California Consumer Privacy Act Policy

Last Update: December 27, 2023

Introduction

Your privacy is important to us. This California Consumer Privacy Act Policy explains how Luther Burbank Savings collects, uses, and discloses Personal Information relating to California residents covered by the California Consumer Privacy Act of 2018 and related amendments (“CCPA”). This Policy is provided pursuant to the CCPA.

Under the CCPA, ‘Personal Information’ is information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual.

The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”). For example, information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information, please refer to our Privacy Notice.

Keeping Personal Information secure is one of our most important priorities. Consistent with our obligations under applicable laws and regulations, we maintain physical, technical, electronic, procedural and organizational safeguards and security measures that are designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by us or elsewhere.

 

Collection & Disclosure of Personal Information

Personal Information Luther Burbank Savings Collects

Categories Examples Purposes for Collection & Uses
Identifiers

Identifiers, such as:

  • social security, driver’s license, state identification card, or passport number;
  • account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • precise geolocation;
  • racial or ethnic origin; or
  • union membership

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Manage and improve our products and services
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Payroll and Expense Report Administration
  • Administration of Benefits
  • Income & Social Security Tax Purposes
  • Provide Job Related Notifications
  • Comply with Company Policies
  • Employment Job Opportunities
  • Employee Health and Safety Measures
Personal Information

California Customer Records’ Personal Information categories (Cal. Civ. Code § 1798.80(e)) which, in addition to the identifiers described above, also lists a person’s:

  • signature;
  • state identification card number;
  • physical characteristics or description;
  • insurance policy number;
  • education;
  • employment or employment history;
  • bank account number, credit card number, debit card number, or any other financial information; or
  • medical information or health insurance information

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Payroll and Expense Report Administration
  • Administration of Benefits
  • Income & Social Security Tax Purposes
  • Provide Job Related Notifications
  • Comply with Company Policies
  • Employment Job Opportunities
  • Employee Health and Safety Measures
Protected Classes Characteristics

Characteristics of protected classifications under California or federal law, such as:

  • race;
  • national origin; or
  • gender; or
  • marital status; or
  • military status

General Purposes:

  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights

Employees (Current, Former, Prospective) Purposes:

  • Regulatory Examinations
  • Diversity and Inclusion Programs
  • Investigate Complaints and Grievances
  • Equal Opportunity Employment Purposes
Commercial Information

Commercial information, including records of personal property and purchasing habits

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Manage and improve our products and services
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations
Internet or Online Information

Internet or other similar network activity, such as:

  • Information regarding a consumer’s interaction with a LBS website, application, or advertisement, including browsing history or search history

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Manage and improve our products and services
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Prevent and Detect Security Incidents
  • Provide Job Related Notifications
  • Comply with Company Policies
  • Comply with information security laws and regulations 
Geolocation Data Geolocation data, such as device location

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Manage and improve our products and services
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Prevent and Detect Security Incidents
Biometric Information Biometric Information, such as fingerprint and voice recordings.

Employees (Current, Former, Prospective) Purposes:

  • Uniquely identify a consumer and authorize access to Bank systems.
Audio & Visual Information Audio, electronic, visual, thermal, olfactory, or similar information

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights• Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations


Employees (Current, Former, Prospective) Purposes:

  • Prevent and Detect Security Incidents
  • Marketing and Social Media
  • Comply with Company Policies 
Professional or Employment-Related Information Employment related records such as work history and prior employer

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Payroll and Expense Report Administration
  • Administration of Benefits
  • Income & Social Security Tax Purposes
  • Provide Job Related Notifications
  • Comply with Company Policies 
Educational Information Non-publicly available educational information under the Family Educational Rights and Privacy Act (FERPA) and related regulations (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99) such as school and related education information

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
Inferences

Inferences drawn from other Personal Information to create consumer profiles reflecting:

  • preferences;
  • characteristics;
  • psychological trends;
  • predispositions;
  • behavior;
  • attitudes;
  • intelligence;
  • abilities; or
  • aptitudes

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Administration of Benefits
  • Provide Job Related Notifications
  • Comply with Company Policies

We will not collect additional categories of Personal Information or use the Personal Information we collected for different or unrelated purposes without providing you notice.

 

Collection & Disclosure of Sensitive Personal Information

Luther Burbank Savings treats Sensitive Personal Information we collect as Personal Information given that the collection purpose is not for inferring characteristics about a consumer. This includes:

Categories Examples Purposes for Collection & Uses
Personal Information

Identifiers and contact information, such as:

  • a real name;
  • an alias;
  • a postal address;
  • an email address;
  • a unique personal or online identifier;
  • an IP address;
  • an account name;
  • a social security number (SSN);
  • a driver’s license or passport number; or
  • citizenship and immigration status; or
  • another form of persistent or probabilistic identifier that can identify a particular consumer, family, or device

General Purposes:

  • Provide you with products, services, or information, verify customer information, provide advertising or marketing, or provide similar services
  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Maintain and service your account, including processing transactions
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Manage and improve our products and services
  • Utilize service providers and third parties for business purposes
  • Comply with policies, procedures, and contractual obligations

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Payroll and Expense Report Administration
  • Administration of Benefits
  • Income & Social Security Tax Purposes
  • Provide Job Related Notifications
  • Comply with Company Policies 
  • Communicate with Emergency Contacts and Plan Beneficiaries
Private Communications

The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

General & Employees (Current, Former, Prospective) Purposes:

  • Support our audit, legal, regulatory, and compliance obligations, and exercise and defend legal rights
  • Enable information security, detect security incidents, authenticate your identity, and perform due diligence
  • Comply with policies, procedures, and contractual obligations
Consumer’s Health

Personal information collected and analyzed concerning a consumer’s health.

