Internet Privacy Policy and Security Statement 

PRIVACY POLICY STATEMENT FOR ONLINE and MOBILE BANKING SERVICES

We, at Gulf Coast Bank & Trust Company (“Gulf Coast Bank”) place a great deal of importance in the relationships we work so hard to build. We understand that privacy is important. We are committed to safeguarding your confidential information with the same care that we use to protect information obtained from transactions through any other methods of delivery. This Online Privacy Policy and Security Statement (“Policy”) explains how we collect, share, use, and protect information when you visit or use our Online Services and any other Online Services offered by Gulf Coast Bank and non-banking affiliates and subsidiaries of Gulf Coast Bank. This Policy covers many Online Services, has been approved by our board of directors, and is included in our staff training program.

For purposes of this Policy, the terms “we,” “us,” and “our” refer to Gulf Coast Bank. We may provide other online interfaces not covered by this Policy. If you visit or access one of those sites or services, please review the Privacy Policy and Security Statement of those sites to understand how your online information may be collected, used, and shared.

Our Online and Mobile Banking Services are not intended for children under the age of 13. If you are a child under the age of 13 please seek permission by a parent or guardian before using any of our Online Services. We will not knowingly collect personal information from children under 13 without parental consent. In the event we learn that we have collected information from a child under 13 without parental consent, we will delete the information as soon as reasonably possible.

If you are a California resident, you may have rights under the California Consumer Privacy Act.

Recognition of Expectation of Privacy

We recognize that consumers and our customers have a reasonable expectation of privacy, and we recognize the importance of protecting that privacy. We are committed to safeguarding both the financial records and relationships of both our customers and our visitors to our web site.

Collection, Use, and Retention of Customer Information

In order to identify and communicate with you using Online Services we may collect, use, and retain information about you. This information is collected and used to provide you with products and services that you initiate: to help us respond to specific questions that you ask: and to provide you with information that may be of interest to you.  We may also use this information to help us comply with laws and regulations that apply to us. As a general rule we do not automatically collect and retain personally identifiable information from visitors to our web site, such as the user’s name, address, telephone number, email address, social security number, bank account number or credit card number.

The Types of Information We May Collect 

We collect information about you in a variety of contexts. For example, we may collect information: 

  • Directly from you. We and other on our behalf may collect information directly from you, such as when you apply or register for our products and services, use our online banking services or mobile apps, communicate with us, respond to surveys, provide feedback, or participate in contests and promotions.
  • Automatically when you use our Online Services. We and others on your behalf may collect Device Data, Online/Mobile Activity Data, and other information automatically when you interact with us online.

This Policy applies to information we collect when you use our Online Services. We may combine that information with information we collect in other contexts, such as from our phone calls and emails with you, from third-party data sources for fraud prevention, identity verification, or marketing purposes, from our co-branded card or business partners, and from publicly available data sources. We will treat such combined information in accordance with this Policy.

How you interact with our Online Services determines the various types of information we may collect about you. For example, we may collect:

  • Contact or identity data, such as your first and last name, mailing address, email address, phone number, date of birth, government-issued identifier (e.g., Social Security number, tax ID number, driver’s license, or other government ID0, citizenship, business contact and professional information, username and password, profile picture, and other information that directly identifies you.
  • Account data, such as account number, credit/debit card number, account history, account balances, loan details, vehicle or property information, information about beneficiaries and joint account holders, business-related information (e.g., business name, address, revenue, and industry type), information you provide when traveling and other information related to your accounts, applications, or prequalification inquiries. 
  • Transaction data, such as credit/debit card purchases, payment or transaction history, transaction details when you transfer money to or from your accounts, third-party billing information or statements, payment card details, and any other applicable transactions data. 
  • Credit report information, such as your credit score, credit history, and other information that we receive from credit reporting agencies when you authorize us to do so (e.g., applications for credit, new account applications, and credit score monitoring).
  • Demographic data, such as gender, marital status, age, household size/composition, education information, income, occupation, veteran or military status, and employment status.

When you use or interact with our Online Services, including for example, when you browse our website, use our mobile apps, or other Online Services you may be asked to grant permission for access to:
 

  • Geolocation Data. Allows access to location for services that are dependent on your device’s location (E.g., such as the location of an ATM).
  • Camera. Allows access to the device’s camera for mobile deposit and other applicable Online Services.
  • Files/Media – Allows access to files/media on the device when communicating with us through secure message attachments.
  • Contacts – Allows access to contacts on the device for Person to Person Payments. 
  • Audio – Allows access to the device’s microphone to chat with you or for other applicable Online Services.

