Information for California Residents
We collect Personal Data from Consumers and comply with the California Privacy Rights Act ("CPRA"). In addition to our general Privacy Notice available at https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security, this California Privacy Notice applies to California residents (“Consumers,” "you", or "your").
For the purposes of this California Privacy Notice, "Personal Data" means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
- Publicly available information;
- Deidentified or aggregate data; or
- Information otherwise excluded from the scope of the CPRA.
This Privacy Notice provides the following information to California Consumers:
- Categories of Personal Data we collect;
- Purposes for which we use Personal Data;
- Categories of Personal Data we disclose to third parties;
- Categories of third parties to which we disclose Personal Data; and
- How Consumers can exercise their rights under the CPRA:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of sensitive personal data in certain circumstances; and
- The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.
Categories of Non-Sensitive Personal Data
The table below outlines the non-sensitive categories of Personal Data First American Bank collects about Consumers and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Data from the following sources:
- Directly from our users
|
Category of Personal Data:
Identifiers |
|---|
| Examples |
| Identifiers may contain the following: Age, alias names (AKA), associated addresses (mailing, physical), bank account number, beneficiaries, check order history (style, quantities, etc.), check order information (name, address, check order info), credit card number, date of birth, debit card number, do not call status, driver's license number, state ID number, passport number, or number from other government issued ID (or the ID itself), email address(es), mother’s maiden name, name, PC owner/user, phone numbers (home, business, cell, fax), place of birth, privacy/affiliate opted out information, signature, SSN or tax ID number, tax records, transaction data, unique personal identifier |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as required by applicable law or regulation |
|
Category of Personal Data:
Personal Characteristics |
|---|
| Examples |
| Personal Characteristics may contain the following: Age, color, race, national origin, citizenship, sex/gender, gender identity/gender expression, sexual orientation, marital status, familial status, disability status, military or veteran status, medical condition |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as required by applicable law or regulation |
|
Category of Personal Data:
Commercial Information |
|---|
| Examples |
| Commercial Information may contain the following: Personal property records, product or services data (type of product, rate, etc.), product or services inquires |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as required by applicable law or regulation |
|
Category of Personal Data:
Internet/Electronic Activity |
|---|
| Examples |
| Internet/Electronic Activity may contain the following: App use, browsing history, cookies, device ID, interaction with advertisement, IP address, search history, tracking on company website |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as otherwise required by applicable law or regulation |
|
Category of Personal Data:
Imprecise Geolocational |
|---|
| Examples |
| Imprecise Geolocational may contain the following: Physical location or movements |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as otherwise required by applicable law or regulation |
|
Category of Personal Data:
Sensory Information |
|---|
| Examples |
| Sensory Information may contain the following: Audio, photographs, recorded calls |
| Purpose(s) |
| Providing personalized services, complying with statutory obligations, and improving services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| Between 90 days and 3 years or as otherwise required by applicable law or regulation |
|
Category of Personal Data:
Professional Information |
|---|
| Examples |
| Professional Information may contain the following: Employer (current), employment history, occupation, salary |
| Purpose(s) |
| Complying with statutory obligations |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as otherwise required by applicable law or regulation |
Categories of Sensitive Personal Data
The table below outlines the categories of Sensitive Personal Data First American Bank collects about Consumers and whether they are shared with third parties. First American Bank obtains affirmative consent from Consumers to process the Sensitive Personal Data, in compliance with applicable law.
We collect Sensitive Personal Data from the following sources:
- Directly from our users
|
Category of Sensitive Personal Data:
Government ID Data |
|---|
| Examples |
| Government ID Data may contain the following: Social security, driver’s license, state identification card, or passport number or similar government ID. |
| Purpose(s) |
| Complying with statutory obligations |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as required by applicable law or regulation |
|
Category of Sensitive Personal Data:
Sensitive Category Data |
|---|
| Examples |
| Sensitive Category Data may contain the following: race, citizenship, and sexual orientation |
| Purpose(s) |
| Complying with statutory obligations and to improve services |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data is not shared with third parties |
| Retention Period |
| 3 years or as required by applicable law or regulation |
|
Category of Sensitive Personal Data:
Financial Data |
|---|
| Examples |
| Financial Data may contain the following: account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account |
| Purpose(s) |
| Providing personalized services and complying with statutory obligations |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes |
| Sale |
| We do not sell Personal Information to anyone |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| 3 years or as required by applicable law or regulation |
Use of Personal Data
We use Personal Data for the purposes described in our general Privacy Notice (see https://www.firstambank.com/About/Explore/Policies-and-Notices/Privacy-and-Security). Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Data
We share Personal Data with the following categories of third parties:
- Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
- Our Business Partners: We may share relevant personal data with our business partners to provide you with exclusive offers for products and services that may interest you.
See the tables above for more details about how different categories of Personal Data are shared.
We do not sell Personal Data to anyone.
Exercising Your Personal Data Rights
California Consumers have the following rights under the CPRA:
- The right to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of Sensitive Personal Data in certain circumstances; and
- The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.
If you are a California Consumer, you can submit a request to exercise your personal data rights under the CPRA by visiting our online portal at https://www.requesteasy.com/638e-0934 or calling our toll-free number at (866) 469-0015. To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will use commercially reasonable efforts to verify your identity for this purpose. Any information you provide to authenticate your identity will only be used to process your rights request. Please be aware that we do not accept or process rights through other means (e.g., via fax or social media).
After submitting your request online, you will receive a follow-up email, which may include a link you must click on in order to verify your identity. If you do not click on that link, we may be unable to complete your request due to lack of verification. It is important that you provide a valid email address in order for us to be able to process your request.
We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.
We reserve the right to decline to process, or charge a reasonable fee for, requests from a Consumer that are manifestly unfounded, excessive, or repetitive.
Profiling
The CPRA defines "profiling" as any automated processing of Personal Data to evaluate, analyze, or predict personal aspects related to an individual's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We may engage in this kind of profiling with regard to your Personal Data, and the law provides a right to opt out of profiling in certain situations. You may submit a request to opt out of profiling as described above.
Limiting the Use of Sensitive Personal Data
The CPRA provides a right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested.
You may submit a request to limit the use of your sensitive Personal Data by submitting a rights request as described above.
Authorized Agent Requests
The CPRA allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for Consumers and households.
Contact Us
If you have any questions or concerns regarding this California Privacy Notice, contact us at [email protected]
Last updated: December 27, 2022
