Privacy Notice

Heritage Financial Credit Union, your member-owned financial institution, is committed to providing you with competitive products and services to meet your financial needs and help you reach your goals. We are equally committed to protecting the privacy of our members. Under federal law, we are required to give you this privacy notice. It describes our credit union’s privacy policy and practices concerning the personal information we collect and disclose about our members. It also includes information about the parties who receive personal and sometimes nonpublic information from us as we conduct the business of the credit union.

If after reading this notice you have questions, please contact us at (845) 561-5607, or write to:

Chief Operating Officer
Heritage Financial Credit Union
25 Rykowski Lane
Middletown, NY 10941

Information We Collect About You

We collect nonpublic personal information about you from the following sources:

  • Information we receive from you on applications and other forms.
  • Information about your transactions with us.
  • Information we receive from a consumer reporting agency.
  • Information obtained when verifying the information you provide on an application or other forms; this may be obtained from your current or past employers, or from other institutions where you conduct financial transactions.

We may disclose all of the information we collect, as described above, as permitted by law.

Parties Who Receive Information From Us

We may disclose nonpublic personal information about you to the following types of third parties:

  • Financial service providers, such as insurance companies.
  • Non-financial companies, such as consumer reporting agencies, data processors, check/share draft printers, financial statement publishers/printers, plastic card processors, government agencies, and check processors.

Disclosure of Information to Parties That Provide Services to Us

In order for us to conduct the business of the credit union, we may disclose all of the information we collect, as described above, to other financial institutions with whom we have joint marketing agreements, to other companies that perform marketing services on our behalf, or to nonaffiliated third parties for the purposes of processing and servicing transactions that you request or authorize, so that we may provide members competitive products and services.

We may also disclose nonpublic personal information about you under circumstances as permitted or required by law. These disclosures typically include information to process transactions on your behalf, conduct the operations of our credit union, follow your instructions as you authorize, or protect the security of our financial records.

To protect our members’ privacy, we only work with companies that agree to maintain strong confidentiality protections and limit the use of information we provide. We do not permit these companies to sell the information we provide to other third parties.

Disclosure of Information About Former Members

If you terminate your membership with Heritage Financial Credit Union, we will not share information we have collected about you, except as may be permitted or required by law.

Disclosure of Disputes

Heritage Financial Credit Union designates staff responsible for monitoring, tracking, and responding to disputes. Among other channels, our credit union accepts consumer complaints and disputes through our social media sites. Any complaints or disputes that a member attempts to raise through our social media sites will be addressed and responded to under applicable law, such as errors under Regulation E or Regulation Z or disputes under the Fair Credit Reporting Act. It is our priority to ensure that complaints and disputes are reviewed and addressed in a timely manner.

How We Protect Your Information

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, or procedural safeguards that comply with federal regulations to guard your nonpublic personal information.

What Members Can Do to Help

Heritage Financial Credit Union is committed to protecting the privacy of its members. Members can help by following these simple guidelines:

  • Protect your account numbers, plastic card numbers, PINs (personal identification numbers) or passwords.
  • Never keep your PIN with your card, which can provide free access to your accounts if your card is lost or stolen.
  • Use caution when disclosing your account numbers, social security numbers, etc. to other persons. If someone calls you explaining the call is on behalf of the credit union and asks for your account number, you should beware. Official credit union staff will have access to your information and will not need to ask for it.
  • Keep your information with us current. If your address or phone number changes, please let us know. It is important that we have current information on how to reach you. If we detect potentially fraudulent or unauthorized activity or use of an account, we will attempt to contact you immediately.

Let us know if you have questions. Please do not hesitate to call us, we are here to serve you!


Internet Privacy Policy

We recognize the importance our Members place on the privacy and security of their personal information. Our goal is to protect their personal information in every way that we interact with them, whether it’s on the telephone, in our lobby, at one of our ATMs, or on the Internet.

This Internet Privacy Policy explains how we may collect information from our Members when they visit our website or when they use our online financial services.

Note: The verbiage used in the policy is in a format to be given to the membership.
Definitions Used Within This Policy

Member Information – Member information refers to personally identifiable information about a consumer, Member or former Member of Heritage Financial Credit Union (HFCU).

Internet Protocol (IP) Address – an IP address is a unique address that devices use in order to identify and communicate with each other on a computer network. An IP address can be thought of as a street address or a phone number for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. We may use IP addresses to monitor login activity and for identification purposes when necessary for security investigations.