When you use or interact with our Online Services, including for example, when you browse our website, use our mobile apps, or other Online Services we may also collect:
 

  • Device data, such as internet protocol address, mobile network information, general location (e.g., city, state, or country), precise location (e.g., latitude/longitude to find one of our locations), device type, web browser type and version, operating system type and version, display/screen settings, language preferences, device contacts or use of a QR code (e.g., to facilitate Zelle payments and other payment functionality), device images (e.g., to deposit checks), cookie IDs, device IDs, mobile advertising IDs (e.g., Apple’s IDFA or Google’s Advertising ID), and likely connections among different browsers and devices that you use (“Device Data”). 
  • Online/mobile activity data, such as login data, search history, information about how you use and interact with our Online Services or advertising, including features used, content viewed, and links clicked, when and frequency you use our Online Services, webpages from which you clicked a link that directed you to our Online Services, and crash reports. 
  • Communications data, such as your communication preferences as well as the details or contents of your communication with us (e.g., contact forms, chat messages).
  • Marketing data, such as your marketing preferences, information about products and services we believe you may be interested in, and inferences based on your interactions with us (e.g., targeted marketing). 
  • Survey and research data, such as your responses to requests for feedback, surveys, and questionnaires. 
  • Employment application data, such as professional, employment related, and education history collected through Online Services obtained from job applicants, employees, and contractors.

When you disclose any information relating to other people to use or our service providers when you visit or use our Online Services, you represent you have the authority to do so and permit us to use the information in accordance with this Policy.

How We Use This Information

We use information for various purposes depending on your interaction with us. For example, your information may be used for the following purposes: 

  • Providing our products and services, such as providing you the ability to apply for and obtain our products and services, evaluating you your applications and/or eligibility for our products and services, servicing and managing your accounts, providing you with customer service and support, communicating with you, and providing online tools and features. 
  • Processing transactions, such as processing payments or transactions, transferring funds between accounts, fulfilling orders, and conducing billing, settlement, clearing, processing, or reconciliation services. 
  • Verifying your identification, such as when you apply for our products and services, authenticating your login credentials, storing security questions for telephone and online verification purposes, and verification of your location to gain access to accounts. 
  • Fraud detection and prevention, such as efforts to determine fraud risks and identifying fraudulent transactions, comply with federal and state laws and regulations, and comply with other legal processes (e.g., law enforcement requests).
  • Security risks and protections, such as detecting security incidents, monitoring network activity logs, conducting data security investigations, and protecting against malicious, fraudulent, illegal, and deceptive activity. 
  • Marketing and advertising, such as sending you offers for special products and services vial mail, email, or text message, displaying online advertising, targeting our offers or promotions, conducting marketing research, and researching the effectiveness, and opportunities to improve, our marketing efforts.
  • Improving our products and services, such as enhancing and personalizing your Online Services experiences, recognizing you across the various browsers and devices you use, and developing or enhancing available products and services. 
  • Compliance with laws and business purposes, such as complying with federal and state laws, responding to legal requests (e.g., civil, criminal, and regulatory lawsuits, garnishments, subpoenas, our rights or defending against legal claims such as collections and past-due accounts), resolving complaints and disputes, analyzing credit risks, and operating, managing and maintaining our business. 
  • Creation of Non-Identifiable Data. We may create de-identified information records from personal information by excluding certain information (such as your name) that makes the information personally identifiable to you. We may use this information in a form that does not personally identify you to analyze request patterns and usage patterns to enhance our products and services. We reserve the right to use and disclose non-identifiable information to third parties at our discretion.
     

Online Behavioral Advertising

Online behavioral advertising (also known as interest-based advertising) is the practice of collecting information from a computer or device in regard to the user’s browser activity to help better target advertisements. With online behavioral advertising, we hope to better understand our current website users and to engage and provide users with products or services that may be of interest to them through targeted ads.  If you wish to learn more about online behavioral advertising, you can visit www.aboutads.info/consumers/.

We have implemented online behavioral advertising which uses one or more of the below features: 

  • Remarketing will be used to reach people who previously visited our website and match the right people with the right message. To successfully target the needs and wants of our current website users; as well as inform current users of products and or services we will utilize a 3rd party to collect audience data. Third party vendors, including Google, may show advertisements across the internet as you browse.  Remarketing lists built from our current website user’s website activity reported by Google will not be shared with other 3rd parties. 
  • Demographics & Interest Reporting will be used to identify current website users’ inferred age group, inferred gender, and inferred purchase interests. We will use this information to inform the user of certain products or services that may interest them. For instance, we may have a specific service that is on high demand for a specific age group.  This reporting will help us better target our ad spending by allowing us to directly target those who are interested in the product or service.  Additionally, we can use the inferred age, inferred gender, and inferred purchase interest to help build remarketing lists. This data reported by Google will not be shared with other 3rd parties. 

