Privacy & Security
Revised: August 10, 2023
Exchange Bank is committed to maintaining the security of the personal information of our customers. This privacy notice supplements the information contained in Exchange Bank’s general Privacy Notice and is provided pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (CPRA). The following describes the information we collect about you, how it may be shared, and your rights connected with that information.
A consumer has the right to request that we disclose what personal information we collect, use, share and sell. If you wish to submit a verifiable consumer request for personal information we collect, use, share or sell, you may submit requests using one of the designated methods described below in the Your Rights under CCPA section.
Collection of Personal Information
Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category identified we have also provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:
Collection of personal information
|Categories of Information We Collect
|Pieces of Personal Information
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number,
passport number, or other similar identifiers.
|Personal information covered by California “safeguards” law (Cal. Civ. Code § 1798.80(e))
A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information may overlap with other categories.
|Sensitive Personal Information
Government ID: Government ID such as driver’s license or state ID, passport number, social security number
|Protected classification characteristics under California or federal law
|Sex, marital status and race.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|Internet or other electronic network activity information
|Including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our website, application, or advertisement.
|Transient, precise geolocation data is used to recommend branches near you on our website. Less precise information is collected to determine the location of your device on the internet.
|Audio, electronic, visual, or similar information.
|Professional or employment-related information
|Work history and prior employer
|Non-public education information
|Education information, defined as information that is not publicly available. Personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99), in the case of an employment application.
|Inferences drawn from other personal information
|Inferences drawn from any of the information identified listed above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Categories of Sources from which we Collect Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Information you provide to us when applying for or opening a deposit account or loan, or any related products or services
- Information we collect to provide your services
- Information received from credit reporting agencies in connection to services we provide
- Information from third-party identity verification services
- Information from activity on our website (www.exchangebank.com), online banking applications, mobile applications, search engines and social media
- Government entities
In some instances, the Bank uses service providers to collect personal information, for example, the Bank uses service providers to deliver internet banking and credit card products to our customers. In these instances, the service provider collects the information and forwards this on to the Bank securely. For your protection, these providers are contractually bound to meet the Bank’s privacy standards.
Purposes for Collecting Personal Information
We may use or disclose the personal information that we collect for one or more of the following business purposes:
- To approve or decline loan or deposit account applications
- To service those products and services you have with us
- To consider your job application for hiring
- To prevent fraudulent activity and to secure your accounts
- To meet legal and regulatory requirements
- To provide employment-related benefits
- To conduct institutional risk analysis and mitigation
Sharing or Selling of Personal Information
We have disclosed personal information about consumers to third parties for a business or commercial purpose in the preceding 12 months. Examples of these business purposes are sharing with Service Providers to provide you with the services typically expected of a Bank such as payment and transaction processing, check order fulfillment, online banking services, and other third parties in support of delivering these services.
In certain situations, such as joint marketing efforts, Exchange Bank sells customer personal information. This information is used to offer you financial services that we believe may be of interest to you as they provide an opportunity for a desirable product. To opt out of this sale of information, visit www.exchangebank.com/do-not-sell-or-share.
Retention of Personal Information
We retain your personal information only as long as necessary to provide you with the services you have requested from us, to meet legal requirements or for as long as permitted by law.
If you are a consumer who has provided information to us but has not established an account or loan relationship, we retain your information for 5 years after collection, or as long as required by law.
If you are a consumer who has established an account or loan relationship with us, we retain your information for 7 years after account closure, or as long as required by law.
Your Rights Under CCPA
You have the right to request that we disclose what personal information we collect, use, share and sell. If you wish to submit a verifiable consumer request for personal information we collect, use, share or sell you may submit requests using one of the designated methods described below. Once we receive and confirm your verifiable consumer request, we will provide the following, subject to applicable exemptions and exceptions:
- The categories of personal information we collected about you
- The categories of sources from which the personal information was collected
- The categories of personal information that the Bank sold or shared for a business purpose about you
- The categories of third parties to whom the personal information was sold or shared for a business purpose
- The business or commercial purpose for collecting or selling personal information
- How long the information collected about you is kept
You have the right to request the deletion of any personal information about you which we have collected or maintained. If you wish to submit a request to delete the personal information we collected or maintain about you, you may submit requests using one of the designated methods described below. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your information, subject to applicable exemptions and exceptions.
You have the right to request correction of the personal information about you which we have collected or maintained. Verifiable requests may be honored based on factual evidence the information we have is incorrect. Once determined to be a valid request, we will correct the information and direct applicable service providers to do so as well.
You have the right to limit the use and disclosure of your Sensitive Personal Information. Exchange Bank does not use or disclose your Sensitive Personal Information outside of what is required to perform the services you expect from us. Additionally, the Bank will only disclose sensitive information in instances where it is required by law, such as a valid request from law enforcement or other governing body.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. If you submit a request on behalf of another person, we may require proof of authorization and verification of identity from the person for whom you are submitting the request.
In some instances, we may not be able to honor your request if we cannot verify your identity or if we cannot verify that you have authorization to make the request. We will not honor requests where an exception applies, or the personal information is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are unable to honor your request. We will work to process all verified requests within 45 days pursuant to the CCPA and if we need an extension for up to an additional 45 days to process your request, we will provide you an explanation for the delay.
You may submit a request by one of the following designated methods:
- By calling our toll-free number 1.800.995.4066 or
- By submitting your request through our website’s contact form located at www.exchangebank.com/contact or
- By submitting your request in-person at any of our Exchange Bank branch locations
You may only make a verifiable consumer request twice within a 12-month period and the request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request
Non-Discrimination for Exercising Your Privacy Rights
You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the California Consumer Privacy Act (California Civil Code § 1798.100 et seq.)
Changes to Our Privacy Notice
We may change or update this disclosure from time to time. When we do, we will post the revised Disclosure on our website at www.exchangebank.com/privacy-security with a new “Revised” date.
Contact for More Information
You may contact us with questions or concerns about this disclosure and our practices by using our website’s contact form located at www.exchangebank.com/contact or by calling our toll-free number at 1.800.995.4066.