Print-Friendly Version

California Privacy Policy

This California Privacy Policy applies solely to California residents only. This policy describes the personal information that MidFirst Bank and its divisions (collectively “MidFirst,” “we,” “us,” or “our”), except for MyMidlandMortgage.com, collect, use, disclose and protect that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with you or your household (“personal information”). This policy applies to personal information we collect and data we receive online and offline, such as when you apply for our products or services, use our websites or applications, contact customer support, visit our offices, or otherwise interact with us (collectively, the “Services”). “You” and “your” refer to any California user or visitor who accesses or uses the Services.

The specific personal information that we collect, use and disclose relating to a California resident covered by the California Consumer Privacy Act of 2018, as amended from time to time (CCPA) will vary based on our relationship with you. For example, this policy does not apply with respect to personal information we collect about California residents who apply for or obtain our financial products or services for personal, family or household purposes. For more information about how we collect, disclose and secure information relating to these customers, please see our Gramm-Leach-Bliley Act Privacy notice at https://www.midfirst.com/privacy_notice.

We may change this California Privacy Policy from time to time. When we do, we will post the revised policy on this page with a new “effective date” date at the bottom of this California Privacy Policy. Any changes to this California Privacy Policy will become effective when posted unless indicated otherwise.


1. PERSONAL INFORMATION WE COLLECT, USE OR SHARE

In the past 12 months, we may have collected the following categories of personal Information when you engage our Services:

Category

Required Information

Identifiers

Name, address, email address, phone number, Social Security Number, Driver’s License Number and contact address, email address and phone number

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, address, email address, phone number and contact address, email address and phone number, Social Security Number, Driver’s License Number, date of birth, credit and debit card numbers and financial information, including personal financial statements

Commercial Information

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Internet

Device ID, browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement to understand our customer base, advertise to you, monitor the performance of our Services, improve the user experience, and to ensure the security of our Services

Geolocation

Geolocation, device location and IP address

Audio Visual

Video when at a ATM or Branch location, voice recording, or photograph

Biometrics

Fingerprints, photographs for fraud prevention

Work History

Work history, prior employers

Education Information

Institutions attended, degrees obtained, and courses taken

Protected Class

Race, ethnicity, national origin, gender, age, marital status, veteran or military status

Inferences

Inferences based on the information in categories listed above about an individual to create a summary about, for example, an individual’s characteristics, such as creditworthiness

Sensitive Personal Information

Social Security Number, Driver’s License Number, State Identification number, passport number, precise geolocation, information concerning health, debit or credit card information with codes or credentials to allow access, account log-in in combination with any required security code or password, union membership, or any information that reveals a consumer's citizenship or immigration status

2. WHERE WE COLLECT YOUR PERSONAL INFORMATION. We collect personal information from the following categories of sources:

  • Directly from you or from someone on your behalf including others you have authorized or directed to disclose information to us;
  • Public records or widely available sources, including media and other records and information made available by federal, state, or local governments;
  • Service Providers and Contractors; and
  • Third-party analytics or advertising partners.

3. USE OF YOUR PERSONAL INFORMATION. We may collect and disclose your personal information for the following business or commercial purposes, including:

  • To provide you with, or evaluate your eligibility for, products and services that you or your company request from us and to provide services, products or information you may have requested;
  • To comply with and enforce applicable legal and regulatory requirements, relevant industry standards, contractual obligations and our company policies;
  • To detect, prevent, or investigate fraud, suspicious or other illegal activities;
  • To enforce our policies and terms of use;
  • To protect our rights, privacy, safety or property, operations, security and/or that of our affiliates, business partners, you or others; and
  • To allow us to pursue available remedies or limit the damages that we may sustain.

Note that we may aggregate data we collect on an anonymous basis that does not identify you for any purpose otherwise allowed by applicable law, such as for research, analysis, modeling, marketing, and advertising, as well as improvement of our Services.

