California Consumer Privacy Act (CCPA) Privacy Notice and Policy

Your Right to Know About Personal Information (PI) Collected, Disclosed, or Sold: A consumer has the right to request that we disclose to them what personal information we collect, use, disclose and sell.

If you wish to submit a verifiable consumer request for personal information we collect, use, disclose or sell you should:

In order to verify your identity, we will attempt to associate the information you provide in your request with any personal information previously collected about you by us. In order to fulfill your request, we may require additional identity verification and will contact you. However, in no circumstance will we ask you for your social security number, your driver’s license number (or similar identifying number), your account or debit card number or PIN. We will respond to a verifiable consumer request within forty-five days of its receipt. If we require additional time (up to 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

Sale of Personal Information

In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.

Right to Opt-Out of the Sale of Personal Information

You have the right to opt-out of the sale of your personal information, however, the Bank does not and will not sell the personal information of consumers to third parties. As the Bank does not and will not sell Personal Information, there is no Opt-Out process to follow.

Collection of Personal Information

In the past 12 months, we have collected, and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents covered by this disclosure:

Categories of PI we Collect Categories of Sources from Which We Collect the PI Our Business or Commercial Purpose for Collecting the PI Categories of Third Parties with Whom We Share the PI
  • Identifiers (i.e. name, government issued identifier, internet protocol address)
  • Directly from a California resident or the individual’s representatives Website
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business. Debugging to identify and repair errors that impair existing intended functionality.
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
  • Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing activities.
  • Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors.
  • Other Third Parties who enable customers to conduct transactions online and via mobile devices, support mortgage and fulfillment services, vehicle loan processes and aggregators (at the direction of the customer).
  • Government Agencies as required by laws and regulations.
  • Personal information, as defined by the CCPA: California Safeguards Law  (i.e. contact information); 
  • Protected classifications (i.e. marital status, age, sex);
  • Commercial information (i.e. credit reports, title reports);
  • employment information
  • Directly from a California resident or the individual’s representatives.
  • Website
  • Service Providers
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
  • Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, employment background checks, auditing, marketing activities.
   
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
  • Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors, who promote the bank and its financial services and products to customers and other prospective buyers.
  • Other Third Parties who enable customers to conduct transactions online and via mobile devices, support mortgage and fulfillment services, vehicle loan processes and aggregators (at the direction of the customer).
  • Government Agencies as required by laws and regulations.
  • Biometric information (i.e. images, fingerprints)
  • Branch video surveillance recording
  • Service Providers
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business. Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).
  • Performing services as directed by the customer.
  • Government Agencies as required by laws and regulations.
  • Third parties who provide services such as legal, audit, tax, financial services.
  • Audio, electronic, visual and similar information (i.e. video recordings)
  • Internet or other electronic network activity information
    (i.e. interaction with a website or advertisement) 
  • Branch video surveillance recordings
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business.
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions)
Government Agencies as required by laws and regulations

Right to Request Deletion of Personal Information
The right to request deletion of personal information grants a consumer the right to request that the bank and any of its service providers delete personal information they collect about the consumer.  With that said, Redwood Capital Bank’s collection and use of consumer data all fall within the enumerated exemptions and therefore Redwood Capital Bank is not obligated to comply with any consumer requests to delete their data.   

Section 1798.105(d) of the CCPA provides that a business or service provider is not required to comply with a consumer’s request to delete the consumer’s personal information from its records if the information is necessary for the business or service provider to:

1. Complete the transaction for which the personal information is collected;
2. Provide a good or service requested by the consumer or reasonably anticipated within the context of a business’s ongoing business relationship    with the consumer;
3. Perform a contract between the business and the consumer;
4. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity
5. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
6. Comply with a legal obligation; and
7. Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Right to Non-Discrimination for the Exercise of Your Privacy Rights

You have a right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the California Consumer Privacy Act (California Civil Code § 1798.100 et seq.).

Authorized Agent

You may designate an authorized agent to make a request under the California Consumer Privacy Act on your behalf by providing your authorized agent with written authorization to do so. If you are an online banking customer, you may submit your agent designation through online secure messaging. We may, at our sole discretion, choose to verify the identity of the person for whom the agent is submitting the request.

Contact for More Information:

Online:
www.redwoodcapitalbank.com

By mail:
Redwood Capital Bank
402 G Street
Eureka, California  95501
Attn: Compliance Department

Revision date: 2/20/2024