California Consumer Privacy Act Notice
(Last updated: January 1, 2020)
Your privacy is important to us. This California Consumer Privacy Act Disclosure explains how EverTrust Bank ("Company," "we," or "us") collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act of 2018 ("CCPA"). This notice is provided pursuant to the CCPA.
Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act ("GLBA").
The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Privacy Notice.
This Notice explains how we collect, use, and disclose personal information about California residents. The Notice also explains certain rights that California residents have under the California Consumer Privacy Act ("CCPA"). This Notice explains how California residents can exercise their rights under the CCPA to request that we: (1) provide certain personal information that we have collected about them during the past 12 months, along with related information described below, or (2) delete certain personal information that we have collected from them. If you are not a resident of California, this Notice does not apply to you.
Under the CCPA, "personal information" is information that identifies, relates to, or could reasonably be linked with a particular California resident or household. This information is referred to in this Notice as "Personal Data."
Categories of Personal Data that We Collect and Disclose
We collect and disclose Personal Data in a variety of contexts. For example, we collect and disclose Personal Data to provide individual and commercial financial products and services, and for our employment and human resource purposes.
The Personal Data that we collect, use, or disclose about a specific California resident will depend on, for example, our relationship or interaction with that individual.
During the past 12 months, we have collected the following categories of Personal Data:
- Personal unique identifiers, as defined in the California safeguards law, such as full name and federal or state issued identification numbers including Social Security number, driver’s license number, and passport number;
- Personal information, including contact details such as telephone number and address, financial information such as account number and balance, payment card details including credit and debit card numbers, as well as medical and health insurance information;
- Characteristics of protected classes or groups under state or federal law, such as sex or marital status;
- Commercial information, such as products and services obtained and transaction histories and purchase history;
- Biometric information, such as fingerprints and voiceprints;
- Internet or online information such as browsing history, and information regarding interaction with our websites, applications, or advertisements;
- Geolocation data, such as device location, and Internet Protocol (IP) locations;
- Audio, electronic, visual, thermal, and other similar information such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as student records, and directory information; and
- Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics.
During the past 12 months, we have also disclosed the categories of Personal Data listed above for our business purposes. We have not, however, sold Personal Data that is subject to the CCPA’s sale limitations. The CCPA defines a "sale" as the disclosure of Personal Data for monetary or other valuable consideration.
Why We Collect Personal Data and How We Use It
The purposes for which we collect and use Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The table below lists the purposes for which we collect and use Personal Data in different contexts.
Purposes for Collection and Use
Provide and manage products and services
- Establish and process transactions for our products and services including checking accounts, credit cards, loans, investment accounts, as well as additional products for businesses such as commercial financing and payment services.
- Support the ongoing management and maintenance of our products and services including to provide account statements, online banking access, customer service, payments and collections, and account notifications.
Support our everyday operations, including to meet risk, legal, and compliance requirements
- Perform accounting, monitoring, and reporting.
- Enable information security and anti-fraud operations, as well as credit, underwriting, and due diligence.
- Support audit and investigations, legal requests and demands, as well as exercise and defend legal claims.
- Enable the use of service providers for business purposes.
- Comply with policies, procedures, and contractual obligations.
Manage, improve, and develop our business
- Market, personalize, develop, as well as improve our products and services.
- Conduct research and analysis, including to drive product and services innovation.
- Support customer relationship management.
- Evaluate and engage in mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
Support employment, infrastructure, and human resource management
- Provide benefits to employees and dependents, including healthcare and retirement plans.
- Manage pay and compensation activities.
- Manage and operate our facilities and infrastructure.
- Process employment applications.
Sources of Personal Data
The sources from which we collect Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Data in different contexts.
- From California residents directly, or other individuals acting on their behalf, through physical (e.g., paper application), audible (e.g., phone), or electronic (e.g., website, social media) sources.
- Public records or widely available sources, including information from the media, and other records and information that are made available by federal, state, or local government entities.
- Outside companies or organizations that provide data to support activities such as fraud prevention, underwriting, and marketing.
- Outside companies or organizations from whom we collect Personal Data to support human resource and workforce management activities.
- Outside companies or organizations from whom we collect personal data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
Categories of Third Parties with Whom We Share Personal Data
The categories of third parties with whom we share Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of third parties with whom we share Personal Data in different contexts.
- Outside companies or organizations with whom we share Personal Data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
- Companies or individuals that represent California residents such as an accountant, financial advisor, or holding power of attorney.
- Government agencies including to support regulatory and legal requirements.
- Outside companies or organizations, including service providers, to whom we provide Personal Data to support human resource activities and workforce management.
- Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties.
Requests Under the CCPA
If you are a California resident, a business may not discriminate against you for exercising your rights under the CCPA.
- Request we disclose to you free of charge the following information covering the 12 months preceding your request:
- the categories of Personal Information about you that we collected;
- the categories of sources from which the Personal Information was collected;
- the purpose for collecting Personal Information about you;
- the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you;
- the specific pieces of Personal Information we collected about you; and
- Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request. In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
Responding to Requests
Privacy and data protection laws, other than the CCPA, apply to much of the Personal Data that we collect, use, and disclose. When these laws apply, Personal Data may be exempt from, or outside the scope of, Access Requests and Deletion Requests. As a result, in some instances, we may decline all or part of an Access Request or Deletion Request related to this Personal Data. This means that we may not provide some or all of this Personal Data when you make an Access Request. Also, we may not delete some or all of this Personal Data when you make a Deletion Request.
As examples, our processing of or response to an Access Request or Deletion Request may not include some or all of the following Personal Data:
- Consumer Accounts. Personal Data connected with consumer accounts used for personal, family, or household purposes.
- Employment. Personal Data about an individual who is a current or former employee (team member) or job applicant, and we use that Personal Data within the context of that individual’s role as a current or former employee (team member) or job applicant.
- Business-to-Business Relationships. Certain Personal Data we collect in the course of providing a product or service to another business, or in the course of receiving a product or service from another business.
The types of Personal Data described above are examples. We have not listed all types of Personal Data that may not be included when we respond to or process Access Requests or Deletion Requests.
In addition to the above examples, we may not include Personal Data when we respond to or process Access Requests or Deletion Requests when the CCPA recognizes another exception. For example, we will not provide the Personal Data about another individual where doing so would adversely affect the data privacy rights of that individual. As another example, we will not delete Personal Data when it is necessary to maintain that Personal Data to comply with a legal obligation.
How to Make Requests
If you are a California resident, you can make an Access Request or a Deletion Request by:
- Contacting us at 1-866-985-0616; or
- Submit your request by clicking here.
Changes to this Notice
We may change or update this Notice periodically. When we do, we will post the revised Notice on this webpage indicating when the Notice was "Last Updated".
Printable California Consumer Privacy Act Notice