California Consumer Privacy Act Notice (CCPA)

Applicability¶

Your privacy is important to us. This California Consumer Privacy Act Disclosure (download a printable copy) explains how American Riviera Bank (“Company,” “we,” or “us”) collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”).

Introduction¶

Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident.

The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our US Consumer Privacy Notice.

Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.

Collection of Personal Information¶

We collect, for our business purposes, certain personal information to provide financial products and services, and for employment purposes. In the past 12 months, we have collected and disclosed:

• Identifiers: name and government-issued identifier (e.g., Social Security number, legal first name, last name, etc.);
• Personal information: defined in the California safeguards law, such as contact information and financial information (email address, current address, phone number, date of birth)
• Characteristics of protected classifications under California or federal law: includes sex and marital status, or beneficiary information;
• Purchase information: includes transaction information and purchase history;
• Biometric information: includes fingerprints and voiceprints;
• Internet or network activity information: browsing history and interactions with our website;
• Geolocation data: includes device location and Internet Protocol (IP) address;
• Audio, electronic, visual and similar information: call and video recordings;
• Professional or employment-related information: includes work history and prior employer as part of your employment with American Riviera Bank;
• Education information: may include student records or directory information; and
• Inferences drawn from any of the Personal Information listed above: used to create a profile or biography about, for example, an individual’s background and qualifications, social media URL, etc.

Sources of Personal Data¶

The categories of sources from whom we collected this Personal Information are:

• Directly from a California resident or the individual’s representatives through paper applications, telephone or electronic means.
• Service Providers and other third parties to provide products and services or process transactions requested by you, or transfers of sales and assets.
• Public Record Sources (Federal, State or Local Government Sources)
• Information from Corporate Clients about individuals associated with the Clients (e.g., an employee or board member)
• Outside companies we used to support Human Resources and workforce management activities

Categories of Third Parties¶

The categories of third parties to whom we disclosed Personal Information for our business purposes described in this privacy disclosure are:

• Vendors and Service Providers who provide services such as information technology and related infrastructure, customer service, email delivery, and auditing
• Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors, who promote the bank and its financial services and products to customers and other prospective buyers
• Other Third Parties who enable customers to conduct business online and via mobile devices
• Government Agencies as required by laws and regulations
• Outside companies in connection with routine or required reporting, including consumer reporting agencies

Use of Personal Information¶

In the past 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:

• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
• Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business.
• Debugging to identify and repair errors that impair existing intended functionality.
• Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions)

Sale of Personal Information¶

In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.

Requests under the CCPA¶

If you are a California resident, you have the right to:

1. Request we disclose to you free of charge the following information covering the 12 months preceding your request:
   1. the categories of Personal Information about you that we collected;
   2. the categories of sources from which the Personal Information was collected;
   3. the purpose for collecting Personal Information about you;
   4. the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
   5. the specific pieces of Personal Information we collected about you;
2. Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception; and
3. Be free from unlawful discrimination for exercising your rights under the CCPA

Responding to Requests¶

Privacy and data protection laws, other than the CCPA, apply to much of the Personal Data that we collect, use, and disclose. When these laws apply, Personal Data may be exempt from, or outside the scope of, Access Requests and Deletion Requests. For example, information subject to certain federal privacy laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability, is exempt from CCPA Requests. As a result, in some instances, we may decline all or part of an Access Request or Deletion Request related to Personal Data exempt from CCPA Requests. This means that we may not provide some or all of this Personal Data when you make an Access Request. Also, we may not delete some or all of this Personal Data when you make a Deletion Request.

As examples, our processing of or response to an Access Request or Deletion Request may not include some or all of the following Personal Data:

• Consumer Accounts. Personal Data connected with consumer accounts used for personal, family, or household purposes. We have other privacy notices providing certain information on use and sharing of this data, for example, the Consumer Privacy Notice.

• Employment. Personal Data about an individual who is a current or former employee or job applicant, and we use that Personal Data within the context of that individual’s role as a current or former employee or job applicant.

• Business-to-Business Relationships. Certain Personal Data we collect in the course of providing a product or service to another business, or in the course of receiving a product or service from another business.

The types of Personal Data described above are examples. We have not listed all types of Personal Data that may not be included when we respond to or process Access Requests or Deletion Requests.

In addition to the above examples, we may not include Personal Data when we respond to or process Access Requests or Deletion Requests when the CCPA recognizes another exception. For example, we will not provide the Personal Data about another individual where doing so would adversely affect the data privacy rights of that individual. As another example, we will not delete Personal Data when it is necessary to maintain that Personal Data to comply with a legal obligation.

How to Make Requests¶

If you are a California resident, you may submit a request by:

1. Emailing [email protected]

1. Calling 805 965 5942

We will ask you to provide the following information to identify yourself:

• Name, contact information, social security or individual taxpayer identification number, date of birth; and
• A copy of government issued photo ID. We accept your Driver’s license, State ID, or Matricula Card.

When you make a request, we will attempt to verify that you are who you say you are. For example, we will attempt to match information that you provide in making your request with other sources of similar information to reasonably verify identity.

Questions or Concerns¶

You may contact us with questions or concerns about this Disclosure and our practices by:

Writing us at:

American Riviera Bank
Attn: Compliance
P.O. Box 329
Santa Barbara, CA 93102

Emailing us at [email protected]

Changes to This California Consumer Privacy Act Disclosure¶

We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page with a new “Last Updated” date.