Contact Us

Privacy Notice for California Residents

Customers Bank, Member FDIC (“we,” “us,” or “our”) has adopted this California Privacy Policy to comply with the California Consumer Privacy Act, the California Privacy Rights Act, and the implementing regulations (we refer to these laws collectively as the “CCPA”). Terms used in this California Privacy Policy will have the meanings assigned to them in the CCPA unless we have explicitly defined them herein.

This California Privacy Policy applies to California residents, including but not limited to our customers, former customers, visitors, contacts, employees, former employees, job applicants, and independent contractors (collectively “consumers,” “you,” or “your”).

PURPOSE

The purpose of this California Privacy Policy is to:

  • Provide you with a comprehensive description of our online and offline information practices,
  • Inform you of your rights regarding your personal information, and
  • Provide you with the information needed to exercise those rights.

CATEGORIES OF PERSONAL INFORMATION WE COLLECT

Within the last 12 months, we have collected about consumers the categories of personal information listed in Table 1, below.

Table 1. Categories of Personal Information Collected
Category Examples Collected
A.     Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes
B.     Personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Yes
C.    Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Yes
D.     Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes
E.      Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier of identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No
F.      Internet or other similar network activity information Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Yes
G.    Geolocation data Physical location or movements. Yes
H.     Sensory data Audio, electronic, visual, thermal, olfactory, or similar information. Yes
I.       Professional or employment-related information Current or past job history or performance evaluations. Yes
J.     Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes
K.     Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes
L.      Sensitive personal information Personal information that reveals (A) a consumer’s social security, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication; (F) a consumer’s genetic data; Yes
M.    Sensitive personal information The processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer’s health; or personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. No

*Please note that the categories of personal information that we have collected about specific consumers within the last 12 months have varied based on our relationships or interactions with those consumers.

We will not collect additional categories of personal information or use personal information collected for additional purposes that are incompatible with the disclosed purpose for which the personal information was collected without providing you notice.

CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED

We obtained the personal information listed above from the following categories of sources:

  • Directly from consumers, and indirectly from their co-applicants, co-account holders, references, persons authorized on their accounts, family members, agents, and other sources directed by them. For example, from information that consumers provide to us via telephone, email, or other inquiries related to the products and services that we provide.
  • Directly and indirectly from activity on our mobile application; internal and external websites; and our computer, voice, and data communication equipment and systems, including, but not limited to, telephones, smartphones, mobile phones, computers, tablets, printers, fax machines, wireless data collection devices, copiers, servers, networks and email.
  • From third parties that interact with us in connection with the services we perform for customers. For example, from credit bureaus and other third parties with whom we work to provide financial products or services.
  • From third parties that interact with us in connection with the services we require or perform for employees, job applicants, or independent contractors. For example, from recruiters, credit bureaus, prior employers, educational institutions, pre-employment screening service providers, credentialing and licensing organizations, and publicly available sources (e.g., LinkedIn, X, and Facebook).

BUSINESS PURPOSES FOR COLLECTING AND DISCLOSING PERSONAL INFORMATION

We collect and disclose personal information for one or more of the following business purposes:

  • To provide you with information about products or services that you request from us.
  • To provide you with email or SMS alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights (including for billing and collections) arising from any contracts between us.
  • To improve our website, web application, or mobile application, and to present that content to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our customers, or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

CATEGORIES OF THIRD PARTIES TO WHOM PERSONAL INFORMATION IS DISCLOSED

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the business purpose and requires the third party to keep the personal information confidential and not retain, use, or disclose it for any purpose other than the business purpose(s) specified in the contract.

In the preceding 12 months, we have disclosed for a business purpose the categories of personal information identified in Table 1, above, to the following categories of third parties:

  • Affiliates
  • Service providers
  • Government entities
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you and/or in connection with your employment with us.

YOUR RIGHTS UNDER THE CCPA

The CCPA provides consumers with specific rights regarding their personal information. This section describes those rights and explains how to exercise them.

