GLBA Privacy Policy




Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.


The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security Number
  • Account Balances
  • Checking Account Information
  • Account Transactions
  • Transaction History
  • Overdraft History

When you are no longer our customer, we continue to share your information as described in this notice.


All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Heritage Bank of Commerce chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information Does Heritage Bank of Commerce share? Can you limit this sharing?
For our everyday business purposes-such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
For our marketing purposes- to offer our products and services to you Yes No
For joint marketing with other financial companies No We don’t share
For our affiliates’ everyday business purposes- information about your transactions and experiences Yes No
For our affiliates’ everyday business purposes- information about your creditworthiness No We don’t share
For our affiliates to market to you No We don’t share
For non-affiliates to market to you No We don’t share
Who we are
Who is providing this notice? Heritage Bank of Commerce
What we do
How does Heritage Bank of Commerce protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

We restrict access to personal information about you to those employees who need to know that information to provide products or services to you.

How does Heritage Bank of Commerce collect my personal information? We collect your personal information, for example, when you

  • Open an Account
  • Deposit Money
  • Apply for a Loan
  • Provide Account Information
  • Make Deposits or Withdrawals from your Account

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing? Federal law gives you the right to limit only

  • Sharing for affiliates’ everyday business purposes- information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for non-affiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

Affiliates Companies related by common ownership or control. They can be financial and non-financial companies.

  • Heritage Bank of Commerce does not share with our affiliates.
Non-affiliates Companies not related by common ownership or control. They can be financial and non-financial companies.

  • Heritage Bank of Commerce does not share with non-affiliates so they can market to you.
Joint Marketing A formal agreement between non-affiliated financial companies that together market financial products or services to you.

  • Heritage Bank of Commerce doesn’t jointly market.


Updating our Privacy Policy
We will provide notice of our Privacy Policy annually, as long as you maintain an ongoing relationship with us. Our online privacy policy will be reviewed annually and updated as necessary.

Our Online Privacy Policy Effective Date: August 1, 2021

Maintaining and Using Personally Identifiable Information in Electronic Banking Communications
How we handle information about you when you visit our website will depend on what you do when visiting the site.
We will not obtain personally identifiable information about you when you visit our site, unless you choose to provide such information to us.

If you visit our website to read information and do not use any of our online services, then we collect and store only the name of the domain from which you access the Internet, the date and time you access our website and the Internet address of the website from which you linked directly to our website. We may record the “IP address” assigned to you by your internet service provider as part of this process. We use the information we collect to measure the number of visitors to the different sections of our site, and to help us make our website more useful to visitors. When you visit our website, or use our electronic banking services, there may be times when you are asked to provide information about you that is personally identifiable. This information is encrypted and used internally to handle your request. This may include any of the following: your first, middle and last name, driver’s license number, your home or other physical address (including street name and name of a city or town), your e-mail address, a telephone number or social security number, account number, date of birth, mother’s maiden name, password or any other identifier that permits physical or online contact with you. Personally identifiable information might be needed or requested from you for you to register for banking or other services, or to fill out our forms or applications for services, for special promotions or contests, or to accomplish transactions you request (such as bill payment or other banking services). This may result in sharing of personally identifiable information with third parties (such as data processors or service bureaus) as part of servicing your accounts or transactions.

Web Browser Settings and Control of Personally Identifiable Information Collection
You may have the ability to activate web browser tracking settings or other mechanisms that give you the option to control the collection of personally identifiable information about your online activities over time and across third-party websites or online services. Our response to these settings and mechanisms will depend on the setting and mechanism and the impact on our collection and tracking practices. At this time, our website only tracks your activities while on our website and, unless you register with us for a service, we do not collect any personally identifiable information about you. The tracking, including information storing, is facilitated using ‘cookies’ that we place on your computer. In addition to the cookies reference above, we may also place locally stored objects on your computer (such as Adobe Flash objects, sometimes also referred to as ‘Flash cookies’), used for information security and authentication purposes. These types of cookies will not be deleted when you clear cookies from your browser. For more information on user settings and removal capabilities of these locally stored objects, refer to Adobe. If you choose not to accept cookies or remove locally stored cookies, we will not track your activity on our website; however, some features and services on our website may not be available to you.

Third Parties
When you use our website or online service, third parties acting on our behalf may collect the personally identifiable information and website activity identified above. This may include the personally identifiable information collected when you register with us for a service. Depending on the third party websites you visit, as well as any preferences and authorizations you have provided to others, your activity on our website and across other websites, including personally identifiable information you provide, may be tracked and collected by third parties. Also, third parties may offer services on our website from time to time. If you access their websites or provide them with information, these third parties may track your activity across websites and collect your personally identifiable information, all subject to the third party’s privacy and security practices.

