Online Privacy Statement

NASB is committed to protecting your personal information.

privacy-disclosures

Online Privacy Statement

Effective Date: January 2020

 

North American Savings Bank, F.S.B. (“NASB”, “Bank,” we, our, or us) respects your privacy, and is committed to protecting your personal information. This Online Privacy Statement (“Statement”) applies to www.nasb.com (the “Site”) and our online banking mobile app (the "App") available on the Apple App Store and Google Play.  This Statement explains how we collect, use, and share your information.

CAREFULLY READ OUR PRIVACY POLICY BEFORE USING THIS SITE. OUR PRIVACY POLICY OUTLINES HOW WE SHARE YOUR PERSONAL INFORMATION.  FOR THE PURPOSE OF THIS ONLINE PRIVACY STATEMENT, PLEASE BE AWARE THAT NASB DOES NOT SHARE OR SELL YOUR PERSONAL INFORMATION WITH OTHER FINANCIAL INSTITUTIONS, WITH OUR AFFILIATES, OR WITH NONAFFILIATES, FOR THEIR EVERYDAY BUSINESS PURPOSES OR FOR THEIR ABILITY TO MARKET TO YOU.  CONTINUING TO NAVIGATE THIS SITE CONSTITUTES YOUR AGREEMENT TO THE TERMS OF THIS STATEMENT.

The Bank controls this Site and the App. However, software, hosting and other functions may be provided by our service providers ("Service Providers”) or business partners. This Statement does not apply to any of our offline activities (unless otherwise specifically stated) and you may also receive additional privacy notices from us if you are a customer or if you reside in a location that requires additional disclosures.

Information Collection on the Website

NASB collects information about you, including your IP address, browser choice, operating system, date and time of visit and the website you navigated from. This information helps NASB tailor your online experience to your device and to provide information most relevant to you. Additionally, NASB also collects personal information that you provide to us if you use the Site to apply for or use our products or services, request additional information from us or participate in a promotion or survey. In such cases, if you so choose, you may give us your name, contact information, Social Security number, date of birth and/or email address.

Information Collected for Everyday Business Purposes

When you visit our Site, use our App or online services, or apply to become one of our customers, NASB may collect personal information from or about you such as your name, email address, mailing address, telephone number(s), account numbers, limited location information, credit score range, user name and password. We may also collect payment card information, social security numbers, driver’s license numbers (or comparable) when you provide such information while using our online services and where we believe it is reasonably required for ordinary business purposes.  NASB may also collect “protected class” data (e.g., race, sex, gender national origin and age) from you in order to be in compliance with applicable anti-discrimination laws. 

We may also collect unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, application version numbers, IP addresses, and personal information for remarketing audiences.

We may collect “Online/Mobile Activity Data.” Online/Mobile Activity Data includes, without limitation, data such as IP address, browser type and language, and display/screen settings, data about how you use and interact with the Site and mobile advertisements; data about your mobile device; advertising identifiers; geo location data; other websites you visited prior to coming to our Site; social media preferences and other social media data; and other data that may be aggregated and/or de-identified (information that doesn’t identify individual consumers or customers).

Other Information We Collect Online:  Other Information is any information other than Personal Information that does not reveal your specific identity or does not directly relate to an individual, such as browser information, information collected through cookies, pixel tags and other technologies, demographic information, other information provided by you such as your date of birth or household income, and aggregated and de-identified data.

Bank customers can find additional information about how we collect and use your personal data at our customer Privacy Policy here.

Cookies, Web Beacons and Other Embedded Technologies

The NASB website uses cookies, web beacons, and similar technologies. A web beacon is a small string of code placed on a webpage to capture information such as IP address, time, web browser, time zone, and domain. Web beacons and cookies gather data that help us under understand how you use our Site and to make your browsing experience more seamless. You may manage how and whether you allow certain embedded technologies by modifying your browser settings. Please see your web browser’s privacy policy for specific instructions regarding how to limit the use of these technologies on your computer. If you limit or delete embedded technologies, you may be unable to access or use all or part of the Site or benefit from information or services offered.

