California Consumer Privacy Act (CCPA) Notice
The Act applies only to California residents. HSA Bank values the privacy of your personal information and takes steps to safeguard personal information that you entrusted to us. The notice describes how HSA Bank and its affiliated companies collect, use, and disclose personal information and consumers’ rights concerning that information. This notice is provided pursuant to the CCPA. Our Privacy and Opt-Out Notice is available at www.hsabank.com/hsabank/About-Us/Privacy-and-Opt-Out-Notice.
|What Personal Information is Covered under the CCPA||Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with a particular resident. The CCPA does not apply to certain information, such as information subject to The Gramm-Leach Bliley Act, Individually Identifiable Health Information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other state or federal privacy laws. For example, this notice does not apply to information that we collect about California residents who apply for, or obtain our financial products and services for personal, family, or household purposes.|
|Categories of Personal Information we Collect||Categories of personal information we have collected during the past 12 months are listed below. Most of the information we have collected in the context of providing financial products and services, and therefore is not subject to the CCPA. The categories of personal information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual.|
|A. Identifiers.||Name, postal address, email address, online identifiers, internet protocol address, Social Security numbers, or other similar identifiers||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Contact and financial information||Yes|
|C. Protected classification characteristics under California or federal law.||Age, marital status, sex, and veteran or military status||Yes|
|D. Commercial information.||Information about past transactions or purchases||Yes|
|E. Biometric information.||Behavioral characteristics derived from interactions with our websites or mobile apps||No|
|F. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement||Yes|
|G. Geolocation data||Device location||Yes|
|H. Sensory data.||Call and video recordings||Yes|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education information, such as student records and directory information.||No|
|K. Inferences drawn from other personal information||Certain inferences concerning an individual’s preferences and characteristics||Yes|
|In the past 12 months, we have collected personal information relating to California residents from the following sources:||
|Use of Personal Information||Most of the information we use is in the context of providing financial products and services, and therefore is not subject to CCPA. How we use the information we collect:
|Sharing Personal Information to Third Parties||We may disclose your personal information to a third party for a business purpose.
In the preceding 12 months, we have disclosed categories of personal information for a business purpose as defined above and denoted as applicable to the bank.
We disclose your personal information for a business purpose to the following categories of third parties
HSA Bank does not sell personal information
|Your Rights to Know and Delete|
|Right to Know:||You have the right to request what personal information has been collected on you over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
|Right to Delete:||You have the right to request that your personal information be deleted.
|How to request information or deletion:||
You may request information or request the deletion of information by calling us at 1-833-227-7072 or sending an email to HSAWebPrivacyRequest@hsabank.com.
The consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, or an authorized representative.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a consumer request to verify the requestor's identity or authority to make the request.
We may not honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the personal information we maintain about you is not subject to the CCPA as such information is exempted under The Gramm-Leach Bliley Act, The Health Insurance Portability and Accountability Act, or other state or federal privacy laws.
We will confirm receipt of the request within 10 business days of receipt. We will provide the requested information free of charge, in writing and within 45 days. If we are not able to respond within 45 days, we will notify you of the delay and the reason for the delay. We will also advise you in our response if we are not able to honor your request. We are not obligated to provide this information more than twice in a 12-month period. We have the right to refuse unfounded or excessive requests.
We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
The bank will not discriminate against you because you have exercised your rights under CCPA.
|Changes to this CCPA Disclosure||We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will inform you through a notice on our website homepage.|
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please contact us at:
Address: HSA Bank
P.O. Box 939, Sheboygan, WI 53081