PERSONAL INFORMATION & CARD MANAGEMENT MOBILE PRIVACY POLICIES

Personal Information Policy

The Gramm-Leach-Bliley Act was enacted on November 12, 1999. In addition to reforming the financial services industry, the Act addressed concerns relating to consumer financial privacy. The Gramm-Leach-Bliley Act required the Federal Trade Commission (FTC) and other government agencies that regulate financial institutions to implement regulations to carry out the Act’s financial privacy provisions (GLBA). The regulations required all covered businesses to be in full compliance by July 1, 2001.

The FTC is responsible for enforcing its Privacy of Consumer Financial Information Rule (Privacy Rule). Anyone who uses this Guide should also review the Privacy Rule, found at 16 C.F.R. Part 313 (May 24, 2000).

The Privacy Rule applies to businesses that are “significantly engaged” in “financial activities” as described in section 4(k) of the Bank Holding Company Act.  According to the Bank Holding Company Act provision and regulations established by the Federal Reserve Board, “financial activities” include:

  • Lending, exchanging, transferring, investing for others, or safeguarding money or securities. These activities cover services offered by lenders, check cashers, wire transfer services, and sellers of money orders.
  • Providing financial, investment or economic advisory services. These activities cover services offered by credit counselors, financial planners, tax preparers, accountants, and investment advisors.
  • Brokering loans.
  • Servicing loans.
  • Debt collecting.
  • Providing real estate settlement services.
  • Career counseling (of individuals seeking employment in the financial services industry).

Customer vs Consumer

The Bank’s obligations depend on whether we have “customers” or “consumers.” In brief, the Privacy Rule requires the Bank to give notice to all of the Bank “customers” about the Bank privacy practices, and, if the Bank share their information in certain ways, to the Bank “consumers” as well.

Under the Rule, a “consumer” is someone who obtains or has obtained a financial product or service from the Bank that is to be used primarily for personal, family, or household purposes, or that person’s legal representative. The term “consumer” does not apply to commercial clients, like sole proprietorships. Therefore, where the Bank’s client is not an individual, or is an individual seeking the Bank product or service for a business purpose, the Privacy Rule does not apply.

Examples of “consumer” relationships:

  • cashing a check with a check-cashing company
  • making a wire transfer
  • applying for a loan, whether the Bank actually obtain the loan

“Customers” are a subclass of consumers who have a continuing relationship with the Bank. It’s the nature of the relationship – not how long it lasts – that defines our customers. Even if an individual repeatedly uses our services for unrelated transactions, she may not be our “customer.” For example, if an individual uses the ATM at the bank where she does not have an account, those isolated transactions, no matter how frequent, do not make her the bank’s customer. She would still be a “consumer” of the bank.

A former customer “has obtained” a financial product or service from the Bank but no longer has a continuing relationship with us. For purposes of our obligations under the Privacy Rule, a former customer is a consumer.

Examples of “customer” relationships:

  • Opening a credit card account with the Bank
  • Leasing an automobile from an auto dealer
  • Using the services of the Bank as a mortgage broker to secure financing
  • Obtaining the services of a tax preparer or investment adviser
  • Getting a loan from the Bank.

Customer Relationships and Loans

A special rule defines the customer relationship when several financial institutions participate in a loan transaction. The Bank establishes a customer relationship with an individual when it originates a loan. If the Bank sells the loan but maintains the servicing rights, it continues to have a customer relationship with the individual. If the Bank transfers the servicing rights but retains an ownership interest in the loan, the individual is a “consumer” of the Bank and a “customer” of the institution with the servicing rights. If other institutions hold an ownership interest in the loan (but not the servicing rights), the individual is their consumer, too.

What information is covered?

The Privacy Rule protects a consumer’s “nonpublic personal information” (NPI). NPI is any “personally identifiable financial information” that the Bank collects about an individual in connection with providing a financial product or service, unless that information is otherwise “publicly available.”

NPI is:

  • Any information an individual gives the Bank to get a financial product or service (for example, name, address, income, Social Security number, or other information on an application);
  • Any information the Bank gets about an individual from a transaction involving the Bank’s financial product(s) or service(s) (for example, the fact that an individual is our consumer or customer, account numbers, payment history, loan or deposit balances, and credit or debit card purchases); or
  • Any information the Bank gets about an individual in connection with providing a financial product or service (for example, information from court records or from a consumer report).

