Gulf Coast Bank & Trust Co California Consumer Privacy Act (CCPA) Disclosure

This California Consumer Privacy Act Disclosure explains how we collect, use, and disclose Personal Information related to California residents covered by the California Consumer Privacy Act of 2018 as amended by the by the California Rights Act of 2020 (collectively, the “CCPA”).

The Gulf Coast Bank & Trust Co. California Consumer Privacy Act Disclosure (“Notice”) explains how California residents can exercise their rights under the CCPA to request that we: (1)provide certain Personal Information that we have collected about them during the past 12months, along with related information described below, (2) delete certain Personal Information that we have collected from them; or (3) correct certain Personal Information that we have collected from them.

The CCPA only applies to information about residents of California.

Under the CCPA, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular California resident or household. The CCPA, however, does not apply to information collected, processed, sold or disclosed subject to the Gramm-Leach-Bliley Act (“GLBA”). For example, this Notice does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For information about how we collect, disclose, and secure information related to these customers, please refer to our Gulf Coast Bank Privacy Policy.

We also must provide in this online disclosure certain details about our collection and handling of categories of Personal Information. The information that follows shows the types of Personal Information we may collect about California residents who are subject to the CCPA, the sources from which we collect it, and the ways in which we use and disclose it.
 

Categories and Sources of Personal Information

Categories of Personal Information We Collect and Disclose
In the past 12 months, we may have collected and disclosed for a business purpose the following categories of Personal Information about California residents:

  • Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers;
  • Personal Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name,signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information; • Characteristics of protected classifications under California or federal law, such as sex and marital status;
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Biometric information, such as voice recordings as part of call recordings;
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a California resident’s interaction with an internet website application, or advertisement;
  • Geolocation data;
  • Audio, electronic, visual and similar information, such as call and video recordings;
  • Professional or employment-related information, such as work history and prior employer;
  • Education information, directly related to a student, and maintained by an education agency or institution maintained by a third party;
  • Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics;
    •  The following categories of Sensitive Personal Information:
      • Personal Information that reveals:
        • A California resident’s Social Security, driver’s license, state identification card, or passport number.
        • A California resident’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
        • A California resident’s precise geolocation.
        • A California resident’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
        • The contents of a California resident’s mail, email, and text messages unless the business is the intended recipient of the communication.
        • A California resident’s genetic data.
      • The processing of biometric information for the purpose of uniquely identifying a California resident.
      • Personal Information collected and analyzed concerning a California resident’s health.
      • Personal Information collected and analyzed concerning a California resident’s sex life or sexual orientation.
         

Category of Sources from which we collect Personal Information:

  • Information provided from a California resident or individual representative when applying for a product or service;Personal Information from public record or available resources including information from the media and other records available by federal, state, or local government;
  • Personal Information we collect from third parties who provide it to us (e.g., our customers; credit reference agencies; and law enforcement authorities);
  • Personal Information we receive from outside companies or organizations that provide data to support activities such as fraud prevention, underwriting, and marketing;
  • Outside companies or organizations from whom we collect personal data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets;
  • Information from our Affiliates;
  • Personal Information we collect or obtain when you visit any of our websites, mobile app activity, social media or use any features or resources available on or through a Site. When you visit a Site, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Information.
     

Business Purpose for Collecting Personal Information

We collect, use, and disclose for our business purposes Personal Information, including Sensitive Personal Information, relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business or commercial purposes consistent with CCPA Regulations:

  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services (except for cross-context behavioral advertising, a type of targeted advertising), providing analytic services, or providing similar services;
  • Helping to ensure security and integrity to the extent the use of Personal Information is reasonably necessary and proportionate for these purposes;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a current interaction with us, where the information is not disclosed to a third party and is not used to build a profile or otherwise alter the California resident's experience outside the current interaction with us;
  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
  • Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance that service;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Undertaking internal research for technological development and demonstration; and
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions).

Disclosure of Personal Information for a Business Purpose

We disclose the types of Personal Information listed above for a business purpose to the following categories of third parties:

  • Affiliates of Gulf Coast Bank & Trust Co.;
  • Operating systems and platforms;
  • Government agencies as required by laws and regulations;
  • Service providers and contractors who provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure, customer service, email delivery, auditing, and marketing;
  • Other service providers and contractors who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, real estate expertise, appraisal expertise, closing and title services;
  • Other service providers and contractors who enable customers to conduct transactions online and via mobile devices, and support mortgage and fulfillment services;
  • Other persons or entities with which you may use or direct us to intentionally interact or to which you may use or direct us to intentionally disclose your Personal Information.
    We only use or disclose Sensitive Personal Information for the following purposes consistent with CCPA Regulations:
  • To perform the services or provide the goods reasonably expected by an average California resident who requests those goods or services.
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information. For example, we may disclose a California resident’s log-in information to a data security company that we hired to investigate and remediate a data breach that involved that California resident’s account.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions. For example, we may use information about a California resident’s ethnicity and/or the contents of email and text messages to investigate claims of racial discrimination or hate speech.
  • To ensure the physical safety of natural persons. For example, we may disclose a customer's geolocation information to law enforcement to investigate an alleged kidnapping.
  • For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a California resident’s current interaction with us, provided that the Personal Information is not disclosed to another third party and is not used to build a profile about the California resident or otherwise alter the California resident’s experience outside the current interaction with us.
  • To perform services on behalf of us. For example, we may use information for maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying California resident’s information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf.
  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
  • To collect or process Sensitive Personal Information where the collection or processing is not for the purpose of inferring characteristics about a California resident.
  • To comply with federal and state laws, responding to legal requests (e.g., civil, criminal, and regulatory lawsuits, garnishments, subpoenas, our rights or defending against legal claims such as collections and past-due accounts), resolving complaints and disputes, analyzing credit risks, and operating, managing, and maintaining our business.
     

