California Privacy Statement

Download a printable PDF of this page.

We respect your privacy and are committed to protecting it through our compliance with this policy. This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Notice of Bank of Marin (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

PERSONAL INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category of personal information Representative Data Elements Do we Collect?
Identifiers
  • Real name, or alias
  • Postal address
  • Unique identifier, unique personal identifier
  • Internet Protocol address
  • Government issued identifier (e.g. Social Security number)
  • Passport number
  • Driver’s license number
  • Telephone number
  • Email address, account name, or other similar identifiers.
 Yes
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Name
  • Signature
  • State or Government issued identification card number
  • Physical characteristics or description
  • Insurance policy number
  • Employment history
  • Bank account number
  • Credit or debit card number
  • Other financial information
  • Medical information
  • Health insurance information.
 Yes
Protected classification characteristics under California or federal law
  • Date of birth/age
  • Gender
  • Veteran or military status
  • Marital status
  • Race
  • Ethnicity or National Origin
  • Religion
  • Disability
 Yes

 

Category of personal information Representative Data Elements Do we collect?
Commercial information
  • Records of personal property
  • Products or services purchased, obtained, or considered
  • Other purchasing or consuming histories or tendencies

Yes
Biometric information
  • Fingerprints
  • Faceprints or face imagery
  • Voiceprints and/or voice recordings that can be extracted

Yes
Internet or other similar network activity
  • Browsing history
  • Search history
  • Information regarding interaction with a website, application, or advertisement.

Yes
Device Information

*Note: Some information included in this category may overlap with other categories.
  • Device identifier or identifying information, characteristics, or settings about the device you use to access our online services
  • IP Address
  • Information in cookies, pixel tags or from collection technologies
  • Mobile ad identifiers
  • Mobile device information (with permission, such as location, contacts, camera)

Yes
Geolocation data
  • Physical location
  • Movements
  • Precise geolocation

No
Sensory data
  • Audio
  • Visual
  • Electronic

Note: these data types are typically collected during phone and in-person for security and training purpose.

No
Professional / Employment information
  • Current or past job history or performance evaluations

Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
  • Education records, such as, enrollment, grades, transcripts, student schedules
  • Student financial information, including tuition costs and reimbursement

Yes
Inferences drawn from other personal information
  • Inferences based on information about an individual to create a summary about, for example an individual’s preferences and characteristics

Note: Inferences are not performed based on any sensitive personal information collected.

Yes

 

Category of personal information Representative Data Elements Do we collect?
Sensitive personal information
  • Government identifiers (Social security,  driver’s license, state identification card, or passport number)
  • Complete account access credentials (usernames, account numbers or card numbers, combined with any security or access code, password, or credential required for allowing access to an account)
  • Precise geolocation
  • Racial or ethnic origin, religious or philosophical beliefs, or Union Membership
  • Biometric information when used for the purpose of uniquely identifying a consumer
  • Personal information collected and analyzed concerning a consumer’s health

*Note: Some information included in this category may overlap with other categories.

Yes

Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

SOURCES OF PERSONAL INFORMATION
We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
  • Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
  • Directly and indirectly from activity on our website (www.bankofmarin.com). For example, from submissions through our website portal or website usage details collected automatically.
  • From third parties that interact with us in connection with the services we perform. For example, from credit reporting agencies when reviewing for deposit and credit products.

PURPOSE FOR COLLECTION AND USE OF PERSONAL INFORMATION
We may use the personal information we collect for the following business or commercial purposes:

Purpose of Collection and Use Example
Provide and manage products and services
  • Establish your account(s) and/or preferences, process transactions for our products and services including checking accounts, credit cards, loans, investment accounts, as well as additional products for businesses such as commercial financing and payment services
  • Support the ongoing management and maintenance of our products and services including to provide account statements, online banking access, online services, customer service, payments and collections, and account notifications
  • To respond to your inquiries and fulfill your requests
  • To provide important information regarding the products or services for which you apply or may be interested in applying for, or in which you are already enrolled, changes to terms, conditions, and policies and/or other administrative information.
  • To allow you to apply for products or services (for example, to prequalify for a mortgage, apply for a credit card, or to open an account) and evaluate your eligibility for such products or services.
Support our everyday operations, including to meet risk, legal, and compliance requirements
  • Perform accounting, monitoring, and reporting
  • Enable information security and anti-fraud operations, verify your identity, as well as credit, underwriting, and due diligence
  • Support audit and investigations, legal requests and demands, as well as exercise and defend legal claims
  • Enable the use of service providers for business purposes
  • Comply with policies, procedures, and contractual obligations
  • For compliance, fraud prevention, and safety purposes, including protecting the security of account and personal information
  • Collect information through our social media pages and other online interactions with you to assist in verifying your identity and account status. We may combine this online information with information collected from offline sources or information we already have
  • Defend or protect us, you, our client, or third parties, from harm or in legal proceedings
  • Respond to court orders, lawsuits, subpoenas, and government requests