NPI does not include information that the Bank has a reasonable basis to believe is lawfully made “publicly available.” In other words, information is not NPI when the Bank has taken steps to determine:

  • That the information is generally made lawfully available to the public; and
  • That the individual can direct that it not be made public and has not done so.

For example, while telephone numbers are listed in a public telephone directory, an individual can elect to have an unlisted number. In that case, her phone number would not be “publicly available.”

Publicly Available Information Includes:

  • Federal, state, or local government records made available to the public, such as the fact that an individual has a mortgage with the Bank.
  • Information that is in widely distributed media like telephone books, newspapers, and websites that are available to the general public on an unrestricted basis, even if the site requires a password or fee for access.

Information in a list form may be NPI, depending on how the list is derived. For example, a list is not NPI if it is drawn entirely from publicly available information, such as a list of the Bank’s mortgage customers in a jurisdiction that requires that information to be publicly recorded. Also, it is not NPI if the list is taken from information that is not related to the Bank’s activities, for example, a list of individuals who respond to a newspaper ad promoting a non-financial product the Bank sells.

But a list derived even partially from NPI is still considered NPI. For example, the Bank’s list of its borrowers’ names and phone numbers is NPI even if the Bank has a reasonable basis to believe that those phone numbers are publicly available, because the existence of the customer relationships between the borrowers and the Bank is NPI.

Putting It All Together:

Examples of Nonpublic Personal Information (in list form)

  • List of the Bank’s credit card customers
  • List of the Bank’s consumer, residential home, or HELOC loans

Privacy Notices

The Bank must give their customers – and in some cases their consumers – a “clear and conspicuous” written notice describing their privacy policies and practices. When the Bank provides the notice and what the Bank says depend on what the Bank does with the information.

Who Gets a Privacy Notice?

Customers
Whether or not the Bank shares customer NPI, the Bank must give all customers a privacy notice. The Bank must provide an “initial notice” by the time the customer relationship is established. If this would substantially delay the customer’s transaction, the Bank may provide the notice within a reasonable time after the customer relationship is established, but only if the customer agrees.

If the Bank share NPI with nonaffiliated third parties outside of the exceptions described within (see “Exceptions“), the Bank also must give the Bank customers:

  • An “opt-out” notice explaining the individual’s right to direct the Bank not to share her NPI with a nonaffiliated third party;
  • A reasonable way to opt out; and
  • A reasonable amount of time to opt out before the Bank disclose her NPI.

The Bank must also give the Bank customers an “annual notice” – a copy of our full privacy notice – for as long as the customer relationship lasts and if there have been changes within that year.

Consumers Who Are Not Customers

Before the Bank shares NPI with nonaffiliated third parties outside of the exceptions described within (see “Exceptions“), the Bank must give the Bank’s non-customer consumers a privacy notice, including an opt-out notice. If the Bank does not share information with nonaffiliated third parties, or if the Bank only share within the exceptions, the Bank does not have to give a privacy notice to the Bank consumers.

If the Bank is required to provide a privacy notice to the Bank’s consumers, the Bank may choose to give them a “short-form notice” instead of a full privacy notice. The short-form notice must:

  • Explain that the Bank’s full privacy notice is available on request;
  • Describe a reasonable way consumers may get the full privacy notice; and
  • Include an opt-out notice.

The Contents of the Privacy Notice

The Bank notice must accurately describe how the Bank collect, disclose, and protect NPI about consumers and customers, including former customers. The Bank notice must include, where it applies to the Bank, the following information:

  • Categories of information collected. For example, nonpublic personal information obtained from an application or a third party such as a consumer reporting agency.
  • Categories of information disclosed. For example, information from an application, such as name, address, and phone number; Social Security number; account information; and account balances.
  • Categories of affiliates and nonaffiliated third parties to whom the Bank discloses the information. For example, financial services providers, such as mortgage brokers and insurance companies; or non-financial companies, such as magazine publishers, retailers, direct marketers, and nonprofit organizations. The Bank also may describe categories of other nonaffiliated parties to whom the Bank may disclose NPI in the future.
  • Categories of information disclosed and to whom under the joint marketing/ service provider exception in section 313.13 of the Privacy Rule (see “Exceptions“).
  • If the Bank is disclosing NPI to nonaffiliated third parties under the exceptions in sections 313.14 (exceptions for processing or administering a financial transaction) and 313.15 (exceptions, including fraud prevention or complying with federal or state law and others) of the Privacy Rule  (see “Exceptions“), a statement that the disclosures are made “as permitted by law.”
  • If the Bank is disclosing NPI to nonaffiliated third parties, and that disclosure does not fall within any of the exceptions in sections 313.14 and 313.15, an explanation of consumers’ and customers’ right to opt out of these disclosures  (see “Opt-Out Notices“).
  • Any disclosures required by the Fair Credit Reporting Act (see “Fair Credit Reporting Act“).
  • The Bank policies and practices with respect to protecting the confidentiality and security of NPI (see “Safeguarding NPI“).

