Information For California Residents
We collect Personal Information from California residents and comply with the California Consumer Privacy Act and related laws and regulations (“California privacy laws”). In addition to our general Privacy Notice available at https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security, this California Privacy Notice applies to California residents (“users,” “you,” or “your”).
For the purposes of this California Privacy Notice, “Personal Information” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Information:
- Publicly available information;
- Deidentified or aggregated data; or
- Information otherwise excluded from the scope of California privacy laws.
This Privacy Notice provides the following information to California residents:
- Categories of Personal Information we collect;
- Purposes for which we use Personal Information;
- Categories of Personal Information we disclose to third parties;
- Categories of third parties to which we disclose Personal Information; and
- Consumer rights under California privacy laws and how to exercise those rights, specifically including:
- The rights to access, correct, or delete their Personal Information;
- The right to limit the use of their Sensitive Personal Information in certain circumstances; and
- The rights to opt out of targeted advertising, sales of Personal Information, or profiling.
Categories of Non Sensitive Personal Information
The table below outlines the non-sensitive categories of Personal Information First American Bank collects about California residents and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Information from the following sources:
- Directly from our users
- Inferences from your activity using our services
Category of Personal Information:
Identifiers |
Examples |
Identifiers may contain the following: Age, alias names (AKA), associated addresses (mailing, physical), bank account number, beneficiaries, check order history (style, quantities, etc.), check order information (name, address, check order info), credit card number, date of birth, debit card number, do not call status, driver's license number, state ID number, passport number, or number from other government issued ID (or the ID itself), email address(es), mother’s maiden name, name, PC owner/user, phone numbers (home, business, cell, fax), place of birth, privacy/affiliate opted out information, signature, SSN or tax ID number, tax records, transaction data, unique personal identifier |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Identifiers to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Personal Information:
Personal Characteristics |
Examples |
Personal Characteristics may contain the following: Age, color, race, national origin, citizenship, sex/gender, gender identity/gender expression, sexual orientation, marital status, familial status, disability status, military or veteran status, medical condition |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Personal Characteristics to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Personal Information:
Commercial Information |
Examples |
Commercial Information may contain the following: Personal property records, product or services data (type of product, rate, etc.), product or services inquires |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Commercial Information to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Personal Information:
Internet/Electronic Activity |
Examples |
Internet/Electronic Activity may contain the following: App use, browsing history, cookies, device ID, interaction with advertisement, IP address, search history, tracking on company website |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Internet/Electronic Activity to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
3 years or as otherwise required by applicable law or regulation |
Category of Personal Information:
Sensory Information |
Examples |
Sensory Information may contain the following: Audio, photographs, recorded calls |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Sensory Information to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
Between 90 days and 3 years or as otherwise required by applicable law or regulation |
Category of Personal Information:
Professional Information |
Examples |
Professional Information may contain the following: Employer (current), employment history, occupation, salary |
Purpose(s) for Collection |
Complying with statutory obligations |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Professional Information to comply with statutory obligations. |
Retention Period |
3 years or as otherwise required by applicable law or regulation |
Category of Personal Information:
Imprecise Geolocational |
Examples |
Imprecise Geolocational may contain the following: Physical location or movements |
Purpose(s) for Collection |
Providing personalized services, complying with statutory obligations, and improving services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Imprecise Geolocational to provide personalized services, comply with statutory obligations, and improve services. |
Retention Period |
3 years or as otherwise required by applicable law or regulation |
Categories Of Sensitive Personal Information
The table below outlines the categories of Sensitive Personal Information First American Bank collects about California residents and whether they are disclosed to third parties.
