USCA Union LLC Global Supplemental Privacy Notice
LAST UPDATED: January 2025
Introduction
This Global Supplemental Privacy Notice ("Notice") provides an overview of how USCA Union LLC and all banking and non-banking U.S. affiliates or subsidiaries ("we" or "our" or "us") collect, use or disclose Personal Information (as defined below) including information about our current and former customers and clients ("you" or "your"). This Notice explains our data collection policies when we engage in the processing activities, described in Processing Activities section below, to provide financial services ("Services").
Protecting your Personal Information is a top priority. Consistent with our obligations under applicable laws and regulations, we have internal procedures and policies in place to maintain physical, technical, electronic, procedural, and organizational safeguards and security measures that are designed to protect Personal Information against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.
Consumers in the U.S. who seek, apply for, or obtain our financial products and services for personal, family, or household purposes should also refer to our U.S. Consumer Privacy Notice. In the event of a conflict between this Notice and our U.S. Consumer Privacy Notice, when applicable, the U.S. Consumer Privacy Notice shall govern. California residents may have additional rights and are encouraged to review our California Consumer Privacy Notice for additional information.
Updates to this Notice
This Notice is subject to change and is updated periodically to comply with applicable laws and regulations. The "LAST UPDATED" date at the top of this Notice indicates when this Notice was last revised. Changes are effective when we publish the revised Notice.
Personal Information We Collect
"Personal Information" is information that identifies an individual or relates to an identifiable individual. The table below contains a list of the Personal Information we may collect from you or through your interaction with the Services. Failure to provide the requested information, may prevent us from providing the requested Services. In the table under Processing Activities, we have associated the categories of Personal Information we collect with the categories of our processing activities/processing.
| Categories of Personal Information | Types of Information |
|---|---|
| Account Activity | Transactional activity from an individual's personal or business accounts (e.g., credit card, checking account, etc.), such as: Account activity, transaction details, loan number, internal identifier |
| Associated Characteristics | An individual's characteristics such as age or gender |
| Compensation Information | Information pertaining to employment status and income sources, such as: Employer name, business address, business phone number, business email address, salary, or other source of income |
| Event Data | Confirmation of an individual's attendance at in-person or virtual events. Information gathered to enable attendance or to offer special accommodations, such as: Events registration, check-in, dietary requests, travel, surveys, and other similar identifiers. (Note: religion, disability and health concerns may be inferred from a person's requests.) |
| Images/Videos/Audio — People | Video of clients (ATMs, Financial Centers), Audio of clients (Contact Center, Financial Center Outbound calls), such as: Photographs, video or audio recordings of individuals and/or groups |
| Legal Transactions | Information from judiciary bodies regarding legal matters pertaining to an individual, such as: Legal documents and/or decisions |
| Online Authentication Information | Information required to access an individual's personal account, online or through mobile applications, such as: User Identification (ID), PIN/Password, Internet Protocol (IP) address, challenge questions, device ID, mobile phone number, biometric information |
| Online Behavior | An individual's purchasing, browsing and consuming history and inferences drawn to determine the individual's tendencies online, such as: Purchasing, browsing, search, internet interactions (site, application and/or advertisement) history behavior |
| Online Identifier | A means of identifying an individual by associating informational traces an individual leaves when operating online, such as: Cookies, pixel tags, web beacons, locally stored objects, unique device identifiers (for example, Media Access Control (MAC) and Internet Protocol (IP) addresses, smart device information, mobile phone network information |
| Payroll Data | Payroll information including direct deposit bank details, payroll deductions and tax details, such as: Direct deposit bank details, payroll deductions, tax details |
| Personal Assets/Liabilities | Information regarding household expenses, income, asset ownership and/or debt information, such as: Household expenses, source/frequency of funds, source/frequency of income, investments, other expenses, financial plan |
| Personal Data — Minors | Personal Information pertaining to an individual under 18 years of age such as: Name, account information, relationships to other account holders, event registration information, which may include special accommodations and dietary restrictions |
| Preferences | Such as language, interests, and other feedback/preferences that you might express during your use of our Services. |
| Proof of Address | Information found on utility bills and/or financial statements |
| Sensitive Personal Information | Information about an individual's religious, ideological, political or trade union related views or activities, health, racial or ethnic origin, social security measures and administrative or criminal proceedings and sanctions, such as: Race, ethnicity, religion, disability information, criminal records, political or philosophical belief |
| Signature | Any symbol, character, sound, or mark made by an individual with the intent to authenticate or authorize a transaction, agreement, or written or electronic document, such as: Electronic signature, digital signature (i.e., DocuSign), web signature, copy of written signature, ink/wet signature |
In addition, we may collect Personal Information from other sources, including:
- Third-Party Logins: When you connect or login to our Services through a third-party service, you direct the service to send us information as controlled by that service or as authorized by you via your privacy settings on that service.
