1. Introduction and scope
This Privacy Statement describes how Vibrant Credit Union and its subsidiaries and affiliates (collectively “Vibrant”, “we”, “us” and/or “our”) collects and manages your personal information (i.e., any information that relates to an identified or identifiable individual) as part of providing our Services (defined below).
This Statement primarily covers individuals that use the Services directly through our mobile application. In addition, this Statement also covers individuals that visit our websites, including https://www.vibrantcoffeehouseandkitchen.com (referred to generally as our “Websites”) and our third-party business partners, if any.
Please note that certain locations where we operate have laws that require us to share specific privacy information and practices with individuals in those locations. To that end, this Privacy Statement is comprised of two sections – a generally applicable statement and a location-specific addendum. Where there are variations for a specific location or additional information that is required to be provided under the applicable state law, individuals in that location can refer to the applicable addendum. Links to the pertinent sections, can be found below:
By using the Services and/or providing us with your personal information, you acknowledge that your personal information will be processed and used in the manner set out in this Privacy Statement. We may amend this Statement from time to time in line with the “Changes to this Privacy Statement” section below.
2. Definitions
Here are a few other terms we use throughout this Privacy Statement that you should know:
“Services” refers to services and products (including both hardware and software) developed or administered by us from time-to-time, including:
-
our loyalty and rewards system;
-
our application programming interfaces (“APIs”);
-
associated modules provided as part of the above; and
-
other mobile application(s) developed as part of the Services;
-
(collectively referred to as the “Services”). Please note that certain Services may be facilitated through our Websites or through our third-party business partners.
“You” and/or “your” and/or “Guest” is a visitor to one of our Websites or mobile applications, or other covered data subject.
3. Personal information we collect
What personal information we collect will depend on the nature of your interaction with the Services and our Websites. While some information is collected automatically or through sources outside of Vibrant, most is collected when you use our Services or our Websites. A breakdown of the collection has been provided in the sections below.
Personal information collected through the Services
Guests
We collect information from you through your use of the Services (as provided and developed by us from time to time), which may include the creation of an account, your use of our mobile application(s) and other related products. We may also collect and/or receive your personal information when you place an order with, make a purchase from (including gift cards), or otherwise complete a transaction with us or participate in our loyalty programs.
Depending on which Service(s) you have used, personal information collected may include:
-
your name;
-
contact details such as your phone number and email;
-
your address and other general location details;
-
transaction information and details (e.g., history of goods/services ordered, date, payment method and amount of payment);
-
your month and day birth (if you choose to provide it);
-
account and profile information such as your username and password;
-
information in relation to your loyalty program points balance and redemptions;
-
your feedback in relation to your experience with our Services (if you choose to provide it).
In all cases, the actual personal information collected will vary depending on the Services being used.
Personal information collected through our Websites
In addition to using the Services, we may also collect personal information when you visit our Websites and/or request information about our Services. This personal information may include:
-
your name;
-
email address; and
-
phone number.
Certain information may also be collected automatically when you visit our Websites. For more information, please see the section of this Statement entitled “Information collected automatically.”
Personal information collected from other sources
We may also collect personal information about you from third parties including our business partners, data providers, identity verification services, credit bureaus (if applicable), banks and other financial institutions and credit card companies. We may also collect information from you that is publicly available (for example, if you interact with us or share your information through various social media channels).
Information collected automatically
We collect information automatically when you visit our Websites, use our mobile application(s), complete a transaction, or use our online services. For transactions, this may include personal information such as your name when a payment card is used. Information collected automatically by cookies, web beacons or other similar technologies (described in the “Cookies and other tracking technologies” section of this Statement) may include:
-
information about your device, such as your device type/model, number and device ID (e.g., MAC address);
-
information about your browser, settings (e.g., language) and operating system;
-
your internet protocol (IP) address (including, in some instances, your perceived location);
-
unique advertising identifiers;
-
transactional and purchase information; and
-
browsing and usage activity, such as the referring domain, what websites/content you have viewed or actions you have taken on a particular website.
Depending on the Services being used or the Websites you access, we may also collect geolocation information through your devices. For example, we may show you what restaurants in your area are available within our mobile application(s). This information may be collected via GPS, Bluetooth, cellular or WiFi technologies. You can adjust your settings at the device or browser level to disable the use of these technologies.
