California Disclosures and Privacy Policy (“California Privacy Policy”)
January 1, 2023
At El Dorado Savings Bank, protecting the privacy of your personal information ("PI") is important to our staff and management. We value your business and the trust you put in El Dorado Savings Bank.
To offer you the financial products and services you seek we collect, maintain, and use information about you on a routine basis. To help you better understand how your PI is protected at El Dorado Savings Bank and your rights under the California Consumer Privacy Act of 2018 ("CCPA") and the California Privacy Rights Act of 2020 (CPRA), we are providing you with this CCPA Privacy Policy.
Collectively, we refer to this as our "CCPA Privacy Policy". This CCPA Privacy Policy applies to all our consumers.
CCPA Employee Privacy Policy | CCPA Request Form | CCPA Request Webform
The State of California requires that we provide privacy information for individuals who reside in California. If you do not reside in California, the provisions of this California Privacy Policy will not apply to you.
For California residents, here is a summary of what you will learn from this California Privacy Policy:
1.) Personal Information We Collect
1.1) Personal information does not include
1.2) Categories of personal information collected
1.3) How we obtain your personal information
1.4) How we use your personal information
1.5) How long we retain your personal information
1.6) Who we disclose your personal information with
1.7) Sale of personal information
1.8) Sharing of personal information
1.9) Employees / Former Employees / Applicants
2.) Your rights under the CCPA
2.1) Right to Know
2.2) Right to Delete
2.3) Right to Correct
2.4) Right to Limit Use of Sensitive Personal Information
2.5) Right to Opt-Out and How to Submit an Opt-Out Request
2.6) Right to Non-Discrimination
3.) Submitting a Request to Know, Request to Delete or Request to Correct
3.1) How to submit a request
3.2) Authorized agents
3.3) Response timing and delivery method
4.) Social Media
5.) Do Not Track
6.) Changes to California Privacy Policy
7.) How to contact us
Below is the legal information we are required to share:
The California Privacy Policy supplements the information contained in the general Privacy Policy of El Dorado Savings Bank, and all of its operating affiliates and subsidiaries, and the website www.eldoradosavingsbank.com (collectively, “El Dorado,” “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt these California Disclosures and Privacy Policy to comply with California privacy laws. Any terms defined in the California Consumer Privacy Act (CCPA) have the same meaning when used in this California Privacy Policy.
1.) PERSONAL INFORMATION WE COLLECT
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual consumer, device, or household (“personal information”).
1.1) Personal information does not include
Personal information does not include the following:
- Publicly available information from government records
- De-identified or aggregated consumer information
- Information exempt from the CCPA, such as personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), and California Financial Information Privacy Act (CalFIPA).
AS A COURTESY, THE FOLLOWING DISCLOSURES INCLUDE INFORMATION THAT IS EXEMPT FROM CCPA. THE COURTESY DISCLOSURES ARE MADE WITH A RESERVATION OF ALL RIGHTS THAT WE HAVE UNDER CCPA.
1.2) Categories of Personal Information We Collect
We collect the following categories of personal information:
- “Sensitive Personal Information” such as Social Security numbers (SSNs), Driver’s license, financial account or card numbers, Precise geolocation, Racial and ethnic characteristics, Religious and philosophical beliefs, Union membership, Contents of mail, email and text messages, Genetic and biometric data.
- “Identifiers” such as name, alias, address, unique identifier, internet protocol address, email address, account number, Social Security Number, or government identification number;
- “Other Personal Information” such as name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories;
- “Protected Characteristics” under California or federal law for classifications such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status;
- “Commercial Information” such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- “Internet or Network Activity” such as browsing history, search history, information on a consumer's interaction with a website, application, or advertisement;
- “Biometric Information” such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or gait;
- “Geolocation” such as physical movements or location;
- “Sensory Data” such as audio, electronic, or visual information when you participate in telephone screens or video interviews with us;
- “Professional or Employment Related Information” such as current or past job history or performance evaluations; and
- “Inferences” such as profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
1.3) How We Obtain Your Personal Information
Directly from you |
You enter or provide us with information online, by email, by phone, or by document upload.
For example, when you apply for an account, show us your government issued ID, or setup payment processing details.
|
From internet searches or social media |
Depending on the product or service that you request, we may collect information from internet searches and/or social media. |
Directly and indirectly from you based on activity on our website |
For example, from submissions through our website or website usage details collected automatically. |
From vendors that interact with us in connection with the products and services we provide |
For example, companies that work with us to market our products to you, credit reporting agencies, or other vendors that provide data we use in protecting you and our products from fraud and identity theft. |
1.4) How We Use Your Personal Information
We may collect, use, or disclose the personal information we collect for one or more of the following purposes:
- Performing services such as maintaining or servicing accounts, providing customer service, processing, or fulfilling transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, providing storage, or providing similar services on behalf of us or our mortgage lender clients. Examples of such activities:
- To fulfill or meet the reason for which the information is provided.
