Disclosures

• Fee Schedule
• VISA Disclosure

Privacy, Security & Disclosures

PRIVACY NOTICE DISCLOSURE

Unity Catholic Federal Credit Union, your member owned financial institution, is committed to providing you with competitive
products and services to meet your financial needs and help you reach your goals. We are equally committed to protecting the
privacy of our members. Under federal law, we are required to give you this privacy notice. It describes our credit union’s
privacy policy and practices concerning the personal information we collect and disclose about our members. It also includes
information about the parties who receive personal and sometimes nonpublic information from us as we conduct the business
of the credit union.

If after reading this notice you have questions, please contact us at (440) 886-2558 or write to:

INFORMATION WE COLLECT ABOUT YOU —
We collect nonpublic personal information about you from the following sources:

• Information we receive from you on applications and other forms
• Information about your transactions with us
• Information we receive from a consumer reporting agency
• Information obtained when verifying the information you provide on an application or other forms; this may be obtained from your current or past employers, or from other institutions where you conduct financial transactions
• We may disclose all of the information we collect, as described above, as permitted by law.

PARTIES WHO RECEIVE INFORMATION FROM US —
We may disclose nonpublic personal information about you to the following types of third parties:

• Financial service providers, such as insurance companies.
• Non-financial companies, such as consumer reporting agencies, data processors, check/share draft printers, plastic card processors, and government agencies.

DISCLOSURE OF INFORMATION TO PARTIES THAT PROVIDE SERVICES TO US —
In order for us to conduct the business of the credit union, we may disclose all of the information we collect, as described above, to other financial institutions with whom we have joint marketing agreements, to other companies that perform marketing services on our behalf, or to nonaffiliated third parties for the purposes of processing and servicing transactions that you request or authorize, so that we may provide members competitive products and services.

We may also disclose nonpublic personal information about you under circumstances as permitted or required by law. These disclosures typically include information to process transactions on your behalf, conduct the operations of our credit union, follow your instructions as you authorize, or protect the security of our financial records.

To protect our members’ privacy, we only work with companies that agree to maintain strong confidentiality protections and
limit the use of information we provide. We do not permit these companies to sell the information we provide to other third
parties.

DISCLOSURE OF INFORMATION ABOUT FORMER MEMBERS —
If you terminate your membership with Unity Catholic Federal Credit Union, we will not share information we have collected about you, except as may be permitted or required by law.

HOW WE PROTECT YOUR INFORMATION —
We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical,electronic, or procedural safeguards that comply with federal regulations to guard your nonpublic personal information.

WHAT MEMBERS CAN DO TO HELP —
Unity Catholic Federal Credit Union is committed to protecting the privacy of its members. Members can help by following
these simple guidelines:

• Protect your account numbers, plastic card numbers, PINs (personal identification numbers) or passwords. Never keep your PIN with your card, which can provide free access to your accounts if your card is lost or stolen.
• Use caution when disclosing your account numbers, social security numbers, etc. to other persons. If someone calls you explaining the call is on behalf of the credit union and asks for your account number, you should beware. Official credit union staff will have access to your information and will not need to ask for it.
• Keep your information with us current. If your address or phone number changes, please let us know. It is important that we have current information on how to reach you. If we detect potentially fraudulent or unauthorized activity or use of an account, we will attempt to contact you immediately.

Let us know if you have questions. Please do not hesitate to call us — we are here to serve you!

WEB SITE

Original Approval: July 30, 2008

General Policy Statement:

The Credit Union maintains a Web site that is hosted by CU Village. All content is developed by the Management Team and maintained by Unity Catholic Federal Credit Union.

The Credit Union offers the following services electronically on the website:

VISA: Link to online access to VISA accounts.
Apply for a VISA card.

HOME BANKING:
Link to online access to Home Banking network

LOAN:
Submit a loan application.

GUIDELINES:

