Privacy & Security
Online Privacy & Security
Last Updated: May 2024
This Online Privacy Policy (the “Policy”) applies to the Exchange Bank family of financial service providers. Trust has always been the foundation of our relationship with customers. We recognize that you trust us with your personal and financial information.
The Policy describes the treatment of information that is provided by you or collected through any of our online interfaces to which a copy of the Policy is posted, including www.exchangebank.com (the “Website”), Applications we have placed on third party sites such as Facebook®, Twitter® and other social media services, and Exchange Bank’s mobile applications (the “Applications,” and together with the “Website,” the “Services”). It also explains how we collect, use and share information based on users’ interactions with online advertisements, both on the Services and on online interfaces owned by third parties. Note that the Policy does not govern our privacy practices offline or with respect to information that is not provided or collected through the Services.
For additional information on this Policy or our privacy practices generally, please feel free to contact us directly or refer to Privacy & Security – Exchange Bank for additional disclosures.
While this Online Privacy Policy describes how we treat information, please be aware that additional terms and conditions may apply for certain parts of our Website and Applications.
1. Types Of Information We Collect
We collect two basic types of information through the online Services – personal information and anonymous information. We also collect location information in connection with our mobile applications.
“Personal information” refers to information that identifies (whether directly or indirectly) a particular individual, such as information you provide on our forms, surveys, applications or similar online fields. Examples may include your name, postal address, email address, telephone number, Social Security number, date of birth or account information.
“Anonymous information” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples may include information about your Internet browser, information collected through tracking technologies (see “Online Tracking and Advertising” section below for additional information regarding our use of tracking technologies), and demographic information that you provide to us (e.g., your household income) and aggregated or de-identified data.
Mobile Application Solutions
Exchange Bank Mobile Banking Apps:
- Require access to Images taken by device’s camera to support Mobile Remote Deposit functionality. The Camera Setting can be disabled by the user.
- Provide access to Location Data to enable integration with Maps to identify nearby branches and ATMs. The Location Setting can be disabled by the user.
- Provide access to External Storage to allow users to attach a file within a Secure Message. This functionality cannot be disabled by the user.
- Provide access to the Contact List on the device (including contact list names, email addresses and phone numbers) to support Person to Person (P2P) Payments. The Contacts Setting can be disabled by the user.
- Require access to the Phone State to support an integrated Malware / Anti-phishing Tool. This functionality cannot be disabled by the user.
2. How We Collect Your Information
We collect personal information from you or about you when you provide this information to us directly. For example, we may obtain personal information when you request information, products or services from us, register on the Website or an Application, respond to surveys, contact customer support or otherwise interact with us. We may also receive information about you from other online and offline sources, such as public databases, social media platforms and other third parties.
In addition, we may collect information about your activity on the Services automatically using tracking technologies, such as cookies, and pixel tags. Definitions for the tracking technologies we use, as well as information regarding how to disable them, are available in the Online Tracking and Advertising section of the Policy.
If you submit any personal information relating to other people to us or to our service providers in connection with the Services (such as names, email addresses and/or phone numbers), you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy.
3. How We Use Information That We Collect
Optimize, improve and maintain our sites including research and analytics of the sites, identifiers that allow us to remember when you leave and return to our sites.
Provide and improve our products and services, and to better understand and serve our users.
Detect, investigate and prevent activities that may violate our policies or be illegal or fraudulent. We comply with all applicable laws.
4. How We Share Information That We Collect
Below is a general description of how we share the personal information you provide. Please refer to our California Consumer Privacy Act Privacy Policy | Exchange Bank for a more detailed description of our practices.
Sharing of Personal Information
We have disclosed personal information about consumers collected on our online services to third parties for a business or commercial purpose in the preceding 12 months. The business purpose for sharing this information is to operate and maintain our business so we may provide you with the services you request that are typically expected of a Bank, make an offer of employment, or as required by law or regulation. The categories of third parties we share this information with are:
- Service Providers and Contractors who provide services such as, core banking software and related information technology infrastructure, payment and transaction processing, check order fulfillment, credit card services, lending transactions, online banking services and other third parties in support of delivering these services.
