Privacy & Security

California Consumer Privacy Act Privacy Policy

Exchange Bank California Privacy Act Privacy Policy

Revised: March 18, 2024

Exchange Bank is committed to maintaining the security of the personal information of our customers. This privacy notice supplements the information contained in Exchange Bank’s general Privacy Notice and is provided pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act of 2020 (CPRA). The following describes the information we collect about you, how it may be shared, and your rights connected with that information.

A consumer has the right to request that we disclose what personal information we collect, use, share and sell. If you wish to submit a verifiable consumer request for personal information we collect, use, share or sell, you may submit requests using one of the designated methods described below in the Your Rights under CCPA section.

 

Collection of Personal Information

Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category identified we have also provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:

Collection of personal information

Categories of Information We CollectPieces of Personal Information
IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number,
passport number, or other similar identifiers.
Personal information covered by California “safeguards” law (Cal. Civ. Code § 1798.80(e))

A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
 

Some personal information may overlap with other categories.

Sensitive Personal Information

Government ID: Government ID such as driver’s license or state ID, passport number, social security number
Finances: Account log-in, financial account number, debit card or credit card number in combination with any required security or access code, password or credentials allowing access to an account
Geolocation: A consumer’s precise geolocation.
Race Communications such as private emails directed to the Bank
Biometrics such as fingerprints identifying a consumer


Some sensitive personal information may overlap with other categories.

Protected classification characteristics under California or federal lawSex, marital status and race.
Commercial informationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information Fingerprints
Internet or other electronic network activity informationIncluding, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our website, application, or advertisement.
Geolocation dataTransient, precise geolocation data is used to recommend branches near you on our website. Less precise information is collected to determine the location of your device on the internet.
Sensory data Audio, electronic, visual, or similar information.
Professional or employment-related information Work history and prior employer
Non-public education information Education information, defined as information that is not publicly available. Personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99), in the case of an employment application.
Inferences drawn from other personal information Inferences drawn from any of the information identified listed above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Categories of Sources from which we Collect Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Information you provide to us when applying for or opening a deposit account or loan, or any related products or services
  • Information we collect to provide your services
  • Information received from credit reporting agencies in connection to services we provide
  • Information from third-party identity verification services
  • Information from activity on our website (www.exchangebank.com), online banking applications, mobile applications, search engines and social media
  • Government entities

In some instances, the Bank uses service providers to collect personal information, for example, the Bank uses service providers to deliver internet banking and credit card products to our customers. In these instances, the service provider collects the information and forwards this on to the Bank securely. For your protection, these providers are contractually bound to meet the Bank’s privacy standards.

 

Purposes for Collecting Personal Information

We may use or disclose the personal information that we collect for one or more of the following business purposes:

  • To approve or decline loan or deposit account applications
  • To service those products and services you have with us
  • To consider your job application for hiring
  • To prevent fraudulent activity and to secure your accounts
  • To meet legal and regulatory requirements
  • To provide employment-related benefits
  • To conduct institutional risk analysis and mitigation 

 

Sharing of Personal Information

We have disclosed personal information described above about consumers to third parties for a business or commercial purpose in the preceding 12 months. The business purpose for sharing this information is to operate and maintain our business so we may provide you with the services typically expected of a Bank, make an offer of employment, or as required by law or regulation. The categories of third parties we share this information with are:

  • Service Providers and Contractors who provide services such as, core banking software and related information technology infrastructure, payment and transaction processing, check order fulfillment, credit card services, lending transactions, online banking services and other third parties in support of delivering these services.
  • Other Service Providers and Contractors who provide services to the bank such as legal expertise, real estate expertise, appraisal expertise, auditing services, credit financing partners, collection and repossession services, email delivery, marketing services and employment related services.
  • Government or legal entities as required by law including state and federal regulators and law enforcement.
  • Other entities or persons to whom you may have specifically authorized or directed us to disclose your Personal Information. 