We will not run online behavioral advertising campaigns to collect personally identifiable information, such as your name, email address, billing information, or other data which identifies you. The bank will not share, use, or associate personally identifiable information with remarketing lists, cookies, data feeds, or other anonymous identifiers.

How We Share This Information

The information we share is dependent on a variety of contents. For example, we may share information about you with our: 

  • Affiliates. Companies within the Gulf Coast Bank organization.
  • Business partners. Companies we have partnered with to offer new and enhanced products and services for customers or prospective customers. (E.g., joint marketing partners, bill pay partners, or retail partners for rewards redemption.)
  • Marketing partners. To provide targeted marketing to you based on personal information collected from our Online Services, we may allow companies to collect information from you.
  • Credit bureaus. We report on your financial history and other lawful information with credit reporting agencies.
  • Service providers. In order to provide the products and services we offer we partner with other companies. We may share information with these service providers, or they may collect information on our behalf, for various business purposes. (E.g., hosting and securing our information systems, servicing customer accounts, detecting and preventing fraud, assisting with human resources activities, communicating with our customers and consumers, and analyzing or Online Services.)
  • Other third parties. With your consent our at your request, we may share information with third parties to provide products and services you request. (E.g., merchants authorizing credit card transactions, restaurant providers when you transfer funds to send money using Zelle, and with third-party payment processes such as PayPal or Stripe when you make payments using our Online Services. 

Government entities and others for necessary or legal purposes. When necessary to comply with government entities or other legal requests we will share your information. Such as in response to requests from our regulators, or to respond to federal and state law enforcement requests or other legal requests. In response to a proposed or actual sale, merger, transfer, acquisition, bankruptcy, or other disposition of some or all of our assets. For all other legal purposes, such as to enforce our terms and conditions, exercise or defend legal claims, and protect the life, safety, or property of our customers, ourselves, or others. 
 

Mobile Banking - Your Choices Regarding Your Information

In addition, the information within this section of the Policy (Mobile Banking – Your Choices Regarding Your Information) is specific to our Internet/Mobile Banking Services.

You have several choses regarding use of information on the Services: 

  • How We Respond to Do Not Track Signals. Some web browsers transmit “do not track” signals to the websites and other online services with which your web browser communicates. There is currently no standard that governs what, if anything, websites should do when they receive these signals. We currently do not take action in response to these signals. If and when a standard is established, we may revise its policy on responding to these signals.
  • Access, Update, or Correct Your Information. You can access, update or correct your information by changing preferences in your account. For additional requests, please contact us.
  • Opting Out of Email or SMS Communications. If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the "unsubscribe" link included at the bottom of the email or other electronic communication. Alternatively, you can opt out of receiving marketing communications by contacting us at the contact information under "Contact Us" below. If you provide your phone number through the Services, we may send you notifications by SMS, such as provide a fraud alert. You may opt out of SMS communications by unlinking your mobile phone number through the Services.
  • Opting Out of Location Tracking. If you initially consented to the collection of geo-location information through the Services, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of the App.

Use of Cookies to Collect Information

Cookies enable us to learn which advertisements bring users to our website and allow your web experience to be personalized. Cookies are small text files that a website server places on a computer. 

They are typically used to remember your account login preferences, monitor website traffic, provide customer support like live chat and help us better customize our site for your individual preferences.
The cookies will not collect or store any personally identifiable information, such as the user’s name, address, telephone number, email address, social security number, bank account number or credit card number. 

We and our third-party vendors, including Google, use first-party cookies and third-party cookies together to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our websites. First-party cookies are associated with the domain of the site a user visits or is currently viewing. Third-party cookies are associated with a domain that is separate from the site a user visits enabling us to collect non-personal identifiable information in regard to the user’s activities across the web, such as the inferred age group (20-24), and inferred purchase interests (shoes).

Users can set their browsers to alert them each time a cookie is offered and set up browsers to accept or reject certain cookies at all times.  If you wish to learn more about cookies, you can visit www.aboutads.info/consumers/ 

Opting Out

If you wish to directly opt out of all online behavioral advertising, you will need to opt out of from each browser (i.e.  Microsoft Explorer, Google Chrome, & Mozilla Firefox) on each of the computers and devices that you use. Please note if you opt out of online behavioral advertising, you may still receive advertisements from us, but they will no longer be customized based on your web-browsing activities on third-party websites.  