4. How We Use Personal Information
We use personal information to:
-
Provide, maintain and support our Services, including:
-
to provide updates, support and training related to the Services;
-
to determine the eligibility of individuals in relation to their use of certain Services;
-
for contracting and agreement purposes;
-
to process transactions through the Services; and
-
to provide online services, including verifying your identity, as well as diagnosing technical and service issues.
-
Manage our business and for internal operational purposes, including:
-
analyzing the performance of our Services;
-
workforce and service development;
-
research purposes, including the development of new products;
-
assessing the effectiveness of Services; and
-
improving our Services and Websites.
-
Personalize your experience, including:
-
using transactional data and order histories to provide recommendations when using our Services;
-
using information about your dining experience; and
-
using analytics and profiling technology to personalize your online experience on our Websites.
-
Advertise and market to you, including:
-
sending you marketing communications, either directly or through a third party, in relation to our existing or new Services that we think might interest you;
-
displaying advertisements for Vibrant or third-party services in our mobile application; and
-
enabling our business partners, either directly or through a third party, to advertise their products and services to you.
Any communications sent to you pursuant to this section shall either be permitted under the applicable law or with your consent. Please see the “Your rights and choices” section of this Statement for more details on opting out of these communications and updating your preferences.
-
Communicate with you or provide information you have requested, including:
-
providing notifications in relation to your purchases;
-
sending you materials from our Websites;
-
providing you with our newsletters, podcasts and other subscription materials;
-
sending you digital receipts and acknowledgements; and
-
responding to feedback that you have provided in relation to our products or Services.
-
For legal, compliance and security-related purposes, including to:
-
comply with our legal obligations, including under anti-money laundering, know-your-customer or similar laws in any relevant jurisdiction;
-
secure and protect our network and systems;
-
identify and protect against fraud and other crimes;
-
establish, exercise or defend legal claims;
-
perform our contractual obligations; and
-
monitor and report compliance issues.
5. How we share personal information
Vibrant may share personal information as part of providing the Services and for the purposes described within this Statement. This includes:
-
with our third-party business partners (including our integration partners) in order to provide, maintain, improve and expand our Services;
-
with our parent, subsidiary, or affiliate companies, and agents (if any) for the purposes outlined above;
-
with third parties to provide, maintain and improve our Services, including service providers who access information about you to perform services on our behalf, such as hosting and information technology services, payment services, identity verification and fraud prevention services, marketing and advertising services, data analytics and personalization services and customer support services;
-
in connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business; or
-
if we believe it is authorized or necessary to:
-
protect our rights or property, or the security or integrity of our Services or our Websites;
-
enforce the terms of our terms of service or other applicable agreements or policies;
-
protect us, users of our Services or the public from harm or potentially prohibited or illegal activities;
-
investigate, detect and prevent fraud and security breaches; or
-
comply with any applicable law, regulation, legal process or governmental request (including, for example, a court order, subpoena, or search warrant).
We may also share aggregated and/or anonymized information derived from the Services that does not directly identify you, including device information and information derived from cookies and log files with third parties for the purposes described in this Statement.
6. Retention of personal information
We retain personal information as long as reasonably necessary to provide the Services, carry out the purposes described in this Statement or as otherwise required in order to comply with our records retention periods (which reflect the applicable law). For example, we may retain information about users of our Services in order to comply with our legal and regulatory obligations or to protect our interests as part of providing the Services.
7. Cookies and other tracking technologies
Vibrant and third parties described in this Statement may use cookies, web beacons and other tracking technologies as part of providing the Services and for the purposes described in this Statement.
A “cookie” is a small text file placed and saved in your browser when you access our Websites and potentially the websites of our business partners and other third parties. We use both session cookies (i.e., cookies that are stored only for a specific website visit) and persistent cookies (i.e., cookies that are stored beyond a specific website visit) to provide the Services and for the purposes described in this Statement. These cookies may be set by us (first-party cookies) or set by third parties that collect information on our behalf (third-party cookies), such as Google Analytics.
There are other tracking technologies, such as web beacons/GIFs, pixels, page tags, embedded scripts, that consist of small transparent image files or other web programming code that record how you interact with websites, mobile applications and services. They are often used in conjunction with web browser cookies or other identifiers associated with your device.
