Eglin Federal Credit Union Privacy Policy

Gramm-Leach-Bliley Act Privacy Notice

The Gramm-Leach-Bliley Act requires financial institutions to provide members with a clear explanation of their information-sharing practices. This notice satisfies that requirement. Eglin Federal Credit Union does not sell member information to third parties for marketing purposes. We share member information only as permitted or required by law, and only to the extent necessary to service your accounts, process transactions, and comply with regulatory obligations.

Under the GLB Act, you have the right to limit certain types of information sharing. This policy describes those rights and how to exercise them. If you have questions about this notice, contact Eglin Federal Credit Union at (850) 862-0111 or visit any branch location.

What We Collect

Eglin Federal Credit Union collects personal and financial information necessary to provide banking services, comply with federal regulations, and protect member accounts. Categories of information we collect include:

• Identity information: Full legal name, date of birth, Social Security Number, government-issued identification number, mailing address, email address, and phone number.
• Account information: Account balances, transaction history, payment records, loan applications, credit reports obtained with your consent, and deposit and withdrawal activity.
• Device and access information: IP addresses, browser type, device identifiers, login timestamps, and geolocation data associated with online banking and mobile app sessions.
• Military-specific information: Military branch, rank, duty station, deployment status, and DFAS allotment data provided voluntarily by members to facilitate military banking services, SCRA protections, and deployment account holds.

We collect this information directly from members during account opening, loan applications, online banking enrollment, and phone or branch interactions. We also receive information from third parties including credit bureaus, identity verification services, and government agencies when required for regulatory compliance.

How We Use Member Information

Eglin Federal Credit Union uses member information for the following purposes:

• Processing transactions, maintaining accounts, and servicing loans.
• Verifying identity during account opening, login, and phone interactions.
• Detecting and preventing fraud, unauthorized access, and financial crimes.
• Complying with federal and state regulatory requirements, including Bank Secrecy Act reporting, OFAC screening, and IRS reporting.
• Administering SCRA protections for deployed service members, including interest rate caps and foreclosure protections.
• Communicating account statements, alerts, product updates, and service notifications.
• Evaluating creditworthiness for loan and credit card applications.
• Improving digital banking platforms, mobile app functionality, and member experience based on anonymized usage analytics.

How We Share Member Information

Eglin Federal Credit Union does not sell member information to third parties for marketing or any other purpose. We share information only in the following circumstances:

• Service providers: We share information with companies that perform services on our behalf, such as payment processors, check printers, data hosting providers, and fraud detection vendors. These companies are contractually required to protect member data and use it only for the services we engage them to provide.
• Legal and regulatory compliance: We disclose information when required by law, subpoena, court order, or regulatory examination. This includes reporting to the IRS, NCUA, FinCEN, and law enforcement agencies.
• Credit reporting: We report loan payment history and account status to credit bureaus as required by the Fair Credit Reporting Act.
• With your consent: We share information with third parties when you provide explicit consent, such as when you authorize an external ACH transfer or apply for a service offered through a credit union partner.

We do not share member information with non-affiliated companies for their own marketing purposes. We do not share information with affiliates for marketing purposes beyond what is permitted under the GLB Act.

Member Rights

As a member of Eglin Federal Credit Union, you have the following rights regarding your personal information:

• Right to access: You may request a copy of the personal information we hold about you. Submit requests in writing to our privacy office or call (850) 862-0111.
• Right to correction: You may request correction of inaccurate personal information. Update your address, phone, and email through online banking or at any branch.
• Right to opt out: You may opt out of receiving marketing communications from Eglin FCU by calling (850) 862-0111, visiting a branch, or updating your communication preferences in online banking. Opting out does not affect account-related communications required by law or regulation.
• Right to limit sharing: Under the GLB Act, you may limit certain types of information sharing with affiliated companies. Contact us at (850) 862-0111 to exercise this right.

