Last Updated February 2022
CALIFORNIA CONSUMER PRIVACY ACT NOTICE
This California Consumer Privacy Act Notice (“Notice”) explains how BankUnited, N.A. and its subsidiary and affiliate companies (collectively, “BankUnited”, “we”, “us” or “our”) collect, use, and disclose personal information subject to the California Consumer Privacy Act (“CCPA”). It also describes the privacy rights of California residents under the CCPA and how they can exercise those rights.
This Notice applies solely to California residents and supplements any other privacy policies or notices applicable to the BankUnited services that you visit or use.
Personal Information Covered By This Notice
Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. This information is referred to in this Notice as “Personal Information”.
For purposes of this Notice, Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- Personal information covered by certain federal and state privacy laws including, without limitation, the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
This Notice does not apply to information that we collect: (i) in connection with providing products or services to other businesses (such as our commercial or small business customers) or when receiving products or services from our suppliers, and (ii) in the context of a person’s role as a job applicant, employee, associate, contractor, or other member of the Bank workforce.
Categories of Personal Information That We Collect
The categories of Personal Information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual. Most of the information we have collected has been collected in the context of providing financial products and services, and is therefore not subject to the CCPA. We also collect Personal Information relating to California residents in other contexts, including in connection with our marketing activities, our websites and mobile applications.
In the past 12 months, we have collected the following categories of Personal Information relating to California residents. The examples provided in each category below are for illustrative purposes only.
|A. Identifiers.||Personal unique identifiers, such as full name, alias, and federal or state issued identification numbers including Social Security number, driver’s license number, and passport number.||YES|
|B. Personal information as defined in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Contact and financial information such as telephone number, address, account number, account balance, payment card details including credit and debit card numbers, as well as medical and health insurance information.|
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.||Age , race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related
medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Information about products and services obtained and transaction histories||YES|
|E. Biometric information.||Physical or behavioral characteristics that are used or intended to be used to establish individual identity, such as for authentication or fraud prevention purposes.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Device location.||YES|
|H. Audio, and Visual Information.||Audio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings||YES|
|I. Professional or employment-related information.||An individual’s employer, title, or years of employment||YES|
|J. Education Information||Education information, such as school and related information||YES|
|K. Inferences drawn from other personal information.||Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics||NO|
Sources of Personal Information
The sources from which we collect Personal Information depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Information in different contexts.
- Directly from you or your agents - through physical (e.g. paper), audible (e.g., phone), or electronic (e.g., website, social media) sources.
- Government entities or publicly available sources including information made available by federal, state, or local government entities and information from other widely available sources (e.g. the media and social network sites).
- Our Affiliates companies related by common ownership or control.
- Service providers - outside companies or organizations that provide data to support activities such as software providers, marketing companies, communication services, fraud prevention services, data analytics providers, data providers.
- Business partners - outside companies or organizations from whom we collect Personal Information as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development.
- Third parties that you have authorized or directed to share your information with us such as payment processors, credit management programs, retailers, lenders.
Purposes for Which We Use Personal Information
Most of the Personal Information we use is in the context of providing financial products and services, and is therefore not subject to the CCPA. We may use Personal Information relating to California residents for one or more of the following business purposes:
- Providing and maintaining our products and services
- Verifying your identity
- Detecting and preventing fraud
- Protecting against security risks
- Advertising and marketing
- Conducting research and data analysis
- Maintaining our facilities, systems, and infrastructure
- Improving our products and services
- Carrying out our legal and business purposes, such as complying with federal, state, or local laws, responding to civil, criminal, or regulatory lawsuits or investigations, exercising our rights or defending against legal claims, resolving complaints and disputes, performing compliance activities, performing institutional risk control, and otherwise operating, managing, and maintaining our business
- As otherwise disclosed to you at or before the point of collecting your personal information
We may also use personal information relating to California residents for one or more of the specific “business purposes” listed in the CCPA:
- Certain auditing and measurement purposes, such as counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with applicable standards
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Short-term, transient use
- Performing services on behalf of the Bank or its service providers including, without limitation, maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, or providing analytic services,
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service that is owned or controlled by the Bank, and to improve, upgrade, or enhance the service that is owned or controlled by the Bank
We will not collect additional categories of Personal Information or use Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosure of Personal Information
During the past 12 months, we may have disclosed for our business purposes the above listed categories of Personal Information concerning California residents for our business purposes to one or more of the following categories of third parties:
- Outside companies or organizations, including service providers and other parties, partners and financial institutions, subject to appropriate confidentiality and use restrictions, to whom we disclose Personal Information as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development.; other parties, partners, and financial institutions; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.