The types of cookies we use are:

  • Strictly Necessary Cookies: These cookies are essential for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but then some parts of the site will not work. These cookies do not store any personally identifiable information.
  • Analytics Cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors navigate the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.  You may opt-out of Google analytics here.
  • Advertising and Targeting Cookies: These cookies may be set through our site by our advertising partners. They are used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not directly store personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
  • Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and building up a profile of your interests. This impacts the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

Online Promotions, Sweepstakes and Surveys

From time to time you may have the opportunity to participate in online surveys or sweepstakes on our Site. Participation in online surveys, sweepstakes or promotions is entirely voluntary. NASB uses information gathered during these events to learn how to better serve you and to administer the promotions, sweepstakes and surveys.

Children’s Privacy

NASB does not knowingly collect personally identifiable information from children under 13 years of age without parental consent. THIS SITE IS NOT DIRECTED TO OR INTENDED FOR INDIVIDUALS UNDER 13 YEARS OF AGE. If you are under the age of 13, please do not provide us personally identifiable information of any kind whatsoever.

The Children’s Online Privacy Protection Act (“COPPA”) protects children under the age 13 from the online collection of personal information. For more information about COPPA, visit the Federal Trade Commission website: https://www.ftc.gov.

Information Use and Sharing

Unless otherwise described in this Statement, NASB shares information that we collect about you as described in the Privacy Policy. NASB may share your information with Service Providers that perform services on our behalf. NASB provides our Service Providers with the minimum amount of information necessary to complete the requested service. Our Service Providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. NASB may also disclose your information (i) if required or permitted to do so by law or legal process, (ii) to law enforcement authorities, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. If some or all of our business is sold, merged with, or otherwise disposed of to one or more third parties (including in the event of bankruptcy) we may transfer your information to the subsequent organization or to a court, as allowed by law.

Advertising

NASB advertises products and services on our Site and unaffiliated websites. To do so, NASB may use information about your relationship with us including the types of accounts you have, the state in which you bank and your purchase activity. These advertisements may be presented in the form of banner ads and other formats and may include prescreened offers of credit.

Third-Party Websites

The NASB website may include links to other websites (including blogs, articles, products, services, news sites and other web sites) in our content that are controlled by third parties who are not affiliated with us (Third-Party Sites). These Third-Party Sites may not follow NASB’s same privacy, security, or accessibility standards. NASB is not associated with the Third- Party Sites referenced and are not responsible for, or endorse or guarantee, the content, web sites, products, services or operations of the Third-Party Sites or their affiliates. NASB is not responsible for how these Third-Party Sites collect information. NASB cannot guarantee how these Third-Party Sites use cookies, or if they place cookies on your computer that may identify you personally. We urge you to review the privacy policies of each of the linked websites you visit before providing them with any personally identifiable information. NASB does not guarantee and are not responsible for the privacy or security of third-party websites linking to our website, including the reliability, accuracy and completeness of the information they provide.

Social Media

We may use social media platforms (such as Facebook®, Instagram, Twitter, YouTube, or LinkedIn) to enable you to share and collaborate online. All content you post and make available on these social media platforms (including, without limitation, any personal information, pictures, or opinions) is subject to each social media provider’s Terms of Use and Privacy Policies. To better understand your rights and obligations about such content, please refer to these website’s Terms of Use and Privacy Policies.

When you interact with us on social media websites, we may collect information such as your likes, interests, feedback, and preferences. When you interact with our partners, you are subject to their terms of use and privacy policies. We may collect information from our social media partners, but only if you choose to share with them and they, in turn, share such information with us.

Never include sensitive personal, financial, or other confidential information such as your Social Security number, account number, phone number, mailing address, or email address when posting or commenting online. Any posts you make on our official social media pages -- including posts that contain pictures, comments, suggestions, opinions, complaints, or personal information -- are available to others who use those pages and are subject to the terms of use and privacy policies of the companies that operate the websites on which they appear.

Information Security

It is important that NASB provide a safe Online Banking experience for our customers. We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to personal information. This includes device safeguards and secured files and buildings.

Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information (such as your social security number) to us.

To protect our customers, only those employees, agents, and contractors who need your information to service your accounts have access to the information you provide us. We also give you information that can help you keep your personal information safe.

