California Consumer Privacy Act (CCPA) Notice
Rev. 7/2020
The California Consumer Protection Act (CCPA) applies only to California residents. Webster Bank values the privacy of your personal information and takes steps to safeguard personal information that you entrusted to us. The notice describes how Webster Bank and its affiliated companies collect, use, and disclose personal information and consumers’ rights concerning that information. This notice is provided pursuant to the CCPA. Please refer to our Privacy and Opt-out Notice which outlines how we collect, use, and share information.
What personal information is covered under the CCPA
Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with a particular resident. The CCPA does not apply to certain information, such as information subject to The Gramm-Leach Bliley Act, the Fair Credit Reporting Act, Driver’s Privacy Protection Act of 1994, other state or federal privacy laws. For example, this notice does not apply to information that we collect about California residents who apply for, or obtain our financial products and services for personal, family, or household purposes.
Also, CCPA excludes health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
Categories of personal information we collect
Categories of personal information we have collected during the past 12 months are listed below. Most of the information we have collected is in the context of providing financial products and services, and therefore is not subject to the CCPA. The categories of personal information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers. | Name, postal address, email address, online identifiers, internet protocol address, Social Security numbers, or other similar identifiers | Yes |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Contact and financial information | Yes |
| C. Protected classification characteristics under California or federal law. | Age, marital status, sex, and veteran or military status | Yes |
| D. Commercial information. | Information about past transactions or purchases | Yes |
| E. Biometric information. | Behavioral characteristics derived from interactions with our websites or mobile apps | No |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement | Yes |
| G. Geolocation data | Device location | Yes |
| H. Sensory data. | Call and video recordings | Yes |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education information, such as student records and directory information. | No |
| K. Inferences drawn from other personal information | Certain inferences concerning an individual’s preferences and characteristics | Yes |
In the past 12 months, we have collected personal information relating to California residents from the following sources:
- Information that you provide to us when opening an account or applying for a loan or any other services.
- Our affiliates.
- Information received by third parties that you have authorized or directed to share information with us.
- Information received from a credit report.
- Website/Mobile App Activity/Social Media.
- Internet search engines.
- Social Media Searches.
- Government Entities from which public records were obtained.
Use of personal information
Most of the information we use is in the context of providing financial products and services, and therefore is not subject to CCPA. How we use the information we collect:
- Providing and maintaining our products (e.g., open accounts, process transactions, etc.) and services (e.g., statements, online banking, payments, etc.), providing advertising or marketing services, providing digital analytics services, or providing similar services .
- Hiring or human resource matters (e.g., employment applications, benefits, etc.).
- Everyday operations (e.g., legal, audit, investigative, service providers for business purposes, etc.).
Sharing personal information to third parties
We may disclose your personal information to a third party for a business purpose.
In the preceding 12 months, we have disclosed categories of personal information for a business purpose as defined above and denoted as applicable to the bank.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Business partners.
- Service providers.
- Third parties with whom you authorize or direct us to share your information.
- Government entities and others with whom we share information for legal or necessary purposes.
- Joint marketing partners.
Webster Bank does not sell your personal information.
Your rights to know and delete
Right to know:
You have the right to request what personal information has been collected on you over the past 12 months. Once we receive and confirm your verifiable consumer request we will disclose to you:
- Specific pieces of personal information we collected about you.
- Categories of personal information we collected about you.
- Categories of sources from which the personal information is collected.
- Categories of personal information that that the business disclosed to third parties for a business purpose about you.
- Categories of third parties to whom the personal information was disclosed for a business purpose; and
- Our business or commercial purpose for collecting the personal information.
Right to delete:
You have the right to request that your personal information be deleted.
- Any information not required to be retained by law or business necessity (as outlined in CCPA) can be requested to be deleted.
How to request information or deletion:
You may request information or request the deletion of information by calling us at 800-966-0256, or by sending an email to WebPrivacyRequest@Websterbank.com
The consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, or your authorized representative.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a consumer request to verify the requestor's identity or authority to make the request.
We may not honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal information we maintain about you is not subject to the CCPA as such information is exempted under the Gramm-Leach Bliley Act, the Fair Credit Reporting Act, Driver’s Privacy Protection Act of 1994, or other state or federal privacy laws.
We will confirm receipt of the request within 10 business days of receipt. We will provide the requested information free of charge, in writing and within 45 days. If we are not able to respond within 45 days, we will notify you of the delay and the reason for the delay. We will also advise you in our response if we are not able to honor your request. We are not obligated to provide this information more than twice in a 12-month period. We have the right to refuse unfounded or excessive requests.
We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
The bank will not discriminate against you because you have exercised your rights under CCPA.
Changes to this CCPA disclosure
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will inform you through a notice on our website homepage.