You may also decide to communicate with us via e-mail. Please note that information sent to Heritage Bank of Commerce via e-mail is not encrypted nor is it confidential. We therefore do not recommend sending information that is non-public in nature (such as social security or tax identification numbers, account numbers, addresses or balances) or any other information you wish to remain confidential be sent to us over the internet.

To change your e-mail address or password connected with our online banking services, you must log into the online banking system. Navigate to “Profile” or “My Profile” and select the appropriate option, or you may contact us at 800-796-4777.

If you visit our website or engage in any online services that we offer, we may collect and store personally identifiable information as described above, regardless of your browser settings of Do Not Track.

Protecting Customer Information
We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.

Categories of Third-Party Persons or Entities with Whom Heritage Bank of Commerce May Share Information:

Presently, Heritage Bank of Commerce does not disclose any personally identifiable information about our customers or former customers to anyone, except as permitted by law in connection with the administration, processing, or servicing of customer accounts.

For example, this may include disclosure to a credit-reporting agency or in response to a subpoena or other legal process; disclosure to protect against fraud, and disclosure to protect and defend our rights and property or to act in an emergency or to protect someone’s safety.

As we develop our business, we may also buy and sell assets, and, depending on the transactions, your personally identifiable information may be one of the transferred assets. In the event that we are acquired by another company, your personal identifiable information may be part of the assets transferred to the acquiring party.

Changes to Our Online Privacy Policy
We may make changes to our online privacy policy at any time and from time to time. When we do so, we will post the revised online privacy notice on our website with a link at the bottom of our home page. Our home page will also have a statement notifying readers that our online privacy policy has changed and the effective date of that change.

Children’s Online Privacy Protection Act
Our website is not directed to children under the age of 13. We do not knowingly solicit data from persons under the age of 13 and we do not knowingly market to persons under the age of 13.

Security Statement
Heritage Bank of Commerce provides internet based Online Banking services through a third party Online Banking provider. The Online Banking system is operated from the Online Banking provider’s Service Bureau. The Service Bureau runs on a robust operating system using state of the art firewall technology as its first line of defense in preventing unauthorized access to any information housed.

Included in the Online Banking system is the capacity to allow only secure connections by end users. Utilizing
Transport Layer Security (TLS) encryption technology, all transmissions of web pages and data between the financial institution and its customer are completely encrypted and are unreadable to any person or group trying to “intercept” the transmission. (TLS) encryption is the industry standard and is commonly used in Internet applications that require security and privacy for sensitive data.

When clients access their account information or any other sensitive data, an encryption system is automatically activated to protect the transmission of information from unauthorized sources.

Before a client gains access to Online Banking, they are required to enter their user name and password. Without the proper login credentials, access to the Online Banking system and account information is denied.

Secure Connection
When clients are accessing their online information, the connection is automatically converted into a secure Internet communications session.

Heritage Bank of Commerce understands that security is critical to an effective online banking solution. Our online banking provider incorporates a robust firewall system along with intrusion detection and security monitoring service to offer customers secure, real-time internet banking transactions.

Regardless of the efforts, the relative infancy of the internet as a broad-based communication medium when combined with the “open” nature of the internet make it impossible to guarantee absolute confidentiality in all circumstances. However, Heritage Bank of Commerce continues to monitor and review the security procedures that are in place to protect customer information. These measures are updated as practices change and new technology becomes available.

Site Security
For site security purposes and to ensure that services remain available to all users, the computer systems at Heritage
Bank of Commerce employ software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials. Unauthorized attempts to upload or change information on this web site are strictly prohibited and may be punishable by law under the Computer Fraud and Abuse Act of 1986 and Title
18 U.S.C. Sections 1001 and 1030.

Please note that Heritage Bank of Commerce will not request any personal information from you via e-mail, nor will we initiate a telephone call and ask you to provide it. If you should receive a request for such information which appears to have come from us, please contact us immediately at 800-796-4777.

This is not a solicitation.


Effective/Last Updated January 1, 2020

Heritage Bank of Commerce (the “Bank”) and all applicable subsidiaries comply with all requirements of the California Consumer Privacy Act of 2018 (“CCPA”).

Your Right to Know About Personal Information Collected, Disclosed, or Sold

A consumer has the right to request that we disclose what personal information we collect, use, disclose, and sell.

