Childrens Online Privacy Policy

Morgantown AES Federal Credit Union Children's Online Privacy Policy

Morgantown AES Federal Credit Union recognizes its responsibility to protect the privacy of our youngest members. Morgantown AES Federal Credit Union is committed to protecting our young members and other visitors as they visit our kids section of our website.

It is the intent of Morgantown AES Federal Credit Union to comply with the Children’s Online Privacy Act (COPPA) that governs and protects the privacy of our youngest members.

For purposes of this policy, our youngest members are children under the age of 13.

Definitions

Collects or collection means the gathering of any personal information from a child by any

means, including but not limited to:

(a) Requesting, prompting, or encouraging a child to submit personal information online;

(b) Enabling a child to make personal information publicly available in identifiable form. An

operator shall not be considered to have collected personal information under this paragraph if it takes reasonable measures to delete all or virtually all personal information from a child’s

postings before they are made public and to delete such information from its records; or

(c) Passive tracking of a child online.

Personal information means individually identifiable information about an individual collected online, including:

(a) A first and last name;

(b) A home or other physical address including street name and name of a city or town;

(c) Online contact information as defined in this section;

(d) A screen or user name where it functions in the same manner as online contact

information, as defined in this section;

(e) A telephone number;

(f) A Social Security number;

(g)          A persistent identifier that can be used to recognize a user over time and across different

websites or online services. Such persistent identifier includes, but is not limited to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or device serial number, or unique device identifier;

{h) A photograph, video, or audio file where such file contains a child’s image or voice;

(i) Geolocation information sufficient to identify street name and name of a city or town; or

(j) Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.

Online contact information means an email address or any other substantially similar

identifier that permits direct contact with a person online, including but not limited to, an instant messaging user identifier, a voice over internet protocol (VOiP) identifier, or a video chat user identifier.

Operator means any person who operates a website located on the Internet or an online

service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or

maintained, or offers products or services for sale through that website or online service, where such website or online service is operated for commercial purposes involving commerce:

(a)          Among the several States or with 1 or more foreign nations;

(b)          In any territory of the United States or in the District of Columbia, or between any such territory and

(1)          Another such territory, or

(2)          Any State or foreign nation; or

(c)          Between the District of Columbia and any State, territory, or foreign nation. This

definition does not include any nonprofit entity that would otherwise be exempt

from coverage under Section 5 of the Federal Trade Commission Act (15 U.S.C.45).

Personal information is collected or maintained on behalf of an operator when:

(a) it is collected or maintained by an agent or service provider of the operator; or

(b) the operator benefits by allowing another person to collect personal information directly from users of such website or online service.

Guidelines

Morgantown AES Federal Credit Union may collect information on, dates and times of visits, and number of page views. This information contains no personal information. It will only be

used to keep track of usage of our site, and it will help Morgantown AES Federal Credit Union to continue to improve the overall value of our site. Visitor information is never sold, given, or discussed with third parties.

BOARD RESPONSIBILITY

The Board of Directors is ultimately responsible for this Credit Union’s adherence to all applicable laws and regulations governing collection, use, or disclosure of personal information obtained from children via the Credit Union’s website or other online services, including social media platforms or mobile apps. For effective administration of this Policy, the Board designates Victoria Moore to direct the activities required to implement and maintain compliance with this Policy. The Board will review this Policy whenever a change in law or regulation requires a Policy review, the Credit Union changes its online information collection practices, or when a matter of noncompliance is brought to the Board’s attention by an employee, a member, legal counsel, or a person having audit or regulatory oversight, but no less frequently than annually.

OVERVIEW

The Board’s designee to direct activities related to this Policy is authorized to engage key Credit Union employees to develop, implement, and maintain appropriate detailed COPPA procedures, incorporating the following elements.

Definitions

Procedures will include clear definitions, as set out in the COPPA final rules, including, but not limited to, the following terms:

  • Child
  • Collects or Collection
  • Disclose or disclosure
  • Operatior
  • Personal Information
  • Release of personal information, and
  • Website or online service directed to children

Content

The following minimum compliance requirements will be considered when developing, implementing and maintaining COPPA procedures while also considering the Credit Union’s actual practices:

  1. Post a clear and comprehensive online privacy Policy describing our information practices for personal information collected online from children.
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
  3. Give parents the choice of consenting to our collection and internal use of a child’s information, but prohibiting us from disclosing that information to third parties (unless disclosure is integral to our site or service, in which case, we will make this clear to parents);
  4. Provide parents access to their child’s personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;
  6. Maintain the confidentiality, security, and integrity of information we collect from children, including taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  7. Retain personal information collected online from a child for only if is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.