Employees (Current, Former, Prospective) Purposes:

  • Employment Processing
  • Payroll and Expense Report Administration
  • Administration of Benefits
  • Income & Social Security Tax Purposes
  • Provide Job Related Notifications
  • Comply with Company Policies
  • Employee Health and Safety Measures

 

Sources for Collecting Personal Information

The categories of sources from whom we collect Personal Information are:

  • Directly from you or an authorized agent or family member
  • Service Providers and other third parties (e.g., credit bureaus or mortgage brokers)
  • Directly and indirectly from activities including but not limited to our Website, Mobile App, or Social Networks
  • Government Agencies and other publicly available sources
  • Data Brokers
  • Through an algorithm

 

Criteria for Determining Personal Information Retention Periods

Luther Burbank Savings does not retain Personal Information or Sensitive Personal Information for each disclosed purpose for which the Personal Information was collected for longer than is reasonably necessary for that purpose or as required by law.

 

Sharing Personal Information

The categories of service providers and/or third parties to whom we disclosed Personal Information for our business purposes described in this CCPA policy are:

  • Government and law enforcement agencies in support of regulatory and legal requirements
  • Third parties and/or service providers who provide services such as website hosting, data analysis, payment and transaction processing, check order fulfillment, customer service, email delivery, auditing, marketing, and supporting day-to-day operations
  • Third parties and/or service providers who provide services such as online/mobile banking, banking infrastructure, data storage, outside legal counsel, tax advisors, notaries, appraisers, and others supporting the delivery of the bank’s products and services to our customers and prospects
  • Third parties and/or service providers in connection with human resource activities and employee management
  • Third parties and/or service providers in support of operations, including to meet risk, regulatory, legal and compliance requirements
  • Third parties in connection with routine or required reporting, including consumer reporting agencies and other third parties
  • Third parties in connection with providing business management and development services

When we disclose Personal Information to service providers and/or third parties, we enter into a binding contract that describes the purpose of sharing the information and requires the recipient to keep the Personal Information confidential and not use it for any purpose except performing the contract.

 

Sale of Personal Information

In the past 12 months, Luther Burbank Savings has not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16.

Luther Burbank Savings does not offer an opt-out from the sale of Personal Information because we do not sell Personal Information in accordance with CCPA.

 

Rights Under the CCPA

If you are a California resident, you have the right to:

  1. Request, twice in a 12-month period at no cost to you, that we disclose to you the Personal Information we have collected, used and disclosed about you during the past 12 months;
  2. Request we delete certain Personal Information we collected from you, subject to certain exemptions;
  3. Request we limit the use of Sensitive Personal Information to specifically permitted purposes as outlined in this policy;
  4. Request we correct inaccurate Personal Information we collected from you, subject to certain exemptions; and
  5. If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by LBS.

 

How to Exercise Your Rights

To exercise your rights, please submit a request to us by either:

Once you have submitted a request, we will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. In addition, we may ask you to describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Only you or a person that you authorize to act on your behalf may make a Verifiable Consumer Request, as defined in the CCPA, related to your Personal Information. You may also make a Verifiable Consumer Request on behalf of your minor child.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.

Making a Verifiable Consumer Request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We commit to respond to a Verifiable Consumer Request within 45 days of its receipt. If we require more time (up to a total of 90 days), we will inform you of the reason and extension period in writing.

 

Authorized Agent

If you are a California resident, you may authorize an agent to make an access, deletion or correction request on your behalf. When an authorized agent submits a request, Luther Burbank Savings will require the requestor to: (1) provide the authorized agent’s written permission to do so; and (2) verify their own identity directly with Luther Burbank Savings. In the event that Luther Burbank Savings is unable to verify the identity of the requestor or does not receive proof from the authorized agent that the requestor authorized the agent to act on the requestor’s behalf, the request will be denied.

 

Changes to This California Consumer Privacy Rights Act Policy

Luther Burbank Savings may make periodic changes to the Bank’s CCPA Policy. When these changes occur, we post the new policy on our website and change the "Last Updated" date. When appropriate, we may notify you through other means.

 

Contact for More Information

Consumers with questions or concerns about Luther Burbank Savings’ California Privacy Rights Policy and practices should call 1.888.578.4495.

 

Downloadable Version of This Policy

To download a pdf copy of this policy, click here.