We collect Sensitive Personal Information from the following sources:
- Directly from our users
- Inferences from your activity using our services
- From our business partners (“business partners” are companies that we have a pre-existing commercial relationship with)
Category of Sensitive Personal Information:
Government ID Data |
Examples |
Government ID Data may contain the following: Social security, driver’s license, state identification card, passport number or similar government ID. |
Purpose(s) for Collection |
To comply with applicable laws and regulations; for our own business needs; to manage the security of our website and/or systems; to detect and prevent fraud against you and/or us. |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Government ID Data to enable our processors to: provide you with information, products, or services; comply with applicable laws and regulations; manage the security of our website and/or systems; detect and prevent fraud against you and/or us. |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Sensitive Personal Information:
Sensitive Category Data |
Examples |
Sensitive Category Data may contain the following: race, citizenship, and sexual orientation |
Purpose(s) for Collection |
Complying with statutory obligations and to improve services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information is not otherwise disclosed to third parties |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Sensitive Personal Information:
Financial Data |
Examples |
Financial Data may contain the following: account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account |
Purpose(s) for Collection |
Providing personalized services and complying with statutory obligations |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Financial Data to enable our processors to provide customer service on our behalf and to verify customer information. |
Retention Period |
3 years or as required by applicable law or regulation |
Category of Sensitive Personal Information:
Precise Geolocation Data |
Examples |
Precise Geolocation Data may contain the following: GPS coordinates from your device |
Purpose(s) for Collection |
To improve services |
Targeted Advertising |
We do not engage in targeted advertising or disclose this information for targeted advertising purposes |
Sale |
This information is not sold to third parties |
Other Disclosures |
This information may be disclosed to Processors and Business Partners. We disclose Precise Geolocation Data to enable our processors to provide customer service on our behalf and to debug our products and identify errors that may impair functionality. |
Retention Period |
3 years or as required by applicable law or regulation |
Use Of Personal Information
We use Personal Information for the purposes described in our general Privacy Notice (see https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security). Personal Information may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Information
We disclose Personal Information to the following categories of third parties:
- Processors (also referred to as “Service Providers” or “Contractors” in California law): We use processors to securely handle Personal Information on our behalf for our business purposes and only on our instructions. California privacy laws and our contracts with these companies prevent them from using your Personal Information for their own purposes.
- Our Analytics and Advertising Partners: We use analytics services to collect and process certain data and to provide you with relevant advertising.
- Our Business Partners: We may disclose relevant Personal Information with our business partners to provide you with exclusive offers for products and services that may interest you.
See the tables above for more details about how different categories of Personal Information are disclosed.
We do not sell Personal Information to anyone. We do not share Personal Information for advertising purposes.
Exercising Your Personal Information Rights
California residents have the following rights under California privacy laws:
- The right to know the Personal Information we have collected about them, including the categories of sources from which we collected the Personal Information, the purpose(s) for collecting, selling, or sharing your Personal Information, and the categories of third parties to whom we have disclosed your Personal Information;
- The rights to correct or delete Personal Information;
- The right to limit the use of Sensitive Personal Information in certain circumstances;
- The rights to opt out of targeted advertising, sales of Personal Information, or profiling; and
- The right not to receive discriminatory treatment for exercising their privacy rights.
If you are a California resident, you can submit a request to exercise your personal data rights under California privacy laws by visiting our online portal at https://www.requesteasy.com/638e-0934 or calling our toll-free number at (866) 469-0015.
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will verify your identity by sending an email to your email address on file with a link to click. We may ask you for additional information as part of this process, including first and last names, email address, phone number, and the account number (if have one) and the type of product (if have or have applied for one) with First American Bank. If you do not complete the verification process, we may be unable to process your request. Any information you provide to authenticate your identity will only be used to process your rights request and not for any other purpose. Please be aware that we do not accept or process rights requests submitted through other means.
We will respond to your rights request within 45 days (or 15 days for requests to opt-out of the sale of Personal Information, requests to opt-out of targeted advertising, and requests to limit the use of Sensitive Personal information), though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.
We reserve the right to decline to process, or charge a reasonable fee for, requests from a California resident that are manifestly unfounded, excessive, or repetitive.
Notice Of Right To Limit The Use Of Sensitive Personal Information
You have the right to limit some uses of Sensitive Personal Information. In general, you may direct companies not to use Sensitive Personal Information except as necessary to provide goods or services you have requested or other exempt purposes.
However, we only use Sensitive Personal Information for purposes that are exempt from this right, such as to provide you with goods or services you have requested, to detect and prevent security incidents, or verifying the quality of our goods and services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).
Children’s Data
We do not knowingly sell or share for targeted advertising the Personal Information of California residents under 16 years of age.
We comply with the Children’s Online Privacy Protection Act (“COPPA”), in addition to California privacy law, with respect to any Personal Information we collect or use from children under the age of 13.
Authorized Agent Requests
California privacy law allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above in the section titled Exercising Your Personal Information Rights. We may require verification of your authorized agent's authority in addition to the information we require for verification of your identity.
Contact Us
If you have any questions or concerns regarding this California Privacy Notice, contact us at [email protected]
Last updated: December 27, 2023