California Consumer Privacy Act Policy
Last Update: December 30, 2022
Introduction
Your privacy is important to us. This California Consumer Privacy Act Policy explains how Luther Burbank Savings collects, uses, and discloses Personal Information relating to California residents covered by the California Consumer Privacy Act of 2018 and related amendments (“CCPA”). This Policy is provided pursuant to the CCPA.
Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual.
The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”). For example, information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information, please refer to our Privacy Notice.
Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.
Collection & Disclosure of Personal Information
Personal Information Luther Burbank Savings Collects
Categories | Examples | Purposes for Collection & Uses |
---|---|---|
Identifiers |
Identifiers, such as:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Personal Information |
California Customer Records’ Personal Information categories (Cal. Civ. Code § 1798.80(e)) which, in addition to the identifiers described above, also lists a person’s:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Protected Classes Characteristics |
Characteristics of protected classifications under California or federal law, such as:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Commercial Information |
Commercial information, including records of personal property and purchasing habits |
General Purposes:
|
Internet or Online Information |
Internet or other similar network activity, such as:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Geolocation Data | Geolocation data, such as device location |
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Biometric Information | Biometric Information, such as fingerprint and voice recordings. |
Employees (Current, Former, Prospective) Purposes:
|
Audio & Visual Information | Audio, electronic, visual, thermal, olfactory, or similar information |
General Purposes:
|
Professional or Employment-Related Information | Employment related records such as work history and prior employer |
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Educational Information | Non-publicly available educational information under the Family Educational Rights and Privacy Act (FERPA) and related regulations (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99) such as school and related education information |
Employees (Current, Former, Prospective) Purposes:
|
Inferences |
Inferences drawn from other Personal Information to create consumer profiles reflecting:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
We will not collect additional categories of Personal Information or use the Personal Information we collected for different or unrelated purposes without providing you notice.
Collection & Disclosure of Sensitive Personal Information
Luther Burbank Savings treats Sensitive Personal Information we collect as Personal Information given that the collection purpose is not for inferring characteristics about a consumer. This includes:
Categories | Examples | Purposes for Collection & Uses |
---|---|---|
Personal Information |
Identifiers and contact information, such as:
|
General Purposes:
Employees (Current, Former, Prospective) Purposes:
|
Private Communications |
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication. |
General & Employees (Current, Former, Prospective) Purposes:
|
Consumer’s Health |
Personal information collected and analyzed concerning a consumer’s health. |
Employees (Current, Former, Prospective) Purposes:
|
Sources for Collecting Personal Information
The categories of sources from whom we collect Personal Information are:
- Directly from you or an authorized agent or family member
- Service Providers and other third parties (e.g., credit bureaus or mortgage brokers)
- Directly and indirectly from activities including but not limited to our Website, Mobile App, or Social Networks
- Government Agencies and other publicly available sources
- Data Brokers
- Through an algorithm
Criteria for Determining Personal Information Retention Periods
Luther Burbank Savings does not retain Personal Information or Sensitive Personal Information for each disclosed purpose for which the Personal Information was collected for longer than is reasonably necessary for that purpose or as required by law.
Sharing Personal Information
The categories of service providers and/or third parties to whom we disclosed Personal Information for our business purposes described in this CCPA policy are:
- Government and law enforcement agencies in support of regulatory and legal requirements
- Third parties and/or service providers who provide services such as website hosting, data analysis, payment and transaction processing, check order fulfillment, customer service, email delivery, auditing, marketing, and supporting day-to-day operations
- Third parties and/or service providers who provide services such as online/mobile banking, banking infrastructure, data storage, outside legal counsel, tax advisors, notaries, appraisers, and others supporting the delivery of the bank’s products and services to our customers and prospects
- Third parties and/or service providers in connection with human resource activities and employee management
- Third parties and/or service providers in support of operations, including to meet risk, regulatory, legal and compliance requirements
- Third parties in connection with routine or required reporting, including consumer reporting agencies and other third parties
- Third parties in connection with providing business management and development services
When we disclose Personal Information to service providers and/or third parties, we enter into a binding contract that describes the purpose of sharing the information and requires the recipient to keep the Personal Information confidential and not use it for any purpose except performing the contract.
Sale of Personal Information
In the past 12 months, Luther Burbank Savings has not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16.
Luther Burbank Savings does not offer an opt-out from the sale of Personal Information because we do not sell Personal Information in accordance with CCPA.
Rights Under the CCPA
If you are a California resident, you have the right to:
- Request, twice in a 12-month period at no cost to you, that we disclose to you the Personal Information we have collected, used and disclosed about you during the past 12 months;
- Request we delete certain Personal Information we collected from you, subject to certain exemptions;
- Request we limit the use of Sensitive Personal Information to specifically permitted purposes as outlined in this policy;
- Request we correct inaccurate Personal Information we collected from you, subject to certain exemptions; and
- If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by LBS.
How to Exercise Your Rights
To exercise your rights, please submit a request to us by either:
- Completing a form online
- Calling us at 844.269.1031
Once you have submitted a request, we will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. In addition, we may ask you to describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Only you or a person that you authorize to act on your behalf may make a Verifiable Consumer Request, as defined in the CCPA, related to your Personal Information. You may also make a Verifiable Consumer Request on behalf of your minor child.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
Making a Verifiable Consumer Request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We commit to respond to a Verifiable Consumer Request within 45 days of its receipt. If we require more time (up to a total of 90 days), we will inform you of the reason and extension period in writing.
Authorized Agent
If you are a California resident, you may authorize an agent to make an access, deletion or correction request on your behalf. When an authorized agent submits a request, Luther Burbank Savings will require the requestor to: (1) provide the authorized agent’s written permission to do so; and (2) verify their own identity directly with Luther Burbank Savings. In the event that Luther Burbank Savings is unable to verify the identity of the requestor or does not receive proof from the authorized agent that the requestor authorized the agent to act on the requestor’s behalf, the request will be denied.
Changes to This California Consumer Privacy Rights Act Policy
Luther Burbank Savings may make periodic changes to the Bank’s CCPA Policy. When these changes occur, we post the new policy on our website and change the "Last Updated" date. When appropriate, we may notify you through other means.
Contact for More Information
Consumers with questions or concerns about Luther Burbank Savings’ California Privacy Rights Policy and practices should call 1.888.578.4495.
Downloadable Version of This Policy
To download a pdf copy of this policy, click here.