California Privacy Rights Act (CPRA) Policy (01-2023)

University Bank (Bank) takes your privacy seriously.  This Privacy Policy contains important information on how and why we collect, store, use, and share your personal information.  It explains your rights to your personal information and how to contact us if you have a privacy issue.

Terms Used in this Policy as defined by the California Consumer Privacy Act (CCPA) of 2018 as amended by the California Privacy Rights Act of 2020 (CPRA).

  • Personal Information.  Any information that identifies, relates to, or could reasonably be linked with a particular individual.
  • Sensitive Personal Information.  Sensitive Personal Information means: (1) Personal Information that reveals an individual’s (A) social security, driver’s license, state identification card, or passport number; (B) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) precise geolocation; (D) a racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) contents of mail, email and text messages, unless the Bank is the Intended recipient of the communication; (F) genetic data; and (2)(A) processing biometric Information for the purpose of uniquely identifying an individual; (B) Personal Information collected and analyzed concerning an individual’s health, sex life, or sexual orientation.
  • Biometric Information.  An Individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or intended to be used, singly or in combination with each other or with other identifying data, to establish individual Identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

Categories of Personal Information We Collect About You

  • Personal Identifiers—name, alias, postal address, federal and state-issued identification numbers including Social Security number, driver’s license number, and passport number.
  • Personal Information—name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, financial information such as account number and balance, payment card details including credit and debit card numbers, and other financial information.
  • Characteristics of Protected Classes—race, national origin, age, sex, marital status.
  • Biometric Information—voice recordings.
  • Internet or Online Information—Internet or online information such as IP addresses and information regarding interaction with our websites, applications, or advertisements.
  • Audio and Visual Information—Photographs and voice recordings.
  • Professional or Employment-Related Information—work history
  • Inferences drawn from any of the above information

How and Why We Use Your Personal Information

  • Provide and manage products and services
    • Establish a relationship with you
    • Establish and process transactions for our products and services, including accounts, loans, financing, and payment services
    • Support ongoing management and maintenance of our products and services, including providing account statements, online banking access, customer service, payments and collections, and account notifications.
  • Support our everyday operations, including meeting risk, legal, and compliance requirements
    • Perform accounting, monitoring, and reporting
    • Enable information security and anti-fraud operations, credit, underwriting, and due diligence
    • Support audits and investigations, legal requests and demands, exercise and defend legal claims
    • Enable the use of service providers for business purposes
    • Comply with policies, procedures, regulatory and contractual obligations
  • Manage, improve, and develop our business
    • Market, personalize, develop, and improve our products and services
    • Conduct research and analysis to drive product and services innovation
    • Support customer relationship management

How Your Personal Information is Collected

We collect most personal information directly from you—in person, by telephone, by email, or via our website or apps.  We also collect information from third-party providers such as consumer reporting agencies, marketing firms, social media, vendors and service providers, State and Federal or local agencies, referrals from employees or others, and other financial institutions or transaction processors or parties.

Our information handling practices

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

Employees who access personal information or sensitive personal information are subject to the following safety protocols:

Online

  • Two-factor authentication to access IT systems
  • Least privileged access to IT systems
  • Required strong password and password management practices

Offline

  • Locked file cabinets
  • Restricted physical access to offices
  • Requirements for locking unattended workstations

Furthermore, annual information security training is provided to all employees.

Your Rights under the CCPA and CPRA

  1. Right to know the information we collect about you
  2. Right to know how and why we use your personal information
  3. Right to know what information we share about you
  4. Right to opt out of the sale or sharing of your personal information
  5. Right to request:

a.  The categories of personal information collected about you within the preceding 12 months

b. The categories of sources from which the personal information is collected

c.  The business or commercial purpose for collecting personal information

d.  The categories of third parties with whom information is shared

e.  The specific pieces of personal information that we have collected about you

  1. Right to request deletion of certain personal information
  2. Right to correct errors
  3. Right to non-discrimination in accessing products and services when exercising these rights

Please note that information necessary to comply with or be retained under a law, rule, or regulation; information not subject to the CCPA or CPRA; or information necessary to process transactions or maintain accounts or as otherwise allowed by law is not subject to opt-out or deletion.

How to Exercise Your Rights

To request this information, please provide us with the following in your request:

  • Your full name
  • Any name you may have used with us within the last 12 months
  • Your address within the last 12 months
  • How you interacted with us within the last 12 months
  • Any other information you feel will help us identify any records we have collected about you in the preceding 12 months.
  • To request information be deleted, specify the information you are requesting to be deleted.

By law and regulation, we are required to positively verify your identity prior to responding to your request.

  • If you have a password-protected account (online banking) with us, you may submit your request through the password-protected account and additional information will not be required to be submitted.
  • If you do not have a password-protected account (online banking) with us, you will need to provide a valid identification card including a state-issued driver’s license, ID card, or US or another government-issued passport; plus, the address portion of a utility bill, bank, investment or credit card statement (number redacted) that contains the name and address that matches your ID and information request.
  • If making a request by phone, we may require you to answer specific questions based on information we have or can obtain about you or verify your identity in some other manner.
  • If you are requesting to know specific pieces of information, a higher degree of verification may be required. We will also require, pursuant to CCPA regulations, that you submit a signed declaration under penalty of perjury that you are the consumer to whom the information relates.
  • If we are unable to positively identify the person making the request as the consumer to whom the information relates, we may ask for additional verification or may deny the request.

If you use an authorized agent to submit a request to know information under CCPA, you must verify your own identity with us; and provide the agent written permission to submit the request on your behalf unless the agent holds a valid Power of Attorney or Conservatorship of the Estate for you. An agent’s failure to provide proof of authorization will result in a denial of the request.

To submit a verifiable request for information, call us at 1-800-368-7987 or send an e-mail to information@university-bank.com (do not include your account number or sensitive information), and we will send one to you. You may also write to us at University Bank, Attention: Privacy Department, 2015 Washtenaw Ave   Ann Arbor,  MI  48104, to request a copy.

You may also request metrics on our consumer rights request for the previous calendar year by using this contact information.

Minors

The Bank does not knowingly collect or maintain information on children under the age of 16 unless they are a party to an account, including an owner or co-owner, a beneficiary, or under a Uniform Transfers to Minor’s Act or Coogan Account.

Whether Personal Information Will Be Sold or Shared

The Bank does not sell, rent, release, disclose, disseminate, make available, transfer or otherwise communicate consumer’s personal information to another business or third party for monetary or other valuable consideration.

We may disclose to third parties, personal information obtained in providing you financial products or services, to help us market our products and services to you or assist us with our own analytic use directly. We contractually prohibit these third parties from disclosing or using the information for other than the specified purpose. Under these circumstances, this information is not subject to opt-out or deletion.

Non-Discrimination

The Bank will not discriminate against any consumers who have exercised any of their rights under the CCPA or CPRA.