California Consumer Privacy Policy

California Consumer Privacy Policy

California Consumer Privacy Policy

Last Updated: June 26, 2026

This California Consumer Privacy Act Privacy Policy (“CCPA Privacy Policy”) explains how we collect, share, use, and protect your personal information through your online and offline interactions with us. This CCPA Privacy Policy applies to residents of California to the extent that the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), applies to SESLOC Credit Union (hereinafter “we”, “us” and “our”).

As used in this Privacy Policy, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. However, personal information does not include: (i) publicly available information; (ii) deidentified or aggregated consumer information; or (iii) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”) and the Gramm-Leach-Bliley Act (“GLBA”), the California Financial Information Privacy Act (“CalFIPA”), and Fair Credit Reporting Act (“FRCA”).

The specific personal information that we collect, use, and disclose relating to a California resident in different contexts covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this CCPA Privacy Policy does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes (i.e., information subject to the GLBA). For more information about how we collect, disclose, and secure information relating to these customers, please refer to our U.S. Consumer Privacy Policy. We may use the information described below for any of the purposes described in this CCPA Privacy Policy or for our business, security, or operational purposes compatible with the context in which the personal information was collected, unless limitations are listed in this CCPA Privacy Policy or described elsewhere at the time of collection of the information.

I. CATEGORIES OF INFORMATION WE COLLECT

In the preceding 12-months, we have collected the following categories of personal information (please note that some categories overlap):

Category Examples
 A. Identifiers A real name or alias; postal address; signature; home phone number or mobile phone number; bank account number, credit card number, debit card number, or other financial information; physical characteristics or description; email address; account name; Social Security number; driver’s license number or state identification card number; passport number; or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Signature; state identification card number; physical characteristics or description; insurance policy number; education; employment or employment history; bank account number, credit card number, debt card number, or any other financial information; or medical information or health insurance information.
C. Protected classification characteristics under state or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information Records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies.
E. Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, keystroke, gait, or other physical patterns, or health data.
F. Internet or other similar network activity Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data Physical location or movements.  For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and, with your permission in accordance with your mobile device settings, and precise geolocation information from GPS-based functionality on your mobile devices.
H. Sensory data Audio, electronic, visual, or similar information.
I. Professional or employment-related information Current or past job history, performance evaluations, disciplinary records, workplace injury records, disability accommodations, and complaint records; Emergency contact information, such as the name, phone number, address and email address of another person in the context of having an emergency contact on file; Personal information necessary for us to collect and retain to administer benefits for you and another personal relating to you (e.g., your spouse, domestic partner, and dependents), such as their name, Social Security Number, date of birth, telephone number, email, and address.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Educational records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
 K. Inferences drawn from other personal information Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
L. Sensitive Personal Information. A consumer’s social security, driver’s license, state identification card, or passport number; A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; A consumer’s precise geolocation; A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; A consumer’s genetic data; The processing of biometric information for the purpose of uniquely identifying a consumer; Personal information collected and analyzed concerning a consumer’s health; Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation; and immigration or citizenship status.

II. CATEGORIES OF SOURCES OF INFORMATION WE COLLECT

We obtain the categories of personal information listed above from one or more of the following categories of sources:

  • Directly from consumers or their agents. For example, from forms you complete, when you perform transactions, and when you purchase products or services.
  • Indirectly from consumers or their agents. For example, when you use your debit or credit cards, when you make deposits or withdrawals to/from your accounts, or when you pay your
  • Directly and indirectly from activity on our website or our mobile applications. For example, from submissions through our website, application portals, or website usage collected automatically.
  • From third-parties, such as credit reporting agencies, government agencies, law enforcement agencies, and service

 

III.    HOW WE USE YOUR PERSONAL INFORMATION

We may use or disclose personal information we collect for one or more of the following operational or other notified purposes (“business purposes”):

  • To fulfill or meet the reason for which the information is For example, if you apply for a loan, we use the information in your loan application to evaluate your credit request and grant you the loan if approved.
  • To provide you with information, products, or services that you request from
  • To evaluate your candidacy for employment or for an independent contractor engagement, and to administer employment-related benefits for you, your spouse or domestic partner, and your dependents.
  • To provide you with email alerts, event registrations, or other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to
  • For testing, research, and analysis to improve our products and services and for developing new
  • To protect the rights, property, or safety of us, our employees, our members, or
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental
  • As described to you when collecting your personal
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets
  • As otherwise permitted under

We also use your personal information to advance our commercial or economic interests (“commercial purpose”), such as advertising our membership, products and services, or enabling or effecting, directly or indirectly, a commercial transaction.