 Guidelines and Practices

Guidelines and Practices

Procedures will incorporate the following guidelines and practices currently in use by this Credit Union.

The Credit Union may collect information on dates and times of visits, and number of page views. This information contains no personal information. It will only be used to keep track of usage of our site, and it will help the Credit Union to continue to improve the overall value of our site. Visitor information is never sold, given, or discussed with third parties.

When young members send us email with their personal information to answer a quiz, submit a story, send a recipe, etc., we will respond to their email as appropriate and then promptly delete the child’s email address.

We will not sell, give, or share their personal information to/with any third-party vendor or any other organization. We will not require a child to disclose more information than is reasonably necessary to participate in an activity.

We will use the “one-time contact” exception under the rule if we collect children’s on line contact information, and only this information, to enter them into a contest, and then only contact such children once the contest ends to notify them if they have won or lost. At that point, we will delete the online contact information we have collected.

If we expect to contact children more than one time, we must use the “multiple-contact” exception, for which we must also collect a parent’s online contact information and provide parents with direct notice of our information practices and an opportunity to opt out. In either case, we are prohibited from using the children’s online contact information for any other purpose, and we must ensure the security of the information, which is particularly important if the contest runs for any length of time.

If we wish to collect any information from children online beyond online contact information regarding contest entries – such as collecting a winner’s home address to mail a prize – we must first provide parents with direct notice and obtain verifiable parental consent, as we would for other types of personal information collection beyond online contact information. If we need to obtain a mailing address and wish to stay within the one-time exception, we may ask the child to provide his parent’s online contact information and use that identifier to notify the parent if the child wins the contest. In the prize notification message to the parent, we may ask the parent to provide a home mailing address to ship the prize, or invite the parent to call a telephone number to provide the mailing information.

 DISCLOSURES

This Credit Union is committed to protecting our youngest members and will comply with all COPPA notice requirements. Our COPPA notice will be clear and easy to read and will include the following information, as applicable:

  • A list of all operators (by name and contact information) collecting personal information;
  • The information collected by each operator and how that operator uses or discloses the information; and
  • The parents’ ability to review, delete or refuse further collection of a child’s personal information.

Our COPPA notice will also describe:

  • The types of personal information collected from children (for example, name, address, email address, hobbies, etc.);
  • How the personal information is collected, whether directly from the child or passively,

e.g., through cookies;

  • How the personal information will be used (for example, for marketing to the child, notifying contest winners, or allowing the child to make information publicly available through a chat room); and
  • Whether we disclose personal information collected from children to third parties. If we do, our Privacy Policy must list the types of businesses we disclose information to (for example, advertising networks) and how they use the information.

Our COPPA notice will tell parents:

  • That we won’t require a child to disclose more information than is reasonably necessary to participate in an activity;
  • That they can review their child’s personal information, direct us to delete it, and refuse to allow any further collection or use of their child’s information;
  • That they can agree to the collection and use of their child’s information, but still not allow disclosure to third parties unless that’s part of the service (for example, social networking); and
  • The procedures parents may follow to exercise their rights.

If we collect a child’s personal information for purposes of responding more than once to a specific request from the child, and where such information is not used for any other purpose, disclosed, or combined with any other information collected from the child, the Credit Union will provide parents with notice and the means to opt out of allowing the site’s future contact of the child. In providing such notice, the Credit Union will make reasonable efforts, taking into consideration available technology, to ensure that the parent receives appropriate notice and will not be deemed to have made reasonable efforts where the notice to the parent was unable to be delivered.

TRAINING

Employees involved in the design and administration of the Credit Union’s online services, including our website, social media platforms and mobile apps, will receive initial and periodic COPPA training, specific to each employee’s duties.

ADVERTISING

All advertising or marketing delivered online (via website, social media platforms or mobile apps) and targeted to children under the age of 13 must be reviewed and approved prior to publication by the Compliance Officer to ensure all COPPA requirements, notices, or restrictions have been considered and incorporated.