  • A. Customers, Contacts, and Visitors.In addition to the purposes described immediately above, we may also use personal information of customers, contacts and visitors to:
    • Process account applications and transactions, and facilitate other customer account activities;
    • Verify your identity or authenticate your device (such as when you access account information or conduct transactions), and to enhance our online security measures and prevent fraud;
    • Help you efficiently access and manage your information and preferences;
    • Provide you with customer support, and quality assurance of the same;
    • Operate and improve our business and operations, including internal administration, auditing and troubleshooting for our Services;
    • Provide personalized content and information, which could include customized services for you, or offers of various products or services that you may be interested in;
    • Monitor metrics such as total number of visitors, traffic, and demographic patterns; and
    • Provide, improve, test, and monitor the effectiveness of the Services, diagnose and fix technology issues, and develop and test new products and features.

  • B. Job Applicants. In addition to the essential purposes described above, we may use Job Applicant information to solicit applicants for job openings and to process an application for employment submitted to us in response to a posted/open position. If hired, California employees receive disclosures during and after onboarding that provide additional details regarding our workforce privacy practices.

  • C. Online User Activity. We use information that we collect via cookies to further the business purposes described above. In particular, information collected via cookies is used to understand our customer base, advertise our Services to you and other prospective consumers, monitor the performance of our Services, improve the user experience, and to ensure the security of our Services.

See below in Section 5 for your choices regarding cookies.

4. DISCLOSING YOUR PERSONAL INFORMATION FOR A BUSINESS PURPOSE

We may disclose your personal information to service providers, contractors and third parties to carry out specific business or commercial purposes. In the last 12 months, we have disclosed the following categories of consumer personal information for business or commercial purposes to service providers and to the following categories of third parties:

Personal Data Category

To Whom We Disclose

Identifiers

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development

Entities to whom you or your representative have authorized disclosure

Representatives of California residents

Government Agencies as required by law or regulation

Our affiliates, for internal business purposes

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development

Entities to whom you or your representative have authorized disclosure

Representatives of California residents

Government Agencies as required by law or regulation

Our affiliates, for internal business purposes

Commercial Information

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development

Entities to whom you or your representative have authorized disclosure

Representatives of California residents

Government Agencies as required by law or regulation

Our affiliates, for internal business purposes

Internet

Service Providers and contractors in connection with monitoring metrics such as total number of visitors, traffic, and demographic patterns, identifying advertising opportunities, monitoring the performance of our website, improving the user experience on our website and ensuring the security of or Services, including verification and authentication to prevent fraud.

Geolocation

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development, for instance, when you search for a branch near you, and for verification and authentication to prevent fraud

Audio Visual

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development for example, we record customer service calls and other calls for regulatory compliance, to prevent fraud and to ensure transactions are completed correctly

Government Agencies in the event of criminal activity

Work History

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management

Education Information

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management

Protected Class

Government Agencies in connection with routine and required reporting

Service Providers and contractors in connection with human resource activities and workforce management

Inferences

Service Providers, contractors, and advertising partners in connection with providing products or services, completing transactions, supporting our everyday operations, advertising business management and development and in connection with human resource activities and workforce management

Sensitive Personal Information

Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management

Personal Information may also be disclosed externally when we believe it is necessary or appropriate to: (i) comply with applicable legal requirements, including, but not limited to, regulatory, court, and law enforcement demands (e.g., subpoenas, court orders, etc.); (ii) respond to an emergency or otherwise protect the rights and property of MidFirst and our employees, agents, customers, or others, including to enforce our policies and terms of use; (iii) address fraud, security, or technical issues; and (iv) in connection with, or during negotiation of, any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).

5. SHARING OR SELLING YOUR PERSONAL INFORMATION

While we do not sell your personal information in exchange for any monetary consideration, we do use technologies such as cookies, pixel tags, web beacons, and other similar technologies, to help us measure traffic, usage, and other trends by your use of our Services on our website. The use of some of these technologies, constitutes a ‘share’ or ‘sale’ of personal information under the CCPA. You can manage your data sharing preferences via the Do Not Sell or Share My Personal Information link in the website footer, or see the Section "Exercising Your Rights Under the CCPA" below. Note that your selection is specific to the device, website and browser you are using, and is deleted whenever you clear your browser’s cache. 

