California Consumer Privacy Act (CCPA) Privacy Notice
Rights for California Residents
EFFECTIVE: July 1, 2020
This California Consumer Privacy Act Notice (“Notice”) explains how BAC (“BAC,” “we” “our” or “us”) and its affiliates collect, use, and disclose personal information subject to the California Consumer Privacy Act (“CCPA”). It also describes the privacy rights of California residents under the CCPA and how they can exercise those rights. This Notice applies solely to California residents and supplements any other privacy policies or notices applicable to the BAC services that you visit or use.
INFORMATION WE COLLECT AND HOW WE COLLECT IT
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information” or “PI”). The CCPA does not apply to personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act (“GLBA”). The personal information of California residents we collect, process, or disclose pursuant to this Notice does not include (i) publicly available information, (ii) de-identified or aggregate consumer information, (iii) information excluded from the CCPA’s scope, such as GLBA personal information, and (iv) personal information collected for a single, one-time transaction in the ordinary course of business, and not retained.
The categories of personal information we collect depend on the product or service you have with us, and your use of BAC Florida Bank websites and services. The chart below outlines the categories of personal information (as defined by the CCPA) and the examples provided for each category are taken from the CCPA and are included to help the customers understand what each category means. However, the list below is for illustrative purposes only and DOES not indicate what we actually may have collected over the past 12 months.
|Categories of Personal Information||Examples (for illustrative purposes only)|
|Personal Identifiers||Name, alias, postal address, unique personal identifier, online identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.|
|Other Identifying Information||A signature, description of your physical characteristics, address, phone number, state identification card number, date of birth, family member information, bank account number, credit card number, debit card number or other payment or financial information, education, employment, employment history, medical information or health insurance information.|
|Characteristics of Protected Class||Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).|
|Commercial Information||Policy coverage information, premiums, and payment history. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Driving record, claims history, and credit information.|
|Biometric Information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, voice print, retinal print, scan of hand or facial geometry.|
|Internet or Other Electronic Network Activity Information||Browsing history, search history, information regarding your interaction with our website, application or advertisement, links you use or web pages you visit while visiting our site or applications, browser type, internet service provider (ISP), cookies, and mobile device including device identifier or other device information, and location information.|
|Geolocation Information||Physical location, movements, or trip tracking information.|
|Multimedia Information||Audio, electronic, visual, or similar information.|
|Employment Information||Professional or employment-related information.|
|Education Information||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.|
|Inferences||Inferences drawn from any personal information collected to create a profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.|
We may obtain the categories of personal information listed above from the following sources:
- Directly from our customers or their agents. For example, from documents that our customers provide to us related to the products and services that we offer to them
- From our banking website(s) or banking mobile application(s). For example, we collect certain personal information when customers visit our banking website(s) or use our banking mobile application(s).
- From third parties that interact with us in connection with the services they perform for us. For example, from third parties that process debit card transactions.
HOW WE USE YOUR PERSONAL INFORMATION
We may use your personal information for one or more of the following purposes:
- Fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information for us to service your loan, we will use that information to credit your account appropriately.
- Provide you with information, products, or services that you request from us. We may use your personal information to offer you a service, products, etc.
- Improve, develop, and analyze our sites, services, and products. We use your personal information using algorithms, analytics software, and other similar methods to analyze, improve, develop, or deliver our sites, products and services and develop new services, products, or features. We also use your information to analyze how visitors use our sites to improve, enhance, and personalize your experience.
- Communicate with you about your service or product. For example, we may provide you with email alerts and other notices concerning your account, or events or news, that may be of interest to you.
- Carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collections
- Send marketing communications. We may use your information to send you promotional communications about products, services, features, and options we believe may be of interest to you. We may send communications via email, regular mail or may send push notifications via a mobile device. Push notification preferences are controlled in your device. We may also use your information to serve you ads or customized content online.
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations and, as necessary and appropriate, protect the safety and security of our business, services, and sites. We may use your information to comply with laws, regulations, or other legal obligations, to assist in an investigation, to protect and defend our rights and property or the rights of third parties or enforce terms and conditions. We may also use your information to prevent suspected fraud, threats to our network or other illegal activities, prevent misuse or for any other reason permitted by law. We may use your personal information to protect our company, our affiliates, our customers, our network, and our sites.
- Update or correct our records. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine that information with other information we have about you to update our records. For example, we may obtain change of address information from public sources and use that information to update or correct your address information.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
HOW WE SHARE YOUR PERSONAL INFORMATION
We will only use or disclose your personal information for the purpose(s) it was collected and as otherwise identified in this notice. We do not sell your personal information to any other business or third parties for monetary or other valuable consideration. We may share your personal or other information with third parties for business purposes as follows:
- Service providers: Personal information may be shared with service providers who perform services on our behalf for a business purpose including providers that:
- provide marketing and advertising, email, or other communication services,
- provide services that support our online activities including providing tracking technologies, web hosting and analytics,
- provide tax and accounting, legal services, delivery, and data enhancement services,
- provide technology services and enhance security, privacy, and fraud protections,
- provide analytics services or conduct research or actuarial studies, and
- provide support to our operations.
