First Command Financial Services, Inc., and its wholly owned subsidiary companies, including but not limited to First Command Brokerage Services, Inc., First Command Advisory Services, Inc., First Command Insurance Services, Inc., First Command Bank and First Command Europe Ltd. (together “First Command” or “we”) are committed to protecting your online security. 

This Online Security Notice (“Notice”) describes our online and mobile security practices and applies to anyone who visits our websites, social media sites or pages, or uses our mobile applications (“Online Services”). This notice also provides the type of personal information (“PI”) we collect and what we do with such information, along with helpful tips on how to protect your PI.  This online security notice  should be read in conjunction with the First Command Privacy Notice and any applicable website terms and conditions of use.

If you have any questions or concerns about the privacy, security and protection of your PI, you may write to: First Command’s Data Privacy Department, 1 FirstComm Plaza, Fort Worth, TX 76109-4999; or email: DataPrivacy@firstcommand.com; or call us at 800-443-2104. 

Each time you use our Online Services, you are indicating your acknowledgement and consent to the collection, use and disclosure of information about you, collected through our Online Services as set forth in this Notice.  We reserve the right to amend this notice as we deem necessary or appropriate due to legal requirements or changes in our business practices.  We will notify you of any changes by posting a revised Notice on our website with a new effective date. If you do not accept the terms outlined in this Notice or revised Notice, please do not use our Online Services.

This Notice replaces any previous online or mobile privacy practices notice provided to you by us. It is effective as of May 4, 2021.

A. HOW WE ENSURE PRIVACY AND SECURITY DURING YOUR ONLINE SESSIONS

The information you provide to us online is protected by Secure Socket Layer (SSL technology). SSL technology is the industry- standard security protocol for data transfer on the Internet. SSL technology scrambles your information as it moves between your PC's browser and First Command's computer systems. When information is scrambled or encrypted in this way, it helps protect the safety and confidentiality of your information when you interact with us online.

B. INFORMATION WE COLLECT & HOW WE USE IT

We collect certain non-personally identifiable information when you access our Online Services. 

We may also collect PI, such as your name, mailing address, email address or telephone number when you voluntarily provide it to us through our Online Services.  If you are completing an online form or application for our products, services and/or employment/association, we may also ask for your social security number, tax identification number, account numbers, policy numbers or driver’s license number.

We may use and disclose your PI that is collected through our Online Services in accordance with applicable law and the First Command Privacy Notice, including but not limited to:

  • Providing and managing the online products and services you have requested;
  • Verifying your identity and authenticating you;
  • Protecting against fraud, security threats and otherwise managing risks;
  • Communicating with you regarding products and services that may be of interest;
  • Evaluating and improving our websites and other electronic offerings;
  • Tailoring our services and otherwise enhancing the client experience;
  • Satisfying legal or regulatory requirements or law enforcement requests;
  • As permitted or mandated by applicable law.

When you access one of our interactive websites, we may request information such as your user ID or your email address and password. This information allows you to perform certain tasks and it allows us to provide the information you have requested. In these cases, we collect only the necessary information to interact with you.

C. WAYS WE COLLECT NON-PERSONALLY IDENTIFIABLE INFORMATION:

Analytics Tracking 

We employ Google Analytics and other data collection tools to collect non-personally identifiable information when available. This information is used to make improvements to our websites and to monitor the effectiveness of website changes.

Some common types of information collected include, but are not limited to, your internet protocol (IP) address; the browser type you’re using; the pages you view on the website; the type of device used to access our websites and mobile apps; the items you click within the website; the state or country from which you access the website; the date and time of your visit; the name of your internet service provider; and certain demographic information Google makes available such as age, gender and interests. This data collection provides an anonymized statistical summary that cannot be tracked back to a specific individual. For example, we can view the number of visitors to our website who use a certain type of Internet browser, but we cannot determine which browser a specific visitor uses.  (Please keep in mind this statement refers to general website usage, and not tools such as Command Center or OnCommand).  These tools use the PI you have provided to us in order for us to better serve you and provide product support.  By accessing our Online Services, you are allowing this information to be available to Google. Google’s ability to use and share information collected by Google Analytics about your visits to our Online Services is restricted by the Google Analytics Terms of Use and the Google Privacy Policy (https://www.google.com/policies/privacy/). You can prevent Google Analytics from recognizing you on return visits to our Online Services by disabling cookies on your browser.

Cookies 

A cookie is a small text file containing a string of characters sent to your computer or device when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. Cookies can then be used to help understand how a site or service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies can also help ensure the marketing you see online is more relevant to you and your interests. 

Cookies are uniquely assigned to you and can be read only by a web server in the domain that issued the cookie to you. Cookies are server-specific, meaning you generally must be on that particular site for cookies on that page to be read.  Websites use either temporary or persistent cookies.  An example of a persistent cookie would be shopping online, placing an item in your shopping cart but leaving the website without purchasing that item.  The next time that you returned to the website, you would still see the item that you had placed in your shopping cart. 

We, as well as our third-party vendors (including Google), may use cookies to inform, optimize and serve content based on your visit to our websites. We also may utilize cookies for advertising purposes. See the Internet Based Advertising and Analytics section below for more information. 