- Other Service Providers and Contractors who provide services to the bank such as legal expertise, real estate expertise, appraisal expertise, auditing services, credit financing partners, collection and repossession services, email delivery, marketing services and employment related services.
- Government or legal entities as required by law including state and federal regulators and law enforcement.
- Other entities or persons to whom you may have specifically authorized or directed us to disclose your Personal Information.
The information shared with these providers is limited to what is necessary to provide the contracted banking service, make an offer of employment, as dictated by law or regulation or as directed by you and may include:
- Identifiers
- Personal information
- Sensitive personal information
- Protected classification characteristics under California or federal law
- Commercial information
- Internet or other electronic network activity information
- Transient, precise geolocation data
- Professional or employment-related information
- Education information
- Sensory data such as video images
Selling of Personal Information
In certain situations, Exchange Bank sells consumer personal information, excluding Sensitive Personal Information. This information is used to offer you financial services that we believe may be of interest to you as they provide an opportunity for a desirable product. We have sold personal information about customers in the past 12 months to:
- Joint marketing partners to offer financial services.
The information sold to these service providers may include:
- Identifiers and Personal Information such as name, address and email address
To opt out of this sale of information, visit www.exchangebank.com/do-not-sell-or-share or through the Do Not Sell or Share button on the website cookie banner.
5. Online Tracking and Advertising
We and certain trusted service providers operating on our behalf, collect information about your activity on the Services using tracking technologies, including:
Our Cookies
We may place an exchangebank.com cookie on your device to ensure that browser does not see repeated ads, to sequence a series of ads and to measure the number of visitors that have viewed a particular ad or visited a particular page. Your browser or device may include an instruction to prevent the collection and use of your personal information through Global Privacy Control (GPC). We recognize these controls and will acknowledge the request on our website when received.
Other Cookies
Third parties may use identifiers to track your Internet usage across other websites and mobile applications in their networks beyond the sites. Third parties, with sufficient data from other sources, may be able to identify you. This information allows us to generally inform advertisers about the nature of our website visitors.
You can learn more about advertising serving companies and options available to limit their collection and use of your information by visiting the following websites:
- Apple®
- Android®
- Windows®
- Facebook®
- National Advertising Initiative
- Digital Advertising Alliance
Opting-out of advertising networks services does not mean you will not receive advertising while using our sites or on other websites, nor will it prevent receipt of interest-based advertising from third parties that do not participate in these programs. It will exclude you from interest-based advertising through participating networks, as provided by their policies and choices. If you delete your cookies, you may also delete your opt-out preferences.
We use other websites analytics services, such as Google, Inc., to help us administer and improve the quality of our sites. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with the sites and provide us with services related to site activity and use. Google Analytics may collect information such as, browser type, time of visit, whether you are a return visitor, and any referring website. That information will be transmitted to and stored by Google, subject to their privacy policies.
Location tracking on mobile devices.
When logging in to the mobile app, we log IP addresses for systems administration, troubleshooting and geotargeting our own advertisements. When you interact with our sites, we may collect information about your location and your device. Some of this information may be general, such as the state or city associated with your zip code, some of this information may be more precise, such as information associated with your mobile device. Location information allows us to tailor promotions to your locality. Most mobile devices allow you to control or disable the use of precise location services in the device’s settings menu.
Information collected through tracking technologies is used for many purposes including, for example, to:
- Deliver relevant content based on your preferences, usage patterns and location
- Monitor and evaluate the use and operation of the Services
- Analyze traffic on the Services and on websites or mobile applications of third parties
6. Other Information Collected Automatically
Browser or Device Information: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as the Application) you are using. We use this information to ensure that the Services function properly.
Application Information: When you download and use an application, we and our service providers may track and collect usage data, such as the date and time the Application on your device accesses our servers and what information and files have been downloaded to the Application based on your device number.
Your IP address is an identifier that is automatically assigned to your computer by your Internet Service Provider. This identifier, along with the time of visit and services used, may be logged automatically when you interact with our internet banking or public website. The IP addresses of our site visitors are used to identify general location, determination of bot activity and real time changes in user's IP addresses. This helps us identify legitimate versus malicious activity, calculating usage levels, helping diagnose resource problems and ultimately help securely administer the services provided.