The Bank only needs to address those items listed above that apply to the Bank. For example, if the Bank doesn’t share NPI with affiliates or nonaffiliated third parties except as permitted under sections 313.14 and 313.15, the Bank can provide a simplified notice that: (1) describes the Bank collection of NPI; (2) states that the Bank only discloses NPI to nonaffiliated third parties “as permitted by law;” and (3) explains how the Bank protects the confidentiality and security of NPI.

The Appearance of the Privacy Notice

The privacy notice must be “clear and conspicuous,” whether it is on paper or on a website. It must be reasonably understandable, and designed to call attention to the nature and significance of the information. The notice should use plain language, be easy to read, and be distinctive in appearance. A notice on a website should be placed on a page that consumers use often, or it should be hyperlinked directly from a page where transactions are conducted.

Safeguarding NPI

The Privacy Rule requires that the Bank’s privacy notice provide an accurate description of the Bank’s current policies and practices with respect to protecting the confidentiality and security of NPI. For example, if the Bank restricts access to NPI to employees who need the information to provide products or services to the Bank’s consumers or customers.

Delivering Privacy Notices

The Bank must deliver the Bank’s privacy notices to each consumer or customer in writing, or, if the consumer or customer agrees, electronically. The Bank’s written notices may be delivered by mail or by hand. For individuals who conduct transactions with the Bank electronically, the Bank may post the Bank privacy notice on the Bank’s website and require them to acknowledge receiving the notice as a necessary part of obtaining a particular product or service. For annual notices, the Bank may reasonably expect that the Bank customers have received the Bank notice if they use the Bank website to access the Bank financial products or services and agree to receive notices at the Bank website, and the Bank post the Bank notice continuously in a clear and conspicuous manner on the Bank’s website.

Notices given orally or posted in the Bank office(s) don’t comply with the rule.

Opt-Out Notices

General Obligations

If the Bank shares their NPI with nonaffiliated third parties outside of three exceptions  (see “Exceptions“), the Bank must give the Bank’s consumers and customers an “opt-out notice” that clearly and conspicuously describes their right to opt out of the information being shared. An opt-out notice must be delivered with a privacy notice, and it can be part of the privacy notice.

The opt-out notice must describe a “reasonable means” for consumers and customers to opt out. They must receive the notice and have a reasonable opportunity to opt out before the Bank can disclose their NPI to these nonaffiliated third parties. Acceptable “reasonable means” to opt out include a toll-free telephone number or a detachable form with a check-off box and mailing information. Requiring the consumer or customer to write a letter as the only option is not a “reasonable means” to opt out.

Note: While the GLB Act does not require the Bank to provide an opt-out notice if the Bank only discloses NPI to affiliates, if the Bank shares certain information with the Bank’s affiliates, the Bank may have an obligation to provide an opt-out notice under the Fair Credit Reporting Act. That opt-out notice must be included in the Bank’s GLB privacy notice (see “Fair Credit Reporting Act“).

Exercising the Opt-Out Right

The Bank must give consumers and customers a “reasonable opportunity” to exercise their right to opt out, for example, 30 days, after the Bank sends the initial notice either on- or off-line, before the Bank can share their information with nonaffiliated third parties outside the exceptions. For an isolated consumer transaction, like buying a money order, the Bank may require the Bank consumers to make their opt-out decision before completing the transaction.

Consumers and customers who have the right to opt out may do so at any time. Once the Bank receive an opt-out direction from the Bank existing consumers or customers, the Bank must comply with it as soon as is reasonably possible.

The Shelf Life of an Opt-Out Direction

An opt-out direction by a consumer or customer is effective – even after the customer relationship is terminated – until canceled in writing, or, if the consumer agrees, electronically. However, if a former customer establishes a new customer relationship with the Bank and the Bank are required to provide an opt-out notice, the customer must make a new opt-out direction that will apply only to the new relationship.