As part of using the Services, we use these technologies as well as similar technologies within our Services and across our Websites. Examples include:
-
to provide our Services;
-
to uniquely identify you and/or your device;
-
to store your preferences as part of providing the Services;
-
for personalization and targeted advertising purposes (including across your devices and applications);
-
for security and fraud-prevention purposes;
-
to analyze and monitor the performance of our Services;
-
to improve and develop new Services; and
-
to understand your use of the Services over time.
There are ways to control and/or reject the setting of cookies and similar technologies within your browser settings. As each browser is different, please consult the “help” menu within your browser. For additional information about cookies and how to control their use on various browsers and devices, you can visit http://www.allaboutcookies.org. Please be aware that depending on the Services being used, restricting cookies may prevent you from accessing and using all or part of the Services.
Targeted advertising and your choices
In certain cases, we may allow third-party advertising partners to use cookies, web beacons and other tracking technologies on our Websites, mobile applications and within our Services to collect information about you and your activities for interest-based advertising or other targeted content. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. This information may be shared with ad networks and other content providers.
If you want to opt out of receiving online interest-based advertisements on your internet browser, please visit and follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the specific internet browser and device that they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to set the opt-out cookie again on that device. If you want to opt out of receiving online interest-based advertisements on mobile applications, please follow the instructions at http://www.aboutads.info/appchoices or by visiting the settings in your mobile device.
Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see should not be tailored to your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention purposes.
Do not track
We may use, and we may allow third-party service providers and other third parties to use, cookies or other technologies on our Services that collect information about your browsing activities over time and across different websites following your use of the Services. Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Statement from web browsers that have enabled DNT signals or similar mechanisms.
.
8. Your rights and choices
Managing your information
We want to ensure that you have the necessary tools at your disposal to manage your personal information. We rely on you to ensure that your information is accurate, complete and up to date and ask that you notify us of any changes to your personal information. Your ability to update and manage your personal information will differ depending on your relationship with Vibrant and what Services you use. For example,
-
Depending on the Services you use, you may be able to access, change and update your information through an account created as part of the Services. If you are a Guest and would like to have your account deleted or have other questions about your account, please contact hi@vibrantck.com. In certain cases, you can also submit a request for deletion of your account from directly within the mobile application.
In other instances, if applicable, see the instructions provided as part of the Services or contact us as described in the “How to contact us” section of this Statement. We may need to verify your identity before changing or correcting your information. In certain instances, we may not be able to make the correction or accommodate the request due to legal, contractual or technical restrictions.
Please note that depending on your status, location and applicable law, you may be entitled to additional information rights in relation to the processing of your personal information. For more information regarding these rights, and the locations/circumstances where these rights are available, please see the applicable addendums included with this Statement.
Managing communications
As part of providing the Services, Vibrant (whether directly or through a third party), may send you:
-
Marketing communications: Depending on the nature of our relationship and the Services being used, we may send you marketing and other promotional communications for new or existing Services that we think you might be interested in. These marketing communications may include marketing text messages if you have opted in to receive them. You can opt out of or unsubscribe from any marketing communications by following the instructions in those messages, by changing your communications preferences within your account or through your device. You can also opt out by contacting us at hi@vibrantck.com. Opting out of one communication will not necessarily opt you out of all marketing communications. Please note that you may still receive certain non-marketing communications after opting out. These messages may include transaction-specific communications, messages as part of a loyalty program or account-specific communications. If you are located outside the United States, we will not send you direct marketing communications without your opt-in consent or as otherwise permitted under the applicable law.
-
Other communications: As part of your interaction with our Services, you may receive various non-marketing communications from Vibrant that may be sent via email or text message. These include:
-
sending you digital receipts or other messages in relation to Services with which you engage;
-
notifications sent by third-party service providers as part of our Services;
-
responding to feedback that you have provided in relation to the Services;
-
account or program-specific messages as part of your use of the Services; or
-
messages associated with contests, competitions or promotions that you have elected to participate in.
For additional information about how we communicate with you, please contact us at hi@vibrantck.com.
9. Security
We implement appropriate administrative, physical and technical security measures to reasonably protect your personal information against unauthorized access, disclosure, damage or loss. However, even though we have taken measures to protect your personal information, we cannot guarantee that the collection, transmission and storage of personal information will always be completely secure.
