Members 1st Credit Union (“Credit Union”) is committed to making financial products and services available to its members that will enable them to meet their financial needs while still protecting and safeguarding all personal information and using it in a manner consistent with Regulation P.

· Affiliates Companies related by common ownership or control. They can be financial and non-financial companies. Members 1st Credit Union does not have any affiliates currently.

· Non-affiliates Companies not related by common ownership or control. They can be financial and non-financial companies. Members 1st Credit Union does not share information with non-affiliates currently.

· Joint Marketing A formal agreement between non-affiliated financial companies that together market financial products or services. Members 1st Credit Union has a joint marketing agreement with Insurance Companies.

In the course of delivering products and services, the Credit Union obtains nonpublic personal information, either directly from the member or from outside sources. This nonpublic personal information is used to comply with federal and state laws and regulations, to provide effective member service and to inform members of products and services which may be of interest to the member.

The Credit Union will exercise reasonable caution in the gathering and maintenance of information to ensure its accuracy. When inaccurate information is discovered, it will be corrected as promptly as possible.

The Credit Union will not disclose personal nonpublic information to non-affiliated third parties. The requirement for the Credit Union to provide notice and a reasonable opportunity to opt in does not apply if the Credit Union’s disclosure of nonpublic personal information is necessary to affect, administer, or enforce a transaction that a member requests or authorizes, or in connection with any of the following:

· Servicing or processing a financial product or service that a member requests or authorizes.

· Maintaining or servicing the member’s account with the Credit Union, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity.

· A proposed or actual securitization, secondary market sale (including sales of servicing rights) or similar transactions related to a transaction of the member.

· With the written consent or direction of the member, provided the member has not revoked the consent or direction.

· To protect the confidentiality or security of the Credit Union’s records pertaining to the member, the service or product, or the transaction; to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; for required institutional risk control, or for resolving member disputes or inquiries; to persons holding a legal or beneficial interest relating to the member; or, to persons acting in a fiduciary or representative capacity on behalf of the member.

· To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act, to law enforcement agencies, self-regulatory organizations, or for an investigation on a matter related to public safety.

· To provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the Credit Union, persons assessing the Credit Union’s compliance with industry standards, and the institution’s attorneys, accounts, and auditors.

· To a credit reporting agency in accordance with Fair Credit Reporting Act (FCRA).

· In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely members of such business or unit.

· To comply with Federal, State, or local laws, rules, and other applicable legal requirements, to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by Federal, State, or local authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law.

· Such financial records disclosed (i) in response to an administrative subpoena; (ii) in response to a search warrant; (iii) in response to a judicial subpoena; or (iv)in response to a formal written request by a proper governmental authority.

The Credit Union will only approve service providers with established policies of privacy similar to those of the Credit Union. The Credit Union will require contractual agreements from non-affiliated third parties that will include confidentiality of member information disclosed by the Credit Union and prohibit the service provider from disclosure and reuse of nonpublic personal information for any reason other than the intended purpose.

The Credit Union will disclose its privacy policy as required by law, in a form that the members can keep. This disclosure will be an initial disclosure and will also be provided to members annually (See Exhibit “A”). The Credit Union’s privacy notice may be combined with other information, so long as it is presented in a way that is “clear and conspicuous.”

· Initial Privacy Notice. The Credit Union will hand deliver or mail a printed copy of the notice describing the Credit Union’s privacy policy to each new member who establishes a relationship with the Credit Union. This initial privacy notice will be provided at or before an establishment of a member relationship (i.e., before the member signs the account card or other applicable document). A new privacy notice need not be given for each subsequent account opening, as long as the initial, revised, or annual notice that the Credit Union most recently provided to the member was accurate with respect to the new financial product or service. When two or more members jointly obtain a financial product or service, other than a loan, from the Credit Union, the Credit Union may provide one initial notice to the members jointly.

· Annual Notice. The Credit Union will provide a notice of the Credit Union’s privacy policy to all members at least annually (once during any 12 consecutive months). In order to meet the requirements to provide the annual notice, the Credit Union will:

o Convey in a clear and conspicuous manner that the Credit Union’s privacy notice is available on the Credit Union’s web site and will be mailed to the member upon request by telephone. The statement must state that the privacy notice has not changed and must include the specific web address that takes the member directly to the page where the privacy notice is posted and a telephone number for the member to request that it be mailed. (See Exhibit “B”). The Credit Union will post this notice on the members June statements or in the June newsletter.

o Post its most current privacy notice continuously and in a clear and conspicuous manner on its web site, without requiring the member to provide any information such as a login name or password or agree to any conditions to access the page.

o Mail the current privacy notice to those members who request it by telephone within ten (10) days of the request.

o The Credit Union does not need to provide an annual notice to members who no longer have a relationship with the Credit Union.

· Revised Notice. If the Credit Union revises its privacy notice, a printed copy of the revised notice will be mailed to the last known address of all members. The revised notice will also be posted on the Credit Union’s web site. A revised notice is not required if the Credit Union discloses nonpublic personal financial information to a new nonaffiliated third party that the Credit Union adequately described in its prior notice.

The Credit Union maintains strict policies and security controls to assure that nonpublic personal information in the Credit Union’s computer systems and files is protected.

· Credit Union employees and certain contractors are permitted access to nonpublic personal information that they may need to perform their jobs and to provide service to the members.

· Credit Union employees and contractors will have access to such nonpublic personal information only as necessary to conduct a transaction or respond to a member’s inquiries.