- Client-related Persons: We may collect information from persons or institutions representing you. Where you are accessing our Services because of a relationship with a corporate or institutional client ("Corporate Client"), we also may collect information from the Corporate Client (e.g., where you are an employee or board member).
- Other Third Parties: We may collect information from sources such as publicly available databases, marketing partners, third-party providers, and data brokers.
If you are sharing information on behalf of another individual, please provide them with a copy of this Notice. When you provide us with Personal Information about members of their family, dependents or friends (e.g., individuals provided by a customer as a guarantor), it is your responsibility to inform such individuals and obtain agreement that their data can be shared with us. Should the individual have any questions, please refer them to the Contact Us section in this Notice. By disclosing Personal Information about others to us in connection with our Services, you represent that you have the authority to do so and permit us to use the information in accordance with this Notice.
Processing Activities
We need to collect and process Personal Information to provide the requested Services, or because we are legally required to do so. The table below is a summary of our activities which may require the processing of your Personal Information.
| Purpose | Reasons for Processing | Categories of Personal Information |
|---|---|---|
| Account Opening and Management |
|
Account Activity, Associated Characteristics, Compensation Information, Contact Data, Identifiers, Images/Videos/Audio — People, Personal Assets/Liabilities, Personal Data — Minors, Proof of Address, Signature |
| Aggregation / Anonymization | Aggregating and/or anonymizing Personal Information so that it will no longer be considered Personal Information. | Personal Information as relevant for the specific business purpose. |
| Analytics and Modeling | To provide modeling and analytical insights about our consumers. | Account Activity, Associated Characteristics, Compensation Information, Contact Data, Identifiers, Online Activity, Sensitive Personal Information |
| Client Communications and Relationship Management | To directly communicate with you to help improve the Services we provide or in relation to a Service complaint. | Associated Characteristics, Contact Data, Identifiers, or other categories as relevant for the specific communication about our Services |
| Consumer and Wealth Services | To provide overall support in connection with existing or former accounts, including Trust Services that may involve account transition and termination | Associated Characteristics, Contact Data, Identifiers, Legal Transactions, Online Authentication Information, Online Behavior, Online Identifier, Personal Data — Minors, Sensitive Personal Information |
| Corporate Client Services | To provide Corporate Client Services, including corporate credit cards, benefit programs. | Account Activity, Associated Characteristics, Contact Data, Identifiers, Legal Transactions, Online Authentication Information, Online Behavior, Online Identifier, Sensitive Personal Information |
| Electronic Communications/ Digital Services |
|
Account Activity, Associated Characteristics, Contact Data, Identifiers, Images/ Videos/Audio — People, Online Authentication Information, Online Behavior, Online Identifier |
| Emergency and Incident Response | Ensuring the safety of on-site personnel and visitors; responding to, handling, and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio visual device prompts, etc.). | Personal Information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question. |
| Events Management | To support event management and execution. | Associated Characteristics, Contact Data, Event Data, Identifiers, Images/Videos/Audio — People, Personal Data — Minors, Sensitive Personal Information |
| Legal, Regulatory and Compliance |
|
Account Activity, Associated Characteristics, Contact Data, Identifiers, Personal Information including Personal Information as relevant for each specific regulatory and compliance obligation, Proof of Address, Sensitive Signature |
| Marketing / Communications | Sending you newsletters, event invitations, and mailings (digital and non-digital) that we think may be of interest to you; providing and fulfilling event registration and service requests. | Associated Characteristics, Contact Data, Event Data, Identifiers |
| Monetary Transactions | To enable the movement of money in/out of your account. | Associated Characteristics, Contact Data, Identifiers |
| Operations and General Business | Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data); and facilitating mergers, acquisitions, and other reorganizations and restructurings of our business (including prospective transactions). | Personal Information as relevant for the specific business operations |
| Personalizing our Services | Personalizing our interactions with you and providing you with information and/or offers we believe will be relevant and interesting to you. | Associated Characteristics, Contact Data, Event Data, Identifiers, Online Behavior, Preferences |
| Risk Analysis | To manage our internal risk and analyzing our client portfolio. | Account Activity, Associated Characteristics, Compensation Information, Contact Data, Event Data, Identifiers, Online Behavior, Personal Assets/Liabilities, Sensitive Personal Information |
| Specialized Services |
|
Associated Characteristics, Contact Data, Identifiers, Payroll Data |
| Wealth Management | To provide overall support in connection with existing or former accounts, including Trust services that may involve account transition and termination | Associated Characteristics, Contact Data, Legal Transactions, Online Activity, Sensitive Personal Information |
European Economic Area (EEA)/United Kingdom (UK) residents should refer to the EEA/UK Supplement section of this Notice for more information regarding our legal basis for processing Personal Information.