1. POLICY AND PROGRAM RESPONSIBILITY
   1. Credit Union has established an website team, made up of the following staff, to maintain and monitor the Credit Union’s Web site: Business Development Manager and Management Team. The committee is responsible for maintaining the Credit Union’s Web site operations.
   2. Any new Web site ideas or initiatives must be reviewed by the Web site Committee and the Business Development Manger will present any new applications to the board of directors for approval.
   3. Management will establish and provide the Board of Directors with regular reports on its Web site activity and transactions.
2. RISK ASSESSMENT
   1. The Credit Union will regularly test the efficacy of its E-commerce systems to ensure proper working order and to prevent security weaknesses.
   2. The Management Team will classify the level of data sensitivity of services, technological and operational changes in E-commerce and maintain a current list of critical risk levels of security, virus detection and protection.
3. COMPLIANCE AND LEGAL
   The Credit Union ensures that its Web site will comply with all applicable laws and regulations. The Credit Union also monitors all changes in laws and regulations that affect E-commerce, and updates its E-commerce policies, practices, and systems accordingly in a prompt manner.
   1. The Credit Union has secured bond coverage for all of its Web site policies and procedures. Management has ensured that bond coverage is sufficient in the event of any loss due to an electronic transaction. Bond coverage is regularly assessed to ensure the sufficiency of coverage.
   2. The Credit Union will provide various Web site contracts and agreements to in-house auditors and federal examiners.
   3. The Credit Union maintains a Web site privacy disclosure that is available to all members who visit the Credit Union Web site.
   4. The Credit Union monitors and enforces compliance with its Web site privacy disclosures. In addition, the Credit Union will place appropriate warnings on its Web site, clearly stating that unauthorized access or use of the Web site is not permitted and may constitute a crime punishable by law.
4. AUDIT AND CONSULTING SERVICES
   1. The Credit Union’s Web site activities will be subject to annual independent audits. At a minimum, these reviews will cover Web site: security, penetration testing, regulatory compliance, and maintenance.
   2. The Credit Union management will correct the issues of concern uncovered by the independent audit and/or quality review.
   3. The Credit Union will regularly required performance testing of its Web site to identify and prevent potential vulnerabilities.
5. VENDOR MANAGEMENT
   1. The Credit Union has obtained a vendor to install and/or maintain its Web site. The Credit Union has exercised due diligence in selecting its vendor to ensure that proper security measures are in place to protect member account information.
   2. The Credit Union will develop procedures to monitor vendor relationships to ensure that they continue to meet the needs of the Credit Union (i.e., hardware, software, network services, content accuracy, availability, usability, security, and privacy).
6. MEMBER SERVICE AND SUPPORT
   1. Management will take steps to ensure that staff is adequately trained in order to address member support issues.
7. PERSONNEL
   
   1. Employees with access to member account information will receive a copy of the Credit Union’s Web site policy, must sign a compliance policy statement (confidentiality and information security) when hired by the Credit Union. Employees will be notified of the importance of maintaining the confidentiality of member account information and will be made aware of the Credit Union’s policies, procedures, standard practices, and disciplinary actions that will be taken against the employee for non-compliance with the Credit Union’s privacy and information security policies and procedures. The Credit Union policy prohibits staff from inappropriately disclosing member account information to any third party.
   2. The Credit Union limits access to sensitive information to specific employees to ensure confidentiality of member account information. Employees have been trained on the proper procedures for filing reports to the appropriate regulatory and law enforcement agencies. Management will routinely monitor employees for compliance with the Credit Union’s state policies, procedures, and standards.
   3. The Credit Union has conducted background checks on its employees, and will thoroughly investigate any allegations of employee misconduct.
   4. Management has implemented procedures and training with employee support, in the event of a termination, transfer, promotion, etc. Employees involved with the Credit Union’s Web site transactions are kept up-to-date with changes in the policies and procedures of the Credit Union.
8. SYSTEM ARCHITECURE AND CONTROLS
   1. The Credit Union maintains an inventory of hardware and software to ensure continuity of service in the event of a technological failure, natural disaster, or intentional destruction of its electronic systems. The Credit Union (or its vendor) maintains procedures to allow the Credit Union to restore its previous configuration in the event a software modification adversely affects the Web site.
   2. The Credit Union has implemented a disaster recovery system as part of its business continuity plan. This system will be monitored regularly and updated as needed as a result of changes in technology, legislation, and infrastructure.

UNITY CATHOLIC FEDERAL CREDIT UNION, INC.

WEB SITE

1. SECURITY INFRASTRUCTURE AND CONTROLS
   1. The Credit Union maintains security measures consistent with the requirements of federal and state regulations, including risk management systems designed to prevent unauthorized access, both internal and external, to member information.
   2. The Credit Union has procedures in place to protect the member’s information, in the event of natural disasters, intentional destruction, or technical failure.
   3. Management monitors employees with access to members’ account information to ensure they are in compliance with the Credit Union procedures.
   4. All member account information is stored on servers protected with Enter Protection Software or Hardware to prevent unauthorized access and/or damage. The protections are monitored on a regular basis to assess potential security weaknesses.
   5. Access to member accounts is restricted to members through the use of user ID numbers and passwords. Account passwords that are not entered correctly after the Enter Time Period, generally in minutes time will result in an automatic log off to the session.
   6. The Credit Union has implemented an intrusion detection system to monitor activity and alert the credit union immediately in the event of a security breach. The Credit Union’s oversight committee has been trained to handle such breaches in a timely and effective manner.
2. PERFORMANCE MONITORING. The Credit Union has established and implemented performance standards and monitoring procedures for its Web site activities. These standards and procedures are designed to ensure that the Credit Union’s E-commerce and Web site activities are available and efficiently meet member needs and expectations. The procedures are updated on a regular basis, as a result of changes in long term and short term plans, as well as in response to member needs.

USA PATRIOT ACT

Customer Identification Requirements

In accordance with section 326 of the USA Patriot Act, enacted October 2001, to protect you, your family and our country from terrorism by preventing terrorism financing, all applicants for new accounts are required to provide current picture identification that verifies identity including name, address and other identifying information. We must also verify the identity of persons added as joint owners to and who have access to new or existing deposit accounts or loans. We must also retain records of the documents used to verify your identity.

In some cases, identification will be requested for current account holders if original documentation was not obtained with the opening of the account or the account was opened prior to enactment of the Patriot Act.

In all cases, protection of our member accounts and confidentiality is our concern as we work to maintain the security of your funds and our country.

Please speak with a credit union employee if you have any questions or concerns about our requirements of this policy.