Privacy
Citizens Business Bank California Privacy Notice
Online/Mobile Banking App Privacy Policy
Privacy Notice
Last updated: January 2018FACTS: WHAT DOES CITIZENS BUSINESS BANK DO WITH YOUR PERSONAL INFORMATION?
| Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
|---|---|
| What? | The types of personal information we collect and share depend on the product or service you have with us. This information can include:
|
| How? | All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Citizens Business Bank chooses to share; and whether you can limit this sharing. |
| Reasons we can share your personal information | Does Citizens Business Bank Share? | Can you limit this sharing? |
|---|---|---|
| For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
| For our marketing purposes— to offer our products and services to you | Yes | No |
| For joint marketing with other financial companies | No | We don’t share |
| For our affiliates’ everyday business purposes— information about your transactions and experiences | Yes | No |
| For our affiliates’ everyday business purposes— information about your creditworthiness | No | We don’t share |
| For nonaffiliates to market to you | No | We don’t share |
Questions? Call 888.228.2265 or go to cbbank.com
| What we do | |
|---|---|
| How does Citizens Business Bank protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings |
| How does Citizens Business Bank collect my personal information? | We collect your personal information, for example, when you
|
| Why can’t I limit all sharing? | Federal law gives you the right to limit only
|
| Definitions | |
|---|---|
| Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies.
|
| Nonaffliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|
| Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|
Citizens Business Bank California Privacy Notice
Last Updated: June 23, 2023
Information for California Residents
We collect Personal Data from Consumers and comply with the California Privacy Rights Act (“CPRA”). This California Privacy Notice applies to California residents (“Consumers,” “you,” or “your”).
For the purposes of this California Privacy Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
- Publicly available information;
- Deidentified (such as masked or truncated) or aggregated data (data related to a group or category of consumers); or
- Information otherwise excluded from the scope of the CPRA.
This Privacy Notice provides the following information to California Consumers:
- Categories of Personal Data we collect;
- Purposes for which we use Personal Data;
- Categories of Personal Data we disclose to third parties;
- Categories of third parties to which we disclose Personal Data; and
- How Consumers can exercise their rights under the CPRA:
o The rights to access, correct, or delete Personal Data; o The right to limit the use of Sensitive Personal Data in certain circumstances; and o The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.
Categories of Non-Sensitive Personal Data
The table below outlines the non-sensitive categories of Personal Data Citizens Business Bank collects about Consumers and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Data from the following sources:
- Directly from our California resident or the individual’s representative
- From our service providers
Category of Personal Data: |
| Examples |
| Identifiers may contain the following: Name, address, email, account number, date of birth, social security number, telephone number, driver’s license, state ID or passport or other similar identifier (used to identify you or as required by law), signature. |
| Purpose(s) |
| Providing and maintaining our products and services, verifying your identity, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Personal Characteristics may contain the following: Race, gender, and marital status. |
| Purpose(s) |
| Providing and maintaining our products and services. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Internet/Electronic Activity may contain the following: Browsing history, device information, search history, application use. |
| Purpose(s) |
| Providing and maintaining our products and services, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Imprecise Geolocational may contain the following: Device physical location or movements that is less precise than 1/3 mile. |
| Purpose(s) |
| Providing and maintaining our products and services, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Sensory Information may contain the following: Audio, electronic, video and similar information, such as call and video recordings. |
| Purpose(s) |
| Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data only to the extent for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Professional Information may contain the following: Work history and prior employer, salary information. |
| Purpose(s) |
| Providing and maintaining our products and services, verifying your identity, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Personal Data: |
| Examples |
| Educational Information may contain the following: School names, number of years attended. |
| Purpose(s) |
| Providing and maintaining our products and services, verifying your identity, detecting and preventing fraud. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the consumer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Categories of Sensitive Personal Data
The table below outlines the categories of Sensitive Personal Data Citizens Business Bank collects about Consumers and whether they are shared with third parties. Citizens Business Bank obtains affirmative consent from Consumers to process the Sensitive Personal Data, in compliance with applicable law.