You have the option to accept or decline cookies during your Internet use. For general visits and browsing on our website, cookies are not mandatory.  However, tools such as CommandCenter and OnCommand may require cookies for optimal use.  Without cookies, we will not be able to recognize your computer or device as a returning user, meaning you may need to answer challenge questions each time you log in to CommandCenter or OnCommand.

To decline cookie use, visit the Settings menu in your browser to either clear your browser’s cookies or disable them. Keep in mind, by doing this you may disable certain functionality on our website and in your other Internet activities.

Web Beacons or Tracking Pixels 

Our web pages may contain electronic images known as web beacons or tracking pixels that allow us to count users who have visited those pages. We may include web beacons in email messages or newsletters to determine whether messages have been opened and acted upon.

In the case of email marketing, we can track specifically which users visited certain pages on the website from an email sent to them, without collecting any other PI.

D. EMAIL MARKETING

Email advertisements sent to you by us will include instructions on how to opt out of receiving such emails in the future. If you are a client and you elect to opt out of receiving email advertisements, we may still send you emails about your account relationships with us.

E. INTEREST-BASED ADVERTISING AND ANALYTICS 

Online behavioral advertising (also known as interest-based advertising) refers to the collection of information about online activities and web viewing behaviors, over time and across non-affiliate websites, to deliver tailored advertisements . Online behavioral advertising relies on anonymous, aggregated data to deliver advertisements to a computer, based on the computer browser’s activity, not the activities of a specific individual.

To learn more about online behavioral advertising and your choices regarding the collection of your online browsing activity, or to opt-out of interest-based advertising, visit: http://www.aboutads.info/choices or http://www.networkadvertising.org/choices. If you choose to opt-out of online behavioral advertising, a cookie will be placed on your browser indicating your choice.  Because cookies are stored by your browser, any opt-out election you make is valid only for the computer/browser combination you used to opt-out.  Please note, even if you opt-out of online behavioral advertising, you may still receive advertisements from us, but they will not be customized based on your online browsing activities. Clearing your browser's cookies will remove this stored opt-out choice, and you will need to opt out again.

F. ABOUT ONLINE BANNER ADS

First Command uses a third-party online advertisement servicing company to service banner ads to sites on which we have paid to advertise. If you click on one of our ads, you are redirected to the First Command site. Sometimes these ads may contain small graphics with "tags" in them. These tags tell us how many people respond to our ads. They do not identify you personally. Instead, these tags are used only to measure the effectiveness of our ads. The companies that distribute our ads are prohibited by contract from using information other than for the agreed upon purpose—to help us market our products and services and to measure response rates.

Google 

We use Google AdWords Remarketing and Google Analytics to advertise First Command across the Internet.

Google AdWords Remarketing will show you ads based on your past interactions with us by placing a cookie in your browser. This cookie does not provide us with any identifying information such as name, account numbers, social security numbers, or addresses nor does it give us access to your computer or mobile device. This cookie is used to indicate to other websites that you visited a particular page and would be responsive to ads relating to that page.

We use Google Analytics for analytics and reporting information. This information allows us to see the overall patterns of usage of our Online Services, helps us record any difficulties you have, shows us whether our advertising is effective or not, provides information about the age and gender of our website’s users along with the interests they express in their online browsing and purchasing activities, and allows us to use responses to advertisements to optimize ad performance. 

You can learn about Google’s practices by going to: www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. If you do not wish to see ads, you can opt out of them by visiting Google’s Ads Settings.

G. LINKS TO OTHER THIRD-PARTY WEBSITES

We may place links to other non-First Command websites on our Online Services. We do not control, nor are we responsible for the privacy or security of these websites, including their information collection practices, or the accuracy, completeness, reliability, or suitability of their information. These websites may independently set cookies on your computer.  We do not have any control over how the information in these cookies is used, nor do we have access to it.  If you are asked to provide information on one of these websites, we strongly urge you to carefully study their privacy policies before sharing your information.

H. ABOUT TOOLS AND CALCULATORS 

Many of the tools and calculators on our websites, including CommandCenter and OnCommand, are compiled using software and data from third-party providers. These tools and calculators are provided to you for information purposes only. First Command does not guarantee the accuracy, completeness or reliability of the information provided by these tools and calculators and disclaims all liability related to the use or misuse of these tools and calculators. Should you notice any incorrect information, please contact us immediately. The information provided by these tools and calculators should not be considered a recommendation or investment advice, and you should not base your financial decisions on this information.

I. E-MAIL SAFETY

To safeguard your email communications with us, we have implemented an encryption system.  Any email communications sent containing sensitive information will be sent through CommandCenter, OnCommand, our current secure email vendor, or other secure website. Email is generally not a secure method of sending your PI unless it is encrypted. You should never send or reply to any emails containing your PI without encryption protection. If you receive an email request from us containing or requesting your PI in a non-encrypted manner, do not respond to it and notify us immediately by contacting our Customer Call Center at 800-443-2104 or your Advisor. 