Cookies and Similar Technologies
We may collect personal information using cookies and similar technologies. See our Cookie Policy (PDF) for additional details about cookies and tracking technologies including how you can manage cookies.
Disclosure of Personal Data
We may disclose Personal Information to affiliates and third parties in connection with the Services we are providing. The recipients of any such information will depend on the Services that are being provided. Disclosures may include the following categories of third parties listed in the table below:
| Categories of third parties | Personal Information | Purpose of Disclosing your Personal Information |
|---|---|---|
| Account Management Software Service Providers | Contact Data | To help process invoices and statements to you on services we provided or transactions we conducted with you. These providers help us with the management of financial accounts and processes with tools and controls that support our organizational, operational, and legislative requirements (includes maintenance and support services). |
| Aggregators | Activity (Account/ Transaction), Personal Assets/ Liabilities, Personal Data, Business Contact Data | To provide services in our mobile and online banking experience such as My Financial Picture and allow you with your consent to send data to a third party (e.g., Venmo, Mint) |
| Analytics Providers | Personal Information Categories provided above | To aggregate and/or anonymize Personal Information, improve the Services, conduct marketing, personalize the Services and for security and fraud prevention and operations and general business. |
| Beneficial Owner Registries required by relevant regulators | Personal Information as required by law, rules, or regulations | If you are a beneficial owner, to share your Personal Data to the extent required by the relevant Beneficial Owner Registries in the jurisdiction applicable to you |
| Clients — Complaint matters | Personal Information, Activity (Account/ Transaction), Assets/Liabilities | Client complaint reporting |
| Communication and Collaboration Software and Software Services providers | Personal Data, Personal Data — Minors, Business Contact Data | To service your accounts and share transaction documents with you. This includes providers that enable individuals and teams to work together over geographic distances by providing tools that aid communication, collaboration and the process of problem solving (includes appliances, maintenance, and support services). |
| Corporate Business Application vendors | Contact Data | To send you service or transactional emails or communications, as applicable and appropriate. These vendors provide software and software services to support our Global Banking and Global Markets businesses, including technology for Sales and Trading functions within Global Equities, Fixed Income Currency and Commodities, Global Research and technology for Credit, Cash Management, FX, Equipment Finance and Merchant Services within Global Banking. |
| Customers — Offshore fund companies | Identifiers, Contact Data, Account Activity | Mutual fund rebates and reporting |
| Digital Commerce and Payment Services Providers | Contact Data, Online Authentication, Online Identifier | If you are a client of Global Transaction Services, to enable you to conduct transactions online and via mobile devices, to authenticate you when you log into online portals, to access your account, review and conduct your transactions. |
| Digital Process Automation Software Services Providers | Signature, Contact Data | To enable you to review and sign contracts with us electronically. This includes vendors who automate and digitize our transaction documentation workflow. |
| Digital Tracking Providers | Online Behavior, Online Identifier | To improve technical and design features of our websites and platforms, including personalization. This includes companies that provide digital tracking services (like cookies, tags, etc.) and whose scripts we use to add to our webpages. |
| External Law Firms and other professional advisors, consultants, experts | Personal Information as relevant in each specific situation |
|
| Hotels, Restaurants, Virtual event platforms, Transportation Companies, and Corporate Security | Contact Data, Identifiers, Personal Data — Minors, Event Data | To assist with our events management and execution. |
| Partner Banks, including Vendors and Credit Card Partners | Account Activity, Compensation Information, Contact Data, Identifiers, Personal Data — Minors, including Personal Information as is necessary to enable us to provide you with the services | To allow our Partner Banks to process payments to or from individuals related to your account with us in places where we do not have a presence, or we are unable to provide the relevant services. Partner Banks are banks with which we have arrangements to enable us to provide the Services to you. |
| Partners — Fund Companies | Identifiers, Contact Data, Account Activity | To manage mutual fund rebates and reporting. |
| Regulators | Personal Information as relevant in each specific situation | To comply with regulatory requirements that obligate us to share your Personal Information. |
| Tax Authorities and Service Providers | Contact Data, Identifiers, and other Personal Information relevant to the Services | To share your Personal Information for us comply with Foreign Account Tax Compliance Act ("FATCA"), Client Relationship Summary ("CRS") and other tax-related reporting requirements. |
| Third parties, such as an acquiring entity and its advisors, in connection with a sale or business transaction | Personal Information categories relevant to the transaction | We may disclose or transfer your Personal Information in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). |
Third Party Services
This Notice does not address, and we are not responsible for, the privacy information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.
Data Retention
We keep your Personal Information as long as needed or permitted by applicable laws and regulations. The retention period may vary between regions and is determined by the reason for which we collected it. The criteria we use to determine our retention periods include: (i) the length of time we have a relationship with our client and Services we provide; (ii) whether there is a legal obligation; and (iii) whether retention is advisable for legal purposes such as statutes of limitations, litigation, or regulatory investigations.