· All Credit Union employees and contractors will be required to respect member privacy through confidentiality and information security provisions included in the Credit Union’s employee policy manual and service agreements with the contractors.

· No one except Credit Union employees and authorized contractors will have regular access to the Credit Union computer system and records storage. The Credit Union has established internal security controls, including physical, electronic, and procedural safeguards to protect the member nonpublic personal information provided to the Credit Union and the information the Credit Union collects about the member. The Credit Union will continue to review its internal security controls to safeguard member nonpublic personal information as the Credit Union employs new technology in the future.

· Encryption. Electronic interfaces with members (such as Internet transactions) will be encrypted using Secure Socket Layer (SSL) 128-bit encryption.

· Account Access. Member account information and transactions will be protected by a password that must be used in conjunction with a username or account number. Members must apply for this capability and be registered with the Credit Union for authentication purposes.

· Links. The Credit Union will frequently link to other sites as a convenience to our members. The Credit Union will seek to link with other sites that adhere to similar privacy standards. For all third-party links, the Credit Union will disclose the following information:

o The member is linking to an alternate web site not operated by the Credit Union;

o The Credit Union is not responsible for the content of the alternate web site;

o The Credit Union does not represent either the third party or the member if the two enter into a transaction; and

o Privacy and security policies may differ from those practiced by the Credit Union.

The Credit Union and all of its affiliates will comply with all applicable laws and regulations governing the privacy, confidentiality, security, and integrity of nonpublic personal information including the NCUA privacy rule, the FTC privacy rule for affiliates, and all other applicable state and federal privacy laws and regulations as amended.

· Protecting member privacy is an ongoing process and the Credit Union will continue to evaluate and review the measures taken to safeguard member information.

· The Credit Union will provide training to employees on how to recognize and control risk to nonpublic personal information, how to handle nonpublic personal information, and how to report unauthorized or fraudulent attempts to gain access to nonpublic personal information.

· The Credit Union will create controls and procedures whereby any new product, service, or delivery method shall be reviewed and modified to ensure that it conforms to existing Credit Union privacy policies with regards to nonpublic personal information.

· If nonpublic personal information is shared with vendors for a business purpose, all contracts and agreements between the vendors and the Credit Union will include a guarantee that the vendor will safeguard such information.

· Because no policy can address every possible contingency and circumstance, Credit Union management shall use its good faith business judgment in administering this privacy policy and expects that all officers, volunteers, and employees will use good faith in their actions to protect the privacy of Credit Union members.

· The Credit Union reserves the right to amend this privacy policy in any respect with disclosure to members as required by law.

FACTS	WHAT DOES MEMBERS 1ST CREDIT UNION DO WITH YOUR PERSONAL INFORMATION?
WHY are we telling you this?	Financial companies choose how they share your personal information. Federal Law gives consumers the right to limit some, but not all, sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
WHAT type of information does this affect?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number Credit History Account balances Checking Account information Payment history Wire transfer instructions When you are no longer a member, we continue to share your information as described in this notice.
HOW do we share this information	All financial companies need to share members' personal information to run their everyday business. In the sections below, we list the reasons financial companies can share their members' personal information; the reasons Members 1st Credit Union chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information	Does Members 1st Credit Union share?	Can you limit this sharing?
For everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	YES	NO
For our marketing purposes – to offer our products and services to you	NO	We don’t share
For joint marketing with other financial companies	YES	NO
For our affiliates’ everyday business purposes – information about your transactions and experiences	NO	We don’t share
For our affiliates’ everyday business purposes – information about your credit worthiness	NO	We don’t share
For non-affiliates to market to you	NO	We don’t share

WHAT WE DO
How does Members 1st Credit Union protect my personal information?	We use security measures that comply with federal law to protect your personal information from unauthorized access and use. These measures include computer safeguards and secured files and buildings. We also maintain other physical, electronic, and procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.
How does Members 1st Credit Union collect my personal information?	We collect your personal information, for example, when you: Open an account Give us your contact information Deposit money Show your driver’s license *Apply for a loan We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?	Federal law gives you the right to limit only: Sharing for affiliates’ everyday purposes – information about your credit worthiness Affiliates from using your information to market to you *Sharing for non-affiliates to market to you State law and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

Federal law requires us to tell you how we collect, share, and protect your personal information. Our privacy policy has not changed and you may review our policy and practices with respect to your personal information at www.members1cu.com or we will mail you a free copy upon request if you call us at 802-257-5131.

DEFINITIONS
Affiliates	Companies related by common ownership or control. They can be financial or non-financial companies. · Members 1st Credit Union has no affiliates.
Non-Affiliates	Companies not related by common ownership or control. They can be financial or non-financial companies. · Members 1st Credit Union does not share with non-affiliates so they can market to you.
Joint Marketing	A formal agreement between non-affiliated financial companies that together market financial products or services to you. · Our joint marketing partners include insurance companies.
OTHER IMPORTANT INFORMATION
For Alaska, Illinois, Maryland, and North Dakota Members. We will not share personal information with non-affiliates either for them to market to you or for joint marketing - without your authorization. For California Members. We will not share personal information with non-affiliates either for them to market to you or for joint marketing - without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with all California privacy laws that apply to us. For Massachusetts, Mississippi, and New Jersey Members. We will not share personal information from deposit or share relationships with non-affiliates either for them to market to you or for joint marketing - without your authorization. For Vermont Members. We will not share personal information with non-affiliates either for them to market to you or for joint marketing - without your authorization, and we will not share personal information with affiliate about your creditworthiness without your authorization