Last Updated: May 2022
The Policy describes the treatment of information that is provided by you or collected through any of our online interfaces to which a copy of the Policy is posted, including www.exchangebank.com (the “Website”), Applications we have placed on third party sites such as Facebook®, Twitter® and other social media services, and Exchange Bank’s mobile applications (the “Applications,” and together with the “Website,” the “Services”). It also explains how we collect, use and share information based on users’ interactions with online advertisements, both on the Services and on online interfaces owned by third parties. Note that the Policy does not govern our privacy practices offline or with respect to information that is not provided or collected through the Services.
For additional information on this Policy or our privacy practices generally, please feel free to contact us directly.
We collect two basic types of information through the Services – personal information and anonymous information. We also collect location information in connection with our mobile applications.
“Personal information” refers to information that identifies (whether directly or indirectly) a particular individual, such as information you provide on our forms, surveys, applications or similar online fields. Examples may include your name, postal address, email address, telephone number, Social Security number, date of birth or account information.
“Anonymous information” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples may include information about your Internet browser, information collected through tracking technologies (see “Online Tracking and Advertising” section below for additional information regarding our use of tracking technologies), and demographic information that you provide to us (e.g., your household income) and aggregated or de-identified data.
Exchange Bank Mobile Banking Apps:
- Require access to Images taken by device’s camera to support Mobile Remote Deposit functionality. The Camera Setting can be disabled by the user.
- Provide access to Location Data to enable integration with Maps to identify nearby branches and ATMs. The Location Setting can be disabled by the user.
- Provide access to External Storage to allow users to attach a file within a Secure Message. This functionality cannot be disabled by the user.
- Provide access to the Contact List on the device (including contact list names, email addresses and phone numbers) to support Person to Person (P2P) Payments. The Contacts Setting can be disabled by the user.
- Require access to the Phone State to support an integrated Malware / Anti-phishing Tool. This functionality cannot be disabled by the user.
We collect personal information from you or about you when you provide this information to us directly. For example, we may obtain personal information when you request information, products or services from us, register on the Website or an Application, respond to surveys, contact customer support or otherwise interact with us. We may also receive information about you from other online and offline sources, such as public databases, social media platforms and other third parties.
In addition, we may collect information about your activity on the Services automatically using tracking technologies, such as cookies, and pixel tags. Definitions for the tracking technologies we use, as well as information regarding how to disable them, are available in the Online Tracking and Advertising section of the Policy.
If you submit any personal information relating to other people to us or to our service providers in connection with the Services (such as names, email addresses and/or phone numbers), you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.
Optimize, improve and maintain our sites including research and analytics of the sites, identifiers that allow us to remember when you leave and return to our sites.
Provide and improve our products and services, to better understand and serve our users.
Detect, investigate and prevent activities that may violate our policies or be illegal or fraudulent. We comply with all applicable laws.
We will not share your information outside the Exchange Bank family of financial service providers, except under limited circumstances, as required by law and with our advertising partners, as described below under Section 5. Please refer to the Exchange Bank Privacy Notice for more details.
We and certain trusted service providers operating on our behalf collect information about your activity on the Services using tracking technologies, including:
We may place an exchangebank.com cookie on your device to ensure that browser does not see repeated ads, to sequence a series of ads and to measure the number of visitors that have viewed a particular ad or visited a particular page. You may take steps to stop the automatic use and acceptance of web trackers. Your browser or device may include “Do Not Track” functionality. At this time, we do not respond to browser “Do Not Track” signals.
Third parties may use identifiers to track your Internet usage across other websites and mobile applications in their networks beyond the sites. We do not share information that personally identifies you with unaffiliated third parties. Third parties, with sufficient data from other sources, may be able to identify you. This information allows us to generally inform advertisers about the nature of our website visitors.
You can learn more about advertising serving companies and options available to limit their collection and use of your information by visiting the following websites:
Opting-out of advertising networks services does not mean you will not receive advertising while using our sites or on other websites, nor will it prevent receipt of interest-based advertising from third parties that do not participate in these programs. It will exclude you from interest-based advertising through participating networks, as provided by their policies and choices. If you delete your cookies, you may also delete your opt-out preferences.
