Privacy Disclosure

What Does Mid American Credit Union Do With Your Personal Information?

Rev. Date 9/14

Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social security number Account balances Transaction history Credit scores Checking account information Employment information When you are no longer our customer, we continue to share your information as described in this notice.
How?	All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information, the reasons Mid American Credit Union chooses to share, and whether you can limit this sharing.

Reasons We Can Share Your Personal Information	Does Mid American Credit Union Share?	Can You Limit This Sharing?
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	Yes	No
For our marketing purposes – to offer our products and services to you	Yes	No
For joint marketing with other financial companies	Yes	No
For our affiliates’ everyday business purposes – information about your transactions and experiences	Yes	No
For our affiliates’ everyday business purposes – information about your creditworthiness	No	We Do Not Share
For our affiliates to market to you	No	We Do Not Share

What We Do
How does Mid American Credit Union protect my information?	To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. We also maintain other physical, electronic and procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.
How does Mid American Credit Union collect my information?	We collect your personal information, for example, when you Open an account Pay your bills Apply for a loan Provide your mortgage information Show your driver's license We also collect your personal information from others such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?	Federal law gives you the right to limit only Sharing for affiliates’ everyday business purposes –information about your creditworthiness Affiliates from using your information to market to you Sharing for non-affiliates to market to you State laws and individual companies may give you additional rights to limit sharing. (See below for more on your rights under state law.)

Definitions
Affiliates	Companies related by common ownership or control. They can be financial and non-financial companies. Our affiliates include: Credit Union Service Center.
Non‑Affiliates	Companies not related by common ownership or control. They can be financial and non-financial companies. Mid American Credit Union does not share with non-affiliates so they can market to you.
Joint Marketing	A formal agreement between non-affiliated financial companies that together market financial products or services to you. Our joint marketing partners include insurance companies and investment companies.

Other Important Information
For Alaska, Illinois, Maryland, and North Dakota Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. For California Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with California privacy laws that apply to us. For Massachusetts, Mississippi and New Jersey Members. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing without your authorization. For Vermont Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization, and we will not share personal information with affiliates about your creditworthiness without your authorization. Mobile App Collected Information: We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device's geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).

Other Important Information

For Alaska, Illinois, Maryland, and North Dakota Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization.

For California Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with California privacy laws that apply to us.

For Massachusetts, Mississippi and New Jersey Members. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing without your authorization.

For Vermont Members. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing without your authorization, and we will not share personal information with affiliates about your creditworthiness without your authorization.

Mobile App Collected Information:
We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device's geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).