10. Links to other websites
This Privacy Statement only applies to information collected when visiting our Websites or otherwise using our Services. While visiting our Websites or using the Services, you may be directed through links to third-party websites or services that are not operated or controlled by us. For example, the websites of our business partners that provide services as part of this Statement. We are not responsible for the privacy practices and policies of these third parties. As a result, we encourage you to review the privacy policies of these third-party websites as their practices may differ from ours.
11. Children
Our Services are not targeted or directed at children under the age of 13, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us as described in the “How to Contact Us” section of this Statement to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 13, we will promptly delete that personal information.
12. How to contact us
If you have questions or concerns about our Privacy Statement, our practices or our compliance with applicable privacy laws, you can reach us at:
-
By email: hi@vibrantck.com
-
By post: Attn: Vibrant Privacy Office, Vibrant Coffeehouse + Kitchen, 6600 44th Ave. Moline IL 61265
-
By phone: 800-323-5109
Additional contact points can be found in the addendums.
A downloadable version of this Statement can be found at www.vibrantcoffeehouseandkitchen.com.
13. Changes to this Privacy Statement
From time to time, we may update, change, modify or amend this Privacy Statement in order to comply with the applicable law or our changing business practices. Unless we are required by the applicable law to provide a prescribed form of notice and/or obtain consent, updated versions of this Statement may be posted on this website with additional communication. An archived version of our previous Privacy Statement can be found at www.vibrantcoffeehouseandkitchen.com. Please check this website and this Privacy Statement regularly for updates.
Addendum A – United States (California)
Last updated: January 16, 2024
1. Privacy Statement for California Residents as required by the California Consumer Privacy Act of 2018 (including as amended by the California Privacy Act of 2020) (“CCPA”).
The provisions below supplement the information provided in the generally applicable portion of our Privacy Statement and apply solely to individuals that are residents of California and qualify as a “Consumer” under the CCPA. This California-specific Statement provides additional information about how we collect, use, disclose and otherwise process the personal information of these individuals, either online or offline, within the scope of the CCPA. Any terms defined in the CCPA or as otherwise defined in our Privacy Statement have the same meaning as used in this addendum.
When we use the term “personal information” in this Addendum, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
A. CCPA personal information table
The below table summarizes:
-
The categories of personal information collected by Vibrant in the past 12 months;
-
The sources of collection of the personal information;
-
How we use your personal information; and
-
The categories of personal information disclosed for business purposes by Vibrant (including to third parties) in the past 12 months.
Please see the generally applicable section of this Privacy Statement for additional information on Vibrant’s information practices, including more detail on how we use and disclose your personal information.
Category of Personal Information | Collected? | Categories of Sources | Commercial or Business Purpose | How We Disclose Your Personal Information |
---|---|---|---|---|
Inferences | Yes |
|
|
|
Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99) | No | N/A | N/A | N/A |
Professional/Employment Information | Yes | Provided directly to Vibrant | To provide, maintain, and support our Services | With our service providers |
Sensory Information | Yes |
|
| With our service providers |
Geolocation Data | Yes |
|
|
|
Internet/Network Information | Yes |
|
| With our service providers |
Biometric Information | No | N/A | N/A | N/A |
Commercial Information | Yes |
|
|
|
Protected Classification Characteristics | Yes | Provided directly to Vibrant |
| With our service providers |
California Customer Records (Cal. Civ. Code § 1798.80(e)) | Yes |
|
| |
Identifiers | Yes |
|
|
|
B. Categories of personal information sold or shared
While Vibrant does not “sell” personal information in the traditional sense, we do, however, sell or share personal information for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”), for personalization features, for tracking and analytics, and for fraud detection and reporting. The categories of personal information impacted in the preceding 12 months may include:
-
Identifiers;
-
Internet/Network Information; and
-
Inferences.
Each of the above categories of information may be disclosed to third-parties, which may include our business partners depending on the nature of a user’s interactions. Vibrant has no actual knowledge that the “sales” or “sharing” described above include the personal information of individuals under 16 years of age.