Right To Know Personal Information

You have the right to request that we disclose to you the following information:

  1. The categories of personal information we have collected about you
  2. The categories of sources from which the personal information is collected
  3. The business or commercial purpose for collecting personal information
  4. The categories of third parties to whom we disclose personal information
  5. The specific pieces of personal information we have collected about you.

Once we receive and confirm your verifiable consumer request, we will disclose to you the following information that we have collected and maintained during the 12-month period immediately preceding our receipt of your request:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information was collected.
  • The business purpose for collecting the personal information.
  • The categories of third parties to whom we disclose personal information.
  • The specific pieces of personal information we collected about you.
  • The categories of personal information we disclosed for a business purpose.

We are not obligated to provide this information to you more than twice in a 12_month period.

Right To Delete Personal Information

You have the right to request that we delete any of your personal information that we collected. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information, unless an exception applies.

We are not required to comply with your deletion if it is reasonably necessary for us or our service providers to maintain the personal information in order to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract with you.
  • Help to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for those purposes.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research that adheres to all other applicable ethics and privacy laws, when the information’s deletion is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent.
  • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and that are compatible with the context in which you provided it.
  • Comply with a legal obligation.

Right To Correct Inaccurate Personal Information

You have the right to request correction of any inaccurate personal information that we maintain about you. Upon verifying the validity of a verifiable consumer request, we will use commercially reasonable efforts to correct your personal information as directed, taking into account the nature of the personal information and the purposes of processing the personal information.

Right To Non-Discrimination and No Retaliation

You have the right not to be discriminated against for exercising any of your CCPA rights. This means that we will not discriminate against you by, among other things:

  • Denying you goods or services
  • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits, or imposing penalties
  • Providing you a different level or quality of goods or services
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
  • Retaliating against an employee, job applicant, or independent contractor for exercising their CCPA rights.

Rights Regarding the Selling or Sharing of Personal Information

You have the right to request information about the sale or sharing of personal information, and you have the right to opt out of such sale or sharing. Under the CCPA, “sale” means disclosing personal information to a third party for monetary or other valuable consideration, and “sharing” means disclosing personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. Customers Bank does not sell personal information to or share personal information with third parties. Thus, we do not offer an opt-out of the sale or sharing of personal information.

Right To Limit the Use and Disclosure of Sensitive Personal Information

You have the right to limit the use and/or disclosure of sensitive personal information to (A) use that is necessary to perform the services of provide the goods reasonably expected by an average consumer who requests such goods or services; (B) perform the services set forth in Cal. Civ. Code section 1798.140(e)(2), (4), (5), and (8); and (C) the purposes set forth in 11 Cal. Code Reg. section 7027(m). Customers Bank does not use or disclose sensitive personal information for purposes other than these. Thus, we do not offer the option to limit the use and disclosure of sensitive personal information.

EXERCISING YOUR ACCESS, DELETION, AND CORRECTION RIGHTS

Who May Exercise These Rights?

The following persons may make requests for access, deletion, and correction of your personal information:

  • You
  • A natural person or a person registered with the Secretary of State, authorized by you to act on your behalf
  • A person who is your agent under a power of attorney pursuant to Cal. Prob. Code sections 4121 to 4130
  • A person acting as your conservator.

Additionally, you may make a request on behalf of your minor child.

How Do You Exercise These Rights?

To exercise your right to know, delete, or correct your personal information, you must submit a verifiable consumer request to us by either:

Current employees of Customers Bank must use one of the two methods above or email the People Experience Team via its internal email box.

What Will We Need from You To Exercise These Rights?

The CCPA requires us to verify who you are before we comply with a request to know, delete, or correct information. (This is known as a “verifiable consumer request.”) Thus, we will need to verify your identity (and your agent’s identity and authority) before completing a request.

We will use commercially reasonable methods to verify identities and, whenever feasible, match the identifying information you provide to the personal information about you that we maintain. We will generally try to avoid requesting additional information from you for purposes of verification. However, if we need additional information, we will use it only for the purposes of verifying your identity.

