California Consumer Privacy Act

CALIFORNIA CONSUMER PRIVACY ACT POLICY

Last Updated September 27, 2023

This California Consumer Privacy Act Policy (“CCPA Disclosure”) supplements the information contained in any other Privacy Notice provided by Community Bank of the Bay (“we” or “our”) and applies solely to residents of the State of California. It describes our practices both online and offline to comply with the California Consumer Privacy Act of 2018 (“CCPA”) regarding the collection, use, disclosure, and sale of personal information and the rights of California residents (“consumers” or “you”) regarding their own personal information.

Under the CCPA, “personal information” is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular consumer.  The specific personal information that we collect, use, and disclose relating to a consumer will vary depending on our relationship or interaction.

This CCPA Disclosure does not apply to information collected, processed or disclosed pursuant to the Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. It also does not apply to information we collect of job applicants, employees, contractors, temporary employees, directors and shareholders, which are subject to our Human Resources CCPA Disclosure.

Your Right to Know About Personal Information Collected, Disclosed, or Sold

You have a right to know what personal information we have collected used, disclosed, or and sold about during the past 12 months. You may only make a request twice within a 12-month period. CBB *does not* sell our customers information.

If you wish to submit a verifiable consumer request for personal information we collect, use, or disclose you should do one of the following:

1. Call us at (833) 433-2272;
2. E-mail us at CCPA@bankcbb.com; or
3. Submit your request by mail:
   Community Bank of the Bay
   Attention: CCPA Request
   180 Grand Ave, Suite 1550
   Oakland, CA 94612

When you submit a request, the Bank will verify your identity. We will ask you for your name, address, and other pieces of information pertinent to your request.

Identifiers

Collection of Personal Information (“PI”)

Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category of personal information, we have provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:

Categories of Personal Information we Collect

Sensitive personal information. Section 1798.140(v)(1)(A)-(L).

• Identity Data, such as name and government-issued identifier (e.g., First Name, Former Name(s), Last Name(s), username or similar identifier, date of birth, Social Security number, driver’s license, state identification card, or passport number);
• Personal information Data, as defined in the California safeguards law, such as contact information and financial information (e.g., postal address, e-mail address and telephone numbers);
• Characteristics of protected classification data under California or federal law, such as sex and marital status;
• Commercial Information;
• Financial Data including bank account and payment card details;
• Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
• Transaction Data including details about payments to and from your bank accounts with us or other details of products and services you have purchased from us;
• Internet Usage Data, including information about how you use our internet website, products and services;
• Geolocation Data, such as device location and Internet Protocol (IP) location;
• Audio, electronic, visual, thermal, olfactory, or similar information;
• Biometric Data, such as audio, electronic, visual and similar information, call and video recordings;
• Professional or employment-related information;
• Education Data, such as student records and directory information;
• Inferences drawn to create a profile about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes;

Categories of Sensitive Personal Information we Collect

(Section 1798.140(v)(1)(A)-(L)).

• Social security, driver’s license, state identification card, or passport number;
• Account log-in, financial account, debit card, or created card number in combination with any required security or access code, password, or credentials allowing access to an account;
• Precise geolocation;
• Racial or ethnic origin;
• Contents of mail, email, text messages;
• Biometric and genetic information that is processed for the purpose of identifying you;
• Personal Information collected and analyzed concerning your health; and sex life or sexual orientation.

Categories of Sources Used to Collect Information

• Directly from a California resident or the individual’s representatives
• Vendors, Service Providers, Consumer Data Resellers and other third parties;
• Public Record Sources (Federal, State or Local Government Sources);
• Website, Mobile App Activity and Social Media;
• Information from Client Directed Third Parties or Institutions representing a Client/Prospect;
• Information from Corporate Clients about individuals associated with the Clients (e.g., an employee or board member); and
• Information from Individual Clients about individuals associated with Client (e.g., beneficiary).

Our Purpose for Collection

• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business;
• Undertaking internal research for technological development;
• Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
• Debugging to identify and repair errors that impair existing intended functionality. Undertaking internal research for technological development and demonstration; and
• Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).