Cookie – a Cookie is a very small text file sent by a web server and stored on your hard drive, your computer’s memory, or in your browser so that it can be read back later. Cookies are a basic way for a server to identify the computer you happen to be using at the time. Cookies are used for many things from personalizing start up pages to facilitating online purchases. Cookies help sites recognize return visitors and they perform a very important function in secure Internet banking.

“Session” Cookies are used to monitor session activity within our Internet banking product. These cookies are encrypted and only our Service Provider can read the information in these Cookies. The session Cookie facilitates the processing of multiple transactions during a session without requiring you to reenter your password for each individual transaction. Session Cookies used within our Internet banking product do not pass to your computer’s hard drive. Instead, the Cookie is stored in your computer’s memory, identifying only your computer while you are logged on. When you log off or close your browser, the Cookie is destroyed. A new Cookie is used for each session, that way no one can use the prior Cookie to access your account. We do not use this Cookie to collect or obtain personal information about you.

Service Provider – In order to provide a full range of online financial services, we may use various third party providers. These third parties provide services such as website hosting, Internet banking, bill payment, and account aggregation. Third party providers are referred to within this policy as “Service Providers”.

Information Collected on the Internet

If you are just browsing through our website, we do not request any personally identifiable information, nor do we collect unique identifying information about you unless you voluntarily and knowingly provide us that information, such as when you send us an email or complete an application online. If you provide us this information, it is only used internally and in furtherance of the purpose for which it was provided.

As part of providing online financial products and/or services, we may obtain information about our Members and website visitors from the following sources:

• Information we receive from you on applications, emails, or other forms;
• Information about your transactions with HFCU and our affiliates;
• Information we receive from a consumer-reporting agency; and
• Information that is generated electronically when you visit our website or use our online financial services.

Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect location data when you use the Services even when the app is closed or not in use; for example, to provide our fraud detection services.  If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.

Service Providers hosting our website and Internet banking service may collect general information on our website visitors for security and statistical purposes. Such information may include:

• The Internet address (referral site) which brought you to our website;
• The date and time you access our site;
• The name and version of your web browser;
• Your Internet Protocol (IP) address;
• The pages visited in our website; and
• The duration of your online session.

Our Service Providers may use Cookies to collect some of the above information. In some cases you must accept cookies in order to view our website.

When you click on advertisements in our website or advertisements on linked 3rd party websites, you may receive another Cookie; however, you do not have to accept any Cookies from third party advertisements.

As mentioned previously, our Service Provider(s) may also use Cookies within our internet banking and bill payment products. You must accept these Cookies in order to utilize the service. These Cookies do not store any personally identifiable information; they simply provide another level of security.
Use of Information Collected

• We may disclose the information that we collect, as described above with Service Providers acting on our behalf to provide online financial services such as: internet banking and bill payment.
• We may also disclose Member information when required or permitted by law. For example, Member information may be disclosed in connection with a subpoena or similar legal process, fraud prevention, or security investigation.
• We may also share Member information outside this institution when we have your consent, such as when you request a specific product such as insurance or an investment product from a third party financial services provider.
• We may also disclose aggregate (not personally identifiable) Member information with Service Providers or financial institutions that perform marketing and research on our behalf and with whom we have joint marketing agreements. Our contracts require all such Service Providers or financial institutions to protect the confidentiality of your Member information to the same extent that we must do.
• We do not disclose any customer information about our Members, former Members, or website visitors to anyone except as permitted or required by law.
• We do not sell any of your personal information.

Account Aggregation

Account aggregation sites allow you to consolidate account information from several sources into one online location. In order to provide this service, an aggregation provider may request your password and login information. You should ensure that the aggregation provider has appropriate policies to protect the privacy and security of any information that you provide.

If you provide information about your HFCU accounts to an aggregation provider, we will consider all transactions initiated by an aggregator using the access or login credentials that you provide to be authorized whether or not you were aware of a specific transaction.

If you decide to revoke the authority given to an aggregation provider, we strongly recommend that you also change your online password with HFCU. This will help ensure that the aggregation company cannot continue to access your account(s) with us.
Email Policy

When you enroll for our online services, we may send emails marketing various products and services offered by HFCU. We will always provide you an opportunity to opt-in or opt-out of marketing related materials.

If you agree to accept electronic disclosures and/or online account statements, we may also send you notices of important account updates through email. For example, if you have agreed to accept disclosures electronically, we may send you an email with updates to this privacy policy and/or we may send you a notice that your account statement is available for viewing.