Location tracking on mobile devices.
We log IP addresses, and the location of your device on the Internet, for systems administration, troubleshooting and geotargeting our own advertisements. When you interact with our sites, we may collect information about your location and your device. Some of this information may be general, such as the state or city associated with your zip code, some of this information may be more precise, such as information associated with your mobile device. Location information allows us to tailor promotions to your locality. Most mobile devices allow you to control or disable the use of precise location services in the device’s settings menu
- Deliver relevant content based on your preferences, usage patterns and location
- Monitor and evaluate the use and operation of the Services
- Analyze traffic on the Services and on websites or mobile applications of third parties
Browser or Device Information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as the Application) you are using. We use this information to ensure that the Services function properly.
Application Information: When you download and use an Application, we and our service providers may track and collect usage data, such as the date and time the Application on your device accesses our servers and what information and files have been downloaded to the Application based on your device number.
IP Address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, helping diagnose server problems, administering the Services, for analytics purposes, and to deliver personalized advertisements. For advertising and analytics purposes, we may share your IP address with third-party advertising partners.
In addition, Exchange Bank is not responsible for the information collection, use and disclosure practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft or any other app developer or provider, social media platform provider, operating system provider, wireless service provider or device manufacturer.
Your privacy is very important to Exchange Bank and we are committed to protecting your personal information from unauthorized access or use. We will use reasonable organizational, physical, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
In addition, Exchange Bank protects customers from liability for unauthorized online transactions. Certain conditions and limitations may apply. See the Online Banking Agreement and Disclosure for details.
In order to help us protect your personal information, it is important that you always keep your account information safe. We recommend that you consider the risk of sharing your username, password, or PIN with anyone.
Note that Exchange Bank will never initiate (unless otherwise stated for a specific product or service application), a request via email for your sensitive information (e.g., Social Security number, username, password, PIN or account number). If you receive an email asking for your sensitive information, you should be suspicious of the request and promptly contact us to report the suspicious activity.
Please be aware, however, that in certain telephone and in-person transactions we may ask for your full Social Security number, account number or other information to verify your identity before conducting the transactions you have requested. For example, we may ask for such information to verify your identity when you place a call to us, when you visit an Exchange Bank branch office or when we call you about a new product or service we believe that you will find valuable. We will never request that you disclose your personal ID, password or PIN under any circumstances, including such telephone or in-person transactions.
We do not use the Services to knowingly solicit personal information from or market to children under the age of thirteen (13) without parental consent. We request that such individuals do not provide personal information through the Services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should promptly contact us and we will delete such information from our files.
You have the responsibility to help us protect your accounts. Consider the risk of revealing your username, password, or other credentials to any person or third party. By providing your username, password or other credentials to any person or third party (including an aggregation service) you authorize that person or third party to initiate transfers to or from your account.
Some third-party companies offer aggregation services that allow you to consolidate your financial account information from a variety of sources, such that you can view all your account information at a single online location. For example, an aggregation service might collect and consolidate your checking and savings account balances at your bank, the value of your stocks and bonds in your brokerage account and your frequent flier mileage information from an airline. In order to do so, the aggregator may request access to personal information — including identification information, account information, personal IDs and passwords — from you for each individual website
Please use caution when providing personal information to an aggregation service. By providing your username, password or other credentials to an aggregation service you authorize that person or third party to initiate transfers to or from your account.
Should you decide to revoke the authority you have given to an aggregation service, you should notify the aggregation service.
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required by law.
If you have any questions or comments about this Policy or our privacy practices generally, we encourage you to contact our customer service department by completing our online form or by calling 707.524.3000 or 800.995.4066. Alternatively, you may use any of the local telephone numbers for your area that are listed in the “Contact Us” section of the Website.
In the event you notice suspicious activity on your account or believe your personal ID, password or PIN has been compromised, please contact us immediately.
If you need this information in an alternate accessible format, call us at 707.524.3000 or 800.995.4066.