You can view a complete list of companies currently customizing ads for your browser and conveniently opt out of online behavioral advertising. You will be able to opt out of all companies that participate in the Digital Advertising Alliance (DDA) Self-Regulatory Program for Online Behavioral Advertising. 

You can modify your Google Ads Settings & opt-out of interest-based advertising. 

Please note we may utilize third-party websites for online behavioral advertising. These advertisements will supply an advertising icon that when clicked provides a way for you to opt out of data collection and use by the third parties listed for the purposes of online behavioral advertising.  

Maintenance of Accurate Information

We are committed to keeping our customers' account information accurate, current and complete. Procedures have been established to help assure that this information is correct in a manner that is commercially reasonable. Instructions for contacting the bank if a discrepancy is found are included on the account statements. We will research and resolve discrepancies as quickly as possible.

Employee Access to Information

This Policy statement is provided to our employees during training. Employees are instructed never to divulge financial information or records of a customer externally. Employee access to personally identifiable information is limited by their need to know to properly transact bank business. Employees are trained to recognize the importance of customer confidentiality and that the bank may take disciplinary measures to enforce those privacy responsibilities.

Protection of Information via Established Security Procedures

Security standards and procedures to prevent unauthorized access to confidential information are in place. Updates to technology are implemented and tests conducted to improve the integrity of our systems in protecting information.

Restrictions on the Disclosure of Account Information

Specific information about customer accounts or reports or other personally identifiable data is not revealed to unaffiliated third parties for their independent use except for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information or in the performance of bona fide due diligence, unless:  

  • The information is provided to help complete a customer-initiated transaction, 
  • The customer authorizes it,
  • Disclosure is required by/or allowed by law (e.g., subpoena, investigation of fraudulent activity, etc.), and/or 
  • The customer has been informed about the possibility of disclosure for marketing or similar purposes through a prior communication and is given the opportunity to decline ("opt out").

Maintaining Customer Privacy in Business Relations with Third Parties

When it is necessary to contract with outside third parties to perform specific services or support products the vendors selected are expected to adhere to the same privacy standards and applicable laws and regulations as we do. They must be additionally responsible for maintaining customer confidentiality.

Consent and changes to our Privacy Policy

By using our Site, you consent to the collection and use of the information by us and to the terms of this Privacy Policy.

We reserve the right to update or change this Policy at any time.  We will post changes to our Policy so that you are aware of the changes to our Policy and the information collected. By using our Site after such changes to our policy, you agree to be legally bound and consent to the Policy changes. This online Policy was updated on May 9, 2024.

Security Statement for Internet Banking

We understand the importance of the responsibility that you have entrusted to us. We are proud of the sophisticated level of data security and privacy supplied to its Internet Banking accountholders. ITI and Unisys (nationally recognized vendors) have helped our data processing service bureau implement Internet security plans by selecting best-of-breed vendors for multiple functions. 

Data security is provided on multiple levels: by company policy, firewall, intrusion detection software, network monitoring, and application-level security. 

Company Policy

Our data processing service bureau is prohibited from accumulating and distributing or selling our aggregated account holders' information to third parties. In addition to the above referenced Policy information the below Policy is specific to our Internet Banking services.

Firewall

A firewall serves as a security gate between the Internet and our data processing service bureau's network - including our mainframe data. By intercepting Internet data "packets" first, the firewall ensures that only packets permitted by our "rule set" may be passed beyond the public Internet to our secure web commerce server, and ultimately to the Internet Banking application. Our service bureau uses an integrated firewall system. This firewall system has been certified by the International Computer Security Association (ICSA).

Intrusion Detection

Intrusion detection software, running on its own server, unobtrusively analyzes data packets to detect patterns of hostile activity, misuse, or malicious Java and ActiveX applets. The intrusion detection system detects intrusion attempts in real time and responds to suspicious activity.

Network Monitoring

The firewall and intrusion detection system is monitored 7 days a week, 24 hours a day. 
The Internet banking application and its encrypted data are not available to monitoring personnel.

Application Level Security

Unique user codes and passwords identify authorized accountholders. The combined effect of software security and network security allow customers to access only mainframe or other networked host areas permitted through the Internet Banking application. 

We reserve the right to update or change this Policy at any time. 
 

Revised 05/2024