- Companies or individuals that represent California residents such as an accountant, financial advisor, or person holding power of attorney on behalf of a California resident.
- Government and law enforcement agencies to support regulatory and legal requirements.
- Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties.
Under the CCPA California residents have specific rights regarding their Personal Information. This section describes and explains how to exercise those rights.
If you are a California resident, you may request that we disclose to you the following information covering the 12-months preceding your request (“Access Request”):
- The categories of sources from which the Personal Information was collected.
- Our business or commercial purpose(s) for collecting such Personal Information.
- The categories of third parties to whom we have disclosed such Personal Information.
- The specific pieces of Personal formation we collected about you.
California residents also have the right to submit a request for deletion of Personal Information under certain circumstances (“Deletion Request”), although there may be legal or other reasons that we will retain your information.
How To Make Requests
If you are a California resident, you can initiate an Access Request or a Deletion Request by contacting us at 1-877-779-2265 or by email at CCPA@BankUnited.com. When you make a request, please provide the following information to assist us in our attempt to verify that you are who you say you are.
For an individual making a request on behalf of themselves:
- Your name;
- Contact information, including email address;
- Last 4 digits of the taxpayer identification number;
- Your full residential address, including city, state, and zip code.
For an individual (“requestor”) making a request on behalf of a California resident:
- The requestor’s name; contact information including email address.
- The name; full residential address including city, state and zip code; contact information including email address; and last 4 digits of the social security or individual taxpayer identification number on whose behalf the request is being made.
- A document to confirm that the requestor is authorized to make the request (e.g. copy of a power of attorney, legal guardianship or conservatorship order, or a birth certificate of a minor if the requestor is the custodial parent.)
For a company or organization (“legal entity requestor”) making a request on behalf of a California resident:
- The legal entity requestor’s active registration with the California Secretary of State and contact information.
- Proof that the California resident has authorized the legal entity requestor to make the request (e.g. copy of a power of attorney, or legal guardianship or conservatorship order).
- The name; full residential address including city, state and zip; contact information including email address; last 4 digits of the social security or individual taxpayer identification on whose behalf the request is being made. From the individual who is acting on behalf of the legal entity requestor, proof that the individual is authorized by the legal entity requestor to make the request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information that relates to you. You do not need to create an account with us to submit a verifiable request to know or delete. We will only use Personal Information provided in the consumer request to verify the requestor's identity or authority to make the request.
There are some situations where we won't, or may not be able to, fulfill some or all of your CCPA request:
- If you aren’t a California resident
- If we can't verify your identity
- If we can't match the data we have on file to your verified credentials
- If you have a preexisting business relationship with us
- If we're required or permitted to keep some or all of your personal information under federal regulations or other laws
Responding to Requests
In some instances, we may decline to honor your request. For example, if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual.
In addition, privacy and data protection laws, other than the CCPA, apply to much of the Personal Information that we collect, use, and disclose. When these laws apply, Personal Information may be exempt from, or outside the scope of, your request. For example, information subject to certain federal privacy laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability, is exempt from CCPA requests.
As a result, in some instances, we may decline all or part of a request related to Personal Information exempt from CCPA requests. This means that we may not provide some or all of this Personal Information when you make an Access Request. Also, we may not delete some or all of this Personal Information when you make a Deletion Request.
Response Timing and Format
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
If you have an account with us, we will deliver our written response using the contact information we have on file for you. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to this Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on our website indicating when the Notice was last updated.
If you have any questions or concerns pertaining to this Notice, please contact us at 1-877-779-2265 or by email at CCPA@BankUnited.com.