONS OF SERVICE.
  • Your Agreement to Indemnify FTFCU
    You will indemnify, defend, and hold harmless FedTrust Federal Credit Union, its affiliates and each of their respective directors, officers, employees, and agents (collectively in this Paragraph K, “Indemnitees”) from and against all liabilities, damages, claims, obligations, demands, charges, costs, or expenses (including reasonable fees and disbursements of legal counsel and accountants) awarded against or incurred or suffered (collectively, “Losses and Liabilities”) by Indemnitees arising directly or indirectly from or related to the following (except for Losses and Liabilities arising directly or indirectly from or related to our own gross negligence or willful misconduct):

    • Any negligent or intentional act or omission by you in the performance of your obligations under this Addendum, including, but not limited to, (i) duplicate scanning of the same original Paper Item, (ii) transmission of duplicate Electronic Items, (iii) calculation errors of deposit totals, (iv) numerical errors on deposit data entry, and (v) fraudulent or unauthorized use of your hardware or Security Credentials.
    • Any material breach in a representation, warranty, covenant, or obligation of you contained in this Addendum;
    • The violation of any applicable law, statute, or regulation in the performance of
    • FedTrust Federal Credit Union acting as a “reconverting bank” under the Check Clearing for the 21st Century Act through the creation of “substitute checks” or purported substitute checks using an Electronic Item or an illegible Electronic Item;
    • Our presenting to Paying FI an Electronic Item for payment; and
    • Your failure to (i) securely maintain your hardware or the original paper Items, or (ii) properly and timely dispose of original paper Items in accordance with Paragraph J.2, in which event such Losses and Liabilities shall include without limitation consequential damages.This Paragraph K shall survive the termination of the Service.
  • Termination
    You or we may terminate the Service at any time. In the event your use of the Service is terminated, we may require you to return any hardware that we provided to you free of charge. The Credit Union may terminate the use of Mobile Deposit if the member breaches these Terms and Conditions of Mobile Deposit for any unauthorized or illegal purposes.
  • Right to Audit
    We may periodically audit and verify your compliance with this Addendum. You agree to cooperate and provide information or documents, at your expense, as may be reasonably requested by FedTrust Federal Credit Union in the course of such audit.
  • Entire agreement; Conflicting Terms
    This Addendum forms part of and is incorporated by reference into FedTrust Federal Credit Union’s Membership Agreement, Truth in Savings (TIS) disclosure, and any other applicable Terms and Conditions, Disclosures, and Policies and Procedures. Except as amended by this Addendum, all applicable agreements and disclosures remain if full force and effect. In the event of any conflict between this Addendum and FedTrust Federal Credit Union’s Membership Agreement, TIS disclosures, other applicable Terms and Conditions, Disclosures, and Policies and Procedures this Addendum shall govern with respect to this Service (FTFCU Mobile Deposit).
  • You represent, agree and warrant you are not now engaged, and will not during the term of this Agreement engage, in any business that would result in you being or becoming a “money service business” as defined in the Federal Bank Secrecy Act and its implementing regulations.
  • You will not engage in any activity directly or indirectly related to the use of the Service that is illegal or fraudulent.
  • Compliance with Law.
    The Member shall comply with all laws, rules and regulations applicable to theMember, to the business and operation of the Credit Union, and to the FTFCU Mobile Deposit Capture Service, including, without limitation, Regulation CC, the Uniform Commercial Code and any rules established applicable to digital images. You shall have the responsibility to fulfill any compliance requirement or obligation that the Credit Union and/or you may have with respect to the Service under all applicable U.S. federal and state laws, regulations, including sanction laws administered by the Office of Foreign Assets Control, and other requirements relating to anti-money laundering, including but not limited to, the Federal Bank Secrecy Act, the USA Patriot Act and any regulations of the U.S. Treasury Department to implement such acts, as amended from time to time.
  • Enforceability.
    In the event that any provision of this Agreement shall be deemed to be invalid, illegal, or unenforceable to any extent, the remainder of the Agreement shall not be impaired or otherwise affected and shall continue to be valid and enforceable to the fullest extent permitted by law.
  • Deposits are not immediately available and are processed daily prior to the close of business. Please check your account online for availability of funds deposited before use. If you make a mobile deposit after 3:00 pm Monday-Friday, your deposit will be credited to your account on the following business day. Business days are Monday-Friday, excluding holidays. Each member approved for Remote Deposit will have a set deposit and number of item limit. Our maximum limits are listed below:
    • $5,000 per deposit
    • $5,000 per day
    • $25,000 within 30 days
    • 10 items per day

