WHAT DOES HERITAGE BANK OF COMMERCE DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
- Social Security Number
- Account Balances
- Checking Account Information
- Account Transactions
- Transaction History
- Overdraft History
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Heritage Bank of Commerce chooses to share; and whether you can limit this sharing.
|Reasons we can share your personal information||Does Heritage Bank of Commerce share?||Can you limit this sharing?|
|For our everyday business purposes-such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus||Yes||No|
|For our marketing purposes- to offer our products and services to you||Yes||No|
|For joint marketing with other financial companies||No||We don’t share|
|For our affiliates’ everyday business purposes- information about your transactions and experiences||Yes||No|
|For our affiliates’ everyday business purposes- information about your creditworthiness||No||We don’t share|
|For our affiliates to market to you||No||We don’t share|
|For non-affiliates to market to you||No||We don’t share|
|Who we are|
|Who is providing this notice?||Heritage Bank of Commerce|
|What we do|
|How does Heritage Bank of Commerce protect my personal information?||To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
We restrict access to personal information about you to those employees who need to know that information to provide products or services to you.
|How does Heritage Bank of Commerce collect my personal information?||We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
|Why can’t I limit all sharing?||Federal law gives you the right to limit only
State laws and individual companies may give you additional rights to limit sharing.
|Affiliates||Companies related by common ownership or control. They can be financial and non-financial companies.
|Non-affiliates||Companies not related by common ownership or control. They can be financial and non-financial companies.
|Joint Marketing||A formal agreement between non-affiliated financial companies that together market financial products or services to you.
NOTICE AT COLLECTION OF PERSONAL INFORMATION
Heritage Bank of Commerce (the “Bank”) and its applicable subsidiaries provide you with this Notice at Collection of Personal Information to comply with all requirements of the California Consumer Privacy Act. The rights and information disclosed here only apply to California residents or consumers.
We collect the following categories of personal information and categories of sensitive personal information about consumers.
|The Categories of Personal Information to be Collected:||The Categories of Sensitive Personal Information to be Collected|
|Identity Data, such as name and government-issued identifier (e.g., First Name, Maiden Name, Last Name, username or similar identifier, or date of birth).
Personal Data, as defined in the California safeguards law (California Civil Code Section 1798.80(e)), such as contact information and financial information (e.g., postal address, email address and telephone numbers).
Characteristic Data, means information related to characteristics protected under California or federal law, such as gender or, marital status.
Transaction Data means information and records regarding transactions completed using products or services consumers have obtained from us, including details about payments to and from your bank accounts with us or other details of products and services you have purchased from us.
Financial Data including bank account and payment card details (e.g., debit card numbers, deposit account numbers, or loan numbers)
Usage Data, means information regarding a consumers activity on the internet or another electronic network, including information about how you use our website, or our online products and services.
Geolocation Data, means information derived from a device that can be used or is intended to be used to locate a user or individual, such as device location or an Internet Protocol (IP) location.
Biometric Data, means information related to an individual’s physiological, biological or behavioral characteristics, such as an image of a person’s fingerprint or voice recording.
Sensory Data, includes information obtained from audio, electronic, visual and similar recording devices, such as call and video recordings;
Employment-Related Data, is information related to an individual’s professional experiences or other employment-related information, such as work history and experience with prior employer.
Education Data, is information related to an individual’s education history, such as student records and directory information.
|Identification Numbers means any information that reveals an individual’s social security number, driver’s license number, state identification card number, or passport number.
Financial Account Credentials means any information that reveals an individual’s account log-in number, financial account number (such as a loan number or deposit account number), debit card number, or credit card number in combination with any required security or access code, password, or credentials which would allow someone to gain access to their account.
Background Information is any information that reveals an individual’s racial or ethnic origin.
Personal Messages are the contents of an individual’s mail, email, and text messages where the Bank is not the intended recipient of the communication.
Health Information is any personal information collected and analyzed concerning an individual’s health.
Processed Biometric Data, is any Biometric Data which the Bank performs an operation, set of operations or other procedure on, whether or not by automated means, for the purpose of uniquely identifying an individual.
BUSINESS OR COMMERCIAL PURPOSES
We collect the categories of personal information and categories of sensitive personal information for the following business or commercial purposes.
• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing services, providing advertising or marketing services (except we will never use any of the categories of sensitive personal information for marketing or advertising), providing analytic services, or providing similar services;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business;
• Debugging to identify and repair errors that impair the existing intended functionality of our products and services. Undertaking internal research for technological development and demonstration (except we will never use any of the categories of sensitive personal information for general research and development purposes);
• Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
• To carry out our responsibilities as an employer, such as processing job applications, administering benefits and managing pay and compensation.
RETENTION OF PERSONAL INFORMATION
The Bank will retain your personal information to carry out its activities and as otherwise required or permitted by applicable law. The criteria we use to determine how long to retain your personal information is based on a number of important factors such as: (i) the regulatory guidelines for products or services you have requested; (ii) federal and state laws and regulations which may mandate we retain your personal information for a specific length of time; (iii) whether the Bank needs the personal information to provide the product or service that has been requested; (iv) is the personal information associated with a former or current customer of the Bank; (v) is the personal information associated with a former or current employee of the Bank; and (vi) whether the personal information may be required in order for the Bank to defend or pursue legal claims in court or to prevent or detect fraudulent or suspicious activity.
