California Consumer Privacy Act Policy
(Last updated: March 29, 2023)
Your privacy is important to us. This California Consumer Privacy Act Policy explains how EverTrust Bank ("Company," "we," or "us") collects, uses, and discloses personal information relating to California residents covered by the California Consumer Privacy Act of 2018 ("CCPA").
This policy is provided pursuant to the CCPA and explains certain rights that California residents have under the CCPA and explains how California residents can exercise those rights to request that we: 1) provide certain personal information that we have collected about them during the past 12 months, along with related information described below; 2) delete certain personal information that we have collected from them; 3) stop selling or sharing personal information (“opt-out”); 4) correct inaccurate information; 5) limit the use of sensitive personal information; and 6) not discriminate against them by denying goods or services for exercising their rights under the CCPA.
Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. This information is referred to in this disclosure as “Personal Data.” The CCPA does not apply to:
- Individuals who are not residents of California;
- Certain information, such as information subject to the Gramm-Leach-Bliley Act ("GLBA");
- Information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Privacy Notice for Consumers.
Categories of Personal Data that We Collect and Disclose
We collect and disclose Personal Data in a variety of contexts. For example, we collect Personal Data to provide individual and commercial financial products and services, and for our employment and human resource purposes.
The Personal Data that we collect, use, or disclose about a specific California resident will depend on our relationship or interaction with that individual.
During the past 12 months, we have collected the following categories of Personal Data:
- Personal unique identifiers, as defined in the California safeguards law, such as full name and federal or state issued identification numbers including Social Security number, driver’s license number, and passport number;
- Personal information, including contact details such as telephone number and address, financial information, such as account number and balance, payment card details, including credit and debit card numbers, as well as medical and health insurance information;
- Characteristics of protected classes or groups under state or federal law, such as sex or marital status;
- Commercial information, such as products and services obtained and transaction histories and purchase history;
- Biometric information, such as fingerprints and voiceprints;
- Internet or online information such as browsing history, and information regarding interaction with our websites, applications, or advertisements;
- Geolocation data, such as device location, and Internet Protocol (IP) locations;
- Audio, electronic, visual, thermal, and other similar information such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as student records and directory information; and
- Inferences based on information about an individual to create a summary about the individual’s preferences and characteristics.
During the past 12 months, we have disclosed with our affiliates, vendors, and regulatory agencies only the Personal Data from the categories listed above required for the processing of our transactions and our business purposes. We have not sold Personal Data that is subject to the CCPA’s sale limitations. The CCPA defines a "sale" as the disclosure of Personal Data for monetary or other valuable consideration.
Some of the Personal Data listed above is considered Sensitive Personal Information, such as social security/tax identification number, government identification number, passport number, driver’s license or state identification number, account log-in, financial account, debit card or credit card number, credentials to access the account and racial or ethnic information when required to be collected by law.
Why We Collect Personal Data and How We Use It
The purposes for which we collect and use Personal Data depends on, but is not limited to, our relationship or interaction with a specific California resident. The table below lists the purposes for which we collect and use Personal Data in different contexts.
Purposes for Collection and Use
Provide and manage products and services
- Identify who you are and review qualifications for providing products and services we offer.
- Establish and process transactions for our products and services including checking accounts, credit cards, loans, investment accounts, as well as additional products for businesses such as commercial financing and payment services.
- Support the ongoing management and maintenance of our products and services including to provide account statements, online banking access, customer service, payments and collections, and account notifications.
Support our everyday operations, including risk, legal, and compliance requirements
- Perform accounting, monitoring, and reporting operations.
- Support information security and anti-fraud operations, as well as credit, underwriting, and due diligence.
- Performing audits and investigations, processing legal claims or requests.
- Facilitate the use of service providers for business purposes.
- Comply with policies, procedures, and contractual obligations.
Manage, improve, and develop our business
- Market, personalize, and develop or improve our products and services.
- Conduct research and analysis relating to product and services.
- Support customer relationship management.
- Evaluate and engage in mergers, acquisitions, and other transactions involving transfers of all or part of a business, or assets.
Support employment, infrastructure, and human resource management
- Provide benefits to employees and dependents, including healthcare and retirement plans.
- Manage pay and compensation activities.
- Manage and operate our facilities and infrastructure.
- Process employment applications.
Sources of Personal Data
The sources from which we collect Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Data in different contexts.
- From California residents directly, or other individuals acting on their behalf, through physical (e.g., paper application), audible (e.g., phone), or electronic (e.g., website, social media) sources.
- Public records or widely available sources, including information from the media, and other records and information that are made available by federal, state, or local government entities.
- Outside companies or organizations that provide data to support activities such as fraud prevention, underwriting, and marketing.
- Outside companies or organizations from whom we collect Personal Data to support human resource and workforce management activities.
- Outside companies or organizations from whom we collect personal data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
Categories of Third Parties with Whom We Share Personal Data
The categories of third parties with whom we share Personal Data depend primarily on, but are not limited to, our relationship or interaction with a specific California resident. The information below lists the categories of third parties with whom we share Personal Data in different contexts.
- Outside companies or organizations with whom we share Personal Data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations (parties, partners, financial institutions, etc.) that have an ongoing business relationship with us and/or parties involved with us for potential mergers, acquisitions, or other asset transfer transactions.
- Companies or individuals that represent California residents such as an accountant, financial advisor, or those granted a power of attorney.
- Government agencies requesting information based on regulatory and legal requirements.
- Outside companies or organizations, including service providers, to whom we provide Personal Data to support human resource activities and workforce management.
- Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties.
Requests Under the CCPA
If you are a California resident, you may:
- Request we disclose to you free of charge the following information covering the 12 months preceding your request:
- the categories of Personal Information about you that we collected;
- the categories of sources from which the Personal Information was collected;
- the purpose for collecting Personal Information about you;
- the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
- the specific pieces of Personal and Sensitive Information we collected about you.
- Request we delete Personal Information we collected from you, unless the CCPA provides an exception.
- Request we correct inaccurate Personal Information we have about you.
- Request we limit the use of your Sensitive Personal Information for the purposes of providing you with the services you requested.
A business may not discriminate against you for exercising your rights under the CCPA.
We will acknowledge receipt of your request and if we are able to verify your identity we will advise you how long we expect it will take to respond. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request. In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we may deny requests related to Personal Information that is exempt from CCPA Requests. We are required to maintain Personal Information to comply with federal and state laws, as well as legal obligations.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
Children and Minors
We do not and will not sell the personal information of minors under sixteen (16) years of age without affirmative authorization (“opt-in”).
How to Make Requests
If you are a California resident, you can make an Access Request or a Deletion Request by:
- Contacting us at 1-866-985-0616; or
- Submit your request by clicking here.
Changes to this Notice
We may change or update this Notice periodically. When we do, we will post the revised Notice on this webpage indicating when the Notice was "Last Updated".
Printable California Consumer Privacy Act Policy