Here are some of the ways we protect you:

  • We use anti-virus protection to help us detect and prevent viruses.
  • Our Firewalls help block unauthorized access by individuals or networks.
  • We actively monitor our systems and networks with intrusion detection and prevention services.
  • This site’s 256 bit TLS encryption creates a secure connection with your browser when you login, or fill out an application, or register in online services. Look for the padlock or the phrase https in the URL to know if one of our pages is using TLS encryption.
  • We don’t and will not share your usernames and passwords with anyone.
  • We automatically log you out of your secure session after a period of inactivity to help protect against others seeing or using your online accounts.
  • We monitor activities for potential fraud.

California Consumer Privacy Notice

This Notice explains how we collect, use, and disclose personal information about California residents. The Notice also explains certain rights that California residents have under the California Consumer Privacy Act (“CCPA”), as it may be amended from time to time. These include: (1) the right to request information from us regarding what categories of personal data we have collected about you; (2) the right to request a copy of the specific personal information collected about you during the last 12 months; (3) a limited right to have such information deleted (with exceptions); (4) the right to request that your personal information not be sold to third parties, if applicable; and (5) the right not to be discriminated against because you exercise your rights. The CCPA only applies to information about residents of California.  At this time, we do not adhere to Do Not Track codes.

Under the CCPA, “personal information” is information that identifies, relates to, or could reasonably be linked with a particular California resident or household. This information is referred to in this Notice as “Personal Data.”  NASB does not share California residents personal data with third parties for direct marketing purposes without explicit consent from the consumer. Under the CCPA, "personal information" does not include public information available from government records, de-identified or aggregated information, or information that is protected by certain laws such as HIPAA for health-related information and the Gramm-Leach Bliley Act (GLBA) for certain financial information. 

Collection and Disclosure of Categories of Personal Data under California Privacy Law


Category


Examples


Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

 

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO*

F. Internet or other similar network activity

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data

Physical location or movements.

YES

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

I. Professional or employment- related information

Current or past job history or performance evaluations.

YES

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34

C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

 

YES

K. Inferences drawn from
other personal information

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

*If you use our App, your device may collect biometric information such as fingerprint or face scan to identify you, but this information is not provided to or collected by NASB.

We may use or disclose the categories of personal information listed above for the purposes described in our Privacy Policy, for our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, report to credit bureaus, or for our marketing purposes to offer our products and services to you.  We may have collected and used your personal information, as described above, during the 12-month period prior to the effective date of this California Consumer Privacy Statement.

Categories of Sources of Personal Information

We collect information from the following categories of sources:

  • Directly from you.For example, when you use the "Login" or "Apply Now" forms or ask a question using the Contact Us form.
  • From credit reporting agencies or public record sources when you apply for a loan online or through the App.
  • Through third-party services such as core processors used to process account transactions.

How We Share Your Personal Information

We share information in each of the above categories as follows:

  • All categories of information
    • We will share information in all of the above categories if our company is sold or we engage in a merger or other such transaction.
    • We will share information in all of the above categories of information in connection with a law enforcement request that is compliant with the California Electronic Communications Privacy Act.
  • Identifiers
    • We share identifiers with service providers who use that information only to provide services to us, such as website and mobile app development and operation, sending postal mail or email, communicating with you about offers from the Bank and our marketing partners, analyzing website use, authorizing and processing loans and payments, processing online and mobile banking transactions, and processing data.
    • We share identifiers with our marketing partners who may have products or services of interest to you.
  • Personal Information Listed in the California Customer Records Statute
    • We share this information with service providers for payment services, loans, and processing your online and mobile banking transactions.
  • Internet or Other Electronic Network Activity Information
    • We share this information with our data analytics providers

We share information with the following categories of third parties:

  • Service Providers who provide services described above
  • Government agencies, as required by law and applicable regulations

Your Privacy Rights Under California Law

 

Under California law, California consumers have the following rights with respect to their Personal Data:


Privacy Right


Description

 

Notice

You have the right to be notified of what categories of personal data will be collected at or before the point of collection and the purposes for which they will be used and shared.

 

 


Access

You have the right to request information on the categories of personal data that we collected in the previous twelve (12) months, the categories of sources from which the personal data was collected, the specific pieces of personal data we have collected about you, and the business purposes for which such personal data is collected and shared. You also have the right to request information on the categories of personal data which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal data.