The Bank does not sell or share any of the personal information it collects.
For more information, please call us at (833) 996-1801, or e-mail us at CCPA@herbank.com.
The Bank’s California Consumer Privacy Act Policy can be found at https://heritagebankofcommerce.bank/privacy-and-security/#CCPA
CALIFORNIA CONSUMER PRIVACY ACT POLICY
Effective/Last Updated January 1, 2023
Heritage Bank of Commerce (the “Bank”) and all applicable subsidiaries comply with all requirements of the California Consumer Privacy Act of 2018, including as how that law is amended by the California Privacy Rights Act of 2020 (collectively the “CCPA”).
Your Right to Know About Personal Information Collected
Under the CCPA a consumer (which means a California resident) has the right to know what personal information the business has collected about them, including the categories of personal information, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties to whom the business discloses personal information and the specific pieces of personal information the business has collected. Thus, you may request that we disclose what personal information we collect, use, and disclose about you (a “Request to Know” or “RTK”).
If you wish to submit a verifiable RTK you should do one of the following:
Call 1 (833) 996-1801;
Send an e-mail to CCPA@herbank.com; or
Ask your branch representative to provide you with a form for your request.
When you submit a RTK, the Bank will verify your identity. To verify your identity we will ask you for your name, address, and other pieces of information pertinent to your request that we can use to match with the information we have on file. The amount and type of information we request may vary depending on the sensitivity of personal information covered by the request.
Collection of Personal Information (“PI”)
Below is a list of categories of PI and categories of sensitive PI we have collected about consumers in the preceding 12 months. We have also provided the categories of sources from which we collected the personal information, and the business or commercial purpose for collecting the information:
Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category identified we have also provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:
|Categories of PI we Collect||
|Categories of Sensitive PI We Collect||
|Categories of Sources from Which We Collect the PI||
|Our Business or Commercial Purpose for Collecting the PI||
Sale or Sharing of Personal Information
We have not sold or shared any personal information about consumers in the preceding 12 months.
We DO NOT have actual knowledge that we sell or share the personal information of minors under 16 years of age.
Disclosure of Personal Information for Business Purposes
We have disclosed personal information about consumers to third parties for a business or commercial purpose in the preceding 12 months. Below is a list of the categories of personal information we have disclosed to third parties in the preceding 12 months for a business or commercial purpose. For each category identified we have also disclosed the category of third party to whom the PI was disclosed.
|Categories of PI Disclosed to Third Parties||Categories of Third Parties With Whom the PI Was Disclosed|
We have disclosed personal information to third parties for the following business or commercial purposes:
- Auditing of bank records for compliance with state and federal banking regulation;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
- Performing services on behalf of the Bank, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders or transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider; and
- Undertaking internal research for technological development and demonstration.
USE OF SENSITIVE PERSONAL INFORMATION
We have not used or disclosed any of the categories of sensitive PI for purposes other than those specified as permissible uses as set forth in the CCPA and the implementing regulations adopted by the California Privacy Protection Agency (including how the CCPA and its regulations may be amended from time to time) that do not trigger a consumers right to limit use.
Rights under the CCPA
Right to Request Deletion or Corrections of Personal Information
You have the right to request the deletion of any personal information about you which we have collected or maintained, subject to certain exceptions. You also have the right to request that we correct inaccurate personal information we may maintain about you.
If you wish to submit a request to delete or request to correct the personal information we collected or maintain about you, you may call us at (833) 996-1801, or e-mail us at CCPA@herbank.com.
In order to respond to a request to delete or request to correct we will need to verify your identity. Bank may contact you to confirm your identity and comply with your request. To verify your identity we will ask you for your name, address, and other pieces of information pertinent to your request that we can use to match with the information we have on file. The amount and type of information we request may vary depending on the sensitivity of personal information covered by the request. We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Right to Opt-Out of the Sale or Sharing of Personal Information
You have the right to opt out of the sale or sharing of your personal information, if a business sells or shares your personal information.
The Bank does not sell or share your personal information.
Right to Non-Discrimination for the Exercise of Your Privacy Rights
You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the CCPA, including an employee’s, applicant’s or independent contractor’s right not to be retaliated against for the exercise of their rights under the CCPA.
Right to Limit Use of Sensitive Personal Information
You have the right to limit the use or disclosure of your sensitive personal information if a business uses or discloses your sensitive personal information for certain reasons not expressly permitted by the CCPA or its implementing regulations.
Opt Out Preference Signals
We do not sell or share personal information so the receipt of an opt-out preference signal will not impact how we collect, use or disclose your personal information.
You may designate an authorized agent to make a request under the CCPA on your behalf by providing the agent written permission to make the request and sending that written authorization to Heritage Bank of Commerce, Attn: CCPA, 224 Airport Parkway, San Jose, CA 95110. We will verify your identity with the authorized agent.
Contact for More Information
For more information, please call us at (833) 996-1801, or e-mail us at CCPA@herbank.com.