Privacy Notice for California Residents
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of FIRSTBANK and its affiliates (“we,” “us,” or “our”) and applies solely to those individuals who reside in the State of California (“consumers” or “you”). We are issuing this Notice in compliance with the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable California privacy laws. Any terms used in this Notice that are not defined in the Notice itself have the same definition as used in the CCPA. FirstBank reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our Website. Your continued use of our services, products, websites and/or mobile apps following the posting of changes constitutes your acceptance of such changes.
Definition of Personal Information
We collect certain “personal information” from consumers. The CCPA defines personal information as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer, household, or device. The purpose for collecting or processing personal information must be consistent with a consumer’s reasonable expectation. The use and disclosure of sensitive personal information must be reasonably necessary and proportionate to achieve its permitted purpose.
Personal information does not include:
-Publicly available information from government records.
-De‐identified or aggregated information.
-Information excluded from the CCPA’s scope, such as personal information covered by certain other privacy laws, like the Fair Credit Reporting Act (FCRA), the Gramm‐Leach‐Bliley Act (GLBA) and California Financial Information Privacy Act (FIPA).
What Personal Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). We may have collected the following categories of personal information from our consumers within the last twelve (12) months:
-Identifiers ‐ A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, signature, or other similar identifiers.
-Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)) ‐ A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.
-Protected classification characteristics under California or federal law ‐ Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, sex (including gender, gender identity, veteran, or military status).
-Household Information ‐ Information pertaining to household age, estimated income identifier, number of persons in household, number of cars owned, household college education, dwelling type, among other information capable of being linked to a household.
Categories of Sources
We will collect the personal information described above from one or more of the below sources:
-Directly from you throughout our relationship, including when you sign up for, and/or use, our products, services, and websites, or when you visit our offices or attend a FirstBank event.
-Indirectly from you, for example, from observing your actions on our websites or mobile apps.
-From our parent entities, affiliates, subsidiaries, and partners.
-From third parties that are authorized to share your information with us, such as intermediaries, broker-dealers, our institutional clients, and service providers; and
-From publicly available sources of information.
How We Use Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
-To fulfill or meet the reason you provided the information.
-To provide, support, personalize, and develop our websites, mobile apps products, and services.
-To create, maintain, customize, and secure your account with us.
-To process your requests, transactions, payments and prevent transactional fraud.
-To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
-To help maintain the safety, security, and integrity of our websites, software, systems, networks, products, services, databases other technology assets, and business.
-To develop and carry out marketing activities to keep our clients informed about our products and services.
-To respond to requests by law enforcement and our regulators and as may otherwise be required by applicable law, court order, or governmental regulations.
-As described to you when collecting your personal information or as otherwise set forth in the CCPA.
FirstBank will not use the personal information we collected from materially different, unrelated, or incompatible purposes without providing you notice.
No Sale of Personal Information
FirstBank does not sell personal information to third parties for advertising or marketing products and services to you, or to third parties whose purpose in acquiring the information is to sell your personal information to others for advertising or marketing purposes. If this practice changes, you would have the right to opt‐out of the sale of your personal information.
Disclosure of Personal Information for a Business Purpose
We may disclose your personal information to third parties for business‐related purposes. Before we disclose personal information for a business purpose, we enter an agreement that describes the purpose and requires the recipient not to use or disclose the information except for purposes specified in the agreement, which typically is to perform services for us.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
-California Customer Records statute personal information categories.
-Protected classification characteristics under California or federal law.
We disclose your personal information to the following categories of third parties:
-Third parties to whom you or your agents authorize us to disclose your personal information in connection with activities we perform or services we provide to you or in connection with your loan.
-Third parties as part of our secondary market‐related activities and other aspects of our business, including but not limited to, loan servicers, consumer reporting agencies, workout companies, attorneys, and technology providers who enable us or third parties to perform business, professional, and technical support functions for us or you. For example, we may disclose personal information to third parties to administer or protect our interest in a loan.
We also may disclose personal information to our regulators and as otherwise required by applicable laws, regulations, and court orders.
Your Rights and Choices under the CCPA
The CCPA provides California residents with specific rights regarding their personal information. This section describes consumers’ CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Before we disclose information to you, we will ask you for information to verify your identity. Once we receive and confirm your verifiable consumer request, we will disclose to you:
-The categories of personal information we collected about you.
-The categories of sources for the personal information we collected about you.
-Our business or commercial purpose for collecting or sharing that personal information.
-The categories of third parties with whom we share that personal information.
-If we disclosed your personal information for a business purpose, the business purpose, and the categories of personal information that each category of recipient received.
Additionally, if you have requested it and have provided sufficient identifying information to enable us to do so, we will disclose the specific pieces of your personal information that we collected about you.
Please note that we may not disclose the information you have requested if we are unable to verify your identity. In addition, we may not disclose certain information that is covered by one or more of the exemptions from the CCPA, as outlined earlier in this Notice.
Right to Correct Inaccurate Personal Information
Ensuring corrected personal information remains corrected is a factor in determining whether fulfillment of a request to correct is in compliance.
Opt Out and Deletion Request Rights
You have the right to opt-out of the sharing of your personal information to third parties for business‐related purposes. Additionally, you have the right to request that we delete personal information that we collected and retained. If we deny your deletion request, we will inform you and explain the basis for our denial.
Exercising Your Access, Data Portability, and Deletion Rights
To exercise your rights described above, please call us at 1‐800‐413‐4211 to notify us of your choice.
You may only make a verifiable consumer request for access twice within a 12‐month period. The verifiable consumer request must:
-Provide us with sufficient detail to allow us to verify with reasonable certainty, that you are the person about whom we collected personal information.
-Provide us with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your personal information, or who you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465 (“Authorized Agent”). Authorized Agents will need to provide us with sufficient written proof that you have designated them as your Authorized Agent.
You may also make a verifiable consumer request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a request does not require you to create an account with us. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to each verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you already have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12‐month period preceding our receipt of your verifiable consumer request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by CCPA, we will not:
-Deny you goods or services.
-Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
-Provide you a different level or quality of goods or services.
-Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to This Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you by posting the updated Notice on our website homepage. Please be sure to check back periodically for any updates.
How to Contact Us
If you have any questions or comments about this Notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Attention: Director of Mortgage Administration
722 Columbia Avenue
Franklin, TN 37064
We’re here to help. Anytime.
Have questions? Contact us for neighborly advice.