 

 

 

Erasure

You have the right to request to have your personal data deleted from our servers and we will direct our service providers to do the same. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required to retain your personal data for one or more of the following categories of purposes: (1) to complete a transaction for which the personal data was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law; (4) to otherwise use your personal data, internally, in a lawful manner that is compatible with the context in which you provided the data.


    Opt Out of Sale

NASB has not sold personal data about you within the 12 preceding months and by Bank policy will not sell your personal data in the subsequent 12 months.


How to Enforce Your California Privacy Rights

If you would like to exercise your rights listed above, please submit (or have your authorized agent submit) your request directly to us by following the instructions below. You have a right not to receive discriminatory treatment by any business when you exercise of your California privacy rights.

While we take measures to ensure that those responsible for receiving and responding to your request are informed of your rights and how to help you exercise those rights, when contacting us to exercise your rights, we ask you to please adhere to the following guidelines:

  • Tell Us Which Right You Are Exercising: Specify which right you want to exercise and the Personal Information to which your request relates (if not to you). If you are acting on behalf of another consumer, please clearly indicate this fact and your authority to act on such consumer’s behalf.
  • Help Us Verify Your Identity: Provide us with information to verify your identity. Please note that if we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
  • Direct Our Response Delivery: Please provide us with an e-mail or mailing address through which we can provide our response. If you make the request by email, unless otherwise requested, we will assume that we can respond to the email address from which you made the request.

How we Process Your Deletion Request

Upon receiving a Request to Delete, we shall verify your identity to a reasonable, or reasonably high, degree of certainty based on the sensitivity and nature of the information requested. This process generally involves comparing information provided by you against information which NASB deems reliable in its records. This process may also require you to execute a declaration under penalty of perjury that the requestor is the Consumer whose personal information is being requested. In the event that NASB is unable to confirm your identity, we will ask you if you would like us to treat the request as a Request to Opt-Out, as described below.

Exceptions to Your Requests

An amendment to the CCPA provides an exemption to the Right to Know and Right to Delete for personal information between a business and a person who is acting as an employee, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government where the information is used in the context of a business transaction.  This exemption is currently set to expire on January 1, 2021.  Until that date, we will not respond to requests to know or delete that meet this exemption. 

How we Process Your Opt-Out of the Sale of Personal Data Request

The California Consumer has the right to opt-out of the sale of their personal data by NASB (“Request to Opt-Out”). We will respond to your request to opt-out consistent with applicable California law.

You may submit Requests to Opt-Out (or have your authorized agent submit) your request directly to us by following the instructions below.  However, please be aware that per NASB policy, NASB DOES NOT SHARE OR SELL YOUR PERSONAL INFORMATION WITH OTHER FINANCIAL INSTITUTIONS, WITH OUR AFFILIATES, OR WITH NONAFFILIATES, FOR THEIR EVERYDAY BUSINESS PURPOSES OR FOR THEIR ABILITY TO MARKET TO YOU.  In other words, by NASB Policy, you have already been opted out of the sale of your personal data.  Therefore, if you submit an opt-out request, you will receive an acknowledgement of receipt, and we will place your name on a list that will be used in the future if NASB’s Privacy Policy were to change. 

Instructions for California Residents to Submit a CCPA Request

  • On nasb.com Menu bar, click “Contact”
  • Select “Contact Us”
  • Enter required information
  • Under the “Department” drop-down, Select “CCPA Request”
  • In the Message field, provide the information we need to complete your request (refer to the section above “How to Enforce Your California Privacy Rights” for details)
  • Click “Submit”
  • Alternatively, you may call us and leave a voice message at 1-800-677-6272,1,8158 or mail us the CCPA at NASB, CCPA Requests – Compliance Department, 903 E. 104th Street, Suite 400 Kansas City, MO 64131.

Accessing this Site Outside the United States

If accessing our website from a location outside of the United States, all information you provide on our Site will be transferred out of your country of residence and into the United States. Do not provide information to NASB if you do not want your personally identifiable information to leave your country. By providing personally identifiable information to NASB, you are explicitly consenting to the transfer of your data to the United States and will be bound by United States law, this Statement, and our Privacy Policy. 