Mid American Credit Union COPPA Privacy Disclosure

Last modified: July 26, 2019
Mid American Credit Union values the privacy of children and of all of its users. This COPPA Privacy Policy (“COPPA Policy”) is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”) and contains important information about how we collect, use, and disclose the personal information we collect from children under thirteen years old who use the Mid American Smart Start mobile application, provided on our Site (the “Services”). Mid American Credit Union partners with a third party to provide the (hosted on secure isolated servers). In the course of providing these Services, Mid American Credit Union may come into contact with information, including personal information, from the participate. The solution may be used by children under 13. This COPPA Privacy Policy applies to the information we collect from children under 13 through Mid American Smart Start directed towards children. Mid American Credit Union will handle children’s personal information as described in this COPPA Policy. Any personal information we collect about other users (e.g., teens and adults) will be treated in accordance with the Mid American Credit Union Privacy Policy (“Privacy Policy”). The use of our Site and any dispute over privacy, is subject to this COPPA Policy, the Privacy Policy, and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service and Privacy Policy are incorporated by reference into this COPPA Policy. Who Will Collect Information About Children? Mid American Credit Union operates the Site and Services and will collect children’s personal information as described in this COPPA Policy and our Privacy Policy. We can be contacted at: Mid American Credit Union 8404 W Kellogg Drive Wichita, KS 67209 (800) 366-6228 contactcenter@midamerican.coop Mid American Smart Start financial education solutions are offered in conjunction with an outside partner. They will have access to the data provided by your child but are contractually obligated to not disclose the data to any other third party or unauthorized individuals Mid American Credit Union may provide partners with aggregate or de-identified information about users. What Information Do We Collect About Children and Why? As described in further detail below, we collect some personal information from children so that we can track their utilization of the product and track rewards. Data is retained to provide financial management services to the child. How Information is Collected? As a parent you will register the child and provide information about the child. In addition, we may collect information about children directly from children, as well as automatically through a child’s use of our Site and Services. We will not require a child to disclose more information than is reasonably necessary to use our Services. A copy of a notice of our privacy policies practices as posted at the bottom of all pages within Mid American Smart Start. From children under 13, we utilize the date of birth to verify the child’s age. We collect the child’s first name. We do not ask for the child’s last name. As a parent you create the account and register the child to utilize the solution. This includes creating a username and password and registering the child’s device. When registering the child, we will track the mobile device they are utilizing so that notifications can be sent from the child to the parent. We may also collect additional demographic information (such as race and gender) from the parent. Parents may opt to stop collecting information by product by contacting the Mid American Credit Union at contactcenter@midamerican.coop or calling (800) 366-6228, however, this will prevent the utilization of the service. Upon termination of services all children’s data will be purged from the solution. Information We Collect Automatically We may automatically collect the following information about a child’s use of our Site through cookies and other technologies: domain name; browser type and operating system; web pages viewed; links clicked; buttons clicked; the length of time spent on our Site; the length of time our solution was utilized; Google Analytics statistics; the referring URL, or the webpage that led the child to our Site; device name and model; operating system type, name, and version; and activities within our Site. We may also collect IP address, push notification ID, device identifier or a similar unique identifier from users of our product, including children; we only use such identifiers to support the internal operations of our product and we do not use such identifiers to collect information about the child outside of our Site. Other Information We Collect About Children We collect information about children’s performance and activities on our Site, including financial performance. This information is for internal use only and will not be disclosed to other entities; however, we do not use this information in personally identifiable form for our own commercial purposes. Before we analyze or use any activity data for our own commercial purposes, we de-identify and/or aggregate such information. How We Use Children’s Information We use personal information collected from children for the following purposes: To provide our Services; and To respond to customer service and technical support issues and requests. We de-identify and/or aggregate the information we collect from children under 13 before we use it for any other purposes, as noted below. Unique Identifiers. We only collect and use unique identifiers, such as IP addresses, as necessary to operate our Site or Services, including to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users and our Site and Services. We never use unique identifiers to track users across third-party apps or websites. Aggregate or De-identified Information. We may use aggregate or de-identified information about children for research, analysis, and similar purposes. When we do so, we strip out names, e- mail, contact information, and other personal identifiers. We may use aggregate or de- identified information for the following purposes: To better understand how users’ access and use our Site and Services; To improve our Site and Services and respond to user desires and preferences; and To conduct research or analysis, including research and analysis by third parties. How We Share Children’s Information We do not sell children’s personal information, and a child may not make his or her personal information public through our services. In general, we may disclose the personal information that we collect about children to provide our Services, to comply with the law, and to protect Mid American Credit Union and other users of our Services. For example, we may share children’s personal information as follows: Service Providers. We may disclose the information we collect from children to third- party vendors, service providers, contractors, or agents who perform functions on our behalf. Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected from our users to the other company. In Response to Legal Process. We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process. To Protect Us and Others. We also may disclose the personal information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, Privacy Policy, or this COPPA Policy, or as evidence in litigation in which Mid American Credit Union is involved. With Parents. Parents may request information about the information we have collected from their child by contacting us at contactcenter@midamerican.coop. Aggregate and De-Identified Information. We may also use and share aggregate or de-identified information about users with third parties for marketing, research, or similar purposes. Your Rights to Review, Delete, and Control Our Use of Children’s Personal Information Parents have a right to review the information we have collected about their children, respectively, and to delete it, and to tell us to stop using it. To exercise these rights, you may contact us at contactcenter@midamerican.coop. You will be required to authenticate yourself as the child’s parent to receive information about that child. Please note that copies of information may remain in cached or archived form on our systems after you request us to delete it. Parents may login to the product at any time and review the information entered by their children. Changes to This COPPA Policy This COPPA Policy is current as of the Effective Date set forth above. We may change this COPPA Policy from time to time, so please be sure to check back periodically. We will post any changes to this COPPA Policy on our Site, at www.midamerican.coop. If we make any changes to this COPPA Policy that materially affect our practices with regard to the personal information we have previously collected from a child, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.

Last modified: July 26, 2019

Mid American Credit Union values the privacy of children and of all of its users. This COPPA Privacy Policy (“COPPA Policy”) is designed to comply with the Children’s Online Privacy Protection Act (“COPPA”) and contains important information about how we collect, use, and disclose the personal information we collect from children under thirteen years old who use the Mid American Smart Start mobile application, provided on our Site (the “Services”). Mid American Credit Union partners with a third party to provide the (hosted on secure isolated servers). In the course of providing these Services, Mid American Credit Union may come into contact with information, including personal information, from the participate. The solution may be used by children under 13. This COPPA Privacy Policy applies to the information we collect from children under 13 through Mid American Smart Start directed towards children. Mid American Credit Union will handle children’s personal information as described in this COPPA Policy. Any personal information we collect about other users (e.g., teens and adults) will be treated in accordance with the Mid American Credit Union Privacy Policy (“Privacy Policy”). The use of our Site and any dispute over privacy, is subject to this COPPA Policy, the Privacy Policy, and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. Our Terms of Service and Privacy Policy are incorporated by reference into this COPPA Policy.

Who Will Collect Information About Children?

