Skip to content

Privacy & Security > California Consumer Privacy Act Statement


California Residents

BAC Community Bank
California Consumer Privacy Act (“CCPA”)
Privacy Statement

The following CCPA Privacy Statement shall not apply to the collection, processing, sale or disclosure of any information (i) that a consumer provides to us to obtain a financial product or service from us, or (ii) about a consumer resulting from any transaction involving a financial product or service between us and the consumer; or (iii) we otherwise obtain about a consumer in connection with providing a financial product or service to that consumer.

To better understand your rights in respect of any such information excluded from the following CCPA Privacy Statement, please instead reference the BAC Community Bank Privacy page, which you may visit at .

This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Consumer Privacy Disclosure of BAC Community Bank (“we,” “us,” or “our”) and applies solely to consumers who reside in the State of California (“consumers” or “you”). We adopt this statement to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this statement. For California residents, the provisions of this Privacy Statement prevail over any conflicting provisions of the BAC Community Bank Privacy Policy, the BAC Community Bank Mobile Banking Terms & Conditions, and/or the BAC Community Bank Online Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA (“Personal Information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:





Name, postal address, online identifier, internet protocol address, email address, Social Security number, driver's license number, or other similar identifiers


Categories of Personal Information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, Social Security number, address, telephone number, passport number, driver's license or state identification card number, employment, employment history, bank account number, credit card number, debit card number, or other financial information

Some personal information included in this category may overlap with other categories.


Protected classification characteristics under California or federal law 

Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, veteran or military status


Commercial information 

Records of personal property, products or services purchased, obtained, or considered


Biometric information 

Fingerprints, faceprints, and voiceprints


Internet or other similar network activity

Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement


Geolocation data

Physical location or movements 


Sensory data 

Audio, electronic, visual, or similar information


Professional or employment-related information

Current or past job history or performance evaluations 


Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records


Inferences drawn from other Personal Information.

Profile reflecting a person's preferences, characteristics, predispositions, behavior, or attitudes


*Examples provided are not all inclusive or limited within the category

Personal Information does not include:

  • Publicly available information from government records. 
  • De-identified or aggregate consumer information. 
  • Other information to the extent excluded from the CCPA's scope, like:
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CalFIPA), and the Driver's Privacy Protection Act of 1994; 
    • Health or medical information that constitutes clinical trial data or that is otherwise covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), or the California Confidentiality of Medical Information Act (CMIA); 

    • Personal Information we may collect from a natural person (including, without limitation, emergency contact information for that natural person and such other Personal Information we may need in order to administer benefits for such natural person) in the course of the natural person applying for a job with us or otherwise in connection that natural person acting as our employee, owner, director, officer, medical staff member, or contractor; and 

    • Personal Information we may collect from a natural person who is acting as an employee, owner, director, officer, or contractor of another company with which company we are communicating or for which company we are otherwise evaluating or actually providing a product or service

With respect to each of the categories of Personal Information listed in the table above, we obtain such Personal Information from a variety of sources, including from:

  • Directly from our customers and consumers, for example, from forms you complete for products and services
  • Indirectly from our customers and consumers, for example, from website activity
  • From third parties, for example, credit reports from credit reporting agencies

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • Purpose for Providing : To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a rate quote, ask a question about our products or services, or apply for one of our products or services, we will use that personal information to respond to your inquiry or your application. If you provide your personal information to purchase a product or service or obtain an account with us, we will use that information to process your request. We may also use your information to facilitate servicing your account with us, provide email alerts, event registrations, other statements concerning our products and services. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses. We may also share your information with a third party service provider to assist us in servicing your account.

  • Fraud & Security Purposes : To create, maintain, customize, and secure your account with us and to process your requests, transactions, and payments and prevent transactional fraud. To also help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business. To detect and protect against any security incidents, malicious, deceptive, fraudulent or illegal activity, and to prosecute the same. We may also use information provided to identify, debug and repair errors in our systems as necessary or appropriate to protect the rights, property or safety of us, our customers, consumers or others.

  • Legal and Regulatory Requirements : To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations or other legal process. For such purposes as may be necessary or appropriate in connection with audits and reporting relating to particular transactions and interactions, including online interactions.

  • Website : To provide, support, personalize, and develop our Website, products, and services and your Website experience, including the delivery of content, product and service offerings and targeted offers via email or text message (with your consent, where required by law). For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.

  • Contractual Purposes : To engage in or maintain a contractual relationship with you.

  • Employment Related Purposes : To engage in or maintain an employment relationship with you or for any other employment related permissible purposes, including administration of benefits and recruiting efforts.

  • Marketing Purposes : We do not share your information with outside companies for their marketing purposes.

  • Due Diligence Purposes : To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of BAC Community Bank’s assets, or some or all of another’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by BAC Community Bank or the personal information held by another, about Website users, customers, applicants, employees, vendors and any other individual covered by the CCPA, is among the assets transferred or reviewed.

  • Other Uses: As described to you when collecting your personal information or as otherwise set forth in the CCPA.

Sharing Personal Information

BAC Community Bank may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

California Customer Records Personal Information categories
Protected Classification Characteristics under California or Federal Law
Commercial Information
Biometric Information
Internet or other similar network activity
Geolocation Data
Sensory Data
Professional or employment-related information
Non-public education information
Inferences drawn from other Personal Information

With respect to each of the categories of Personal Information listed immediately above, we may disclose such Personal Information for a business purpose to the following categories of third parties:

  • Our affiliates 
  • Service providers
  • Such third parties as our customers or consumers may direct us to disclose their personal information
  • Law Enforcement and Regulatory Agencies as required by law

We do not, and will not, sell (as that term is defined by the CCPA) any Personal Information that we collect.  


Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (subject to applicable exemptions and exceptions):

  • The categories of Personal Information we have collected about you. 
  • The categories of sources for the Personal Information we have collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).
  • If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:

    • the categories of Personal Information about you that we disclosed for a business purpose; and
    • the categories of Personal Information about you that we have sold within the meaning of the CCPA and the categories of third parties to whom the Personal Information was sold

Deletion Request Rights 

You have the right to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the Personal Information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. 

  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. 

  3. Debug products to identify and repair errors that impair existing intended functionality. 

  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. 

  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq. ). 

  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent. 

  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. 

  8. Comply with a legal obligation. 

  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a request to us by either:

BAC Community Bank
Compliance Department
P.O. Box 1140
Stockton, CA 95201

Only you or a person who you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. Your agent may be subject to the same verification procedures that we use to verify consumers who do not currently have a relationship with us. As permitted by law, we may require you to verify your own identity in response to a request even if you choose to use an agent. You may also make a verifiable consumer request on behalf of your minor child, though please understand that, in connection with your assertion of such rights on behalf of your minor child, we may require that you sign and submit a consent form. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected
    Personal Information or an authorized representative.

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Verifying Your Request

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request. We may otherwise limit our response to your request as permitted under applicable law.

Whenever feasible, we will match the identifying information provided by you to the Personal Information we maintain, or use a third-party identity verification service that complies with the CCPA. However, if we cannot verify your identity from the Personal Information that we maintain, we may request additional information from you, which shall only be used for the purposes of verifying your identity.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CCPA rights, we will not:

  • Deny you goods or services. 
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
  • Provide you a different level or quality of goods or services. 
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Statement

We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will notify you through a statement on our website homepage.

Contact Information

If you have any questions or comments about this statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: [email protected]

Phone: (877) 226-5820, select option 9
Postal Address:

BAC Community Bank
Attn: Compliance Department
P.O. Box 1140
Stockton, CA 95201


Effective Date: January 1, 2020