7. Linked Websites
The Services may contain links to third-party websites not controlled by Exchange Bank. We encourage you to be aware when you leave the Services and to read the privacy policies and terms of use of any such websites that may collect your personal information, as they will likely differ from those of the Services. Exchange Bank does not guarantee and is not responsible for the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.
In addition, Exchange Bank is not responsible for the information collection, use and disclosure practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft or any other app developer or provider, social media platform provider, operating system provider, wireless service provider or device manufacturer.
8. Data Security
Your privacy is very important to Exchange Bank, and we are committed to protecting your personal information from unauthorized access or use. We will use reasonable organizational, physical, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
In addition, Exchange Bank protects customers from liability for unauthorized online transactions. Certain conditions and limitations may apply. See the Online Banking Agreement and Disclosure for details.
9. Preventing Identity Theft
In order to help us protect your personal information, it is important that you always keep your account information safe. We recommend that you consider the risk of sharing your username, password, or PIN with anyone.
Note that Exchange Bank will never initiate (unless otherwise stated for a specific product or service application), a request via email for your sensitive information (e.g., Social Security number, username, password, PIN or account number). If you receive an email asking for your sensitive information, you should be suspicious of the request and promptly contact us to report the suspicious activity.
Please be aware, however, that in certain telephone and in-person transactions we may ask for your full Social Security number, account number or other information to verify your identity before conducting the transactions you have requested. For example, we may ask for such information to verify your identity when you place a call to us, when you visit an Exchange Bank branch office or when we call you about a new product or service we believe that you will find valuable. We will never request that you disclose your personal ID, password or PIN under any circumstances, including such telephone or in-person transactions.
10. Children’s Privacy
We do not use the Services to knowingly solicit personal information from or market to children under the age of thirteen (13) without parental consent. We request that such individuals do not provide personal information through the Services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should promptly contact us and we will delete such information from our files.
11. External Aggregation Services
You have the responsibility to help us protect your accounts. Consider the risk of revealing your username, password, or other credentials to any person or third party. By providing your username, password or other credentials to any person or third party (including an aggregation service) you authorize that person or third party to initiate transfers to or from your account.
Some third-party companies offer aggregation services that allow you to consolidate your financial account information from a variety of sources, such that you can view all your account information at a single online location. For example, an aggregation service might collect and consolidate your checking and savings account balances at your bank, the value of your stocks and bonds in your brokerage account and your frequent flier mileage information from an airline. In order to do so, the aggregator may request access to personal information — including identification information, account information, personal IDs and passwords — from you for each individual website.
Please use caution when providing personal information to an aggregation service. By providing your username, password or other credentials to an aggregation service you authorize that person or third party to initiate transfers to or from your account.
Should you decide to revoke the authority you have given to an aggregation service, you should notify the aggregation service.
12. Social Media Platforms
Exchange Bank may interact with registered users of various social media platforms, including Facebook®, Instagram®, LinkedIn® and Twitter®. Please note that any content you post to such social media platforms (e.g., pictures, information or opinions), as well as any personal information that you otherwise make available to users (e.g., your profile), is subject to the applicable social media platform’s terms of use and privacy policies. We recommend that you review this information carefully in order to better understand your rights and obligations with regard to such content.
13. Retention Period
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required by law.
14. Changes to the Online Privacy Policy
We will amend this Privacy Policy from time to time and, when we do, we will post changes to our website. Your continued use of our sites and services means you accept those changes.
15. Contact Us
If you have any questions or comments about this Policy or our privacy practices generally, we encourage you to view our Privacy Policies at www.exchangebank.com/privacy-security or contact our customer service department, by completing our “Contact” online form, or by calling 707.524.3000 or 800.995.4066. Alternatively, you may use any of the local telephone numbers for your area that are listed in the “Contact” section of the Website.
In the event you notice suspicious activity on your account or believe your personal ID, password or PIN has been compromised, please contact us immediately.
16. Accessibility
If you need this information in an alternate accessible format, call us at 707.524.3000 or 800.995.4066.