We collect Sensitive Personal Data from the following sources:
- Directly from our consumer California resident or the individual’s representative
- Our Service Providers
Category of Sensitive Personal Data: |
| Examples |
| Government ID Data may contain the following: Social security number, passport number, driver’s license number, state identification card or similar government ID. |
| Purpose(s) |
| Providing and maintaining our products and services, verifying your identity, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the customer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Sensitive Personal Data: |
| Examples |
| Sensitive Category Data may contain the following: Age, race, gender, marital status, citizenship status. |
| Purpose(s) |
| Providing and maintaining our products and services, verifying your identity, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the customer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Category of Sensitive Personal Data: |
| Examples |
| Financial Data may contain the following: Individual’s account log-in, financial account number, or debit card number in combination with any required security or access code, password or credentials allowing access to an account. |
| Purpose(s) |
| Providing and maintaining our products and services, detecting and preventing fraud, protecting against security risks. |
| Targeted Advertising |
| We do not engage in targeted advertising or share Personal Information for targeted advertising purposes. |
| Sale |
| We do not sell Personal Information to anyone. |
| Sharing |
| This data may be shared with our Service Providers to provide banking services elected by the customer. |
| Retention Period |
| We retain this data until the customer closes their account, after which it is retained only to the extent required by applicable law or for purposes of preventing fraud. |
Use of Personal Data
We use Personal Data for the purposes described above. Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Data
We share Personal Data with the following categories of third parties:
- Service Providers: We use service providers to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
See the tables above for more details about how different categories of Personal Data are shared.
We do not sell Personal Data to anyone.
Exercising Your Personal Data Rights
California Consumers have the following rights under the California privacy laws:
- The right to know the Personal Information we have collected about them, including the categories of sources from which we collected the Personal Information, the purpose(s) for collecting, selling, or sharing your Personal Information, and the categories of third parties to whom we have disclosed your Personal Information:
- The rights to access, correct, or delete Personal Data;
- The right to limit the use of Sensitive Personal Data in certain circumstances; and
- The rights to opt out of the sharing of Personal Data for behavioral advertising, sales of personal data, or certain profiling.
- The right not to receive discriminatory treatment for exercising their privacy rights.
If you are a California Consumer, you can submit a request to exercise your personal data rights under the CPRA by visiting CCPA requests or call our toll-free number 1-888-833-9222. To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will use commercially reasonable efforts to verify your identity for this purpose. Any information you provide to authenticate your identity will only be used to process your rights request. Please be aware that we do not accept or process rights requests through other means (e.g., via fax or social media).
After submitting your request online, you will receive a follow-up email, which may include a link you must click on in order to verify your identity. If you do not click on that link, we may be unable to complete your request due to lack of verification. It is important that you provide a valid email address in order for us to be able to process your request.
We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay taking action on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions.
We reserve the right to decline to process, or charge a reasonable fee for, requests from a Consumer that are manifestly unfounded, excessive, or repetitive.
Limiting the Use of Sensitive Personal Data
The CPRA provides a right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested.
However, we only use Sensitive Personal Information for purposes that are exempt from this right, such as to provide you with services you have requested, to detect and prevent security incidents, or verifying the quality of our services. The full list of these exempt purposes are specified in California Code of Regulations, Title 11, Section 7027(m).
You may submit a request to limit the use of your sensitive Personal Data by submitting a rights request as described above.
Children’s Data
We do not knowingly collect or use the Personal Information of children under 16. If you believe that we have collected the Personal Information of a child under 16, please contact us at riskopscompliance@cbbank.com.
Authorized Agent Requests
The CPRA allows you to designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for Consumers and households.
Contact Us
If you have any questions or concerns regarding this California Privacy Notice, contact us at riskopscompliance@cbbank.com.
Online/Mobile Banking App Privacy Policy
Online banking and mobile banking services (“Services”) offer a fast, easy, and secure way to manage your finances wherever you are, including checking balances, reviewing transaction activity, paying bills, transferring money, viewing account statements, and more. Your use of, and interaction with these Services sometimes requires access to personal information. This privacy policy in combination with our other privacy policies inform you of the policies and practices regarding the collection, use, and disclosure of any personal information that we and our service providers collect from users in connection with the Services.
Personal information (“Personal Information”) means personally identifiable information such as information you provide through the Services, including name, postal or email addresses, telephone numbers, date of birth, social security number, and account numbers.
Online/Mobile Banking Personal Information We Collect
In use of the Services, we may collect Personal Information from you in the following ways:
Personal Information you provided to us:
- We may collect Personal Information from you when you create an account.
- We and our third-party service providers may collect and use Personal Information in a variety of ways as permitted by law (including the California Consumer Privacy Act, as amended by the California Consumer Privacy Rights Act) (“CPRA”).
- We also collect other types of Personal Information that you provide voluntarily, such as any information requested by us if you contact us via email regarding support for the Services.
Keeping Your Account Information Accurate and Up to Date
Keeping your account information accurate and up to date is very important. To update your account information, please contact us using one of the following options: contact your Business Financial Center, use the “Contact Us” information on our website or located on your account statement, call our Customer Service Line at 888.228.2265. You can also use the secure message function when logged into your Online Banking service, or notify us by visiting a Bank Representative at any of our locations.
