1. Collection of Consumer Information.
Consumer information is accumulated by the Bank from a variety of sources. Some information is provided to the Bank directly by customers and prospective customers, for example in loan and deposit account applications. Other information is developed by the Bank as a function of providing products and services to our customers, such as account balances and loan payment histories. Still other information is obtained from outside sources such as credit bureaus. The policy of the Bank shall be to collect, retain and use consumer information only where we reasonably believe that it will help administer our business or provide products, services, and other opportunities to our customers and prospects. We will collect and retain consumer information only for specific business purposes and we will use consumer information only in accordance with the principles set out in this policy.
2. Maintenance of Accurate Information.
The Bank shall maintain procedures to ensure that consumer information is accurate, current and complete in keeping with reasonable commercial standards. The Bank shall respond to requests by customers and others to correct inaccurate information in a timely fashion and shall take commercially reasonable steps to investigate and correct any inaccuracies.
3. Security Program.
The Bank shall establish and maintain a consumer information security program in compliance with regulatory guidelines to help ensure the security and confidentiality of consumer information, protect against any anticipated threats or hazards to the security or integrity of that information and protect against unauthorized access to or use of consumer information. As a part of this program, the Bank’s policy shall be to limit employees’ access to personally identifiable customer information to only those employees with a business reason to know that information. All officers and employees shall be informed of and trained on the importance of, and their responsibility for, maintaining the confidentiality of consumer information.
Employees who violate the privacy policies of the Bank will be subject to appropriate disciplinary measures.
4. Use and Disclosure of Consumer Information.
We will use the consumer information we collect only to administer our business, provide products and services to our customers and prospects and offer opportunities that we think would be of interest to our customers and prospects. The Bank will use information to protect and administer customer accounts, funds and records; comply with laws and regulations; help it design and improve its products and services and help it understand the needs of its customers and prospects. The Bank’s policy shall be to strictly limit who may receive customer information outside of the Bank. The Bank’s policy is to also share, to the extent lawfully permissible, consumer information with non-affiliated third parties that perform services for the Bank or with whom the Bank has entered into joint marketing arrangements for financial products or services. When providing consumer information to such a non-affiliated third party, the Bank’s policy is to prohibit, through a written agreement, the third party from disclosing or using the information other than in the ordinary course of business to carry out the purposes for which the Bank shared the information. The Bank may share consumer information with non-affiliated third parties in connection with servicing or processing a financial product or service requested or authorized by a customer or maintaining or servicing the customer’s account. The Bank may also share consumer information with non-affiliated third parties: (1) at the request or with the permission of the customer; (2) in connection with a business transaction involving the Bank such as a sale, merger or transfer of all or a portion of the Bank’s business; (3) when the Bank is legally required or permitted to do so such as in response to a civil, criminal or regulatory investigation or legal process; (4) when providing information to consumer reporting agencies such as credit bureaus or to federal and state law enforcement or regulatory authorities such as bank examiners or the Internal Revenue Service, as authorized or required by federal or state law; and
(5) in other cases where it is legally permissible to do so. It is the Bank’s policy not to provide consumer information to non-affiliated companies for their independent use in marketing any non-financial products or services of those companies.
5. Providing Privacy Information to Customers.
It is the Bank’s policy to notify new and existing customers of its privacy policies in compliance with applicable law and regulation. All customers as of July 1, 2001, shall be given notice of the Bank’s privacy policies. The Bank shall provide notice of its privacy policies to all new customers at the time of establishing a customer relationship. The Bank shall provide similar notices to all customers at least annually. The Bank shall also establish procedures for receiving and responding to customer inquiries.
6. Compliance with Applicable Law and Regulation.
Board Approved 03/21/2018