The information shared with these providers is limited to what is necessary to provide the contracted banking service, make an offer of employment, as dictated by law or regulation or as directed by you and may include:

  • Identifiers
  • Personal information
  • Sensitive personal information
  • Protected classification characteristics under California or federal law
  • Commercial information
  • Internet or other electronic network activity information
  • Transient, precise geolocation data
  • Professional or employment-related information
  • Education information
  • Sensory data such as video images

 

Selling of Personal Information

In certain situations, Exchange Bank sells customer personal information, excluding Sensitive Personal Information. This information is used to offer you financial services that we believe may be of interest to you as they provide an opportunity for a desirable product. We have sold personal information about consumers in the past 12 months to:

  • Joint marketing partners to offer financial services.

 

The information sold to these service providers may include:

  • Identifiers and Personal Information such as name, address and email address

 

To opt out of this sale of information, visit www.exchangebank.com/do-not-sell-or-share. 

 

Limiting the Sharing of Your Sensitive Personal Information

As noted above, we do not share your Sensitive Personal Information outside of disclosing to Service Providers what is necessary to maintain our business, provide you with the services typically expected of a Bank, or as may be required to comply with regulation or law. Because this sharing is required, it is not possible to limit this sharing. 

 

Retention of Personal Information

We retain your personal information only as long as necessary to provide you with the services you have requested from us, to meet legal requirements or for as long as permitted by law. 

If you are a consumer who has provided information to us but has not established an account or loan relationship, we retain your information for 5 years after collection, or as long as required by law. 

If you are a consumer who has established an account or loan relationship with us, we retain your information for 7 years after account closure, or as long as required by law. 

 

Your Rights Under CCPA

You have the right to request that we disclose what personal information we collect, use, share and sell. If you wish to submit a verifiable consumer request for personal information we collect, use, share or sell you may submit requests using one of the designated methods described below. Once we receive and confirm your verifiable consumer request, we will provide the following, subject to applicable exemptions and exceptions:

  • The categories of personal information we collected about you
  • The specific pieces of personal information we collected about you
  • The categories of sources from which the personal information was collected
  • The categories of personal information that the Bank sold or shared for a business purpose about you
  • The categories of third parties to whom the personal information was sold or shared for a business purpose
  • The business or commercial purpose for collecting or selling personal information
  • How long the information collected about you is kept

You have the right to request the deletion of any personal information about you which we have collected or maintained. If you wish to submit a request to delete the personal information we collected or maintain about you, you may submit requests using one of the designated methods described below. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your information, subject to applicable exemptions and exceptions.

You have the right to request correction of the personal information about you which we have collected or maintained. Verifiable requests may be honored based on factual evidence the information we have is incorrect. Once determined to be a valid request, we will correct the information and direct applicable service providers to do so as well. 

You have the right to limit the use and disclosure of your Sensitive Personal Information. Exchange Bank does not use or disclose your Sensitive Personal Information outside of what is required to perform the services you expect from us. Additionally, the Bank will only disclose sensitive information in instances where it is required by law, such as a valid request from law enforcement or other governing body. 

We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. If you submit a request on behalf of another person, we may require proof of authorization and verification of identity from the person for whom you are submitting the request.

In some instances, we may not be able to honor your request if we cannot verify your identity or if we cannot verify that you have authorization to make the request. We will not honor requests where an exception applies, or the personal information is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are unable to honor your request. We will work to process all verified requests within 45 days pursuant to the CCPA and if we need an extension for up to an additional 45 days to process your request, we will provide you an explanation for the delay.

You may submit a request by one of the following designated methods:

  • By calling our toll-free number 1.800.995.4066 or
  • By submitting your request through our website’s contact form located at www.exchangebank.com/contact 
  • By submitting your request in-person at any of our Exchange Bank branch locations

 

You may only make a verifiable consumer request twice within a 12-month period and the request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request

 

Non-Discrimination for Exercising Your Privacy Rights

You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the California Consumer Privacy Act (California Civil Code § 1798.100 et seq.)

 

Changes to Our Privacy Notice

We may change or update this disclosure from time to time. When we do, we will post the revised Disclosure on our website at www.exchangebank.com/privacy-security/ccpa-privacy-policy with a new “Revised” date.

 

Contact for More Information

You may contact us with questions or concerns about this disclosure and our practices by using our website’s contact form located at www.exchangebank.com/contact or by calling our toll-free number at 1.800.995.4066.