GLBA Privacy Policy

FACTS

WHAT DOES HERITAGE BANK OF COMMERCE DO WITH YOUR PERSONAL INFORMATION?

WHY?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

WHAT?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security Number
  • Account Balances
  • Checking Account Information
  • Account Transactions
  • Transaction History
  • Overdraft History

When you are no longer our customer, we continue to share your information as described in this notice.

HOW?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Heritage Bank of Commerce chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information Does Heritage Bank of Commerce share? Can you limit this sharing?
For our everyday business purposes-such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
For our marketing purposes- to offer our products and services to you Yes No
For joint marketing with other financial companies No We don’t share
For our affiliates’ everyday business purposes- information about your transactions and experiences Yes No
For our affiliates’ everyday business purposes- information about your creditworthiness No We don’t share
For our affiliates to market to you No We don’t share
For non-affiliates to market to you No We don’t share
Who we are
Who is providing this notice? Heritage Bank of Commerce
What we do
How does Heritage Bank of Commerce protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

We restrict access to personal information about you to those employees who need to know that information to provide products or services to you.

How does Heritage Bank of Commerce collect my personal information? We collect your personal information, for example, when you

  • Open an Account
  • Deposit Money
  • Apply for a Loan
  • Provide Account Information
  • Make Deposits or Withdrawals from your Account

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing? Federal law gives you the right to limit only

  • Sharing for affiliates’ everyday business purposes- information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for non-affiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

Definitions
Affiliates Companies related by common ownership or control. They can be financial and non-financial companies.

  • Heritage Bank of Commerce does not share with our affiliates.
Non-affiliates Companies not related by common ownership or control. They can be financial and non-financial companies.

  • Heritage Bank of Commerce does not share with non-affiliates so they can market to you.
Joint Marketing A formal agreement between non-affiliated financial companies that together market financial products or services to you.

  • Heritage Bank of Commerce doesn’t jointly market.


CALIFORNIA CONSUMER PRIVACY ACT POLICY

Effective/Last Updated January 1, 2023

Heritage Bank of Commerce (the “Bank”) and all applicable subsidiaries comply with all requirements of the California Consumer Privacy Act of 2018, including as how that law is amended by the California Privacy Rights Act of 2020 (collectively the “CCPA”).

Your Right to Know About Personal Information Collected

Under the CCPA a consumer (which means a California resident) has the right to know what personal information the business has collected about them, including the categories of personal information, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties to whom the business discloses personal information and the specific pieces of personal information the business has collected. Thus, you may request that we disclose what personal information we collect, use, and disclose about you (a “Request to Know” or “RTK”).

If you wish to submit a verifiable RTK you should do one of the following:
Call 1 (833) 996-1801;
Send an e-mail to CCPA@herbank.com; or
Ask your branch representative to provide you with a form for your request.
When you submit a RTK, the Bank will verify your identity. To verify your identity we will ask you for your name, address, and other pieces of information pertinent to your request that we can use to match with the information we have on file. The amount and type of information we request may vary depending on the sensitivity of personal information covered by the request.

Collection of Personal Information (“PI”)

Below is a list of categories of PI and categories of sensitive PI we have collected about consumers in the preceding 12 months. We have also provided the categories of sources from which we collected the personal information, and the business or commercial purpose for collecting the information:
Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category identified we have also provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:

Categories of PI we Collect
  • Identity Data, such as name and government-issued identifier (e.g., First Name, Maiden Name, Last Name, username or similar identifier, or date of birth);
  • Personal Data, as defined in the California safeguards law (California Civil Code Section 1798.80(e)), such as contact information and financial information (e.g., postal address, email address and telephone numbers);
  • Characteristic Data, means information related to characteristics protected  under California or federal law, such as gender or marital status;
  • Biometric Data means information related to an individual’s physiological, biological or behavioral characteristics, such as an image of a person’s fingerprint or voice recording; 
  • Financial Data including bank account and payment card details (e.g., debit card numbers, deposit account numbers, or loan numbers).
  • Transaction Data means information and records regarding transactions completed using products or services consumers have obtained from us, including details about payments to and from your bank accounts with us or other details of products and services you have purchased from us.
  • Usage Data means information regarding a consumers activity on the internet or another electronic network, including information about how you use our website, or our online products and services.
  • Geolocation Data, means information derived from a device that can be used or is intended to be used to locate a user or individual, such as device location or an Internet Protocol (IP) location;
  • Sensory Data, includes information obtained from  audio, electronic, visual and similar recording devices, such as call and video recordings;
  • Employment-Related Data, is information related to an individual’s professional experiences or other employment-related information, such as work history and experience with prior employer.
  • Education Data, is information related to an individual’s education history, such as student records and directory information.
Categories of Sensitive PI We Collect
  • Identification Numbers means any information that reveals an individual’s social security number, driver’s license number, state identification card number, or passport number.
  • Financial Account Credentials means any information that reveals an individual’s account log-in number, financial account number (such as a loan number or deposit account number), debit card number, or credit card number in combination with any required security or access code, password, or credentials which would allow someone to gain access to their account.
  • Background Information is any information that reveals an individual’s racial or ethnic origin.  
  • Personal Messages are the contents of an individual’s mail, email and text messages, where the Bank is not the intended recipient of the communication.
  • Health Information is any personal information collected and analyzed concerning an individual’s health.
  • Processed Biometric Data, is any Biometric Data which the Bank performs an operation, set of operations or other procedure on, whether or not by automated means, for the purpose of uniquely identifying an individual.
Categories of Sources from Which We Collect the PI
  • Directly from a California resident or the individual’s authorized representatives
  • Service Providers, consumer data resellers and other third parties;
  • Public Record Sources (Federal, State or Local Government Sources);
  • Information from our Affiliates;
  • From our website, mobile applications and services and social media;
  • Information from authorized representatives of customers acting on behalf of a customer or institutions representing a potential customer in connection with obtaining or applying for a financial product or service from us;
  • Information from business entities that are or may become customers of the Bank who may provide information regarding individuals associated with them such as, an employee, officer or board member.
Our Business or Commercial Purpose for Collecting the PI
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing services, providing advertising or marketing services (except we will never use any of the categories of sensitive personal information for marketing or advertising), providing analytic services, or providing similar services;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • Activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business;
  • Debugging to identify and repair errors that impair the existing intended functionality of our products and services. Undertaking internal research for technological development and demonstration (except we will never use any of the categories of sensitive personal information for general research and development purposes);
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
  • To carry out our responsibilities as an employer, such as processing job applications, administering benefits and managing pay and compensation.

