Financial Institutions may choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires MBI to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand how we handle and share your information.
The types of personal information we collect, and share depend on the product or service you have. This information can include but is not limited to:
Financial companies need to share customers' personal information to effectively run their daily operations. In the section below, we list the reasons financial companies can share their customers' personal information, whether you can limit or opt-out of sharing and the reason that MBI shares the information.
|Reasons we can share your personal information||Does MBI share?||Can you limit this sharing?|
|For our everyday operations: To process your transactions, maintain your account(s), respond to court orders and legal investigations, or to provide services.||Yes||No|
|For our affiliates' everyday operations: information about your transactions||Yes||No|
|For Marketing: to offer our products and services to you||No||No|
|For joint marketing with other financial companies||No||MBI doesn't share|
|For our affiliates' everyday business purposes - information about your transactions and experiences||No||MBI doesn't share|
|For our affiliates' everyday business purposes - information about your creditworthiness||No||MBI doesn't share|
|For our affiliates to market to you||No||MBI doesn't share|
|For non-affiliates to market to you||No||MBI doesn't share|
How does MBI protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer server safeguards such as encryption. We also maintain other procedural safeguards to protect this information and we limit access to information to those employees for whom access is appropriate.
How does MBI Bank collect my personal information?
MBI Collects your personal information whenever you do one of the following actions:
We also collect your personal information from others, such as affiliate companies or third parties for non-documentary verifications.
Why can't I limit all sharing?
Federal law furnishes you the right to limit certain sharing of information particularly,
State laws and individual companies may give you additional rights to limit sharing (See Other important information below)
Other important information
There are privacy protections applicable under specific state laws. To the extent these state laws apply, we will comply with them if we share information about you.
Vermont Residents - We do not share information we collect about you with non-affiliated third parties. In addition, we do not share information about your creditworthiness with our affiliates.
Nevada Residents - Pursuant to Nevada law, if you prefer not to receive marketing calls from us, you may be placed on our internal Do Not Call list by calling 1-787-563-9290. You may also contact the Bureau of Consumer Protection, Office of the Nevada Attorney General, 100 N. Carson, Carson City, Nevada 89701; phone number: 702-486-3132, http://ag.nv.gov.
For California Residents
CCPA Privacy Notice
The chart below contains the categories of Personal Information as defined by the CCPA, that we have collected and/or disclosed for a business purpose. The examples below were taken from the CCPA and have been included only to aid you in understanding each category. The examples are not full depiction of the information collected. There may be examples of information that we never collect, disclose or sell.
|Category||We Collect||We Disclose||We Sell|
|Examples: Name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.|
|B. Categories of Personal Information in Cal. Civ. Code 1798.80(e)||Yes||Yes||No|
|Examples: Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.|
|C. Characteristics of Protected Classifications under California or Federal Law||No||N/A||N/A|
|Examples: Race or color, ancestry or national origin, religion or creed, age (over 40), mental or physical disability, sex (including gender and pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity or expression, medical condition, genetic information, marital status, military and veteran status.|
|D. Commercial Information||Yes||No||No|
|Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.|
|E. Biometric Information||No||N/A||N/A|
|Examples: Physiological, biological, or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, such as imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.|
|F. Internet or Other Electronic Network Activity Information||No||N/A||N/A|
|Examples: Browsing history, search history, and information regarding a consumer's interaction with an internet website, application or advertisement.|
|G. Geolocation Data||No||N/A||N/A|
|Example: Precise physical location.|
|H. Sensory Information||No||N/A||N/A|
|Examples: Audio, electronic, visual, thermal, olfactory, or similar information.|
|I. Professional or employment-related information||Yes||No||No|
|Examples: Job application or resume information, past and current job history, and job performance information.|
|J. Non-Public Education Information (as defined in 20 U.S.C. 1232g; 34 C.F.R. Part 99)||No||N/A||N/A|
|Examples: Records that are directly related to a student maintained by an educational agency or institution or by a party acting for the agency or institution.|
|K. Inferences Drawn from Personal Information||No||N/A||N/A|
|Examples: Consumer profiles reflecting a consumer's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.|
Collection and Disclosure of Personal Information
Your California Privacy Rights
If you are a California resident, you may exercise the following rights.
Right to Know and Access. You may submit a request for information regarding the: (1) categories of Personal Information collected or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you during the past twelve months.
Submit Requests. To exercise your rights under the CCPA, you can also reach out to us at email@example.com.
“Compliance with the General Data Protection Regulation (“GDPR”) Policy”.
The way we treat your personal information is regulated under the General Data Protection Regulation ((EU) 2016/679) or “GDPR”, which applies across the European Economic Area (“EEA”). This regulation also applies to companies outside of the EEA that provide their services to clients within the EEA.
We collect personal data about you when you access our website, open an account through online banking, and contact us. We collect this personal information from you either directly, or indirectly, such as through your browsing activity while on our website (see our Online Security Disclosure).
We may collect, use, store and transfer different kinds of personally identifying information about you which we have grouped together follows:
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following:
This Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
PROVIDING INFORMATION TO THIRD PARTIES
We ensure that any third-party service providers we use are required to take appropriate security measures to protect your personal data in line with our policies and we only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not share any of the information you provide to us with any third parties for marketing purposes.
TRANSFER OF YOUR PERSONAL DATA OUT OF THE EEA
We do not currently envisage that we will need to transfer any of your personal data to which this notice applies outside the EEA. If in the future we decide to transfer personal data covered by this notice to external third parties based outside the EEA, we will ensure that adequate safeguards are in place, as required under the GDPR.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have put in place security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
PROCESSING IN LINE WITH YOUR RIGHTS UNDER THE GDPR
Under certain circumstances, by law you have the right to:
DATA PRIVACY MANAGEMENT
We have appointed an internal team to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact us in the first instance: email: firstname.lastname@example.org; telephone: +44 (0)20 3903 3000.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal
data, or request that we transfer a copy of your personal information to another party, please contact us in writing.