Beware of Phishing Attempts and Internet Scams

While email is convenient and has a good business use, it can also be misused by criminals for scams and various other fraudulent purposes. “Phishing emails” are frequently used by criminals to entice the recipient to visit a fraudulent website where they try to convince the recipient to provide personal information, such as debit card numbers, credit card information, Social Security numbers, access IDs and passwords. Some of these fraudulent websites may also be virus laden and can be used to download mal-ware to your computer. Fraudulent websites often look identical to a legitimate site, so it is important to look very closely at the website address.

Below we have listed a few tips to help protect your personal information on the Internet:

• Always be wary of links in emails, especially any links in emails purporting to be from HFCU.
• Please remember that if we send you an email, we will never ask for personal information such as your account number, debit card number, PIN number, or Social Security number.
• Bookmark financial websites and use these bookmarks every time you visit the website.
• Whenever you enter personal information like your access ID or password, always look for the lock symbol, or https: in the address bar. Always click on the lock symbol and review the certificate details.
• Update your Internet browser. Most browsers now offer free anti-phishing tool bars that can help alert you of fraudulent websites.
• If you send us an email, please do not include any confidential, personal or sensitive information in the email message, as email messages are generally not secure.
• Make sure that your computer always has up-to-date versions of both anti-spyware and anti-virus software.
• If you receive an email that you think could be a scam, delete it immediately.
• If you have any questions about the legitimacy of an email, especially an email from HFCU, you can also call us at 845-561-5607 and speak with a Member Solutions Center Specialist.

External 3rd Party Links

Our website may include links to other 3rd party websites. These links to external 3rd parties are offered as a courtesy and a convenience to our members. When you visit these sites, you will leave our website and be redirected to another site.

HFCU does not control linked 3rd party websites. We are not an agent for these third parties nor do we endorse or guarantee their products. We make no representation or warranty regarding the accuracy of the information contained in linked sites. We suggest that you always verify the information obtained from linked websites before acting upon this information. Also, please be aware that the security and privacy policies on these sites may be different from our policies, so please read third party privacy and security policies closely.

When using our website, you may still see our logo when linking to a 3rd party site. A technique called “framing” allows us to display our logo and look and feel while allowing you to browse another site at the same time. It’s important to note that while you may still see our logo and frame, any information you provide a 3rd party is not covered by our privacy or security policies.

If you have questions or concerns about the privacy policies and practices of linked 3rd parties, please review their websites and contact them directly. This privacy policy applies solely to the Member information collected by HFCU.


HFCU and our Service Providers have developed strict policies and procedures to safeguard your Member information. Our policies require confidential treatment of your personal information. We restrict employee access to your personal information on a “need to know” basis and we take appropriate disciplinary measures to enforce employee privacy and confidentiality responsibilities. We have established training programs to educate our employees about the importance of Member privacy and to help ensure compliance with our policy requirements.

Furthermore, HFCU and our Service Providers maintain strong physical, electronic and procedural controls to protect against unauthorized access to Member information. Our computer systems are protected in the following ways:

• Computer anti-virus protection detects and prevents viruses from entering our website, email and computer network systems.
• Firewalls and intrusion prevention systems block unauthorized access by individuals or networks.
• We use encryption technology, such as Secure Socket Layer (SSL), to protect the transmission of your confidential information. Whenever you login to our Internet banking product or schedule an online transaction through our system, the communication is encrypted. Encryption scrambles transferred data so it cannot be read by unauthorized parties.
• We use strong multi-level authentication and behavior analysis to help prevent unauthorized access to your accounts. Multi-level authentication can help prevent access by someone who may have stolen your login credentials.
• We provide secure email through our Internet banking product to help ensure that your communications with us are confidential.

We continually monitor technological advances and upgrade our systems to ensure your information remains secure.

Privacy of Children

COPPA, the Children’s Online Privacy Protection Act, protects children under the age of 13 from the collection of personal information on the internet. HFCU respects the privacy of children. We do not knowingly collect names, email addresses, or any other personally identifiable information from children. We do not knowingly market to children, nor do we allow children under the age of 13 to open online accounts.

Privacy Updates

This policy may be updated from time-to-time as new products and features may require changes to our Internet Privacy Policy. The effective date of our policy will always be clearly displayed. If we make any changes regarding the use or disclosure of your personal information, we will provide you prior notice and the opportunity to opt-out of such disclosure if required by law.


If you have any questions about our privacy policy or concerns about our privacy practices, please contact us at 845-561-5607.