Information for California Residents

We collect Personal Data from Consumers and comply with the California Privacy Rights Act ("CPRA"). In addition to our general Privacy Notice available at https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security, this California Privacy Notice applies to California residents (“Consumers,” "you", or "your").

For the purposes of this California Privacy Notice, "Personal Data" means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data: 

  • Publicly available information;
  • Deidentified or aggregate data; or
  • Information otherwise excluded from the scope of the CPRA.

This Privacy Notice provides the following information to California Consumers:

  • Categories of Personal Data we collect;
  • Purposes for which we use Personal Data;
  • Categories of Personal Data we disclose to third parties;
  • Categories of third parties to which we disclose Personal Data; and
  • How Consumers can exercise their rights under the CPRA:
    • The rights to access, correct, or delete Personal Data;
    • The right to obtain a portable copy of Personal Data;
    • The right to limit the use of sensitive personal data in certain circumstances; and
    • The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.

Categories of Non-Sensitive Personal Data

The table below outlines the non-sensitive categories of Personal Data First American Bank collects about Consumers and whether and how they are disclosed to third parties. 

We collect Non-Sensitive Personal Data from the following sources:

  • Directly from our users

 

Category of Personal Data:
Identifiers
Examples
Identifiers may contain the following: Age, alias names (AKA), associated addresses (mailing, physical), bank account number, beneficiaries, check order history (style, quantities, etc.), check order information (name, address, check order info), credit card number, date of birth, debit card number, do not call status, driver's license number, state ID number, passport number, or number from other government issued ID (or the ID itself), email address(es), mother’s maiden name, name, PC owner/user, phone numbers (home, business, cell, fax), place of birth, privacy/affiliate opted out information, signature, SSN or tax ID number, tax records, transaction data, unique personal identifier
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as required by applicable law or regulation
Category of Personal Data:
Personal Characteristics
Examples
Personal Characteristics may contain the following: Age, color, race, national origin, citizenship, sex/gender, gender identity/gender expression, sexual orientation, marital status, familial status, disability status, military or veteran status, medical condition
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as required by applicable law or regulation
Category of Personal Data:
Commercial Information
Examples
Commercial Information may contain the following: Personal property records, product or services data (type of product, rate, etc.), product or services inquires
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as required by applicable law or regulation
Category of Personal Data:
Internet/Electronic Activity
Examples
Internet/Electronic Activity may contain the following: App use, browsing history, cookies, device ID, interaction with advertisement, IP address, search history, tracking on company website
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as otherwise required by applicable law or regulation
Category of Personal Data:
Imprecise Geolocational
Examples
Imprecise Geolocational may contain the following: Physical location or movements
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as otherwise required by applicable law or regulation
Category of Personal Data:
Sensory Information
Examples
Sensory Information may contain the following: Audio, photographs, recorded calls
Purpose(s)
Providing personalized services, complying with statutory obligations, and improving services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
Between 90 days and 3 years or as otherwise required by applicable law or regulation
Category of Personal Data:
Professional Information
Examples
Professional Information may contain the following: Employer (current), employment history, occupation, salary
Purpose(s)
Complying with statutory obligations
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as otherwise required by applicable law or regulation

Categories of Sensitive Personal Data

The table below outlines the categories of Sensitive Personal Data First American Bank collects about Consumers and whether they are shared with third parties. First American Bank obtains affirmative consent from Consumers to process the Sensitive Personal Data, in compliance with applicable law.

We collect Sensitive Personal Data from the following sources:

  • Directly from our users
Category of Sensitive Personal Data:
Government ID Data
Examples
Government ID Data may contain the following: Social security, driver’s license, state identification card, or passport number or similar government ID.
Purpose(s)
Complying with statutory obligations
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as required by applicable law or regulation
Category of Sensitive Personal Data:
Sensitive Category Data
Examples
Sensitive Category Data may contain the following: race, citizenship, and sexual orientation
Purpose(s)
Complying with statutory obligations and to improve services
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data is not shared with third parties
Retention Period
3 years or as required by applicable law or regulation
Category of Sensitive Personal Data:
Financial Data
Examples
Financial Data may contain the following: account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
Purpose(s)
Providing personalized services and complying with statutory obligations
Targeted Advertising
We do not engage in targeted advertising or share Personal Information for targeted advertising purposes
Sale
We do not sell Personal Information to anyone
Sharing
This data may be shared with Processors
Retention Period
3 years or as required by applicable law or regulation

Use of Personal Data

We use Personal Data for the purposes described in our general Privacy Notice (see https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security). Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.

Disclosing Personal Data

We share Personal Data with the following categories of third parties: 

  • Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
  • Our Business Partners: We may share relevant personal data with our business partners to provide you with exclusive offers for products and services that may interest you.

See the tables above for more details about how different categories of Personal Data are shared. 

We do not sell Personal Data to anyone.

Exercising Your Personal Data Rights

California Consumers have the following rights under the CPRA:

  • The right to access, correct, or delete Personal Data;
  • The right to obtain a portable copy of Personal Data;
  • The right to limit the use of Sensitive Personal Data in certain circumstances; and 
  • The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.

If you are a California Consumer, you can submit a request to exercise your personal data rights under the CPRA by visiting our online portal at https://www.requesteasy.com/638e-0934 or calling our toll-free number at (866) 469-0015. To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will use commercially reasonable efforts to verify your identity for this purpose. Any information you provide to authenticate your identity will only be used to process your rights request. Please be aware that we do not accept or process rights through other means (e.g., via fax or social media).

After submitting your request online, you will receive a follow-up email, which may include a link you must click on in order to verify your identity. If you do not click on that link, we may be unable to complete your request due to lack of verification. It is important that you provide a valid email address in order for us to be able to process your request.

We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.

We reserve the right to decline to process, or charge a reasonable fee for, requests from a Consumer that are manifestly unfounded, excessive, or repetitive.

Profiling

The CPRA defines "profiling" as any automated processing of Personal Data to evaluate, analyze, or predict personal aspects related to an individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We may engage in this kind of profiling with regard to your Personal Data, and the law provides a right to opt out of profiling in certain situations. You may submit a request to opt out of profiling as described above.

Limiting the Use of Sensitive Personal Data

The CPRA provides a right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested. 

You may submit a request to limit the use of your sensitive Personal Data by submitting a rights request as described above.

Authorized Agent Requests

The CPRA allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for Consumers and households.

Contact Us

If you have any questions or concerns regarding this California Privacy Notice, contact us at [email protected]

Last updated: December 27, 2022