- Online marketing and advertising partners: We may share personal and other information with third party online marketing and advertising partners or permit these partners to collect information from you directly on our sites to personalize online advertising.
- Third parties in connection with a business transaction: Personal information may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of any or all of our company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliate or third party, or in the event of a bankruptcy or related or similar proceedings.
- Law enforcement, regulators, and other parties for legal reasons: Personal information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to:
- comply with the law and the reasonable requests of regulators, law enforcement or other public authorities,
- protect our or others safety, rights, or property, and
- investigate fraud or to protect the security or integrity of our sites or any product or services.
YOUR CALIFORNIA PRIVACY RIGHTS AND CHOICES
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Access Your Personal Information: You have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months including:
- the categories of personal information collected about consumers,
- the specific pieces of personal information we have about you,
- the categories of sources from where personal information was collected,
- the business purpose for collecting the personal information, and
- the categories of third parties with whom we share personal information.
Right to Deletion of Personal Information: You have the right to request we delete the personal information we collected, with certain exceptions. We will delete your personal information in response to a verifiable request unless needed for the following:
- To complete a transaction for which we collected the personal information, provide a good or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you,
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities,
- Debug products to identify or repair errors that impair functionality,
- Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law,
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us,
- Comply with a legal obligation, including compliance with the California Electronic Communications Privacy Act, or
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Non-Discrimination Rights: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA rights. Unless permitted by the CCPA, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of goods or services, (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
To better protect you and your personal information, we will only respond to access or deletion requests that we have been able to properly verify through our authentication processes. To verify your identity, you will be asked to provide certain information, which we will only use to verify your identity or authority to make the request. To submit the access or deletion rights described above, please submit a verifiable consumer request by one of the following methods:
- Call: 305-789-8077
- Email us at firstname.lastname@example.org
You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative which, at a minimum, should include:
- Describe your request to allow us to properly understand, evaluate, and respond; and
- Provide sufficient information for us to verify you are the California resident whom we collected Personal Information or an authorized representative of such resident. The information you provide must include:
- Confirmation of California residency;
- Full name;
- Email address; and
- Other information that authenticates you (if a customer) or verifies you (if non-customer or authorized party).
*Please note the address you provide must be a California address you have given to us in relation to your account.
We cannot proceed with your request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request
We endeavor to respond to a verifiable consumer request within 45 calendar days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will cover the 12-month period preceding receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. To protect your personal information, we will not provide specific pieces of personal information to you.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies are small files that capture information about your activity on this Site and are stored directly on your computer. The type of information gathered may include pages visited and time spent on the Site. No personally identifiable information is gathered or stored via cookies. We may use the information to display information more effectively, to personalize your online experience and to advertise our products via third party advertising partners. You can block cookies by configuring your device and browser settings accordingly. You will need to manage your cookie settings for each device and browser you use. Doing so, however, may result in diminished performance on the Site.
Like many other web sites, our site makes use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring, exit pages, and number of clicks to analyze trends, administer the site, track user’s movements around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.
OTHER AVAILABLE CHOICES
Email Marketing: If you opt-out from receiving marketing emails, we may still send you non-marketing emails such as emails about your products or services, responses to your requests and inquiries, or notices of updates to terms and conditions or our privacy practices. To opt-out from receiving marketing and promotional emails, please email us at email@example.com or contact us at the following address 169 Miracle Mile, Coral Gables, Florida 33134.
SOCIAL MEDIA, LINKS AND EXTERNAL SITES
Links to other company’s websites may be provided on the BAC sites as a convenience to you. If you choose to go to these external websites, you will be subject to the privacy practices of those external websites – BAC is not responsible for the privacy practices of those websites. We encourage you to be aware when you leave our site to read the privacy notices of every website you visit, as those privacy notices may differ from ours. Our Privacy Notice applies solely to the sites where this Privacy Notice appears.
We use a combination of reasonable technical, administrative, and physical safeguards to protect your personal information. However, no website, mobile application, database, or system is completely secure or “hacker proof.” So, we cannot guarantee its absolute security. You are also responsible for taking reasonable steps to protect your personal information against unauthorized disclosure or misuse. We limit access to your personal information to those who need it to do their jobs. We comply with all applicable federal and state data security laws.
POLICY TOWARDS CHILDREN
BAC does not knowingly collect personal information directly from minors. Any information we collect from minors is always with the consent of a parent or guardian. If you are under 16 years old, do not use or provide any information on our website or on or through our services.
SALE OF PERSONAL INFORMATION
BAC does not engage in the sale of personal information. As noted elsewhere in this Notice, we may share personal information with other businesses for a variety of reasons, we do not share personal information for the sole purpose of receiving compensation for that information.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update or revise this Privacy Notice at our discretion and at any time. The date at the top of this page shows when this Notice was last revised. We will let you know when we update the Notice by changing the date or other appropriate means.