    We reserve the right to impose limits on the amount(s) number of deposits that you transmit using the Services and to modify such limits from time to time. The Credit Union will notify you via letter and/or e-mail prior to changing your group.

  • Funds Availability
    Funds will be made available to you in accordance with Regulation CC as follows;

    1. Your funds will be made available to you two (2) business days after the Electronic Item is credited to your account. */**
    2. If you have a new account, your funds may be held up to nine (9) business days from the credit date. */** * FTFCU has the right to refuse any Paper Item(s) submitted electronically. ** $200.00 will be released the next business day on any Paper Item(s) deposited electronically to a Transaction account.

 

IDENTITYX AUTHENTICATION SOFTWARE EULA TERMS AND PRIVACY NOTICE

CREDIT UNION agrees to require users who are authenticated using the IdentityX Software ("the End Users") to accept the terms of the following End User License Agreement, prior to their use of the IdentityX Software, or terms that provide equivalent protection to Daon, CU*ANSWERS, and the IdentityX Software

CREDIT UNION FURTHER AGREES THAT THESE TERMS ARE PRESENTED WITHOUT WARRANTY. NEITHER DAON NOR CU*ANSWERS PROVIDES LEGAL ADVICE, PROVIDE AN OPINION AS TO WHETHER THESE TERMS ARE SUFFICIENT TO CREDIT UNION IN THE JURISDICTION(S) WHERE CREDIT UNION DOES BUSINESS. CREDIT UNION SHOULD CONSULT WITH ITS OWN LEGAL COUNSEL REGARDING APPLICABLE CONSENT AND COMPLIANCE WITH BIOMETRIC LAWS IN THE JURISIDICTION(S) WHERE CREDIT UNION DOES BUSINESS.

IDENTITYX END USER LICENSE AGREEMENT

This is an Agreement between you the user of this Software (the Licensee) and CREDIT UNION (the Licensor). Clicking the "Accept" button and/or using the Software indicates acceptance of these license terms.

You have enrolled to use the IdentityX software ("the Software"). This software may be presented to you under a different brand identity (e.g. "MACO").

In order to use the Software, you must download the IdentityX Authenticator App on your mobile device.

Acceptance of this Software license is a precondition to downloading the IdentityX Authenticator App and use of the Software

"Software" refers to both the IdentityX software downloaded to mobile devices, including without limitation the IdentityX Authenticator App, and to the software resident on backend servers. This includes without limitation Software, including the object code and/or source code, functionality, concept, processes, internal structure, design, external elements, user interface, technology and documentation

1. LICENSE. Licensor hereby agrees to license the Software to Licensee, pursuant to the terms herein, for the purpose of online banking authentication only. Licensee may not remove copyright, trademark, trade secret, confidentiality and patent notices from Software. Licensee shall comply with all US import and export laws.

Licensee shall not modify, vary, enhance, reverse engineer, copy, sell, lease, license, sub-license or otherwise deal with the Software or any part or parts or variations, modifications, copies, releases, versions or enhancements of the Software or any supporting software or have any software or other program written or developed based on Software or its concepts. Licensee may not use Software for the purpose of developing competing software based on concepts, functions, or operations like those disclosed in the Software. This clause shall survive the termination of this agreement indefinitely.

