Home » Transparency » Due Diligence Center » Privacy Policy

Our Privacy Policy

In compliance with National Credit Union Administration Rules and Regulations Part 716, Alloya Corporate Federal Credit Union (Alloya) delivers this notice regarding our privacy policies to our member credit unions.

This Privacy Policy details the information collected from visitors to Alloya's public websites and data servers, and those operated for our subsidiaries. These sites may be located anywhere under the Alloya domain "alloyacorp.org" (for example, www.alloyacorp.org or www.secure.alloyacorp.org), the "alloyacorp.org/invest" domain (the domain for the broker-dealer division of Alloya's wholly owned subsidiary, Alloya Solutions, LLC), or any other domain name registered and owned by Alloya or its subsidiaries. This policy also discusses why the information is collected and how it is used. It explains user options for accessing and managing information, our data security practices and other matters.

What Information Do We Collect? Why?

When you visit an Alloya website or public data server, the IP address and/or hostname and domain name of the computer or network you are using is logged in site logs, firewall logs, and/or network- and host-based intrusion detection systems. This is done as an audit requirement of the National Credit Union Administration. Logging this information allows us to create a forensic trail in the event of a security breach suspected of compromising financial or consumer information and is done for the protection of member credit unions and their members. This is an industry standard best practice. We may automatically collect information about your computer configuration. This may include your browser type, version, and operating system. Technically, your IP address or ISP domain name could reveal or be associated with your personal identity. We review this information only in the aggregate to improve site performance, and specifically to address security concerns. This information is not disclosed to any party outside of Alloya without prior non-disclosure agreements in place and is kept highly confidential.

We collect information about products, services and education opportunities you are interested in from various sources. This is necessary to meet your request and we retain it to serve you better in the future. If you use a feature that requires you to submit information, we collect your name, email address, telephone and fax numbers, and mailing address; should you choose to provide us with this information. One of our staff may contact you to discuss the information requested. If you do not wish us to retain your contact information or to contact you, please let us know.

With Whom Do We Share Information?

We do not share your email address or any other information collected on public web and data servers with third parties without non-disclosure agreements in place.

Certain Legal Disclosures

We may need to disclose user information in certain exceptional circumstances. This may be needed to protect against illegal hackers, to protect our legal rights or to address actual or threatened illegal or harmful conduct. Disclosure may also be required by legal process, such as a search warrant, subpoena or court order.

What Data Security is Used?

Alloya offers secure Internet banking services; by their nature these services result in the transaction of non-public consumer information. We use administrative, physical and technical precautions to help protect the confidentiality, security and integrity of personal and corporate information stored on our computer systems. Our publicly accessible data servers are protected by firewalls and intrusion systems employing extensive security practices and are subject to regular federal and internal audits. While no computer system is completely secure, we believe the measures implemented in our systems reduce the likelihood of security problems to a level appropriate to the type of data involved.

How Long Do We Retain User Data?

The retention and destruction of non-public consumer data is subject to applicable federal, state, and local statutory law. Alloya makes every effort to comply with and go beyond the intent of the law. We may alter this practice according to legal and business requirements. For example, we may lengthen the retention period for some data if needed to comply with law or voluntary codes of conduct. Unless otherwise prohibited, we may shorten the retention period for some types of data, if needed, to free up storage space.

Marketing data, which can be gathered freely in the public domain, is retained indefinitely.

Your Consent to This Policy

By using Alloya public data services, you agree to this Privacy Policy. This document supersedes any prior communication on this topic and reflects the Privacy Policy for all publicly available data servers owned and operated by Alloya. If you or another legal entity you represent, or that represents you, maintains other or conflicting privacy or non-disclosure agreements with Alloya, those agreements take precedence. This policy is subject to change at any time by posting a new version at www.alloyacorp.org and any other public data server operated by Alloya.

Contact Information

Alloya Corporate FCU - Headquarters
184 Shuman Boulevard, Suite 400
Naperville, IL 60563
(800)782-2431

If you believe Alloya or one of its subsidiaries has contacted you in error, please contact us immediately to prevent further unsolicited correspondence and accept our apologies.