How Long We Retain Personal Information

The length of time that we intend to retain each category of Personal Information will depend on several criteria, including (i) the length of time we are required to retain Personal Information in order to comply with applicable legal and regulatory requirements, (ii) the length of time we may need to retain Personal Information in order to accomplish the business or commercial purpose(s) for which such Personal Information is collected, used or disclosed (as indicated in this Disclosure), and (iii) whether you choose to exercise your right, subject to certain exceptions, to request deletion of your Personal Information.
Sale or Sharing of Personal Information

Gulf Coast Bank & Trust does not “share” or “sell” (as those terms are defined in the CCPA) Personal Information and has not sold or shared Personal Information in the past 12 months. We do not knowingly collect, share, or sell Personal Information of minors under 16 years of age.

Rights for California Residents

The CCPA provides California residents with specific rights regarding their Personal Information, subject to certain exceptions. If you are a California resident covered by the CCPA, you have the right to request that we:

  • Receive this Notice at or before the point of collection of your Personal Information;
  • Disclose to you free of charge the following information covering the 12-month period prior to your request (“Access Request”):
  • The categories of Personal Information we collected about you;
  • The categories of sources from which we collected the Personal Information;
  • The business or commercial purpose for collecting Personal Information about you;
  • The categories of third parties to whom we disclosed Personal Information about you, and the categories of Personal Information disclosed;
  • The specific pieces of Personal Information we collected about you;
  • Delete Personal Information we collected from you (“Deletion Request”), unless the CCPA recognizes an exception;
  • Correct inaccurate Personal Information we maintain about you (“Correction Request”); and
  • If you are a California resident, a business may not discriminate against you for exercising your rights under the CCPA.
  • The right to allow an authorized agent to make a request:
    • You may designate an authorized agent to make a request under the CCPA on your behalf. We retain the right to verify the legitimacy of that designation, and to identify both you and the agent. We will identify you with information you have previously provided to us and with information about your account(s) or transactions. In some instances, we may be unable to honor your request. For example, if an exemption applies or if we are unable to verify your identity or authority to make a request on behalf of another.
       

Responding to Requests

Privacy and data protection laws, other than the CCPA, apply to much of the Personal Information that we collect, use, and disclose. When these laws apply, Personal Information may be exempt from, or outside the scope of, Access Requests, Deletion Requests and Correction Requests. As a result, in some instances, we may decline all or part of an Access Request, Deletion Request or Correction Request related to this Personal Information. This means that we may not provide some or all of this Personal Information when you make an Access Request. Also, we may not delete or correct some or all of this Personal Information when you make a Deletion Request or Correction Request.

As examples, our processing of or response to an Access Request, Deletion Request or Correction Request may not include some or all of the following Personal Data:

  • Consumer Accounts. Personal Data connected with consumer accounts used for personal, family, or household purposes. We have other privacy notices describing use and sharing of this data, for example, the Gulf Coast Bank & Trust Company Privacy Notice, available at www.GULFBANK.COM/privacy.
  • Business-to-Business Relationships. Certain Personal Data we collect in the course of providing a product or service to another business, or in the course of receiving a product or service from another business.
    The types of Personal Data described above are examples. We have not listed all types of Personal Data that may not be included when we respond to or process Access, Deletion or Correction Requests.
    In addition to the above examples, we may not include Personal Information when we respond to or process Access, Deletion or Correction Requests when the CCPA recognizes another exception. For example, we will not provide the Personal Information about another individual were doing so would adversely affect the data privacy rights of that individual. As another example, we will not delete Personal Information when it is necessary to maintain that Personal Information to comply with a legal obligation.
    We will acknowledge your request within 10 business days and will provide the requested information within 45 days. If we are not able to respond within 45 days, we will inform you and respond within an additional 45 days. You may request this information up to two times per 12-month period. We reserve the right to verify the legitimacy of all requests, using any information you have given us, or any transactional information we have. If we are unable to verify your identity, we may be unable to provide you with information responsive to the request.

How to Make Requests

If you are a California resident, you can make an Access Request, a Deletion Request, or a Correction Request by:
Contacting us at 1-800-223-2060 or submitting a request online using the link below:

CLICK TO REQUEST TO KNOW, DELETE, OR CORRECT PERSONAL INFORMATION UNDER THE CCPA

Questions or Concerns

You may contact us with questions or concerns about this California Consumer Privacy Act Disclosure and our information practices by: Contacting us at 1-800-223-2060.

Changes to this Disclosure

We may change this disclosure from time to time. When we do, we will let you know by appropriate means such as by posting the revised disclosure on our CCPA web site with a new “Last Updated” date. Any changes to this disclosure will become effective when posted unless indicated otherwise.

CCPA Form

Last update: July 17, 2024