Skip nav to main content.

General Data Protection Regulation Privacy Notice


HFS Federal Credit Union

General Data Protection Regulation Privacy Notice


This privacy notice is applicable only to individuals located in the European Economic Area (“EEA”).  The General Data Protection Regulation (“GDPR”) is an European Union (“EU”) legislation that has the principal purpose of providing residents of the EU with more control over their data.

For purposes of the GDPR, the Credit Union is the Data Controller of the information you provide.  You can contact us for general data protection queries by email at [email protected].  Please provide us with as much detail as possible regarding your query so that we can comply with your request.  For further information about the Credit Union, you can visit us at

We use information about you and your use of the online services offered by the Credit Union to verify accounts and activity, to monitor suspicious or fraudulent activity, to identify possible violations of Credit Union policies and rules and for other purposes of legitimate interests to the Credit Union.  Where required by law or where we believe it is necessary to protect our legal rights, interest and the interest of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of business.  We use information about you where you have given us consent to do so for a specific purpose not listed above.  For example, we may publish testimonials or featured customer stories to promote the online services, with your permission.

Under the GDPR, you have the right to change or withdraw your consent and to request details of any personal data that we hold about you.  Should we have no legitimate reason to continue to hold your information, you have the right to be forgotten.  We may use automated decision making in processing your personal information for some services and products.  You may request a manual review of the accuracy of an automated decision if you are unhappy about such a decision.

Pursuant to the GDPR, you have the following rights:

  1. The right to be informed.  This means anyone processing your personal data must make it clear what they are processing, why they are processing the data, and what other parties your personal data may be provided to in furtherance of your business with the Credit Union.
  2. The right of access.  You have the right to see what personal data the Data Controller has in it is possession about you.
  3. The right to rectification.  You have the right to have your personal data corrected or amended if what is being held is incorrect.
  4. The right to erasure.  Under certain circumstances, you can ask the Data Controller to delete your personal data that it has in its possession.  This is also referred to as the “Right to be Forgotten.”  This would apply if the personal data is no longer required for the purposes it was collected for, or you have withdrawal your consent to process that personal data, or your personal data has been unlawfully processed.
  5. The right to restrict processing.  This gives you the right to ask the Data Controller to temporarily halt the processing of your personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  6. The right to data portability.  You have the right to ask for any personal data that is being applied by the Data Controller to be provided to you in a structured, commonly used, and machine-readable format.
  7. The right to object.  You have the right to object to further processing of your personal data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  8. Rights in relation to automated decision making and profiling.  You have the right not be subject to a decision based solely on automated processing.

We may transfer personal data we have collected from you to third party data processors located in countries outside of the EEA.  Please be aware that such countries which are outside of the EEA may not have the same level of data protection as that being offered in the EEA.  Our collection, storage and use of your personal data will continue to be governed by the Credit Union’s Privacy Policy.  By using the Credit Union’s online services, you consent to the transfer of your personal data to third party data processors located in countries outside of the EEA.

Fraudulent Text Messages claiming to be from HFS are being sent. If you received a text and are unsure of its legitimacy, please contact the credit union.