How We Use the Personal Information We Collect
We may use the Personal Information provided to us by you or through the Services to facilitate use of the Services, and also for other everyday purposes, such as, among other things, to maintain your ability to access the Service, send you information about the Service, to effect, administer and enforce transactions, to perform fraud screening, to prevent actual or potential fraud and unauthorized transactions, to verify your identity, to respond to legal requirements, and to comply with applicable law.
The Personal Information we collect could include, in addition to the Personal Information items previously defined above, your application settings, contact information, financial information, tracking activity, location, camera images, contact lists, biometrics, device history, data logs, and device identifiers.
Disclosure of Your Personal Information
We may disclose your Personal Information collected through your use of the Services as described below:
- Other than as described in this Privacy Policy in connection with the Services, this Privacy Policy does not apply to the processing of the Personal Information by us or third parties to whom we share information, and that would be covered by our general Privacy Policy.
- We may share your Personal Information with third party service providers that perform services on our behalf, for the purposes described in this Privacy Policy and in the vendor contracts with such service providers.
- We may disclose your Personal Information, as necessary, to comply with Personal Information requests made by law enforcement and governmental authorities.
For further information on how your Personal Information may be shared, please review our Privacy Notice. Click Here
Do Not Track
We do not take action in response to a “do not track” configuration set in your web browser.
Your California Privacy Rights
Under California law, we will not share Personal Information we collect about you with anyone outside of Citizens Business Bank, unless the law allows such sharing for an authorized purpose as set forth under the CPRA. For example, such sharing for an authorized purpose could include for our everyday business purposes, processing your account transactions, maintaining and monitoring your account(s), responding to court orders and legal investigations, reporting to credit bureaus, or detecting any fraud or illegally activity.
Links to Other Sites
The Services may contain links to third-party websites. When you click on a third-party link, you will leave the Services and go to another site and another entity may collect Personal Information from you. The Services’ provision of a link to another website is for your convenience only and does not represent our endorsement of such other website. We have no control over, do not review, and cannot be held responsible for, these third-party websites. The terms of our privacy policy do not apply to any third-party websites, and you should carefully review the privacy policy of the third-party websites you visit. Please bear in mind that once you leave our website, that the third-party websites you visit may not have the same privacy protections and policies as we have for our website.
Visitors to Our Web Site
As a visitor to our web site, you remain anonymous, unless you register for the Services or visit our “Contact Us” page and disclose your identity to us. Although we do not collect Personal Information that identifies people who simply visit our site, we may collect certain limited information about our visitors, such as their IP address (a numeric address assigned automatically to computers and mobile devices when they access the internet).
Children’s Online Privacy Protection Act
Our web site is directed to a general audience, and is not intended for individuals under the age of thirteen (13). We do not knowingly solicit, collect or provide links to other web sites that may solicit or collect Personal Information from children under age thirteen (13).
See Children’s Internet Protection Act
Updates to this Privacy Policy
This privacy policy is subject to change from time to time. Please review periodically. If we make changes to the privacy policy, we will revise the “Last Update” date at the top of this privacy policy. Any changes to the privacy policy will become effective when we post the revised policy on our site. Your continued use of the Services following the changes shall indicate as confirmation that you have accepted the changes in the revised privacy policy. We reserve the right to alter or amend this privacy policy described herein at any time and without prior notice. The provisions of this privacy policy are for general guidance purposes only and do not constitute any kind of agreement, nor does it amend or modify any agreement we currently have with our customers.
Contact Us
If you have any questions or comments about this privacy policy, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Citizens Business Bank P.O. Box 51-400 Ontario, CA 91761 Email: Customersupport@cbbank.com Telephone Number: 888.228.2265
Security Information
Security Statement
At Citizens Business Bank, we take your online protection, safety, and security seriously. Our Online Banking platform utilizes industry-recognized security technologies including SHA256 encryption and hashing technology. Encryption helps keep transactions secure and private.
Secure Access and Verifying User Authenticity
Your access to our online banking platform is secured with several layers of authentication including Multi-Factor Authentication (MFA). Requests filter through a firewall as they reach the server. A firewall is a device which blocks and directs traffic coming to and from the server passing only acceptable data requests, such as retrieving web pages or sending customer requests to the bank.
Cookies
We will occasionally use a “cookie” for the purpose of providing improved service. A cookie is a small bit of information given to your browser by a website, which can later be retrieved. A cookie is a way for a website to recognize whether you have visited the site before. The use of cookies makes your online experience easier and more personal. Most cookies last only through a single session, or visit. Your web browser can be set to inform you when cookies are set or to prevent them from being set. However, if you elect to prevent cookies from being set, some web banking functions may not work properly.
