California Consumer Privacy Act Notice

If you are a California resident with one of the following relationships, please read this notice carefully as it provides information regarding your rights under the California Consumer Privacy Act (“CCPA”) for Personal Information you provide to First Bank (“we”, “us”, or “our”) in the context of the following relationships:

• Individual with a business relationship, such as a sole proprietorship or d/b/a account
• Individual who is an authorized signer on a business account
• Individual who is a guarantor on a business or commercial loan
• Contact persons at business entities, such as a corporation or LLC
• Non-client of First Bank who has interacted with the Bank’s webpage or social media sites
• Trustee for a trust
• Beneficiary for a trust for which First Bank is trustee
• Participant (other than a First Bank employee) in a 401(k) or pension plan that First Bank sponsors or is a trustee or fiduciary of.

If you are a California resident who has obtained a financial product or service for personal, family, or household purposes, please refer to our Consumer Privacy Notice. You should also review the Online Privacy Statement, which describes our practices relating to Personal Information collected by and through our website, eBanking services, including mobile applications, and other online interfaces or platforms that we own or control (“Online Services”). “Personal Information” is information that identifies or relates to you as an individual or that, along with other information, could identify you. We believe it is important that you know and understand the types of Personal Information we collect, the purposes for collection, and our practices relating to the disclosure and retention of your Personal Information. 

During the past twelve (12) months, we collected the following categories of Personal Information:

• Identifiers, such as name, address, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, and passport number.
• Personal Information (as defined by the California Customer Records Act), such as name, signature, driver’s license number, date of birth, telephone number, and account names and numbers. 
• Commercial information, such as the type, terms, and balances of products and services you have with us or that you applied for, financial information, such as your cash and account balances, property owned, and the balances of outstanding loans payable.
• Protected Classification Characteristics under California or Federal Law, such as your age, gender, ethnicity, race, citizenship, sources of income, or veteran status.
• Internet/Other Electronic Network Activity Information, such as your IP address, device identifier, browser and operating system used, date and time you visit the Online Services, and web pages viewed. 
• Geolocation Data, such as your location when you use an Online Service.
• Audio, Electronic, Visual, or Similar Information, such as photographs of events, including attendees, security footage, images submitted to our social media sites, recordings of telephone calls, and electronic information, such as email correspondence and information entered on our Online Services.
• Biometric Information, such as fingerprints, faceprints, and iris or retina scans.
• Professional/Employment-Related Information, such as detail regarding your current and/or past employment, salary and professional credentials.
• Education Information, such as your educational history, the names of educational institutions you attended and any degrees conferred.
• Sensitive Personal Information. We collected the following types of Sensitive Personal Information:
  • Social Security, driver’s license, state identification card, or passport number;
  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing account access;
  • Precise geolocation;
  • Racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership;
  • The contents of an individual’s mail, email, and text messages, unless First Bank is the intended recipient;
  • Biometric information that is processed for the purpose of uniquely identifying an individual;
  • Personal information collected and analyzed concerning a consumer’s health or sexual orientation.
• Profile Inferences. Inferences drawn from any of the categories of Personal Information collected to create a profile reflecting a person’s preferences, characteristics, predispositions, behavior, and attitudes. For example, we collect information about your account usage and payment history to determine the likelihood of default, and we collect information about products and services you have obtained from us, along with other personal information, to determine products and services that may be of interest to you and to market those products and services to you.

We collected Personal Information from the following sources:

• You, or your authorized representative
• Our employees
• Our service providers
• Employers
• Educational institutions
• Our marketing and advertising providers
• Data brokers
• Our Online Services
• Security cameras and telephone recordings
• Government entities
• Other financial institutions

The CCPA considers any disclosure of Personal Information or Sensitive Personal Information to a third party for monetary or other valuable consideration to be a sale.  Information sharing is defined as the disclosure of Personal Information or Sensitive Personal Information to a third party for the purpose of Targeted Interest-Based Advertising, which is advertising based on your interests as determined by your browsing activities on third-party websites and other online services.