2. CONFIDENTIAL INFORMATION. Licensee acknowledges that the Software and any and all information provided in connection therewith, is proprietary to, and forms part of, the confidential information of the Licensor or its licensors, as the case may be. The Licensee hereby agrees to maintain all confidential information of the Licensor in strictest confidence, not to disclose same to any third party, and to use all reasonable measures to prevent any unauthorized disclosure of thereof. This protection shall continue in force for the period of this license agreement and thereafter for a further period of six years.

3. INTELLECTUAL PROPERTY RIGHTS. Licensee only acquires the right under this Agreement to use the Software and all intellectual property rights in Software and all derivatives, enhancements and modifications belong to and shall remain vested in the Licensor or its licensors, as the case may be.

The Licensee undertakes not to copy the software nor otherwise reproduce nor allow a third party to do so, except to the extent and in the circumstances expressly required to be permitted by the Licensor by law, and to effect and maintain adequate security measures to safeguard the Software from access or use by any unauthorized person. The Licensee shall notify the Licensor immediately if the Licensee becomes aware of any unauthorized use of the whole or any part of the Software by any person.

4. WARRANTY. All Software is provided "as is" without any express or implied warranty of any kind. No liability is accepted by Licensor. Under no circumstances shall Licensor be liable for any special, consequential, direct or indirect loss or damage including without limitation, loss of profits, loss of data or loss of business opportunity.

5. LIABILITY. Licensee shall be liable for any breach of this Agreement and any damage caused.

6. TRANSACTIONS. Once the Software has been activated, any person who has stored their biometric information on the device will be able to access accounts using the device. CREDIT UNION does not recommend using the Software if Licensee shares the device or allows others to use the Software. Licensee is responsible for all transactions made using any form authentication stored on Licensee's device, and these transaction(s) will be considered authorized by Licensee even if the person conducting the transaction(s) did not have Licensee's authority or exceeded Licensee's authority.

7. TECHNICAL SUPPORT. For information or technical support for the Software please contact CREDIT UNION.

8. MISCELLANEOUS. The relationship between Licensor and Licensee is that of independent contractors. The invalidity or unenforceability of any term of, or any right arising pursuant to, this Agreement for any reason whatsoever shall not affect the validity or enforceability of the remaining terms or rights which shall continue in full force and effect. This Agreement shall constitute the entire extent of the Agreement between the parties regarding its subject matter and supersedes any prior agreement understanding, arrangement, statement or representation made between them whether oral or in writing. Licensee hereby acknowledges that unauthorized disclosure or use of Software may cause immediate and irreparable harm to Licensor. Accordingly, Licensor will have the right to seek and obtain preliminary and final injunctive relief to enforce this Agreement in case of any actual or threatened breach, in addition to other rights and remedies that may be available to Licensor.

9. NOTICES. Any notices and other communications required or permitted to be given under this Agreement shall be in writing and delivered by mail or electronic means, and shall be effective when received, with evidence of receipt.

10. LAW AND JURISIDICTION. The construction, validity and performance of this Agreement is governed by the laws of the Commonwealth of Virginia.

PRIVACY NOTICE

1. ABOUT DAON AND THIS NOTICE. Daon is a privately held software company that has pioneered methods for securely and conveniently combining biometric and digital identity capabilities with large-scale deployments that span payments verification, digital banking, wealth, insurance, telcos, and securing borders and seamless travel. Daon creates products to help manage identities in six continents, across the full digital identity lifecycle including onboarding, authentication, and recovery, thus reducing the threat of biometric security breaches and fraud. Throughout the world, Daon has developed identity assurance software that allows government and commercial enterprises to establish trust that someone is who they claim to be.

The Daon biometric research team works in the area of face biometrics, voice biometrics, machine learning, artificial intelligence, computer vision, speech recognition, security, and related scientific disciplines.

2. DAON’S DATA VALUES. Daon understands that you entrust us with your personal information with the expectation that it will be used only for specific purposes. We respect your expectation and place a high priority on protecting this information by limiting its use.

At Daon, protecting your privacy is fundamental to the way our company and its affiliates conduct our business.