Mid American Credit Union operates the Site and Services and will collect children’s personal information as described in this COPPA Policy and our Privacy Policy. We can be contacted at:

Mid American Credit Union

8404 W Kellogg Drive

Wichita, KS 67209

(800) 366-6228

contactcenter@midamerican.coop

Mid American Smart Start financial education solutions are offered in conjunction with an outside partner. They will have access to the data provided by your child but are contractually obligated to not disclose the data to any other third party or unauthorized individuals Mid American Credit Union may provide partners with aggregate or de-identified information about users.

What Information Do We Collect About Children and Why?

As described in further detail below, we collect some personal information from children so that we can track their utilization of the product and track rewards. Data is retained to provide financial management services to the child.

How Information is Collected?

As a parent you will register the child and provide information about the child. In addition, we may collect information about children directly from children, as well as automatically through a child’s use of our Site and Services. We will not require a child to disclose more information than is reasonably necessary to use our Services. A copy of a notice of our privacy policies practices as posted at the bottom of all pages within Mid American Smart Start. From children under 13, we utilize the date of birth to verify the child’s age. We collect the child’s first name. We do not ask for the child’s last name. As a parent you create the account and register the child to utilize the solution. This includes creating a username and password and registering the child’s device. When registering the child, we will track the mobile device they are utilizing so that notifications can be sent from the child to the parent. We may also collect additional demographic information (such as race and gender) from the parent. Parents may opt to stop collecting information by product by contacting the Mid American Credit Union at contactcenter@midamerican.coop or calling (800) 366-6228, however, this will prevent the utilization of the service. Upon termination of services all children’s data will be purged from the solution.

Information We Collect Automatically

We may automatically collect the following information about a child’s use of our Site through cookies and other technologies: domain name; browser type and operating system; web pages viewed; links clicked; buttons clicked; the length of time spent on our Site; the length of time our solution was utilized; Google Analytics statistics; the referring URL, or the webpage that led the child to our Site; device name and model; operating system type, name, and version; and activities within our Site. We may also collect IP address, push notification ID, device identifier or a similar unique identifier from users of our product, including children; we only use such identifiers to support the internal operations of our product and we do not use such identifiers to collect information about the child outside of our Site.

Other Information We Collect About Children

We collect information about children’s performance and activities on our Site, including financial performance. This information is for internal use only and will not be disclosed to other entities; however, we do not use this information in personally identifiable form for our own commercial purposes. Before we analyze or use any activity data for our own commercial purposes, we de-identify and/or aggregate such information.

How We Use Children’s Information

We use personal information collected from children for the following purposes:

To provide our Services; and
To respond to customer service and technical support issues and requests.

We de-identify and/or aggregate the information we collect from children under 13 before we use it for any other purposes, as noted below.

Unique Identifiers. We only collect and use unique identifiers, such as IP addresses, as necessary to operate our Site or Services, including to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users and our Site and Services. We never use unique identifiers to track users across third-party apps or websites.

Aggregate or De-identified Information. We may use aggregate or de-identified information about children for research, analysis, and similar purposes. When we do so, we strip out names, e- mail, contact information, and other personal identifiers. We may use aggregate or de- identified information for the following purposes:

To better understand how users’ access and use our Site and Services;
To improve our Site and Services and respond to user desires and preferences; and
To conduct research or analysis, including research and analysis by third parties.

How We Share Children’s Information

We do not sell children’s personal information, and a child may not make his or her personal information public through our services. In general, we may disclose the personal information that we collect about children to provide our Services, to comply with the law, and to protect Mid American Credit Union and other users of our Services. For example, we may share children’s personal information as follows:

Service Providers. We may disclose the information we collect from children to third- party vendors, service providers, contractors, or agents who perform functions on our behalf.
Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected from our users to the other company.
In Response to Legal Process. We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process.
To Protect Us and Others. We also may disclose the personal information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, Privacy Policy, or this COPPA Policy, or as evidence in litigation in which Mid American Credit Union is involved.
With Parents. Parents may request information about the information we have collected from their child by contacting us at contactcenter@midamerican.coop.
Aggregate and De-Identified Information. We may also use and share aggregate or de-identified information about users with third parties for marketing, research, or similar purposes.

Your Rights to Review, Delete, and Control Our Use of Children’s Personal Information

Parents have a right to review the information we have collected about their children, respectively, and to delete it, and to tell us to stop using it. To exercise these rights, you may contact us at contactcenter@midamerican.coop. You will be required to authenticate yourself as the child’s parent to receive information about that child. Please note that copies of information may remain in cached or archived form on our systems after you request us to delete it. Parents may login to the product at any time and review the information entered by their children.

Changes to This COPPA Policy

This COPPA Policy is current as of the Effective Date set forth above. We may change this COPPA Policy from time to time, so please be sure to check back periodically. We will post any changes to this COPPA Policy on our Site, at www.midamerican.coop. If we make any changes to this COPPA Policy that materially affect our practices with regard to the personal information we have previously collected from a child, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.