J. TRANSACTION REQUESTS

It is important that you do not use email, text or voicemail to request, authorize or effect the purchase or sale of any security or product, or send fund transfer instructions, or any other time sensitive transactions. Any such requests, orders, or instructions that you send will not be accepted and will not be processed. This procedure is in place for your protection as it allows us to verify your identity and your intentions before we take actions impacting your assets and/or insurance policies.

K. FIRST COMMAND SOCIAL MEDIA PAGES

Our Social Media Public Usage Guidelines apply to your interactions with us on Facebook, Twitter, LinkedIn and other social media pages. You can review our Social Media Public Usage Guidelines for Facebook, Twitter and LinkedIn at:

https://www.firstcommand.com/social-media-guidelines/

Please review these Guidelines carefully, as well as the actual social media site’s privacy and security policies and settings. Importantly, you should be very cautious about placing your sensitive information on social media pages. The Internet offers no anonymity.

L. CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA)

The Children's Online Privacy Protection Act (COPPA), as set forth by The Federal Trade Commission, prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of PI from and about children on the Internet. Accordingly, we do not intentionally collect PI from children under age 13 on any of our websites without prior consent from their parents or legal guardians. To learn more about COPPA, please visit https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy.

M. TIPS TO PROTECT YOUR INFORMATION

First Command works hard to keep your information secure. You can help by following these tips to protect your personal information: 

  • Store personal information in a safe place. Tear up or shred old receipts and account statements before throwing them away.
  • Change all passwords regularly. Use a mix of numbers and letters —never use common words or phrases. Your password is more secure and harder for criminals to guess if you include a special character, like an asterisk or an exclamation point. 
  • Protect your PINs and other passwords. Do not share your passwords or pins with anyone.  Make sure your password is unique and difficult to guess.
  • Maintain appropriate security on your computers and other electronic devices. Make sure you secure your wireless network and protect your computers and electronic devices from viruses and spyware. Most major software companies regularly release updates or patches to their operating systems to repair security problems. You should keep your system and applications updated with the latest patches and releases. Installing a firewall is recommended. 
  • Remember to protect your information when disposing of computers and other electronic devices. Your computers and other electronic devices may have a lot of sensitive information on them.  It could be financial information like your account numbers or tax returns, or it could be personal information like email messages, text messages, voice mail or photos. When disposing of your old devices, it’s important to take steps to help ensure this information doesn’t end up in the hands of an identity thief.
  • Log out of websites. After you sign into a website, remember to sign out of all of our online accounts.  Unpair your computer from Bluetooth devices, like a mouse, keyboard or wireless display.
  • Avoiding using public wireless networks and public computers. Many cell phone carriers offer "data tethering." Consider using your cell phone's ability to access the web with your laptop or tablet instead.
  • Download cautiously. If you visit a website that looks questionable, leave. Some free games and free downloads are really tricks to download viruses or spyware on to your device.
  • Watch out for “phishing attacks.” If you receive an email that looks suspicious, don’t click or open anything. Simply delete it from your inbox. 
  • Be wary of advertisements, emails and spam phone calls: You may receive what seem like great deals or limited-time offers that require you to act fast, but you should verify they are legitimate before clicking or sharing any personal information. If you don’t know the company or sender of an email or who’s calling on the phone, that can be a red flag. Look up the information online and make sure you only go to sites that are “https” — with the “s” representing secure.  Avoid financial transactions on “http” sites.
  • Carry only the minimum amount of PI you require.
  • Pay attention to billing cycles and statements. Inquire if you do not receive a bill. 
  • Check account statements carefully to ensure all charges, checks or withdrawals are authorized. 
  • Guard your mail from theft. Do not leave bill payment envelopes in your mailbox with the flag up. Instead, deposit them in a post office collection box or at the local post office. Promptly remove incoming mail.  It is recommended to sign up with the USPS Informed Delivery service which provides daily emails of what it to arrive at your mailbox that day. See the following link for more information: Informed Delivery Sign Up Guide Jan 2020.pdf (usps.com).
  • Consider purchasing credit monitoring services or identity theft protection. These tools can help you check your credit score and reports regularly and alert you about changes and concerns. They will flag activity such as applications for credit in your name, credit limit increases or additions of authorized users on your account. Some service may also offer public record searches and scans of chat rooms and black-market websites for your personal information. 
  • Order copies of your credit report from each of the three major credit bureaus once a year to ensure they are accurate. 

For more on how to protect your identity, read these tips from the Federal Trade Commission and the IRS: https://www.consumer.ftc.gov/features/feature-0014-identity-theft https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

  • If you believe you are a victim of identity theft, take immediate action and keep records of your conversations and correspondence. While the steps you must take will vary with your individual circumstances, four basic actions are appropriate in almost every case: 

1. Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file: 

2. Contact the creditors for any accounts that have been tampered with or opened fraudulently.  

3. File a report with your local police, or the police in the community where the identity theft took place and get a copy of the police report. 

4. File a complaint with the Federal Trade Commission ("FTC"). Complaints can be filed by phone, 1-877-IDTHEFT, or through the FTC’s identity theft Web site at www.consumer.gov/idtheft.