3. SCOPE OF THIS PRIVACY NOTICE. This Privacy Notice (Notice) applies only to the personal information collected by the Application both within the Application and when accessing services online, through Daon's websites. In the U.S. this Privacy Notice is provided by Daon Inc ("Daon," "us," "we," or "our"). We collect and process information about you as described in this Privacy Notice ("Notice"). We are committed to protecting the privacy of those with whom we interact. This Notice contains details about how we collect, use, and share Personal Information that we obtain from and about you when you use the Application. This Notice does NOT apply to any other interactions you have with Daon. Please read this Notice carefully.

4. CHANGES TO THIS PRIVACY NOTICE. This Notice reflects our privacy practices and standards as of March 2021 (the “Effective Date”). We may update this Notice from time to time. The current Notice will be effective when posted. Please check this Notice periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Notice by posting an update. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle personal information previously collected from you. If you do not provide such consent, personal information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.

5. DATA CONTROLLER. For the purposes of this Notice, Daon is the controller for the personal information we process, unless otherwise stated. For all data protection enquiries and/or concerns in connection with EU privacy rights please contact our Data Protection Officer at privacy@daon.com or any of the other ways to contact us in Section 16 as might apply to you.

6. SOURCES OF PERSONAL INFORMATION. Personal information refers to any information relating to an identified or identifiable natural person or household.

We collect information about you and how you interact with us in several ways, including:

Information you provide to us directly. We collect the information you provide to us directly, such as when you provide information in the Application or contact us.
Information automatically collected or inferred from your interaction with us. We automatically collect technical information about your interactions with us (such as IP address, mobile device make, model and version, and browsing preferences).

We may combine information that we receive from the various sources described in this Notice and use or disclose it for the purposes identified below.

7. SHARING OF PERSONAL INFORMATION. At Daon, we only share personal information in ways that we tell you about as described throughout this Notice. We do not sell or rent personal information to businesses for commercial purposes and we do not share personal information with third parties except as described in this Notice.

If we intend to process your personal information for any additional purpose(s), we will provide you with information on the other purpose(s) and seek your prior consent, as required by applicable law.
The personal information we share includes the personal information described above.

Third Party Service Providers with your prior consent. To support the services, we offer to you, we will disclose your personal information to a third party with your consent.
Third Party Service Providers. To support the services, we offer to you, we share personal information with service providers that help us with our business activities and services within the Application. We may share your personal information with third party service providers working on our behalf in order to facilitate our interactions with you or request or support our relationship with you, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, analytics companies, and marketing providers (e.g., we may share your email address with our outbound email marketing provider). We may contract with other companies to provide certain services, including identity verification, email distribution, market research, promotions management, and payment processing. We provide these companies with only the information they need to perform their services and work with them to ensure that your privacy is respected and protected.

Affiliated businesses. To provide the Application Services, we may share your personal information within our group of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership for the purposes described above.

Law Enforcement. To support law enforcement activities, we may share your personal information with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Use and other agreements; and to protect our rights and our property or safety of our users or third parties.

Safety, Fraud and Government Requests. Protection and Safety, such as to comply with legal requirements; protect our safety, our property or rights of those who interact with us, or others; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.

Corporate Transactions. In connection with a corporate transaction: If we sell some or all of our assets, merge or are acquired by another entity, including through a sale or in connection with a bankruptcy, we will share your personal information with that entity.

With Your Consent. We may share your personal information with other third parties with your consent.

De-identified, anonymized, or aggregate data. We may share this data that no longer constitutes personal information in certain jurisdictions with third parties for any purpose as legally permissible.

8. INDIVIDUAL CHOICES: RIGHTS AND ACCESS TO INFORMATION.

Access, Revision, Deletion. Under applicable privacy law, you may have a right to request a copy of information about you held by Daon. You may also have the right to revise, correct, or delete such information. Your rights to such information may be subject to limited legal and regulatory restrictions. See "Exercising Individual Rights" below.

Objection to Processing and Additional Rights. Under applicable privacy law (e.g. European data privacy law), where Daon relies on legitimate interest or public interest to process information, individuals can formally object to processing of their information.