With respect to your personal information that is deemed “sensitive personal information” under the CCPA, we do not use or disclose it for any purpose other than, as reasonably necessary and proportionate, for the following purposes:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods and services.
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
  • To ensure the physical safety of natural persons.
  • For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with the business, provided that the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside of your current interaction with us.
  • For our service providers or contractors to perform services on our behalf, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
  • To verify or maintain the quality or safety of a service or device that is owned, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; provided, however, that the use of your sensitive personal information is reasonably necessary and proportionate for this purpose.
  • To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about you.

IV.  DISCLOSURE OF PERSONAL INFORMATION

In addition to the specific situations discussed elsewhere in this CCPA Privacy Policy, we may disclose your personal information in the following situations:

  • Service Providers. We may share your information with service providers.  Among other things, service providers may help us to administer our website, conduct surveys, provide technical support, process payments, assist in the fulfillment of services, and help us market our own products and services.
  • Joint Marketing Partners. We may share your information with other companies to offer you co-branded financial products and services.
  • Advertising Networks. We may share your information with advertising networks such as Google and Facebook to help deliver our advertisements to you as you are browsing online.
  • Compliance with Laws and Other Lawful Uses. We may disclose information to law enforcement agencies and other government entities or private parties in litigation in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws.  We may also share your information with this parties to establish or exercise our rights, to defend against a claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.  We may also disclose your personal information with our acquisition or merger partners in the event of an acquisition or merger.  Furthermore, we may disclose your personal information as permitted by applicable law.  All of the categories of personal information we collect from you may disclosed for this purpose.
  • Your Consent. All the categories of personal information we collect from you may be disclosed to third parties with your consent or direction.

In addition to the information above, California law requires that organizations disclose whether the specific categories of personal information defined in the CCPA have been disclosed to third parties for a “business purpose,” or “sold” or transferred for “valuable consideration, or “shared” for purposes of cross-context behavioral advertising.  The table below indicates which of these specified categories we may collect and transfer in a variety of contexts.

CATEGORY OF PERSONAL INFORMATION CATEGORY OF RECIPIENTS (FOR BUSINESS PURPOSE) CATEGORY OF RECIPIENTS (FOR “SALE” OR “VALUABLE CONSIDERATION” CATEGORY OF RECIPIENTS (CROSS-CONTEXT BEHAVIORAL ADVERTISING)
Identifiers such as name, address, unique personal identifier, email address, or account name. Service providers; Joint marketing partners; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Service providers; Joint marketing partners; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Commercial information Service providers; Joint marketing partners; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Biometric information Service providers; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Internet or other similar network activity Service providers; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent Not sold. Not shared.
Geolocation data Service providers; Joint marketing partners; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Sensory data Service providers; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Professional or employment-related information Service providers; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Non-public education information Service providers; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Inferences drawn from other personal information Service providers; Joint marketing partners; Advertising networks; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.
Sensitive personal information Service providers; Third parties for compliance with laws and other lawful purposes; and Third parties with your consent. Not sold. Not shared.

 

 

V.  RIGHTS AND CHOICES FOR CALIFORNIA RESIDENTS

If you are a California resident, this section describes your rights and choices regarding how we collect, share, use, and protect your personal information, how to exercise those rights, and limits and exceptions to your rights and choices under the CCPA.

a.    Exceptions

The rights and choices in this Section do not apply:

  • If you are not a California resident,
  • If we collected personal information covered by certain financial sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”) and/or California Financial Information Privacy Act (“CFIPA”). How we collect, share, use, and protect your personal information is covered under such laws instead of the CCPA.
  • To aggregate consumer information.
  • To deidentified personal information.
  • To Publicly available personal information.

b.    Right to Know

If the above exceptions do not apply, and you have not made this request more than twice in a 12- month period, you have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your request and verify that the request is coming from you or someone authorized to make the request on your behalf, we will disclose to you or your representative:

  • The categories of personal information we collected about
  • The categories of sources for the personal information we collected about
  • Our business or commercial purpose for collecting, sharing or selling that personal information, as applicable.
  • The categories of third parties to whom we disclosed, shared or sold the personal information, as applicable.
  • The specific pieces of personal information we collected about you in a form that you can take with you (also called a “data portability request”).

