Privacy Policy

Policy Statement

The Open Bank Online Privacy Policy(“Policy”) applies to your interaction with Open Bank “our”,”we”,”us”) through any online site owned and controlled by Open BankOpen Bank maintains other privacy policies and statements which may also apply in addition to the terms of this Policy. These include the Open Bank Privacy Notice and the below Protecting Children’s Privacy Online statement.

CALIFORNIA CONSUMER PRIVACY ACT ("CCPA”) NOTICE

CONTENTS

  1. LEGAL ENTITIES
  2. APPLICABILITY
  3. INTRODUCTION OF THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
  4. COLLECTION AND DISCLOSURE OF PERSONAL INFORMATION
  5. USE OF PERSONAL INFORMATION
  6. SALE OF PERSONAL INFORMATION
  7. HOW LONG WE RETAIN PERSONAL INFORMATION
  8. RIGHTS UNDER THE CCPA
  9. CONTACT US


Legal Entities
OP Bancorp is the holding company for Open Bank and is a California corporation.

Applicability
Your privacy is important to us. This CCPA Notice explains how the legal entities listed above (“we,” “us,” “our,” or “Bank”) collect, use, and disclose Personal Information relating to California residents covered by the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”). This “Notice” constitutes our notice at collection and our privacy policy pursuant to the CCPA..

Employee and Job Candidate Data
Our employees, contingent workers, and prospective employees (job applicants) that live in California have the same rights over their employment and job application data. We do not sell or share any employment or job applicant data with anyone other than third-party service providers necessary to complete requested services such as payroll and benefits management, background checks through vendors, and others.

Business-to-Business (“B2B”) Data
In the course of business with clients, service providers, vendors and others, we may collect personal data from California-residents solely because they are employees of vendors (potential or actual), clients(potential or actual), and other business partners. These individuals have the same rights over their personal data as other California consumers.
We do not sell or share any personal information, including “business-to-business” data, with anyone other than necessary third parties that are essential to completing the business between us.

Introduction
Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”). The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this CCPA Notice does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Privacy Notice located at https://myopenbank.com/wp-content/uploads/2025/09/Privacy-Notice-9.12.25-Final.pdf. Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural, and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether processed by us or elsewhere.

Collection & Disclosure of Personal Information
We collect and disclose to third parties for our business purposes the following categories of Personal Information relating to California residents: Identifiers, such as name, unique personal identifiers, online identifiers, Internet Protocol address, email address, and government-issued identifier (e.g., Social Security number, driver’s license number);

  • Personal Information categories listed in the California Custom Records statue (CA Civ. Code §1798.80(e));
  • Characteristics of protected classifications under California or Federal law, such as age, sex and marital status;
  • Commercial information, such as transaction information and purchase history;
    Biometric information;
  • Internet or network activity information, such as browsing history and interactions with our website;
  • Geolocation data, such as device location and Internet Protocol (IP) location;
  • Sensory data; such as audio, electronic, visual, and similar information (e.g. call and video recordings);
  • Professional or employment-related information, such as work history and prior employer;
  • Non-public education information, such as educational background and records; and
  • Inferences drawn from any of the Personal Information listed above to create a profile about (e.g., an individual’s preferences and characteristics).

The categories of sources from whom we collected this Personal Information are:

  • Directly from a California resident or the individual’s representatives;
  • Service Providers, Consumer Data Resellers, and other third parties;
  • Public Record Sources (Federal, State, or Local Government Sources);
  • Information from our Affiliates;
  • Website/Mobile App Activity/Social Media;
  • Information from Client Directed Third Parties or Institutions representing a Client/Prospect; and
  • Information from Corporate Clients about individuals associated with the Clients (e.g., an employee or board member).

The categories of third parties to whom we disclosed Personal Information for our business purposes are::

  • Affiliates of Open Bank;
  • Vendors and service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities;
  • Partners and third parties who provide services such as payment, banking, and communication infrastructure, storage, legal expertise, tax expertise, notaries, and auditors who promote the Bank and its financial services and products to customers and other prospective buyers;
  • Other third parties who enable customers to conduct transactions online and via mobile devices, and support mortgage and fulfillment services; and
  • Government agencies as required by laws and regulations.