In certain circumstances under applicable law, you may have the additional right to restrict aspects of the processing of your information or ask for a copy of your data to be provided to you, or a third party, in a digital format. See "Exercising Individual Rights" below.

Choices about Marketing. Under applicable privacy law (e.g. European data privacy law), you may have the right to object to information being used for the purposes of direct marketing. Where this right applies, please use the "opt-out" or "unsubscribe" functionality in communications, or, if you have registered online or through any of Daon's resources and have a user account, you can update your information and preferences here. See "Exercising Individual Rights" below.

Exercising Your Individual Rights. We provide you with certain choices regarding the use of your personal information. If you wish to access, correct, delete or update your personal information, restrict or object to processing or exercise a right to data portability (where technically feasible) please contact us using the information in Section 16. We will respond to reasonable requests in accordance with relevant data protection laws.

Under the California Consumer Privacy Act 2018 ("CCPA"). California residents have specific rights regarding their personal information held by private companies. California residents can reference their detailed applicable rights under "California Privacy Notice".

9. SECURING YOUR INFORMATION. Daon takes safeguarding your personal information seriously. We have implemented commercially reasonable technical and organizational security measures designed to protect personal information against loss, misuse, and unauthorized access, alteration, disclosure, or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal information and will restore the availability and access to data in a timely manner in the event of a physical or technical incident.

Daon understands that, while we have implemented security measures, there is no such thing as perfect security. Although we strive to protect your information, we cannot guarantee your information will never be disclosed in a manner inconsistent with this Notice. If a breach of your personal information were to occur, we will notify you promptly, as required by applicable law.

Daon expects you to be responsible for the security of your personal information by taking precautionary measures, such as keeping any account password/PIN (if applicable) confidential and using secure wireless connections.

10. RETENTION. We will retain your personal information, for no longer than is necessary to enable you to use the Application, and to comply with our legal obligations, resolve disputes, enforce our agreements and for other business reasons permitted by applicable laws and regulations. In any event, we will retain your information for the period stated in our retention schedule, at which point Daon will take steps to dispose of your personal information securely and permanently, according to applicable laws and regulations.

Even if we delete your information from active databases, the information may remain on backup or storage media to the extent allowed by applicable data protection laws and regulations.

11. CHILDREN’S PRIVACY. Interactions with us are intended for individuals 16 years of age and older. Our interactions are not directed at, marketed to, nor intended for, children under 16 years of age. We do not knowingly collect any information, including personal information, from children under 16 years of age. If you believe that we have inadvertently collected personal information from a child under the age of 16, please contact us at the address below and we will use reasonable efforts to delete the child's information from our databases. In all cases where we may inadvertently be provided with personal information
relating to children, the information in the relevant parts of this Notice applies to children, as well as adults.

12. CONTACT US. If you have any questions about this Notice, our data handling practices, or your dealings with the Application, you can contact us at:

EMAIL: privacy@daon.com
U.S. MAIL: 4097 Monument Corner Drive, Suite 550. Fairfax, VA 22030

13. CALIFORNIA PRIVACY NOTICE. If you reside in California, we are required to provide additional information to you about how we collect, use, and disclose your information, and you may have additional rights with regard to how we use your information. This section of the Notice is the Privacy Notice statement required by the California Consumer Privacy Act ("CCPA"), which supplements, and is to be read in conjunction with, the information contained in this Privacy Notice. The information in this section applies solely to visitors, users, and others who reside in the State of California.

California Personal Information. Consistent with what is disclosed in our Notice within, we may collect certain categories of information about California residents:

o Collection and Use of Personal Information. We collect information from you when you use our Application and visit our websites, and when you provide your information to us.

o Categories of Personal Information We Have Collected in the Preceding 12 Months. In the past 12 months, we have not collected personal information relating to California residents.

o Categories of Sources for the Collection of Personal Information. The categories of sources from which we collect personal information depends on our relationship or interaction with a specific California resident and the business purpose for which the personal information is collected. We may collect personal information directly from California residents through our Application, the use of our websites, or over the phone from when you contact us.