 

c.    Right to Delete

You have the right to request that we delete any of your personal information that we collect from you and retained, subject to  certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  3. Debug to identify and repair errors that impair existing intended
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent.
  6. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information.
  7. Comply with a legal obligation.

d.  Right of Correction

You have the right to request correction of any personal information that we retain about you that is incorrect. We generally rely on you to update and correct your personal information.

e.   Right to Access and Appeal Automated Decision-Making Technology

Under the CCPA, California residents have the right to request information about, opt out of, and appeal certain uses of automated decision-making technology (“ADMT”). ADMT refers to any technology that processes personal information and uses computation to replace or substantially replace human decision-making. The use of ADMT may significantly affect individuals in areas such as eligibility for financial products, services, or employment.

At present, we do not use ADMT with respect to any personal information subject to the CCPA. Our current use of ADMT is limited to financial products and services regulated by the GLBA and CalFIPA, which are expressly exempt from the CCPA. Accordingly, there is no use of ADMT on CCPA-covered data, and therefore no information to provide in response to requests to access, opt out of, or appeal ADMT decisions.

f.    Exercising Access, Data Portability, Deletion, and Correction, Rights

To exercise the access, data portability, deletion, correction rights described above, you or your authorized agent may submit a verifiable consumer request to us by any of the following methods:

  • Calling us at 888-777-4986
  • Completing the CCPA Submission form available at sesloc.org/ccpa-request.
  • Visiting one of our branch locations.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

When we receive a verifiable request from your authorized agent we may require:

  1. Submission of a written document signed by you with your permission for the authorized agent to submit a verifiable request on your behalf and require the authorized agent to verify its own identity to us; or
  2. You may directly verify with us that you have authorized the agent to submit the request.

We will not require either of the above if the authorized agent provides a copy of a power of attorney pursuant to California Probate Code sections 4121 to 4130 and we are able to verify the authorized agent’s identity.

We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf and cannot verify their own identity to us.

We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response to the mailing address of record according to our files.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hinderance.

The response we provide will also explain the reasons we cannot comply with a request, if applicable.  We do not charge a fee to process or respond to your verifiable consumer request.

g.    Right of Non-Discrimination

We will not discriminate against you for exercising any of your rights in this Disclosure and under applicable laws. Unless permitted by law, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price for goods or services or a different level or quality of goods or services.

h.   Opt-Out Rights Regarding Sale or Sharing of Personal Information  

The CCPA defines a “sale” differently than what you might expect.  Under the CCPA, a “sale” is defined the disclosure of personal information to a “third-party” for monetary or other valuable consideration, and the term “third-party” does not include our service providers or contractors when we have a written contract in place that meet certain requirements set forth in the CCPA.  Thus, disclosure of your personal information to our service providers and contractors is not a “sale” under the CCPA.

The CCPA also defines “share” or “sharing” differently than what you might expect.  The CCPA defines “share” or “sharing” to a third party for purposes of “cross-context behavioral advertising,” which in turn is defined as the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses, distinctly branded internet websites, applications, or services, other than the business, distinctly branded internet website, application, or service with which the consumer intentionally interacts.

We do not sell or share your personal information for cross-context behavioral advertising purposes.

VI.  CHANGES TO THIS POLICY

We reserve the right to amend this CCPA Privacy Policy at our discretion and at any time. When we make changes to this Disclosure, we will post an updated CCPA Privacy Policy on our website and mobile application.

XII.  CONTACT INFORMATION

If you have any questions or comments about this CCPA Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights, call us:

Phone: 888-777-4986
Website:  www.sesloc.org
Email:  [email protected]
Mail:

Attn: CCPA Request
SESLOC CU
P.O. Box 5360
San Luis Obispo, CA 93403-5360