C. Description of rights available to Consumers
If you are a resident of the state of California and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:
-
The right to know/access: you have the right to request that an in-scope business that collects personal information from you, disclose the following in relation to the preceding 12 month period, upon verification of your identity: (i) the categories of personal information collected about you, (ii) the categories of sources where the personal information was collected, (iii) the business or commercial purposes for collecting (or where applicable, selling or sharing) the personal information, (iv) the categories of personal information that we have disclosed to third parties for a business purpose along with the corresponding recipients, (v) the categories of personal information we have sold or shared along with the corresponding recipients, and (vi) the specific pieces of personal information collected about you.
-
The right of correction: you have the right to request that an in-scope business correct inaccurate personal information, subject to certain conditions.
-
The right to opt out of the sale or sharing of personal information: you have the right to request that an in-scope business refrain from selling or sharing personal information it has collected about you to third parties now or in the future. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales or sharing.
-
The right to limit the use and disclosure of sensitive personal information: to the extent that we use sensitive personal information for purposes beyond those set forth in subdivision (a) of Section 1798.121, you have the right to limit the use or disclosure of that sensitive personal information subject to the exceptions within the CCPA.
-
The right of access to and to the ability to opt-out of automated decision-making technology: subject to further regulations being issued, you have the right to access information pertaining to automated decision-making technologies and the ability to opt out.
-
The right against discrimination and retaliation: you have the right to not be discriminated or retaliated against as a result of exercising any of the above rights.
However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you with our Services or engage with you in the same manner. In addition, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
Please note that your ability to invoke the rights above are limited pursuant to the scope and limitations of the CCPA, including any available exceptions. For example, an access request can only be made twice by a Consumer within a 12-month period.
D. How to invoke your rights
Vibrant has established channels for the purposes of submitting the individual rights requests above, including the right of access and deletion. Individual rights requests can be submitted to Vibrant through the below channels
:
-
By email: hi@vibrantck.com
-
By post: Attn: Vibrant Privacy Office, Vibrant Credit Union, 6600 44th Ave., Moline IL 16265
-
By phone (toll-free): 800-323-5109
Once an individual rights request has been submitted, Vibrant may ask you for additional information in order to verify your identity or to provide additional details to help us respond to your request. This may include your name, email address, phone number or other details related to your use of Vibrant’s Services. Where applicable, these requests can be submitted by an authorized agent through the channels described above in accordance with the applicable law. In these instances, we will take steps to verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request. Please note that in certain circumstances, we may refuse to act or impose limitations on your rights, as permitted by the applicable law in relation to individual rights submissions.
To Exercise the Right to Opt Out of the Selling or Sharing of Personal Information
Unless you have exercised your right to opt out of the sale or sharing of personal information, we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes, for personalization features, for tracking and analytics, and for fraud detection and reporting. The third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy statements. You do not need to create an account with us to exercise your right to opt out of personal information sales or sharing. However, if applicable, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our systems. Once you make an opt-out request, you may change your mind and opt back in to future personal information sales at any time by contacting us at: hi@vibrantck.com or by managing your preferences within the cookie management tool.
E. Accessibility
In the event you are a user with a disability, or are supporting an individual with a disability, and are having difficulty navigating this Statement or the information linked within this Statement, please contact us at: hi@vibrantck.com for support.
Category of Sensitive Personal Information | Use/Purpose | Is the sensitive personal information sold? | Is the sensitive personal information shared? |
---|---|---|---|
Precise geolocation | Guests: Needed as part of the Services requested by a Guest or with the consent of the individual | No | No |
Account login details, plus password or credentials | Guests: Needed for Vibrant account purposes | No | No |
G. Retention
We retain personal information as long as reasonably necessary to provide the Services and carry out the purposes described in this Statement. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, or for instances where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.
To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
As to each of the categories of personal information collected, the retention period will vary depending on our relationship. For example,
-
For Guests that have accounts, Vibrant will generally maintain these accounts for the duration of the individual’s use of service plus a period of inactivity.
-
Information pertaining to support calls are generally retained for one (1) year but may be retained for longer based on the nature of the relationship between Vibrant and the individual.
In all cases, the retention will be subject to any additional legal, regulatory, tax, accounting or other applicable obligations.
Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or de-identify the personal information or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store the personal information and isolate it from further processing until deletion or deidentification is possible.
H. Notice of Financial Incentives and loyalty programs
Part of our business involves the design and implementation of programs and other offerings intended to provide benefits to eligible participants, such as is the loyalty program that is part of the Services.