o Business Purposes for the Collection of Personal Information. Our business purposes for using your personal information depend on who you are and how we interact with you. We will use personal information relating to California residents to operate, manage, and maintain our Application and to provide our services, including the following:

▪ Send you communications about the services you requested
▪ Fulfill customer service requests, such as troubleshooting the Application
▪ Conduct scientific research for purposes to develop and train algorithms including biometric algorithms for the purpose of advancing Daon's authentication capabilities within Daon products to improve our solution.
▪ Authenticate your identity to allow us to fulfill your request for access, correction, or deletion of your personal information.

o Categories of Third Parties to whom we have shared Personal Information. We do not sell or rent personal information to businesses for commercial purposes and we do not share personal information with third parties that are not owned by us or under our control or direction except as described in this Notice. The personal information we share may identify you or may include biometric information such as images and voice recordings about you. The categories of third parties we may share your personal information with includes:

▪ Service Providers to support the services we offer to you.
▪ Government Authorities to respond to lawful requests.
▪ Law Enforcement to support law enforcement activities; and
▪ Other third parties to support merger, acquisitions, divestitures, or asset sales.

o Do Not Sell My Personal Information. Daon does not "sell" personal information and has not "sold" personal information relating to California residents, including within the meaning of the CCPA within the past 12 months. For purposes of this Disclosure, "sell" or "sold" means the disclosure of personal information for monetary or other valuable consideration.

o California Consumer Rights. Subject to certain exceptions, as a California resident, you may have the following rights to your CA personal information:

▪ Right to Access: Request access to your CA personal information that we have collected, used, disclosed, or sold within the preceding 12 months; and
▪ Right to Deletion: Request deletion of your CA personal information. If you request deletion of your CA personal information, to the extent permitted by applicable law, we may be required to retain some of your CA personal information, and certain CA personal information is strictly necessary in order for us to fulfill the purposes described in this Privacy Notice.

o Exercising Your Rights. You may submit a request to exercise your Californian privacy rights by contacting us by one of the methods in Section 16 that apply to you. We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. When making a request, please provide your first and last name, email address and type of request you are making.

o Verification. In order to exercise your rights, we will need to obtain information to locate you in our records or verify your identity depending on the nature of the request. If you are submitting a request on behalf of a household, we will need to independently verify each member of the household. For a Specific Pieces Report, we will request Personal Information sufficient to verify your identity to a reasonably high degree of certainty and will seek a signed declaration, under penalty of perjury, that you are who you say you are. In most cases, we will seek to match at least three data points to information we already have about you for this verification process. For a Categories Report or a Request to Delete, we will request Personal Information sufficient to verify your identity to a reasonable degree of certainty. In most cases, we will seek to match at least two data points to information we already have about you for this verification process.

In certain circumstances, we may require additional or different data in order to verify your identity. If you make a request (1) for a Specific Pieces Report, (2) as an authorized agent, or (3) on behalf of a household, we will contact you via email following your initial request to obtain information specifically needed for your type of request.

o Authorized Agents. Authorized agents may exercise rights on behalf of consumers. If you are an Authorized Agent, we will request proof from you that you are authorized to act on behalf of the consumer (such as a written and signed authorization from the consumer) and may also seek to verify the consumer as described above, or we will accept a legal Power of Attorney under the California Probate Code. We will also require evidence of your (the agent's) identity and proof of registration with the California Secretary of State.

o Non-Discrimination. You have the right to be free from unlawful discrimination for exercising your rights under the CCPA. We will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, or in connection with promotions and other offerings, based upon you exercising your rights with respect to your CA personal information.

o Timing. We will respond to Requests to Delete and Requests to Know within 45 calendar days, unless we need more time, in which case we will notify you and may take up to 90 calendar days total to respond to your request.

o Access Notice in Alternative Formats. California residents who need assistance accessing the notice in an alternative format can contact us using one of the methods described in this Notice.

o California Shine the Light. If you are a California resident, you may opt out of sharing your Personal Information with third parties for the third parties' direct marketing purposes. Please contact us at info@daon.com if you would like to do so.