Use of Personal Information
In the 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:

  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
  • Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
  • Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by us.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Undertaking internal research for technological development and demonstration.
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions).
  • For employees and job applicants, data may be disclosed to third parties where required by law or to our employees, contractors, designated agents or third-party service providers who require such information to assist us with administering the employment relationship with you, including third-party service providers who provide services to us on our behalf. Third-party service providers may include, but are not limited to, payroll processors, benefits administration providers, and data storage or hosting providers. These third-party service providers may be located outside of California.

Sale of Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this CCPA Notice, “sold” means the disclosure of Personal Information to a third party for monetary or other valuable consideration.

How Long We Retain Personal Information
We will store your personal information for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the information; the potential risk of harm from unauthorized use or disclosure of the information; the purposes for which we process the information and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal information from our systems and records.

Rights under the CCPA
If you are a California resident, you have the right to:

  1. Request that we disclose to you, free of charge, the following information covering the 12 months preceding your request:
    • Categories of Personal Information about you that we collected;
    • Categories of sources from which the Personal Information was collected;
    • Our business or commercial purpose for collecting Personal Information about you;
    • Categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you;
    • Specific pieces of Personal Information we collected about you; and
    • If we disclosed your personal information for a business purpose, a list identifying the personal information categories that each recipient obtained.
  1. Request that we delete Personal Information we collected from you, unless the CCPA recognizes an exception;
  2. Request that we correct inaccurate Personal Information we have about you, and
  3. Be free from unlawful discrimination for exercising your rights under the CCPA.

We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights.
We will advise you in our response if we are not able to honor your request.
We will not provide Social Security numbers, driver’s license numbers, government-issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in the identify theft, fraud, or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days.. We will provide you with an explanation if we need additional time to process your verified request. The maximum permissible time extension can be up to an additional 45 days (maximum of 90 days). We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a fee estimate before completing your request.

How to Exercise Your Rights
You may request access to your personal information twice in a 12-month period. Provide to us sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized agent. Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

If you are a California resident, you may submit a request to us by:

  1. Completing a California Consumer Privacy Act Rights Request Form located at https://myopenbank.com/california-consumer-privacy-rights-request-form/ or
  2. Calling us at (888) 391-0002, Monday through Friday, 8:45AM to 5:45PM (PST).

Authorized Agents
If you are a California resident, you may authorize an agent to make an access or deletion request on your behalf. A California resident’s authorized agent may make a request on behalf of the California resident by contacting us at the toll-free number or website listed above. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

  • For an individual (“requestor”) making a request on behalf of a California resident:
    • The requestor’s name; contact information; social security or individual taxpayer identification number; date of birth; and Driver’s License, State ID, or Matricula Card.
    • The name; contact information; social security or individual taxpayer identification number; date of birth; and Driver’s License, State ID, or Matricula Card of the California resident on whose behalf the request is being made.
    • A document to confirm that the requestor is authorized to make the request. We accept as applicable, a copy of a power of attorney, legal guardianship or conservatorship order, or a birth certificate of a minor if the requestor is the custodial parent.
  • For a company or organization (“legal entity requestor”) making a request on behalf of a California resident:
    • The legal entity requestor’s active registration with the California Secretary of State.
    • Proof that the California resident has authorized the legal entity requestor to make the request. We accept as applicable, a copy of power of attorney, or legal guardianship or conservatorship order.
    • The name; contact information; social security or individual taxpayer identification number; data of birth; and Driver’s License, State ID, or Matricula Card of the California resident on whose behalf the request is being made. From the individual who is acting on behalf of the legal entity requestor, proof that the individual is authorized by the legal entity requestor to make the request. We accept a letter on the legal entity requestor’s letterhead, signed by an officer of the organization. We provide a template to use via the URL provided above for making requests.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level of quality of goods or services.
  • Suggest that you receive a different price or rate for goods or services or a different level or quality of goods or serves.

Questions & Concerns
You may contact us with questions and/or concerns about this CCPA Notice and our practices by:

  1. Emailing us at OpenCCPA@myopenbank.com;
  2. Writing us at Open Bank, Attention: Compliance Dept., 1000 Wilshire Blvd, Suite 500, Los Angeles, CA 90017; or
  3. Calling us at (888) 391-0002, Monday through Friday, 8:45AM to 5:45PM (PST).

Changes to the CCPA Notice
We may change or update this CCPA Notice, at any time, without prior notice to you. Date Last Updated: July 25, 2023

Protecting Children’s Privacy Online

Our website(“site”) is directed to a general audience. We do not knowingly collect or use personal information from children under 13. For more information about the Children’s Online Privacy Protection Act (COPPA), visit the Federal Trade Commission(“FTC”) website https://consumer.ftc.gov/articles/protecting-your-childs-privacy-online.