Email Security
Internet email may not be secure. When sending an e-mail to us, do not provide sensitive or confidential information (i.e. an account number or Social Security Number). You may contact our Client Services at 888.228.2265 (toll-free) during business hours, Monday through Friday between 8:00 AM to 6:00 PM, or visit your local Business Financial Center if you need assistance.
Linking to Other Sites
We may provide links to other websites that are not controlled by Citizens Business Bank. If you choose to click on a link to websites that are not controlled by Citizens Business Bank, we are not responsible for the privacy or security of these sites. You are encouraged to review the website’s privacy policy before providing any personal information. In addition, Citizens Business Bank does not guarantee the products, information or recommendations provided by these sites.
Aggregation Sites
Aggregation sites are internet sites that allow you to consolidate account information from several sources on one site. To do this, an aggregation provider may request access to your personal financial information. You should ensure that the aggregator company has adequate controls to protect the privacy and security of any information you provide or to which they are gaining access, and that you trust the aggregator company.
If you provide information about your Citizens Business Bank accounts to an aggregator company, we will consider that you have authorized all transactions initiated by an aggregation site using access information you provide, whether you were aware of a specific transaction or not. If you decide to revoke the authority you have given an aggregator company, it is important that you notify us to ensure that you may continue to access your account.
Risk of Unauthorized Access Awareness and Mitigation
The Bank offers certain customers online banking services that provide the ability to access account information and transfer funds electronically. One of the risks associated with online banking is unauthorized access, which could result in the unintentional exposure of sensitive account information and the unauthorized origination of electronic transactions. Unauthorized access could lead to significant losses.
One commonly used method for cybercriminals to gain access to your computer – and possibly your online banking and electronic funds transfer services – is through the download of malicious software (malware) to your computer system. An individual clicking on a compromised website, link or email attachment can inadvertently trigger the download of malware onto the victim’s computer. Malware may perform any number of sinister attacks, including quietly capturing every keystroke a victim makes on his or her computer keyboard, which is then automatically transmitted to the cybercriminal who originated the attack. If any captured keystrokes include the victim’s online banking credentials, the cybercriminal may thereby gain access to the victim’s online banking services, which could allow the cybercriminal to view sensitive account information and create unauthorized funds transfer or other electronic transactions.
The risk of fraud can be mitigated by, among other things, you establishing a sound internet use policy and taking steps to prevent malicious software from being loaded on your or your employees computer(s), which may include but is not limited to (i) employing firewalls, (ii) daily updates to your antivirus/anti-malware software, (iii) restricting individual access to computers used for online banking, (iv) restricting internet access and websites available to computers used for online banking, (v) locking down and password-protecting wireless networks, (vi) dedicating a computer for only online banking purposes (vii) utilizing Multi-Factor Authentication (MFA), (viii) and utilizing dual approval for transactions. All of these strategies should be implemented when utilizing online banking services, particularly when originating funds transfer or other electronic transactions. In addition, you should review on a daily basis all your account balances and detailed transactions and report any suspicious activity to the Bank immediately.
We recommend that you implement as many of the above recommended procedures and tools as possible in order for you to reduce your risk of being victimized by fraud. It is important to note that while these practices can significantly mitigate the risk of unauthorized access, there are no foolproof methods to completely eliminate all the risks and all the exposure to loss.
Also, please consider the following:
Keep in mind that Citizens Business Bank WILL NEVER ASK YOU FOR YOUR CONFIDENTIAL CREDENTIALS, ACCESS CODES, OR OTHER SECURITY PROCEDURES. If you receive an e-mail, text message, or phone call that looks like it came from our Bank, but asks you for this type of information, you should not respond and you should immediately report the incident to the Bank’s Client Services at 888.228.2265. The sender or caller is not from our Bank and is likely a criminal.
You should conduct a periodic risk assessment of your environment as it relates to internet access, online banking, and funds transfers, especially ACH and Wire transfers. Most customers find the potential risk exposure high enough to justify the cost of using outside technology and risk management experts to assist them. The assessment should assess your overall internet exposure, online banking exposure, and existing mitigation systems (such as procedural, technical, and administrative safeguards that you use). We ask that, if not already employed, you again consider the recommended best practices as previously mentioned above that can help reduce the risks of fraud and losses associated with Internet access, online banking, and electronic funds transfers.
No system or set of systems provides complete security, yet the risks of fraud can be significantly reduced when customers use the risk mitigation strategies and tools referenced above. Please feel free to contact Client Services at 888.228.2265, and a subject matter expert would be happy to explain these strategies in more detail. Your risk of unauthorized funds transfer activity can be significantly higher if you choose to forgo the risk mitigation strategies and tools offered by the Bank or outside experts as mentioned above.