I. Deidentified information
We may at times receive or process personal information to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
J. Updates to this Statement
We will update this Statement from time to time. When we make changes to this Statement, we will change the "Last updated" date at the beginning of this Statement. All changes shall be effective from the date of publication unless otherwise provided in the notification.
2. California “Shine the Light” disclosure
California residents that have an established business relationship with us have a right to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code § 1798.83). Please contact us through any of the communication channels within the “How to contact us” section in the main body of this Statement to invoke these rights.
Addendum B – United States (Virginia)
Last updated: January 16, 2024
1. Privacy Statement for Virginia Residents as required by the Virginia Consumer Data Protection Act (“VCDPA”).
The provisions below supplement the information provided in the generally applicable portion of our Privacy Statement and apply solely to individuals that are residents of Virginia and qualify as a “Consumer” under the VCDPA. This Virginia-specific Statement provides additional information about how we collect, use, disclose and otherwise process the personal information of these individuals, either online or offline, within the scope of the VCDPA. Any terms defined in the VCDPA or as otherwise defined in our Privacy Statement have the same meaning as used in this addendum.
When we use the term “personal information” in this Addendum, we mean “personal data” pursuant to the VCDPA, including information that is linked or reasonably linkable to an identified or identifiable natural person.
A. Categories of personal information processed
Please refer to the “Personal information we collect” section in the main body of the Statement.
B. Purposes of processing the personal information
Please refer to the “How we use personal information” section in the main body of the Statement.
C. Categories of information disclosed to third parties
Please refer to the “How we share personal information” section in the main body of the Statement.
D. Description of rights available to consumers
A number of individual rights are available to individuals under the VCDPA relating to personal information that we have collected (subject to certain limitations at law), including:
-
The right of access: you have the right to confirm whether a controller is processing your personal information and to access such information.
-
The right of correction: you have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and purposes of the processing.
-
The right of deletion: you have the right to delete your personal data you have provided or that has been collected.
-
The right of portability: you have the right to obtain a copy of your personal information that was previously provided in a portable, and to the extent technically feasible, readily usable format that can be transmitted to another controller where the processing is carried out by automated means.
-
The right to opt out: you have the right to opt out of (as defined by the VCDPA) (i) targeted advertising, (ii) the sale of personal information and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.
E. How to invoke your rights
Vibrant has established channels for the purposes of submitting the individual rights requests above, including the right of access and deletion. Individual rights requests can be submitted to Vibrant through the below channels:
-
By email: hi@vibrantck.com
-
By post: Attn: Vibrant Privacy Office, Vibrant Credit Union, 6600 44th Ave., Moline IL 61265
-
By phone (toll-free): 800-323-5109
Once an individual rights request has been submitted, Vibrant may ask you for additional information in order to verify your identity or to provide additional details to help us respond to your request. This may include your name, email address, phone number or other details related to your use of Vibrant’s Services. Where applicable, these requests can be submitted by an authorized agent through the channels described above in accordance with the applicable law. These include requests made on behalf of a minor by the individual’s parent or legal guardian can also be made via the individual rights portal above. In these cases, in order to verify the authorized agent’s authority, we generally require evidence of that individual’s authority to act on behalf of the individual. All individual rights requests will be managed in line with the requirements set out in the VCDPA.
Please note that in certain circumstances, we may refuse to act or impose limitations on your rights, as permitted by the applicable law. In the event we decline to take action on a request, we will notify you within 45 days of receipt of the original request with our justification for declining to take action and how you may appeal that decision (including an overview of the appeals process and how you can initiate an appeal). All appeal requests should be submitted by emailing us at hi@vibrantck.com with the subject line, “Virginia Privacy Request Appeal”.
F. Sale of personal information
Presently, Vibrant does not carry out any “sales” of personal data as defined by the VCDPA.
G. Targeted advertising
Vibrant carries out limited targeted advertising (as that term is defined by the VCDPA) via cookies and related tracking technologies.
H. Profiling
Presently, Vibrant does not carry out any profiling (as defined by the VCDPA) in furtherance of decisions that produce legal or similarly significant effects concerning consumers that are presently in scope for VCDPA purposes.
I . Deidentified information
We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
J. Updates to this Statement
We will update this Statement from time to time. When we make changes to this Statement, we will change the "Last updated" date at the beginning of this Statement. All changes shall be effective from the date of publication unless otherwise provided in the notification.