- To provide you with information, products, or services that you request from us.
- To provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- Undertaking internal research for technological development and demonstration.
- Debugging to identify and repair errors that impair existing intended functionality.
- Helping to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for these purposes.
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Short-term, transient use, provided the consumer's personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with the business.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
- To comply with our legal or regulatory obligations.
We will not collect additional categories of personal information or use the personal information we collected - including Sensitive Personal Information - for materially different, unrelated, or incompatible purposes without providing you notice.
1.5) How Long We Retain Your Personal Information
Based on contractual requirements and/or legal requirements, personal information is maintained for a specified period of time, as required by legal, regulatory, or industry requirements. Additional information such as emails and vendor agreements are maintained for business purposes for an indefinite amount of time.
1.6) Who We Disclose Your Personal Information To
We may disclose your personal information to a service provider, contractor, or third party. When we disclose personal information to a service provider or contractor, we enter a contract that describes the purpose and requires the service provider to keep that personal information confidential and not use it for any purpose except performing the contract or as otherwise allowed under the CCPA. We disclose personal information to third parties as follows:
- With account servicing systems, wire transfer vendors, payment processors, and fraud prevention vendors, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Geolocation, Biometric Data, Internet and Network Activity.
- With appraisers, we disclose Identifiers, Other Personal Information.
- With title and escrow companies, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Inferences.
- With credit reporting agencies and dispute vendors, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Inferences.
- With identity verification and contract formation vendors, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, and Protected Characteristics.
- With shipping providers, we disclose Identifiers and Other Personal Information.
- With our data analytics, network monitoring services, and incident response providers, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.
- With word processing, communication applications, and calendar providers, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.
- With our advisors such as lawyers, accountants, auditors, banks/lenders, insurers, and consultants, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.
- With our governmental and regulatory agencies, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.
- With law enforcement, government entities, courts, and pursuant to legal process where required by law, we disclose Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Information, Geolocation, Sensory Data, Professional or Employment Related Information, and Inferences.
1.7) Sale of Personal Information:
We do not sell your personal information. We do not sell the personal information of minors under 16 years of age without affirmative authorization.
1.8) Sharing of Personal Information:
We do not share your personal information. Our site is not intended for or directed to minors. We do not knowingly share the personal information of minors under 16 years of age. (“Sharing” is means the disclosure of personal information for cross-contextual behavioral advertising.)
1.9) Employees / Former Employees / Applicants:
If you are an employee, former employee, owner, officer, director, emergency contact, beneficiary, or job applicant with El Dorado, please visit our California Employee Privacy Policy for information on your rights and how to exercise those rights. This information was previously provided to you in relation to your employment or application for employment.
2.0) YOUR RIGHTS UNDER THE CCPA
The CCPA provides California residents with specific rights regarding their personal information - the Right to Know, the Right to Delete, the Right to Correct, the Right to Limit use of Sensitive Personal Information, the Right to Opt-Out of the Sale of Personal Information or Sharing of Personal Information, and the Right to Non-Discrimination. This section describes your CCPA rights and explains how to exercise those rights, if applicable.
2.1) Right to Know:
You have the right to request that we disclose certain information to you about our collection, use, and disclosures of your personal information (“Right to Know”). Once we receive and verify your request, we will disclose to you:
- Categories of Personal Information Collected, Disclosed, Sold, and/or Shared
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- If we disclosed your personal information for a business purpose, the categories of personal information shared with each category of third-party recipients.
- If we sold or shared your personal information for cross-contextual behavioral advertising, the categories of personal information sold or shared.
- Specific Information
- The specific pieces of personal information we collected about you.
We may deny your Request to Know if we are unable to verify your identity or have reason to believe that the request is fraudulent. We may also deny your request if the personal information is subject to an exemption under FCRA, GLBA, CalFIPA, or DPPA.
2.2) Right to Delete:
You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete, de-identify, or aggregate your personal information (and direct our service providers to do the same), unless an exception applies.
We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business's ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses' deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business.
- Comply with a legal obligation.
Otherwise use the consumer's personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
Additionally, we may deny your Request to Delete if we are unable to verify your identity or have reason to believe that the request is fraudulent. We may also deny your request if the personal information is subject to an exemption under FCRA, GLBA, CalFIPA, or DPPA.
2.3) Right to Correct:
You have the right to request that we correct your personal information if it is inaccurate (Right to Correct). Once we verify your identity and confirm that your personal information is inaccurate, we will correct your personal information (and direct our service providers to do the same).