California Consumer Privacy Act (CCPA) Disclosures

California residents who are members of Eglin Federal Credit Union may have additional rights under the California Consumer Privacy Act, to the extent the CCPA applies to activities not covered by the GLB Act exemption. These rights include:

• The right to know what personal information is collected, used, and shared.
• The right to request deletion of personal information, subject to legal and regulatory retention requirements.
• The right to opt out of the sale of personal information. Eglin Federal Credit Union does not sell personal information, so this right is satisfied by default.
• The right to non-discrimination for exercising CCPA rights.

California residents may submit CCPA requests by calling (850) 862-0111 or emailing our privacy office. We will respond within 45 days as required by law.

Cookies and Tracking Technologies

The Eglin Federal Credit Union website and mobile app use cookies and similar technologies for the following purposes:

• Essential cookies: Required for online banking functionality, session management, and security features including multi-factor authentication and device fingerprinting. These cannot be disabled without losing access to online banking.
• Analytics cookies: Used to understand how members interact with the website and app, including page views, navigation patterns, and feature usage. Analytics data is aggregated and anonymized. No personally identifiable information is included in analytics reports.
• Preference cookies: Store your language, accessibility, and display preferences across sessions.

Eglin Federal Credit Union does not use third-party advertising cookies or retargeting pixels. We do not track member activity across external websites. You may manage cookie preferences through your browser settings. Disabling essential cookies will prevent access to online banking.

Security Measures

Eglin Federal Credit Union protects member information through multiple layers of security:

• 256-bit TLS encryption for all data transmitted between your device and our servers.
• AES-256 encryption for data stored on our systems.
• Multi-factor authentication for online banking and mobile app access.
• Device fingerprinting and IP-based anomaly detection for login monitoring.
• Automatic session timeout after 10 minutes of inactivity.
• Real-time fraud monitoring with automated and human review of flagged transactions.
• Regular penetration testing and vulnerability assessments conducted by independent security firms.
• Employee access controls limiting data access to authorized personnel on a need-to-know basis.
• Annual security awareness training for all staff members.

For additional information about our security practices, visit our Security page. Report suspected unauthorized access immediately by calling (850) 862-0111.

Military-Specific Privacy Protections

Eglin Federal Credit Union recognizes the unique privacy needs of military members and their families. The following protections apply:

• SCRA privacy protections: Deployed service members' accounts are flagged for enhanced monitoring and restricted from certain collection activities as required by the Servicemembers Civil Relief Act. Deployment status information is treated as sensitive and is not disclosed to third parties except as required by law.
• Deployment communication restrictions: During confirmed deployment periods, marketing communications are suspended unless the member explicitly opts in. Account-related and security alerts continue without interruption.
• Power of attorney accommodations: Members who grant power of attorney to a spouse or family member during deployment can authorize limited information sharing with the designated representative. Authorization requires notarized documentation on file with the credit union.
• Address protection: Members may request that their physical address be suppressed from shared databases to the extent permitted by law, providing additional privacy for service members concerned about operational security.

Data Retention

Eglin Federal Credit Union retains member information for the duration of the member relationship and for the periods required by applicable regulations. Account records are retained for a minimum of five years after account closure, as required by Bank Secrecy Act record-keeping rules. Loan records are retained for the life of the loan plus seven years. Tax reporting records are retained per IRS requirements. After the applicable retention period expires, records are securely destroyed using methods that prevent reconstruction, including certified shredding for physical documents and cryptographic erasure for digital records.

Changes to This Policy

Eglin Federal Credit Union may update this privacy policy to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated to members via email notification, online banking message, or U.S. mail at least 30 days before the effective date. The current version of this policy is always available on this page with the effective date noted at the top. Prior versions are available upon request by contacting (850) 862-0111.

Contact Information

For questions about this privacy policy, to exercise your privacy rights, or to report a privacy concern:

• Phone: (850) 862-0111 — Monday through Friday, 8:00 AM to 5:00 PM CT; Saturday, 9:00 AM to 1:00 PM CT
• Mail: Eglin Federal Credit Union, Attn: Privacy Office, Fort Walton Beach, FL 32548
• Online: Contact Us page

You may also file complaints with the Consumer Financial Protection Bureau or the Federal Trade Commission if you believe your privacy rights have been violated.