Use of Services by Minors
Where Services allow for parents or guardians to authorize access for individuals under 18 (minors), we will obtain all applicable consents required by law and collect, use, and disclose only necessary information to provide such Services. Please see our Children's Privacy Policy for more information.
Choices and Access
Receiving electronic communications from us
If you no longer wish to receive direct-marketing-related emails from us in the future, you may opt out by following the instructions in the relevant electronic communication, or as described in other relevant notices.
Individuals rights under applicable data protection law
You may have certain rights under applicable data protection laws regarding your access to, information about or the processing of your Personal Information. Where permitted under applicable law and subject to certain exceptions, you may request:
- To access or see the Personal Information that we have about you
- To correct or amend your Personal Information if it is incorrect
- To delete or suppress your Personal Information under certain circumstances
Indonesia residents may also request the following, in accordance with applicable laws and regulations:
- To seek compensation if you have suffered harm due to the unlawful processing of your Personal Information.
- To receive a copy of this Notice translated into Bahasa Indonesia
How individuals can exercise individual rights
If you would like to exercise any of the rights described above, you may contact us by emailing: individualrightsrequests@uscaunion.com with the following information:
- Full name as it appears on your account
- The USCA Union LLC product or service processing your Personal Information, if known
- Reference number provided by a USCA Union LLC representative, if available
- Clearly explain your request. If requesting a change or removal of your Personal Information, please specify which data you are referencing
We process requests in accordance with the applicable laws for your region. For your protection, requests for changes to your personal information may require further verification before processing. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that began prior to requesting a change or deletion.
Depending on your jurisdiction, you may file a complaint with the data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs.
Jurisdiction and Cross-Border Transfer
Personal Information may be stored and processed in any province or country where we have facilities or in which we engage service providers, including the United States (USCA Union LLC Locations). In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access Personal Information. Where required, data transfer agreements including appropriate safeguards, such as standard contractual clauses, will be put in place for transfers from countries outside of the United States.
EEA/UK Notice Supplement
We process Personal Information based on the following legal basis:
| Processing purpose | Legal Basis |
|---|---|
| Account Opening and Management | To manage our contractual relationship with you and/or to comply with a legal obligation. |
| Aggregation and/or Anonymization | Based on our legitimate interest, such as to generate anonymized data for our own business purposes which does not identify you or another individual. |
| Analytics and Modeling | Based on our legitimate interest, to provide modeling and analytical insights about our consumers. |
| Client Communications and Relationship Management | To manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as improving our Services. |
| Consumer and Wealth Services | To manage our contractual relationship with you and/or to comply with a legal obligation. |
| Corporate Client Services | To manage our contractual relationship with you and/or to comply with a legal obligation. |
| Electronic Communications/ Digital Services | To manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as improving our Services. |
| Emergency and Incident Response | To manage our contractual relationship with you, to protect individuals' vital interests, to comply with a legal obligation, and/or based on our legitimate interest, such as ensuring the safety of our premises. |
| Events Management | To manage our contractual relationship with you and/or based on our legitimate interest, such as improving the quality of our events and responding to complaints and concerns relating to an event. |
| Legal, Regulatory and Compliance | To manage our contractual relationship with you, to comply with a legal obligation, including AML/KYC laws and regulations, and/or based on our legitimate interest, such as our interest in enforcing our terms and conditions and bringing and defending legal claims. |
| Marketing | Where required under applicable law, we obtain your consent to send you direct marketing communications. Where permitted by applicable law, we also engage in marketing activities based on our legitimate interest, such as to promote our Services. |
| Monetary Transactions | To manage our contractual relationship with you and/or to comply with a legal obligation. |
| Operations and General Business | To manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as maintaining and improving our Services, identifying and preventing fraudulent transactions and cyberattacks. |
| Personalizing our Services | Where required under applicable law, we obtain your consent to provide personalized Services. Where permitted by applicable law, we also personalize the Services based on our legitimate interest, such as providing tailored Services based on your preferences. |
| Risk Analysis | To manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as to manage our internal risk and analyze our client portfolio. |
| Specialized Services | To manage our contractual relationship with you and/or to comply with a legal obligation. |
Contact Us
If you have any questions about this Notice or complaints about our processing of your Personal Information, please contact our Data Protection Officer at dpo@uscaunion.com.
Some of our Notices are available in additional languages. In the event of a discrepancy in the translated version, the English text shall govern.
This privacy notice outlines our commitment to protecting your personal information and explains how we collect, use, and safeguard your data. We are dedicated to maintaining the trust and confidence of our clients by implementing robust privacy practices and complying with applicable data protection laws.