We may deny your Request to Correct if we are unable to verify your identity or have reason to believe that the request is fraudulent. We may also deny your request if the personal information is subject to an exemption under FCRA, GLBA, CalFIPA, or DPPA.
2.4) Right to Limit the Use of Sensitive Personal Information:
You have the right to direct a business that collects your sensitive personal information to limit its use to uses which are necessary to perform the services or provide the goods reasonably expected. However, we only use Sensitive Personal Information as exempt from the CCPA; to provide the goods and services requested by you; to prevent, detect, and investigate security incidents; to resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for such actions; to ensure people’s physical safety; to perform services on our behalf; to verify or maintain the quality or safety of our products, services, and devices.
2.5) Right to Opt-Out and How to Submit a Request to Opt-Out
The CCPA gives consumers the right to opt-out of (1) the sale of their personal information, (2) the sharing of their personal information for cross-context behavior advertising, or (3) for use in automated decision making. As explained in the following sections, the right to opt out does not apply to our practices.
2.5.1) Sale of Personal Information
We do not sell your personal information. We do not sell the personal information of minors under 16 years of age without affirmative authorization.
2.5.2) Sharing Information for Cross-Contextual Behavioral Advertising
We do not share your personal information. Our site is not intended for or directed to minors. We do not knowingly share the personal information of minors under 16 years of age.
2.5.3) Automated Decision Making
The CCPA gives consumers the right to opt-out of the use of automated decision-making technology in connection with decisions about the consumer’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. However, we do not use automated decision-making technology for personal information that is not covered by FCRA, GLBA, and CalFIPA.
2.6) Right to Non-Discrimination:
We will not discriminate against California residents for exercising any CCPA rights. We will not deny goods or services, charge different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide a different level or quality of goods or services, suggest that the California resident may receive a different price or rate for goods or services or a different level or quality of goods or services, unless allowed under the CCPA for a non-discriminatory reason.
3.) SUBMITTING A REQUEST TO KNOW, REQUEST TO DELETE, REQUEST TO CORRECT
3.1) How to submit a request:
To make a Request to Know, Request to Delete or Request to Correct, please contact us by either:
- Calling us at: (800) 222-8999,
- Submitting a CCPA Request webform, and uploading the Declaration Form, and supporting documents,
- Or submitting in person a paper Request Form, along with the attached Declaration and supporting documents, at any of our branch locations.
Only (1) you or (2) a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a request on behalf of your minor child.
You may only make a Request to Know twice within a 12-month period.
A Request to Know, Request to Delete, or Request to Correct must:
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- If you are submitting a Request to Know specific pieces of personal information, you will need to submit a declaration under the penalty of perjury confirming you are only requesting information about yourself.
3.2) Authorized Agents
Before we can respond to a Request to Know, Request to Delete, or Request to Correct submitted by an authorized agent, we need to verify not only that person or entity’s authority to act on your behalf but also verify the identity of the authorized agent.
If you are authorized to submit a request on behalf of a California resident, please email us at: CCPA@eldoradosavings.com and provide the following information:
- To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
- Written permission from the California resident, or
- A valid power of attorney
- To verify your identity, please attach copies of the following to your request email:
- Valid Government Issued ID (not expired) AND
- A utility bill, bank statement, or similar documentation to verify your name and address.
- To verify the identity of the consumer for whom you are submitting the request, please attach the following with your request email:
- name,
- address,
- date of birth (if applicable),
- email address,
- phone number,
- last 4 of the Social Security Number, or last 4 of the account number (if applicable), and
- company name (if applicable).
- If you are submitting a Request to Know specific pieces of personal information, you will need to submit a declaration under the penalty of perjury signed by the California resident confirming that he/she is making the request on behalf of themselves.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request to verify the requestor's identity or authority to make the request.
3.3 Response Timing and Delivery Method:
We will acknowledge receipt of your request within 10 business days of its receipt. We will respond to a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
4.) SOCIAL MEDIA
We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about disclosing your information through those platforms and networks with us.
5.) DO NOT TRACK
Our site does not respond to "Do Not Track" signals.
6.) CHANGES TO OUR PRIVACY POLICY
We reserve the right to amend these California Disclosures and Privacy Policy at our discretion and at any time. When we make material changes to this privacy policy, we will notify you by email or through a notice on our website homepage.
7.) HOW TO CONTACT US
If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
El Dorado Savings Bank
Attn: CCPA Officer
4040 El Dorado Road
Placerville, CA 95667
For a printable version of this CCPA disclosure, please click here.
Effective 01/01/2023
Version 2.0 – 03/23/2024