If you wish to submit a verifiable consumer request for personal information we collect, use, disclose or sell you should do one of the following:
Call 1 (833) 996-1801;
Send an e-mail to; or
Ask your branch representative to provide you with a form for your request
When you submit a Request to Know (“RTK”), the Bank will verify your identity. We will ask you for your name, address, and other pieces of information pertinent to your request.

Collection of Personal Information (“PI”)

Below is a list of categories of personal information we have collected about consumers in the preceding 12 months. For each category identified we have also provided the categories of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information:

Categories of PI we Collect
  • Identity Data, such as name and government-issued identifier (e.g., First Name, Maiden Name, Last Name, username or similar identifier, date of birth, Social Security number);
  • Personal information Data, as defined in the California safeguards law, such as contact information and financial information (e.g., postal address, email address and telephone numbers);
  • Characteristics of protected classification data under California or federal law, such as sex and marital status;
  • Financial Data including bank account and payment card details.
  • Transaction Data including details about payments to and from your bank accounts with us or other details of products and services you have purchased from us.
  • Usage Data, including information about how you use our Site, products and services.
  • Geolocation Data, such as device location and Internet Protocol (IP) location;
  • Biometric Data, such as audio, electronic, visual and similar information, such as call and video recordings;
  • Professional or employment-related Data, such as work history and prior employer.
  • Education Data, such as student records and directory information.
Categories of Sources from Which We Collect the PI
  • Directly from a California resident or the individual’s representatives
  • Service Providers, Consumer Data Resellers and other third parties;
  • Public Record Sources (Federal, State or Local Government Sources);
  • Information from our Affiliates;
  • Website/Mobile App Activity/Social Media;
  • Information from Client Directed Third Parties or Institutions representing a Client/Prospect;
  • Information from Corporate Clients about individuals associated with the Clients (e.g., an employee or board member).
Our Business or Commercial Purpose for Collecting the PI
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • Activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business;
  • Debugging to identify and repair errors that impair existing intended functionality. Undertaking internal research for technological development and demonstration;
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
Categories of Third Parties with Whom We Share the PI
  • Affiliates of Heritage Bank of Commerce;
  • Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities;
  • Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors, who promote the bank and its financial services and products to customers and other prospective buyers
  • Other Third Parties who enable customers to conduct transactions online and via mobile devices;
  • Government Agencies as required by laws and regulations.

Disclosure or Sale of Personal Information

We have not sold any personal information about consumers in the preceding 12 months for a business or commercial purpose.

We DO NOT sell the personal information of minors under 16 years of age without affirmative authorization.

Disclosed for Business Purpose

We have disclosed personal information about consumers to third parties for a business or commercial purpose in the preceding 12 months:

Below is a list of the categories where we have shared consumer information with third parties in the preceding 12 months for Business Purposes:

Business Purposes

  • Auditing of bank records for compliance with state and federal banking regulation;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • Performing services on behalf of the Bank, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders or transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider; and
  • Undertaking internal research for technological development and demonstration.

Rights under the CCPA

Right to Request Deletion of Personal Information

You have the right to request the deletion of any personal information about you which we have collected or maintained, subject to certain exceptions.

If you wish to submit a request to delete the personal information we collected or maintain about you, you may call us at (833) 996-1801, or e-mail us at

In order to verify your identity we will ask you for information, including but not limited to personal identity and information data, and information about your relationship with Heritage Bank. Heritage Bank may contact you to confirm your identity and comply with your request.

We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Right to Opt-Out of the Sale of Personal Information

You have the right to opt out of the sale of your personal information.

Heritage Bank of Commerce does not sell your information.

Right to Non-Discrimination for the Exercise of Your Privacy Rights

You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the California Consumer Privacy Act.

Authorized Agent

You may designate an authorized agent to make a request under the California Consumer Privacy Act on your behalf by providing the agent written permission to make the request. We will verify your identity with the authorized agent.

Contact for More Information

For more information, please call us at (833) 996-1801, or e-mail us at

HBC Secure Privacy Policy

HBC Secure is an application for mobile banking that provides a seamless experience to use and manage your debit cards. Visit here to see the HBC Secure Privacy Policy.

Cookie Policy

The Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences. To see the complete Cookie Policy visit here.

Google Analytics

Like many other websites, we employ Google Analytics to collect non-personally identifiable information when available (such as age, gender and interests). Any third-party sources provide us with a summary that is statistical in nature and cannot be tracked back to a specific individual. We use this information to gauge the impact of website changes and to make improvements to our website. However, we do not facilitate the merging of your personally identifiable information with the non-personally identifiable information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.