Categories of Personal Information that We Have Sold or Shared in the Past 12 Months
We do not sell or share Sensitive Personal Information.  We do not sell Personal Information; however, we do share the following categories of Personal Information with our marketing service providers and their advertising networks for the purpose of serving you Targeted Interest-Based Advertisements: Personal Identifiers, Personal Information, and Internet/Other Electronic Network Activity.   For information on how you can opt-out of Targeted Interest-Based Advertisements, please refer to the section titled “Right to Opt Out of the Sale/Sharing of Your Personal Information.”  

Sale or Sharing of Personal Information of Persons Under 16 Years of Age
We do not sell or knowingly share Personal Information or Sensitive Personal Information of persons under the age of sixteen.  As such, we do not have actual knowledge that we sold or shared Personal or Sensitive Personal Information for those under the age of sixteen within the past 12 months.
  We collect, use, and disclose your Personal Information and Sensitive Personal Information to manage your banking relationship, including determining your eligibility for products and services and processing transactions on your accounts. The categories of third parties who may receive your Personal Information and Sensitive Personal Information for business purposes are:

• Service Providers – unaffiliated companies that assist us in performing our business operations by processing data and/or transactions related to our bank operations or our relationship with you; fraud prevention and security; and those who assist us in managing our business and regulatory risk, such as our external auditors, insurance providers, and legal counsel.
• Government Entities – our federal and state regulators, federal and state agencies, state and local law enforcement, and federal and state courts.
• Authorized Parties – persons you have authorized in writing to receive your Personal Information and/or Sensitive Personal Information or act on your behalf, such as a designated contact, your authorized agent for CCPA requests, and a person to whom you have given a power of attorney.

Our service providers are required to maintain the confidentiality of your Personal Information and Sensitive Personal Information and are restricted from using or disclosing this information other than as needed to perform their contractual obligations with us or as otherwise allowed by the CCPA. 

In the past twelve months, we collected and disclosed the following categories of Personal Information to third parties for the business and commercial purposes specified below:

Personal Identifiers and Personal Information (as defined by the California Customer Records Act) were collected and disclosed for the following business and commercial purposes:

• To verify your identity and authenticate transactions you initiate
• Fraud prevention and security
• To perform services on your behalf, such as processing transactions related to your accounts
• To evaluate your creditworthiness or eligibility for products and services
• To contact you
• To inform you of other products and services that we believe would be beneficial to you
• Regulatory reporting
• To comply with applicable laws and regulations
• Risk management and mitigation, including audit, insurance, compliance, legal, and Investigation functions

Personal Identifiers and Personal Information (defined by the California Customer Records Act) were disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

Commercial Information was collected and disclosed for the following business and commercial purposes:

• To perform reviews of your existing products and services
• Fraud prevention and security
• To evaluate your eligibility for bank products and services
• To inform you of other products and services that we believe would be beneficial to you
• Regulatory reporting
• To comply with applicable laws and regulations
• Risk management and mitigation, including audit, insurance, compliance, legal, and Investigation functions

Commercial Information was disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

Protected Classification Characteristics were collected and disclosed for the following business purposes:

• To comply with applicable laws and regulations, including federal and state anti-discrimination laws
• To provide reasonable accommodations due to a disability
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Protected Classification Characteristics were disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

Biometric Information was collected and disclosed for the following business purposes:

• To verify your identity and authenticate transactions you initiated
• Fraud prevention and security
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Biometric Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

Internet/Other Electronic Network Activity Information was collected and disclosed for the following business and commercial purposes:

• To verify your identity and authenticate transactions you initiated
• To process transactions and account maintenance functions
• Fraud prevention and security
• Analysis of your site usage to determine improvements to the site’s functionality
• To serve relevant advertisements to you based on your browsing history on websites and other online channels
• To market our products and services to you
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions      

Internet/Other Electronic Network Activity Information was disclosed to the following categories of third parties: Service Providers, Advertising Networks, and Government Entities.