SUMMARY OF NOTICE REQUIREMENTS

Exceptions to the Notice and Opt-Out Requirements

There are several exceptions to the notice and opt-out requirements. These exceptions are in sections 313.14 (“section 14 exceptions”) and 313.15 (“section 15 exceptions”) of the Privacy Rule. If the Bank shares information only under these sets of exceptions, the Bank doesn’t need to give the Bank’s consumers a privacy notice, but the Bank will need to give the Bank’s customers a simplified initial and, if applicable, an annual privacy notice. Customers and consumers have no right to opt out of these disclosures of NPI.

The section 14 exceptions apply to various types of information-sharing that are necessary for processing or administering a financial transaction requested or authorized by a consumer. This includes, for example, disclosing NPI to service providers who help mail account statements and perform other administrative activities for a consumer’s account. It also includes disclosures to and by creditors listed by a consumer on a credit application to perform a credit check.

The section 15 exceptions apply to certain types of information-sharing, including disclosures for purposes of preventing fraud, responding to judicial process or a subpoena, or complying with federal, state, or local laws. Examples of appropriate information disclosures under this exception include those made to technical service providers who maintain the security of the Bank records; the Bank attorneys or auditors; a purchaser of a portfolio of consumer loans the Bank own; and a consumer reporting agency, consistent with the Fair Credit Reporting Act (see “Exceptions“).

Exception to the Opt-Out Requirement: Service Providers and Joint Marketing

Another exception can be found in section 313.13 (“section 13 exception”) of the Privacy Rule. If the Bank shares information under this exception, the Bank must give the Bank’s customers – and the Bank consumers if the Bank shares their information – a privacy notice that describes this disclosure. However, the Bank consumers and customers do not have a right to opt out of this information sharing.

The section 13 exception covers disclosures for certain service providers and for certain marketing activities. The section 13 exception covers disclosures to third party service providers whose services for the Bank does not fall within the section 14 exceptions. For example, if the Bank hires a nonaffiliated third party to provide services in connection with marketing the Bank products or to market financial products jointly for the Bank and another financial institution, or to do a general analysis of the Bank customer transactions, the Bank disclosure of NPI for these purposes does not fall under the section 14 exceptions. Therefore, the Bank can use the section 13 exception for these types of service providers.

The section 13 exception also applies to marketing financial products or services offered through a “joint agreement” with one or more other financial institutions. The “joint agreement” requirement means that the Bank has entered a written contract with one or more financial institutions about the Bank’s joint offering, endorsement, or sponsorship of a financial product or service. This does not apply to any kind of joint marketing the Bank does, but only joint marketing with other financial institutions and only the marketing of financial products or services.

To take advantage of the section 13 exception, the Bank must enter a contract with those nonaffiliated third parties with whom the Bank shares NPI. The agreement must guarantee the confidentiality of the information by prohibiting the third party or parties from using or disclosing the information for any purpose other than the one for which it was received. Contracts with nonaffiliated service providers that are effective before July 1, 2000 and do not have the required confidentiality agreement must be amended to include such a provision by July 1, 2002

LIMITS ON REUSE AND REDISCLOSURE OF NPI

General Obligations.

If the Bank receives NPI from a nonaffiliated financial institution, the Bank’s ability to reuse and redisclose that information is limited. The limits depend on how the information is disclosed to the Bank. It does not matter whether the Bank’s a financial institution.

Restrictions on Reuse and Redisclosure if NPI is Received Under the Section 14 or 15 Exceptions

The Bank may receive NPI from a nonaffiliated financial institution (“originating financial institution”) under the section 14 or 15 exceptions. In these situations, the Bank may only disclose and use the information in the ordinary course of business to carry out the purpose for which it was received. That purpose may include disclosures to other parties under the section 14 or 15 exceptions in order to carry out that activity, or as otherwise necessary, such as to respond to a subpoena. The Bank may also disclose the information to the Bank’s affiliates, who are limited in their reuse and redisclosure of the information in the same way as the Bank are, and to affiliates of the originating financial institution.

Restrictions on Reuse and Redisclosure if NPI is Received Outside the Section 14 or 15 Exceptions

Alternatively, the Bank may receive NPI from a nonaffiliated financial institution outside the section 14 or 15 exceptions. For example, the Bank may want to purchase a financial institution’s customer list in order to market the Bank’s own products to those individuals. In these cases, the originating financial institution may disclose NPI about those consumers or customers who were informed about this type of disclosure in the privacy notice, and who did not opt out after receiving notice and the opportunity to opt out.