We also treat Global Privacy Control preference signals as valid requests to opt-out of the sale or sharing of your personal information. You can learn more about implementing opt-out preference signals by visiting the Global Privacy Control website at https://globalprivacycontrol.org or by exploring other developing technologies and services that offer this tool.

Additionally, most internet browsers allow you to block cookies. If you block cookies, your browsing experience may be affected, and you may not be able to use all of the features of our Services. You can delete cookies that are already stored on your computer or device by following the instructions associated with your browser and operating system.

To learn more about your choices regarding the collection of your online activity or to opt out of interest-based advertising, visit https://www.aboutads.info/choices. If you choose to opt out, a cookie will be placed on your browser indicating your choice. Because cookies are stored by your browser, any opt-out election you make is valid only for the computer/device and browser combination used to opt out. If you opt out of interest-based advertising, please note that you may still receive advertisements from us, but they will not be customized based on your online activities and you may still receive ads when you sign into your online and mobile banking account. Clearing your browser's cookies will remove your opt out because it is stored in a cookie, and you will need to opt out again.

6. USE OF SENSITIVE PERSONAL INFORMATION

We do not use or disclose sensitive personal information for purposes other than those which are necessary to perform the services or provide the goods reasonably expected and do not collect or process sensitive personal information for the purpose of inferring characteristics about a consumer.

7. MINORS

Our financial services are not targeted to children under the age of 16, nor do we knowingly sell or share personal information related to a consumer under the age of 16 without express consent.

8. RETENTION

We retain your personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

9. NOTICE OF FINANCIAL INCENTIVE

We do not provide a financial incentive or a price or service difference to customers in exchange for the retention or sale of their personal information. We may advertise our financial products and services, or send promotions or offers to customers or other individuals, and unless a customer has opted out of such communications, the customer will continue to receive such notices irrespective of whether any information privacy request described here has been submitted. We do not offer financial incentives to deter individuals from making such requests.

10. SECURITY

We use technical, physical, and administrative security measures designed to comply with applicable law and protect the security of your personal information, including information you submit to us through the Site. This includes but may not be limited to device safeguards, encryption, and firewalls.

Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels (like email) to communicate sensitive or confidential information (such as your social security number) to us.

11. YOUR RIGHTS UNDER THE CCPA. If you are a California resident, you have the right to:

  • Right to Know. You have the right to request access to, and a copy of, the categories of personal information we have collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the categories of third parties and service providers to whom we disclose it.
  • Right to Correct. You also have the right to correct inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Limit or Delete. You have the right to request in certain circumstances that we limit the use of your sensitive personal information, or delete personal information that we have collected directly from you.
  • Right to Opt-out of Sale or Sharing of Personal Information. Additionally, you have the right to opt-out of the Sale or Sharing of your personal information. You can manage your data sharing preferences via the Do Not Sell or Share My Personal Information link in the website footer. Note that your selection is specific to the device, website and browser you are using, and is deleted whenever you clear your browser’s cache. We do not sell or share personal information for monetary gain.
  • Right to Non-Discrimination. You have the right to be free from discrimination based on your exercise of your CCPA rights.

12. EXERCISING YOUR RIGHTS UNDER THE CCPA. Opting Out of the Selling or Sharing of Personal Information.

To opt out of the sale or sharing of your personal information, click the Do Not Sell or Share My Personal Information link in the website footer. You may choose your preference at any time by clicking on this link.

You (or an authorized agent) may submit a consumer request to know, correct, limit, or delete your personal information.  To make a request, please do so by either:

Once you submit a request, we will verify your identity before acting on your request.  If you have an account with us, we may ask you to provide personal identifiers we can match against information we may have collected from you previously, and to confirm your request using the email address or telephone number stated in the request.  If you do not have an account with us, we may ask you to provide certain information, such as your first and last name, date of birth, address and the last four digits of your social security number to verify your identity.

13. CONTACT US

Please contact us about this California Privacy Policy or our Services at 855.928.2146 

You may review or update certain account information and review your recent transaction history by logging in to the Services or by contacting us. You can also adjust certain profile and privacy settings in your account settings.

14. EFFECTIVE DATE

This California Privacy Policy was last revised and is effective as of October 27, 2023.