Geolocation Data was collected and disclosed for the following business purposes:

• To direct you to nearby First Bank locations
• Fraud prevention and security

Geolocation Data was disclosed to the following categories of third parties: Service Providers and Government Entities.

Audio, Electronic, Visual, or Similar Information was collected and disclosed for the following business and commercial purposes:

• Audio and visual information is collected for quality control monitoring, transaction verification, authentication, and security purposes
• Visual information is collected for promotional purposes, such as photos publicizing a bank event
• For fraud prevention, investigation, and security purposes
• For risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Audio, Electronic, Visual, or Similar Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

Professional/Employment Information was collected and disclosed for the following business and commercial purposes:

• Verification, credit underwriting, and transaction authentication purposes        
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.
• To inform you of other products and services that we believe would be beneficial to you

Professional/Employment Information was disclosed to the following categories of third parties: Service Providers and Government entities.

Education Information was collected and disclosed for the following business and commercial purposes:

• Verification, credit underwriting, and transaction authentication purposes        
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.
• To inform you of other products and services that we believe would be beneficial to you

Education Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

Sensitive Personal Information was collected and disclosed for the following business purposes:

• To verify your identity and authenticate transactions you initiate
• Fraud prevention and security
• For risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions

Sensitive Personal Information was disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

Profile Inferences were collected and disclosed for the following business and commercial purposes:

• Credit underwriting
• Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions
• To serve relevant advertisements to you based on your browsing history on websites and other online channels
• To inform you of other products and services that we believe would be beneficial to you

Profile Inferences were disclosed to the following categories of third parties: Service Providers and Government Entities
  We only collect, use, or disclose Sensitive Personal Information as necessary to perform services or provide products you would reasonably expect when you request products or services from us, for fraud prevention and information security, to perform services such as maintaining and servicing accounts, to ensure the physical safety of our employees and clients, or as otherwise authorized by the CCPA and its implementing regulations.  We do not use or disclose Sensitive Personal Information for any purpose that enables an individual to exercise a right to limit our use or disclosure of Sensitive Personal Information under California law.  Should we change our practice, we will notify you and provide you with the right to limit.
  The length of time that we retain each category of Personal Information depends on the following criteria: (1) the length of time we need the Personal Information in order to accomplish the purposes for which it is collected, used, or disclosed; (2) our corporate standards for record retention; (3) the length of time we are required to retain Personal Information to comply with applicable federal and state laws and regulations; and (4) whether the Personal Information is subject to a dispute, investigation, or legal hold.
  The CCPA gives you the right to make the following requests pertaining to your Personal Information:

Request to Know what Personal Information We Have Collected
You have the right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you.

Request to Delete Your Personal Information
You have the right to request that we delete Personal Information we have collected from you, subject to certain exceptions.  For example, we may deny your request if we need your Personal Information to provide you with a product or service, comply with federal or state laws or regulations, detect security incidents, for fraud prevention, or for certain other internal uses allowed by the CCPA.

Request that We Correct Inaccurate Personal Information
You have the right to request that we correct inaccurate Personal Information that we maintain about you.  We may require you to submit documentation to substantiate your request if we believe our records are accurate and you did not produce documentation with your request.  We will accept, review, and consider any documentation you provide in connection with your request to correct, and will only use and maintain your documentation for the purpose of processing and responding to your request and complying with CCPA recordkeeping requirements.  We may deny your request if we determine that the contested Personal Information is more likely than not accurate based on all of the information available to us.
  You may make a Request to Know, Correct, or Delete by submitting the request using the Data Request Form, emailing your request to [email protected], or by calling the First Bank Service Center at 800-760-2265.

To protect your privacy and the security of your Personal Information, we will verify your identity prior to completing your request. We do this by matching information you provide to information we have on file. We may ask you to provide a valid government-issued photo identification, such as a driver’s license, as part of the verification process. We may deny your request if we are unable to verify your identity.