In this situation, the Bank may use the information internally for the Bank’s own purposes. However, the Bank may only redisclose the information consistent with the privacy policy of the originating financial institution. In other words, the Bank step into the shoes of the originating financial institution and may disclose the same kinds of NPI to the same entities as the originating institution. For example, if the originating financial institution’s privacy notice informed its consumers and customers that it would only share their NPI with “nonfinancial institutions, such as charitable organizations,” the Bank may redisclose the NPI to charitable institutions as well. However, because the originating institution does not disclose NPI to another financial institution, such as an insurance provider, the Bank cannot because that type of company is not covered by the privacy policy.

The Bank may also disclose the information to the Bank’s affiliates, whose redisclosure is limited in the same way as the Bank, and to affiliates of the originating financial institution.

DISCLOSURE OF ACCOUNT NUMBERS IS PROHIBITED

The GLB Act prohibits the Ban from sharing account numbers or similar access numbers or codes for marketing purposes. This prohibition applies even when a consumer or customer has not opted-out of the disclosure of NPI concerning her account. The prohibition applies to disclosures of account numbers for an individual’s credit card account, deposit account, or “transaction account” to any nonaffiliated third party to use in telemarketing, direct mail marketing, or other marketing through electronic mail to any consumer. A “transaction account” is any account to which a third party may initiate a charge. This provision does not prohibit the sharing of an encrypted account number, if the third party receiving the information has no way to decode it.

This prohibition applies to the complete marketing transaction, including posting a charge to an account. However, it does not apply when the Bank discloses an account number to the Bank’s agent or service provider just to market the Bank’s own products or services, as long as the party receiving the information can’t directly initiate charges to the account.

The exceptions in sections 313.14 and 313.15 of the Privacy Rule do not apply to the disclosure of account numbers for marketing purposes. For example, the Bank may not obtain the Bank customer’s consent to disclose her account number for marketing purposes.

OTHER ISSUES

The Fair Credit Reporting Act

The Gramm-Leach-Bliley Act’s notice and opt out provisions are in addition to the obligations imposed by the Fair Credit Reporting Act (FCRA). If the FCRA currently requires that the Bank make clear and conspicuous disclosures to the Bank’s consumers regarding the Bank sharing of certain information (such as consumer report and application information) with the Bank’s affiliates, the Bank must continue to do so. The GLB Act requires these disclosures to be made as part of any privacy policy the Bank gives to the Bank’s consumers or customers

Router and Firewall

Secure forms must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.

Using the above technologies, your check reorder transactions are secure.

CARD MANAGEMENT MOBILE PRIVACY POLICY

Effective April 29, 2024, all debit and credit cards issued be KeySavings Bank were converted to an upgraded card processing system. Many improved features, including some with location tracking, are now available. Please review the Card Management Mobile Privacy Policy below for additional information.

The Type of Information We Collect in Card Management
Through your use of the Services, we may collect personal information from you in the following ways:

    1. Personal Information You Provide to Us
      1. We may collect personal information from you, such as your first and last name, address, email, telephone number and Social Security number when you create an account.
      2. We will collect the financial and transaction information necessary to provide you with the Services, including account numbers, payment card expiration date, payment card
      3. identification, verification numbers, and transaction and payment history.
      4. If you provide feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, to send you a reply.
      5. We also collect other types of personal information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.

    2. Personal Information Collected from Third Parties. We may collect certain information from identity verification services and consumer reporting agencies, including credit bureaus, to provide some of our Services.
    1. Personal Information Collected Via Technology. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications, and other online services, such as:
      1. Device data, such as your computers or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area.
      2. Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
      3. Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
      4. Local storage technologies, like HTML5 and Flash, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
      5. Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
      6. Location Information. If you have enabled location services on your phone and agree to the collection of your location when prompted by the Services, we will collect location data when you use the Services even when the KeySavings Bank app is closed or not in use; for example, to provide our fraud detection services. If you do not want us to collect this information, you may decline the collection of your location when prompted or adjust the location services settings on your device.

How We Use Your Information Collected in Card Management

      1. General Use. In general, we use your personal information collected through your use of the Services to respond to your requests as submitted through the Services, to provide you with the Services you request, and to help serve you better. We use your personal information, in connection with Card Management, in the following ways:
        1. Facilitate the creation of, and secure and maintain your account,
        2. Identify you as a legitimate user in our system,
        3. Provide improved administration of the Services,
        4. Provide the Services you request,
        5. Improve the quality of experience when you interact with the Services,
        6. Send you administrative e-mail notifications, such as security or support and maintenance advisories; and send surveys, offers, and other promotional materials related to the Services.

