CALIFORNIA CONSUMER PRIVACY ACT DISCLOSURE – EFFECTIVE: January 1, 2020
- LEGAL ENTITIES
- INTRODUCTION OF THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
- COLLECTION AND DISCLOSURE OF PERSONAL INFORMATION
- USE OF PERSONAL INFORMATION
- SALE OF PERSONAL INFORMATION
- RIGHTS UNDER THE CCPA
- CONTACT US
OP Bancorp is the holding company for Open Bank and is a California corporation.
Your privacy is important to us. This CCPA Disclosure explains how the legal entities listed above (“we,” “us,” “our,” or “Bank”) collect, use, and disclose Personal Information relating to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”). This California Consumer Privacy Act Disclosure (“CCPA Disclosure”) is provided pursuant to the CCPA.
Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”).
The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this CCPA Disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Privacy Notice located at https://myopenbank.com/wp-content/uploads/2019/08/COMP007-Privacy-Notice-What-Does-Open-Bank-Do-With-Your-Personal-Information-8.12.19-USE-FOR-2019.pdf.
Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural, and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether processed by us or elsewhere.
Collection & Disclosure of Personal Information
In the past 12 months, we have collected and disclosed to third parties for our business purposes the following categories of Personal Information relating to California residents covered by this CCPA Disclosure:
- Identifiers, such as name and government-issued identifier (e.g., Social Security number);
- Personal Information, as defined in the California safeguards law, such as contact information and financial information;
- Characteristics of protected classifications under California or Federal law, such as sex and marital status:
- Commercial information, such as transaction information and purchase history;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data; such as device location and Internet Protocol (IP) location;
- Audio, electronic, visual, and similar information, such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as educational background and records; and
- Inferences drawn from any of the Personal Information listed above to create a profile about (e.g., an individual’s preferences and characteristics).
The categories of sources from whom we collected this Personal Information are:
- Directly from a California resident or the individual’s representatives;
- Service Providers, Consumer Data Resellers, and other third parties;
- Public Record Sources (Federal, State, or Local Government Sources);
- Information from our Affiliates;
- Website/Mobile App Activity/Social Media;
- Information from Client Directed Third Parties or Institutions representing a Client/Prospect; and
- Information from Corporate Clients about individuals associated with the Clients (e.g., an employee or board member).
The categories of third parties to whom we disclosed Personal Information for our business purposes described in this CCPA Disclosure are:
- Affiliates of Open Bank;
- Vendors and service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities;
- Partners and third parties who provide services such as payment, banking, and communication infrastructure, storage, legal expertise, tax expertise, notaries, and auditors who promote the Bank and its financial services and products to customers and other prospective buyers;
- Other third parties who enable customers to conduct transactions online and via mobile devices, and support mortgage and fulfillment services; and
- Government agencies as required by laws and regulations.
Use of Personal Information
In the 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
- Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by us.
- Debugging to identify and repair errors that impair existing intended functionality.
- Undertaking internal research for technological development and demonstration.
- Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions).
Sale of Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this CCPA Disclosure, “sold” means the disclosure of Personal Information to a third party for monetary or other valuable consideration.
Rights under the CCPA
If you are a California resident, you have the right to:
- Request that we disclose to you, free of charge, the following information covering the 12 months preceding your request:
- Categories of Personal Information about you that we collected;
- Categories of sources from which the Personal Information was collected;
- Purpose for collecting Personal Information about you;
- Categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
- Specific pieces of Personal Information we collected about you.
- Request that we delete Personal Information we collected from you, unless the CCPA recognizes an exception; and
- Be free from unlawful discrimination for exercising your rights under the CCPA.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide Social Security numbers, driver’s license numbers, government-issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in the identify theft, fraud, or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. We will provide you with an explanation if we need additional time to process your verified request. The maximum permissible time extension can be up to an additional 45 days.
How to Exercise Your Rights
You may request access to your personal information twice in a 12-month period.
If you are a California resident, you may submit a request to us by:
- Completing a California Consumer Privacy Act Rights Request Form located at https://myopenbank.com/california-consumer-provacy-rights-request-form/ or
- Calling us at (888) 391-0002, Monday through Friday, 8:45AM to 5:45PM (PST).
Questions & Concerns
You may contact us with questions and/or concerns about this CCPA Disclosure and our practices by:
- Emailing us at OpenCCPA@myopenbank.com;
- Writing us at Open Bank, Attention: Compliance Dept., 1000 Wilshire Blvd, Suite 500, Los Angeles, CA 90017; or
- Calling us at (888) 391-0002, Monday through Friday, 8:45AM to 5:45PM (PST).
Changes to the CCPA Disclosure
We may change or update this CCPA Disclosure, at any time, without prior notice to you. When changes are made, we will post the latest revised CCPA Disclosure, with the new “EFFECTIVE” date, on this webpage.
Protecting Children’s Privacy Online
Our website(“site”) is directed to a general audience. We do not knowingly collect or use personal information from children under 13. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission(“FTC”) website http://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online
Gathering, Sharing, and Using Information
You may interact with us in a variety of ways online. We may offer websites that permit browsing and do not require registration. We may also offer the ability to access your accounts online. Information that we may collect about you through online interaction includes information that you input, such as your name, address, email address, other contact information; data resulting from your activity, such as transaction information; and location information. We may also gather additional information such as the type of device and browser you are using, the IP address of your device, information about your device’s operating system, and additional information associated with your device. We may also gather information collected through cookies, tags, and other technologies as described further below.
In addition to the uses described above, we use information for purposes as allowed by law such as: servicing; communicating with you; improving our Site, products, or services; legal compliance; risk control; information security; anti-fraud purposes; marketing or personalizing the presentation of our products and services to you; tracking website usage, such as number of hits, pages visited, and the length of user sessions in order to evaluate the usefulness of our Site; and using read-receipt notifications in our email communications.
Information on “Cookies”
Other parties that may collect information about your web browsing behavior when you use our Site are generally limited to service providers who may only use any information collected to provide services and marketing for us and not to provide services or advertising for any other party.
Do You have to Accept Cookies?
You may be able to set your browser to reject browser cookies. However, if you choose to reject cookies, you cannot access your accounts online with Open Bank Therefore, if you set your browser options to disallow cookies, you will limit the functionality we can provide when you visit our Site. The latest versions of internet browsers provide cookie management tools, such as the ability to delete or reject cookies. We recommend that you refer to information supplied by browser providers for more specific information, including how to use these tools.
Cookies is a term also used to describe other locally stored objects, such as cookies stored in an Adobe folder on your device. These cookies will not be deleted when you clear cookies from your browser. We may use this technology for purposes such as information security and fraud prevention. We do not use this technology for online behavioral advertising purposes. Please refer to information provided by Adobe for information on how to disable and control Flash objects. If you choose those options, you may limit the functionality we can provide when you visit our Site.
How We Respond to Do Not Track Signals
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a single website. For these purposes tracking refers to collecting personal identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Site is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information. For a description of Do Not Track protocols for browsers and mobile devices, or simply to learn more about the choices available to you, you can visit the All About Do Not Track website: http://allaboutdnt.com.
We may enable third parties to collect personal information in connection with our Site. As described above, we limit our use and collection of your personal information and some third-party companies may use this information for security and authentication purposes. This Policy does not apply to and we are not responsible for and collection of personal information by third parties on our Site.