 

Purpose of Collection and Use Example
Manage, improve, and develop our business
  • Personalize, develop, as well as improve our products and services
  • Support customer relationship management
  • To personalize your experience on our websites and enhance websites
  • To allow you to participate in surveys and other forms of market research, sweepstakes, contests, and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how Personal Information is used and shared
Research and Analytical Purposes
  • Understand how you use our websites, mobile applications, and other digital properties (collectively, the “Sites”)
  • The methods and devices you use to access our Sites
  • Make improvements to our Sites
  • Conduct research and analysis, identify usage trends, determine effectiveness of promotional campaigns, and to drive product and services innovation
Marketing and Advertising Purposes
  • Send you marketing and advertising communications about our products and services
Provide and manage digital and mobile products and services
  • Information stored on your device, such as location, camera, contacts, or other features you are enrolled in to enrich and simplify your own user experience and improve our services, as well as provide additional security to protect your account.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

DATA RETENTION

The Bank retains the personal, including sensitive personal information for the length of time required or permitted by California or federal law.  Please note that in many situations we must retain all, or a portion of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
SHARING PERSONAL INFORMATION
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The business purpose are what you would reasonably expect are necessary to provide you with the products and services we offer. We do not collect or use your sensitive personal information for the purpose of inferring characteristics about you.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category of Personal Information or (*) Sensitive Personal Information Category of recipients to who we disclose personal information
Identifiers
  • Affiliates, Service providers and Contractors
  • Representatives of CA residents, Professional Advisors, Business Partners
  • In connection with performing routine or required reporting
  • For Risk, Legal and Compliance
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Service providers and Contractors
  • Representatives of CA residents, Professional Advisors, Business Partners
  • In connection with performing routine or required reporting
  • For Risk, Legal and Compliance
Protected classification characteristics under California or federal law
  • Service providers and Contractors
  • Representatives of CA residents, Professional Advisors, Business Partners
  • In connection with performing routine or required reporting
  • For Risk, Legal and Compliance
Commercial Information
  • Service providers and Contractors
  • Representatives of CA residents, Professional Advisors, Business Partners
  • In connection with performing routine or required reporting
  • For Risk, Legal and Compliance
Biometric Information
  • Service providers and Contractors
Internet or other similar network activity
  • Service providers and Contractors
  • Advertising or Analytics Providers
  • For Risk, Legal and Compliance
Device Information
  • Advertising or Analytics Providers
Geolocation Data
  • Service providers and Contractors
Sensory Data
  • Service providers and Contractors
Professional or employment related information
  • Service providers and Contractors
  • Representatives of CA residents
  • For Risk, Legal and Compliance
Non-public education information (per the Family Educational Rights and Privacy Act)
  • Service providers and Contractors
Category of Personal Information or (*) Sensitive Personal Information Category of recipients to who we disclose personal information
Inferences drawn from other personal information
  • Service providers and Contractors
(*Sensitive Category) 

  • Government identifiers (Social security, driver’s license, state identification card, or passport number)
  • Complete account access credentials (usernames, account numbers or card numbers, combined with any security or access code, password, or credential required for allowing access to an account)
  • Precise geolocation
  • Racial or ethnic origin, Religious or philosophical beliefs, or Union Membership
  • Biometric information when used for the purpose of uniquely identifying a consumer
  • Personal information collected and analyzed concerning a consumer’s health
  • Service providers and Contractors
  • Representatives of CA residents, Professional Advisors, Business Partners
  • In connection with performing routine or required reporting
  • For Risk, Legal and Compliance

 

Note: We do not knowingly sell or share the personal information of consumers under 16 years of age.

YOUR RIGHTS AND CHOICES
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (subject to applicable exemptions and exceptions):

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • The categories of personal information we disclosed for a business purpose, identifying the personal information categories that each category recipient obtained.

DELETION REQUEST RIGHTS
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exemptions and exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exemption or exception applies. For example, we will not request deletion from a third party when the sharing was at your request or provided to comply with a subpoena or other legal process.
We may deny your deletion request in which case we will not direct our service providers to delete, if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you or a person authorized to act on your behalf may make a valid consumer request related to your personal information.  You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request twice within a 12-month period. The verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and,
    • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

In some instances, we may not be able to honor your request. For example, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Additionally, we will not honor your request where an exception applies such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are not able to honor your request.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend this PRIVACY NOTICE FOR California Residents at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

CONTACT INFORMATION
If you have any questions or comments about this Notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us:
Call us at 1-866-626-6004, option 6 or send an email to branchservices@bankofmarin.com.