      2. Compliance and protection. We may use your personal information to:
        1. Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities,
        2. Protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims),
        3. Audit our internal processes for compliance with legal and contractual requirements and internal policies,
        4. Enforce the terms and conditions that govern the Services; and
        5. Prevent, identify, investigate/deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyber-attacks and identity theft.

      3. Creation of Non-Identifiable Data. Card Management may create de-identified information records from personal information by excluding certain information (such as your name) that makes the information personally identifiable to you. We may use this information in a form that does not personally identify you to analyze request patterns and usage patterns to enhance our products and services. We reserve the right to use and disclose non-identifiable information to third parties at our discretion.

Disclosure of Your Personal Information
We disclose your personal information collected through your use of the Services as described below.

      1. In Accordance with Our Other Privacy Notices. Other than as described in this Privacy Policy in connection with the Card Management feature, this Privacy Policy does not apply to the processing of your information by us or third parties with whom we share information.

      2. Third Party Service Providers. We may share your personal information with third party or affiliated service providers that perform services for or on behalf of us in providing the Card Management feature for the purposes described in this Privacy Policy, including: to provide you with the Services; to conduct quality assurance testing; to facilitate the creation of accounts; to optimize the performance of the Services; to provide technical support; and/or to provide other services to Card Management.

      3. Authorities and Others. Regardless of any choices you make regarding your personal information, Card Management may disclose your personal information to law enforcement, government authorities, and private parties, for the compliance and protection services described above.

Links to Other Sites
Card Management may contain links to third party websites. When you click on a link to any other website or location, you will leave Card Management and go to another site and another entity may collect personal and/or anonymous information from you. Card Management’s provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites. We encourage you to read the privacy policy of every website you visit.

Your Choices Regarding Your Information
You have several choices regarding use of information on the Services.

      1. How We Respond to Do Not Track Signals. Some web browsers transmit “do not track” signals to the websites and other online services with which your web browser communicates. There is currently no standard that governs what, if anything, websites should do when they receive these signals. We currently do not act in response to these signals. When a standard is established, we may revise its policy on responding to these signals.

      2. Access, Update, or Correct Your Information. You can access, update, or correct your information by changing preferences in your account. For additional requests, please contact us

      3. Opting Out of Email or SMS Communications. If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email or other electronic communication. Alternatively, you can opt out of receiving marketing communications by contacting us at the contact information under “Contact Us” below. If you provide your phone number through the Services, we may send you notifications by SMS, such as provide a fraud alert. You may opt out of SMS communications by unlinking your mobile phone number from the Services.

      4. Opting Out of Location Tracking. If you initially consented to the collection of geo-location information through the Services, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of Card Management.

Safeguards and Retention
We implement reasonable administrative, technical, and physical measures to safeguard the information in our custody and control against theft, loss and unauthorized access, use, modification, and disclosure. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.

A Note About Children
The Services are not directed towards individuals under the age of 18, and we do not, through Card Management, intentionally gather personal information about visitors who are under the age of 18. If a child under 18 submits personal information to us through Card Management and we learn that the personal information is the information of a child under 18, we will attempt to delete the information as soon as possible.

Privacy Policy Updates
This Privacy Policy is subject to occasional revision. We will notify you of any material changes in the collection, use, or disclosure of your personal information by posting a notice on the Services. Any material changes to this Privacy Policy will be effective thirty (30) calendar days following notice of the changes to the Services. These changes will be effective immediately for new users of the Services. If you object to any such changes, you must notify us prior to the effective date of such changes that you wish to deactivate your account. Continued use of the Services following notice of any such changes shall indicate your acknowledgement of such changes.

Contact Us
If you have any questions or complaints about this Privacy Policy or Card Management’s data collection or processing practices, or if you want to report any security violations to Card Management, please contact us by email at: info@KeySavingsBank.com; or by mail at:

KeySavings Bank
811 E. Grand Ave.
Wisconsin Rapids, WI 54494
715-423-6460
Info@Keysavingsbank.com

Lost or Stolen Debit Card

If your Debit Card is lost or stolen, please call 715-423-6460 during working hours.

CEO MessageIcon for: Message

Image for: CEO

KeySavings Bank is a mutual bank....meaning that all of our clients are members. Members enjoy the benefits of reduced fees, lower interest rates on loans and more investment opportunities.