Sale or Sharing of Personal Information

We have not sold or shared any personal information about consumers in the preceding 12 months.

We DO NOT have actual knowledge that we sell or share the personal information of minors under 16 years of age.

Disclosure of Personal Information for Business Purposes

We have disclosed personal information about consumers to third parties for a business or commercial purpose in the preceding 12 months. Below is a list of the categories of personal information we have disclosed to third parties in the preceding 12 months for a business or commercial purpose. For each category identified we have also disclosed the category of third party to whom the PI was disclosed.

Categories of PI Disclosed to Third Parties Categories of Third Parties With Whom the PI Was Disclosed
Identity Data
  • Affiliates of the Bank (“Affiliates”);
  • Vendors and other service providers who provide services to the Bank, such as those that provide website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research services, those who promote the bank and its financial services and products to customers and other prospective buyers on the Bank’s behalf, and those that enable customers to conduct transactions online and via mobile devices (collectively “Service Providers”);
  • Partners and third parties who provide consulting services to the Bank on topics including but not limited to payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors (collectively “Consultants”). 
  • Government Agencies as required by laws and regulations.
  • Credit Reporting Agencies.
Personal Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies;
  • Credit Reporting Agencies
Characteristic Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Transaction Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Financial Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Usage Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Geolocation Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Biometric Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Sensory Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Employment-Related Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies
Education Data
  • Affiliates;
  • Service Providers;
  • Consultants;
  • Government Agencies
  • Credit Reporting Agencies

Business Purposes

We have disclosed personal information to third parties for the following business or commercial purposes:

  • Auditing of bank records for compliance with state and federal banking regulation;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • Performing services on behalf of the Bank, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders or transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider; and
  • Undertaking internal research for technological development and demonstration.

USE OF SENSITIVE PERSONAL INFORMATION

We have not used or disclosed any of the categories of sensitive PI for purposes other than those specified as permissible uses as set forth in the CCPA and the implementing regulations adopted by the California Privacy Protection Agency (including how the CCPA and its regulations may be amended from time to time) that do not trigger a consumers right to limit use.
https://heritagebankofcommerce.bank/wp-admin/post.php?post=779&action=edit#
Rights under the CCPA

Right to Request Deletion or Corrections of Personal Information

You have the right to request the deletion of any personal information about you which we have collected or maintained, subject to certain exceptions. You also have the right to request that we correct inaccurate personal information we may maintain about you.

If you wish to submit a request to delete or request to correct the personal information we collected or maintain about you, you may call us at (833) 996-1801, or e-mail us at CCPA@herbank.com.

In order to respond to a request to delete or request to correct we will need to verify your identity. Bank may contact you to confirm your identity and comply with your request. To verify your identity we will ask you for your name, address, and other pieces of information pertinent to your request that we can use to match with the information we have on file. The amount and type of information we request may vary depending on the sensitivity of personal information covered by the request. We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Right to Opt-Out of the Sale or Sharing of Personal Information

You have the right to opt out of the sale or sharing of your personal information, if a business sells or shares your personal information.

The Bank does not sell or share your personal information.

Right to Non-Discrimination for the Exercise of Your Privacy Rights

You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the CCPA, including an employee’s, applicant’s or independent contractor’s right not to be retaliated against for the exercise of their rights under the CCPA.

Right to Limit Use of Sensitive Personal Information

You have the right to limit the use or disclosure of your sensitive personal information if a business uses or discloses your sensitive personal information for certain reasons not expressly permitted by the CCPA or its implementing regulations.

Opt Out Preference Signals

We do not sell or share personal information so the receipt of an opt-out preference signal will not impact how we collect, use or disclose your personal information.

Authorized Agent

You may designate an authorized agent to make a request under the CCPA on your behalf by providing the agent written permission to make the request and sending that written authorization to Heritage Bank of Commerce, Attn: CCPA, 224 Airport Parkway, San Jose, CA 95110. We will verify your identity with the authorized agent.

Contact for More Information

For more information, please call us at (833) 996-1801, or e-mail us at CCPA@herbank.com.


 

HBC Secure Privacy Policy

HBC Secure is an application for mobile banking that provides a seamless experience to use and manage your debit cards. Visit here to see the HBC Secure Privacy Policy.


 

Cookie Policy

The Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences. To see the complete Cookie Policy visit here.


 

Google Analytics

Like many other websites, we employ Google Analytics to collect non-personally identifiable information when available (such as age, gender and interests). Any third-party sources provide us with a summary that is statistical in nature and cannot be tracked back to a specific individual. We use this information to gauge the impact of website changes and to make improvements to our website. However, we do not facilitate the merging of your personally identifiable information with the non-personally identifiable information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.