Category of Third Parties with Whom we Shared

• Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities;
• Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors, who promote the bank and its financial services and products to customers and other prospective buyers
• Other Third Parties who enable customers to conduct transactions online and via mobile devices; and
• Law Enforcement, Regulatory and Government Agencies as required by law and regulation.

Disclosure or Sale of Personal Information

We HAVE NOT sold any Personal Information or Sensitive Personal Information about consumers in the preceding 12 months for a business or commercial purpose.

We DO NOT sell the personal information of minors under 16 years of age without affirmative authorization.

Disclosed for Business Purpose

We have disclosed personal information about consumers to third parties for a business or commercial purpose in the preceding 12 months. We may have disclosed personal information about minors under 16 years of age for business purposes (e.g. savings accounts for minors, or beneficiary information). Below is a list of the categories where we have shared consumer information with third parties in the preceding 12 months in order to provide and manage products and services:

Business Purpose

• Establish and process transactions for our products and services including checking accounts, debit cards, loans, as well as additional products for businesses such as commercial financing;
• Support the ongoing management and maintenance of our products and services including to provide account statements, online banking access, client service, payments and collections, and account notifications;
• Support everyday operations, including meeting risk, legal and compliance requirements;
• Perform accounting, monitoring, and reporting;
• Support audit and investigations, legal requests and demands from regulatory authorities;
• Enable the use of service providers for business purposes;
• Comply with policies and procedures; and
• Undertake internal research for technological development and demonstration.

Retention of Information

CBB will retain your information for the period of time that you have a relationship, and for the retention period mandated by federal regulation.

Rights under the CCPA

Right to Request Access, Correction, or Deletion of Personal Information

If you are a California resident, you have the right to access, request correction or deletion of any personal information about you which we have collected or maintained covering the 12-month period prior to your request for a purpose other than providing a financial product or service. This right includes the categories of personal information, and categories of sources from which personal information is collected along with the business purpose.

• You have the right to delete personal information subject to certain exceptions.
• You have the right to opt out of the share or selling of your personal information subject to certain exceptions.
• You have the right to limit the use or disclosure of sensitive personal information subject to certain exceptions.
• You have the right to not receive discriminatory treatment due to the exercise of privacy rights conferred under the CCPA, inclusive of employees, applicants, or independent contractors.

Verifiable CCPA Request

You may only make a verifiable request twice within a 12-month period. To submit a verifiable consumer request, you may:

1. Call us at (833) 433-2272;
2. Submit our CCPA request form on-line;  CCPA@bankcbb.com; or
3. Submit your request by mail:
   Community Bank of the Bay
   Attention: CCPA Request
   180 Grand Ave, Suite 1550
   Oakland, CA 94612

In order to verify your identity, you must:

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond;
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information such as name, date of birth, e-mail address, telephone number, postal address, and your business relationship with Community Bank of the Bay.

If you designate an authorized representative to make a request on your behalf, we may require you to verify your identity directly to us and provide a copy of the authorized written permission.

Community Bank of the Bay may contact you to confirm your identity and comply with your request. In order to verify your identity, we will use the personal information provided in the verifiable consumer request.  We cannot respond to your request if we cannot verify your identity or your authorized agent’s authority to make the request and confirm the personal information relates to you. We may require you, or your authorized agent, to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Right to Opt-Out of the Sale of Personal Information

You have the right to opt out of the sale of your personal information.

As stated above, Community Bank of the Bay does not and will not, sell the personal information of consumers to third parties.

Right to Non-Discrimination for the Exercise of Your Privacy Rights

You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the California Consumer Privacy Act.

Authorized Agent

You may designate an authorized agent to make a request under the California Consumer Privacy Act on your behalf by providing the agent written permission to make the request. We will verify your identity with the authorized agent.

Contact for More Information

For more information, please call us at (833) 433-2272, or e-mail us at CCPA@bankcbb.com.

 

Download a printable version.