Our verification methods will vary depending upon several factors, including but not limited to (A) the type of request being made, (B) whether you are a customer or employee, (C) whether you have a password-protected account, and (D) whether you are an authorized agent. For example, a request to know the specific pieces of personal information that we have collected may require matching at least three pieces of personal information from you with three pieces of personal information that we have. Also for example, if you request us to correct an inaccurate address, we would not use that address as a means of verifying your identity. Regardless of the circumstances surrounding the request, you will generally need to:

  • Provide sufficient information to allow us to verify your identity or authority
  • Describe your request in detail sufficient to allows us to understand, evaluate, and respond to it.

Special instructions for how an authorized agent can make a request

The CCPA defines “authorized agent” as a natural person or business that a consumer has authorized to act on their behalf. In order for your authorized agent to make CCPA requests on your behalf, they will have to call us at 1-877-327-9515 or access and complete the request form here. As a first level of security, we will require proof from your authorized agent that they are authorized to act on your behalf. (For example, if they are operating under a power of attorney, we will require that they provide a copy of that power of attorney.) Additionally, regardless of the type of request they make, we will ask your authorized agent for three pieces of information to verify their identity. One of these pieces of information must be a currently valid, government-issued identification, such as a passport, driver’s license, state-issued identification card, military ID card, or permanent resident card (green card).

What You Can Expect from Us

Upon receiving your request, we will promptly take steps to verify your identity. However, regardless of how long the verification process takes, no later than 10 business days after we receive your request, we will confirm that we received it and let you know how we will process it.

Our goal is to respond to your request within 45 calendar days of having received it. (Verification efforts will not impact this 45-calendar day period.) However, if we cannot verify your identity during the 45-calendar day period, we will deny the request.

If we cannot respond to your request during the 45-caldendar day period, we will let you know within that time. Our notice will inform you of the reason(s) for the delay and the expected timeframe for responding. We cannot take more than 90 calendar days after having received your request to respond to it.

If you have an account with us, we will deliver our written response through our online banking secure messaging. If you do not have an account with us, we will deliver our written response by mail or electronically. Any disclosures we provide will cover the 12‑month period preceding receipt of the request. In responding to requests to know your personal information, we will provide your personal information in a format that is readily useable and will allow you to transmit the personal information from one entity to another entity without hindrance.

Note that we may not be able to comply with all requests. For example, the CCPA does not apply to personal information collected, processed, sold, or disclosed about individuals who obtain financial products or services from us primarily for personal, family, or household purposes. Also, we are not obligated to provide the information covered by a request for access more than twice within a 12-month period. In addition, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may refuse to act on them. If we are unable to comply with a request, we will explain the reason(s) in our response.

PERSONAL INFORMATION RETENTION

We will maintain records of your requests to know, delete, or correct your personal information, and how we responded to those requests, for 24 months.

We will retain your personal information only for as long as reasonably necessary to fulfill the purposes for which we collected it, including satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; and the applicable legal, regulatory, tax, accounting or other requirements. When we have no further business need for your personal information, we will either delete or anonymize it. However, if deletion or anonymization is not possible (e.g., because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion or anonymization is possible.

STATEMENT REGARDING MINORS

Our website is not intended for use by minors, and we do not knowingly solicit information from, nor knowingly market products and/or services to, minors. As noted above, we do not sell consumers’ personal information to third parties, and we have no actual knowledge that we have sold the personal information of California residents under 16 years of age.

CHANGES TO OUR CALIFORNIA PRIVACY POLICY

We reserve the right to amend this California Privacy Policy at our discretion and at any time. When we make changes to this California Privacy Policy, we will notify you by email or through a notice on our website homepage.

CONTACT INFORMATION

If you have any questions or comments about this California Privacy Policy, the ways in which we collect and use your personal information, or your choices and rights regarding such use, please do not hesitate to contact us at:

Phone:  866-476-2265

Website: https://www.customersbank.com/privacy-notice/

Email:  [email protected]

Postal Address:

Customers Bank
Attn: Privacy Office
40 General Warren Blvd.

Suite 200

Malvern, PA 19355

Last updated:  October 2025