 

Gathering, Sharing, and Using Information

You may interact with us in a variety of ways online. We may offer websites that permit browsing and do not require registration. We may also offer the ability to access your accounts online. Information that we may collect about you through online interaction includes information that you input, such as your name, address, email address, other contact information; data resulting from your activity, such as transaction information; and location information. We may also gather additional information such as the type of device and browser you are using, the IP address of your device, information about your device’s operating system, and additional information associated with your device. We may also gather information collected through cookies, tags, and other technologies as described further below.

In addition to the uses described above, we use information for purposes as allowed by law such as: servicing; communicating with you; improving our Site, products, or services; legal compliance; risk control; information security; anti-fraud purposes; marketing or personalizing the presentation of our products and services to you; tracking website usage, such as number of hits, pages visited, and the length of user sessions in order to evaluate the usefulness of our Site; and using read-receipt notifications in our email communications.

Collected Information:
We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device’s geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).

Information on “Cookies”

Cookies are pieces of data stored on your device. Browser cookies are assigned by a web server to the browser on your device. When you return to a site you have visited before, your browser gives this data back to the server. Mobile applications may also use cookies.

We use cookies and information gathered through their use to make your experience with Open Bank and certain other sites richer and more personalized based on the products, services, or other interaction you have with us and other sites. Information gathered through use of cookies may be used to make offers to you via advertising(“ads”, “ad”), email, US mail, or telephone, subject to the privacy preferences you have on file with Open Bank  We also use cookies, sometimes in conjunction with service providers, in online advertising either on our own Site or on third party sites to help determine which of our advertisements are most likely to appeal to you. We respect consumers’ ability to exercise choice in receiving ads on third party sites. We honor your choice as follows: for advertising placed on third-party sites, we participate in the program utilizing the Advertising Options Icon. If you receive an ad delivered on a third party site in part based on information gathered through the use of cookies, you may opt out of receiving such ads by clicking the displayed icon and following the instructions or by visiting aboutads.info. This opt-out works via cookies, so if you delete cookies, use a different device, or change web browsers, you will need to opt out again. Please note that we respect your choice via participation in the Advertising Options Icon (https://youradchoices.com/) program. Industry standards are currently evolving and we may not separately respond to or take any action with respect to a “Do Not Track” configuration set in your internet browser.

Other parties that may collect information about your web browsing behavior when you use our Site are generally limited to service providers who may only use any information collected to provide services and marketing for us and not to provide services or advertising for any other party.

We also use cookies for purposes such as maintaining continuity during an online session; gathering data about the use of our site and anti-fraud and information security purposes.

Do You have to Accept Cookies?

You may be able to set your browser to reject browser cookies. However, if you choose to reject cookies, you cannot access your accounts online with Open Bank  Therefore, if you set your browser options to disallow cookies, you will limit the functionality we can provide when you visit our Site. The latest versions of internet browsers provide cookie management tools, such as the ability to delete or reject cookies. We recommend that you refer to information supplied by browser providers for more specific information, including how to use these tools.

Additional Cookies

Cookies is a term also used to describe other locally stored objects, such as cookies stored in an Adobe folder on your device. These cookies will not be deleted when you clear cookies from your browser. We may use this technology for purposes such as information security and fraud prevention. We do not use this technology for online behavioral advertising purposes. Please refer to information provided by Adobe for information on how to disable and control Flash objects. If you choose those options, you may limit the functionality we can provide when you visit our Site.

How We Respond to Do Not Track Signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a single website. For these purposes tracking refers to collecting personal identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, this Site is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your personal information. For a description of Do Not Track protocols for browsers and mobile devices, or simply to learn more about the choices available to you, you can visit the All About Do Not Track website: Thank you for visiting AllaboutDNT.com - Future of Privacy Forum (fpf.org).

We may enable third parties to collect personal information in connection with our Site. As described above, we limit our use and collection of your personal information and some third-party companies may use this information for security and authentication purposes. This Policy does not apply to and we are not responsible for and collection of personal information by third parties on our Site.

What does Open Bank do with Your Personal Information?

Click the button below to download and read Open Bank’s Privacy Notice.

Download Open Bank’s Privacy Notice

If you cannot read the downloaded document,
please download Adobe Acrobat Reader here to read the document.

Download Adobe Reader