Requests Submitted by Authorized Agents
You may authorize an individual or business to submit a Request to Know, Correct, or Delete on your behalf. In order for us to process the request, we must have a written document, signed by you, giving your authorized agent permission to make the request on your behalf.  In order to protect your Personal Information, we may also verify your identity or confirm that you gave the authorized agent permission to submit the request(s). Your authorized agent may make a request by following the instructions in the “How to Make CCPA Requests” paragraph, above.
  We will provide you with confirmation of your request within ten (10) business days of the date the request is received.  We will generally respond to your request within forty-five (45) calendar days of the date we received the request.  In some cases, we may take up to another forty-five (45) calendar days to respond.  If this occurs, we will notify you before the end of the first forty-five (45) day period and provide you with the reason(s) why we need additional time to complete your request.

If you submit a Request to Delete or Request to Correct, when we respond we will tell you whether or not we were able to complete your request, and if not, the reason. If we delete or correct your Personal Information, we will also instruct any service providers that maintain the information to delete or correct the information, as applicable. 

Please note that the CCPA prohibits us from disclosing certain Personal Information, such as Social Security or driver’s license numbers, account numbers, health or medical identification numbers, or confidential account information, such as a password or security questions and answers. When we respond to a Request to Know pertaining to such information, we will provide you with a description of the Personal Information we collected.   

Your Personal Information may be subject to data privacy laws other than the CCPA. For example, the Gramm-Leach-Bliley Act regulates the privacy of consumer financial information that is collected when an individual obtains a bank product or service for personal, family, or household purposes. If we receive a Request to Know, Correct, or Delete that involves Personal Information that is subject to another privacy law, we may deny part or all of your request relating to that information as it is exempt from the CCPA. We will inform you of this in our response to your request.
  Right to Non-Discrimination for Exercising Your CCPA Rights.
You have the right not to be discriminated against for exercising your privacy rights under the CCPA. First Bank will not discriminate against you for exercising any of your CCPA rights.

Right to Opt Out of the Sale/Sharing of Your Personal Information
The CCPA gives you the right to opt out of the sale and sharing of your Personal Information and Sensitive Personal Information.  First Bank does not sell Personal Information or Sensitive Personal Information or share Sensitive Personal Information; however, we do share certain Personal Identifiers and Internet/Other Electronic Network Activity information collected by by cookies, pixel tags, and similar mechanisms (“Tracking Technologies") to serve you with Targeted Interest-Based Advertising. You have the right to opt-out of Targeted Interest-Based Advertising and may do so by either (1) implementing an opt-out preference signal that complies with California law, such as the Global Privacy Control, on a supported web browser or browser extension, or (2) selecting your cookie preferences in the Privacy Preference Center settings menu or via the Cookie Settings link in the footer of the Website. If you implement the Global Privacy Control, or other opt-out preference signal that meets California legal requirements, the signal will be read when you first interact with our Website and you will immediately be opted out of sharing for Targeted Interest-Based Advertising. Please note that you will need to manage your cookie settings for each device and browser that you use to access the Online Services. 

Right to Limit Use and Disclosure of Sensitive Personal Information
The CCPA gives you the right to request that we limit our use and disclosure of Sensitive Personal Information to the purposes detailed in the CCPA and its implementing regulations. For more detail, please refer to the section titled “Our Practices Relating to Sensitive Personal Information”. We limit our use and disclosure of your Sensitive Personal Information to the allowed purposes set forth in the CCPA and its implementing regulations.  This Privacy Notice was last updated on March 20, 2025. We reserve the right to make changes to both our Personal Information practices and this Privacy Notice at any time.  Please return to this site frequently to determine if changes have been made. If we make significant changes to this Notice, we will place a message on the first.bank homepage informing you of the change.
  If you have any questions about this Privacy Notice or First Bank’s privacy practices, or if you need to access this Privacy Notice in an alternative format due to having a disability, please contact us at [email protected] or (800) 760-2265.