Changes to this Notice

From time to time we may add to, delete, or change the terms of this Online Privacy Statement by posting a notice of the change (or an amended Online Privacy Statement) at this website. Continued use of NASB’s website or any online service following notification will constitute your agreement to the revised Online Privacy Statement.

 


CCPA Request Form

If you are a California resident, you may have the right to: (1) Request access to certain personal information we have collected about you. (2) Request that we delete certain personal information we have collected from you. (3) Opt out of the sale of your personal information. To exercise any of these rights, please complete the relevant portion of the form below. For more information about our privacy practices please review our California Consumer Privacy Notice available in the Online Privacy Statement at www.nasb.com/privacy.

Please note that personal information we collect about you in connection with your online account may be subject to different legal requirements and may not be included in our response to you through your use of this form.

Step 1: Please identify which privacy right(s) you would like to exercise.

Right to Access: You have the right to send NASB a verifiable request, twice in a 12-month period, asking that we disclose to you the personal information NASB has collected, used, disclosed and sold about you during the past 12 months. Please check the box below relating to the information you would like NASB to disclose to you:

* The categories of personal information NASB has collected about you.

[  ] Yes

[  ] No

* The specific pieces of personal information NASB has collected about you.

[  ] Yes

[  ] No

Note: By selecting specific pieces of personal information NASB has collected about you, you are required to sign a declaration, under penalty of perjury, that you are the individual whose information is provided on this request form.

Right to Delete: You have the right to submit a verifiable request asking that NASB delete certain personal information NASB has collected from you, subject to certain exceptions as permitted by law.

* Would you like NASB to delete the personal information we have collected from you?

[  ] Yes

[  ] No


Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information we collect on our websites, such as to enhance the ability to serve you content and advertisements that may be of interest to you.

*Would you like to opt out of the sale of your personal information by NASB?

[  ] Yes

[  ] No

 

Step 2: Select one

* I am a current or former client or customer of NASB.

[  ] Yes

[  ] No

 

Step 3: Where have you interacted with NASB?

Please select all that apply.

[  ]  NASB Bank physical branch locations

[  ]  www.nasb.com

[  ]  Banking services provided by NASB and offered via internet and/or phone

[  ]  Other – please specify ______________________________________________________________

Step 4: Please provide your contact details.

Contact information you provide will be used to verify your request, respond to your request, and if necessary, follow-up with you to obtain additional information needed to complete your request.

First Name

 

Last Name

 

Date of Birth (mm/dd/yyyy)

 

Email

 

Preferred Phone

 

Street Address

 

City

 

State

 

Zip

 

 

Step 5: Please select how you would like to receive your response.

[  ]  Email

[  ]  Postal Mail

Step 6: Signature.

At NASB, we take your right to privacy seriously. We strive to protect the rights, freedoms and dignity of all those who entrust us with their personal information.  We recognize our responsibility to keep your personal information safe and secure, and we have systems, processes, and expert staff devoted to implementing such security controls, and safeguarding data protection, across our business. In order to fulfill this request, NASB will need to reasonably validate that you are the owner of the account for which this request is being submitted. This may require additional follow-up with you to either the email address or the telephone number that you provide in order to ensure confidence that this request can be fulfilled. We will work to fulfill this request in a timely manner that complies with the legal requirements in your jurisdiction.

Please read and select the applicable option below:

[  ]  I declare under penalty of perjury that I am the individual consumer whose personal information is the subject of this request.

[  ]  I declare under penalty of perjury that I am the Authorized Agent of the individual whose personal information is the subject of this request. I understand I will be required to provide proof in writing of my status as the individuals Authorized Agent and additional information to confirm my identity.

Please acknowledge the transmittal risk statement below:

[  ] I acknowledge that transmitting personal information over the internet or via mail comes with inherent risks including the risk that the information will be exposed to unauthorized individuals. I understand the risks associated with my chosen method for receiving information pertaining to my request and accept responsibility for any unauthorized access occurring after NASB sends my information in the chosen method I selected in Step 5.

_______________________________________________

Print Full Name

 

_______________________________________________

Signature

 

_______________________________________________

Date (mm/dd/yyyy)