California Consumer Privacy Act
Effective January 1, 2021
Pacific Mercantile Bank collects Personal Information (“PI”), as defined by the CCPA, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. The specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Disclosure does not apply with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes.
Collection, Use and Disclosure of Personal Information
In the last 12 months, we have collected and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents:
- Identifiers: such as name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number;
- Personal information as defined in the California Customer Records statute - CA Civil Code §1798.80(e): Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, such as name, signature, social security number, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information;
- Protected classifications under California or federal law: such as sex and marital status;
- Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Biometric information: such as biological or behavioral characteristics, health or exercise data;
- Internet or electronic network activity: Browsing history, search history, and information on a consumer’s interaction with website or application;
- Geolocation: such as device location
- Sensory data: Audio, electronic, visual, thermal, olfactory, or similar information
- Professional or employment-related information: such as current or past employment history
- Non-public education Information (defined in Family Educational Rights and Privacy Act - 20 USC §1232g, 34 CFR Part 99): Education records directly related to a student and maintained by an educational agency/institution or by a party acting on their behalf.
- Inferences drawn from other personal information: Profile created reflecting references, characteristics, attitudes, abilities, aptitudes, psychological trends, predispositions, intelligence, etc.
The categories of sources from whom we have obtained the Personal Information include:
- Directly from you
- Other individuals such as authorized agents or family members
- Vendors who provide services on our behalf
- Consumer reporting agencies
- Public Record sources such as Federal, State or Local Government entities and other publicly-available sources
- From your devices, such as when you visit our website, online and mobile applications In the last 12 months, we have used Personal Information relating to California residents to accomplish our business purpose purpose(s) and objectives, to operate, manage and maintain our business, to provide our products and services, including the following:
- Performing services including maintaining or servicing accounts; providing customer service, processing or fulfilling orders and transactions; verifying customer information; processing payments, providing analytics services; or providing similar services
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us
The categories of third party/service providers with whom we have disclosed Personal Information for our business purpose(s) described above, include:
- Our affiliate
- Vendors and service providers who provide services on our behalf
- Professional services organizations, such as auditors and law firms
- Our business partners who provide services such as payment, banking and communication infrastructure, operating systems and platforms, storage, legal expertise, consumer reporting agencies
- Internet service providers
- Data analytics providers
- Government Agencies as required by laws and regulations
Sale of Personal Information
In the past twelve (12) months, we have not sold any personal information subject to the CCPA, including personal information of minors under the age of 16. In addition, the Bank will not sell any personal information subject to the CCPA. For purposes of this disclosure, “sold” means the disclosure of personal information to a third party for monetary or other valuable consideration.
California Consumer Privacy Rights
Consumer Access to Personal Information
If you are a California resident, you have the right to request, twice in a twelve (12) month period, that we disclose to you free of charge certain information about our collection and use of your personal information over the past twelve (12) month period:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
The Bank will disclose to you the information specified above once we have received and confirmed your verifiable consumer request. Additionally, the Bank must associate the information provided by you in the verifiable consumer request to any personal information previously collected by us about you and identify by category or categories the personal information collected about you in the preceding twelve (12) months by reference to categories enumerated in California Civil Code Section 1798.130(c) that most closely describes the personal information collected.
Consumer Disclosures of Personal Information Sold or Disclosed for Business Purpose
If we sold or disclosed your personal information for a business purpose, you have the right to request that we will disclose to you in two separate lists the following:
- Sales, identifying the personal information categories that each category of recipient purchased; and,
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
The Bank will disclose to you the information specified above once we have received and confirmed your verifiable consumer request. Additionally, the Bank must identify you and associate the information you provided in the verifiable consumer request to any personal information previously collected by us about you and identify by category or categories your personal information that we sold in the preceding twelve (12) months by reference to the categories enumerated in California Civil Code Section 1798.130(c) that most closely describe the personal information, and provide the categories of third parties to whom your personal information was sold in the preceding twelve (12) months by reference to the same enumerated categories.
Consumer Rights to Deletion of Personal Information
If you are a California resident, you have the right to request that we delete certain personal information we have collected from you and retained. Once we have received your request and verified your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
- Comply with a legal obligation.
- Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information
Consumer Right to Equal Services and Price
The Bank will not discriminate against you for exercising any of your rights under the CCPA, including, but not limited to:
- Denying you goods or services
- Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
- Providing you a different level or quality of goods or services.
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
How to Submit a Request. If you are a California resident, you may submit a request for access, disclosures of personal information sold or disclosed for a business purpose, or deletion by:
- Clicking on the “Submit a Request” at the bottom of the page, completing and printing the form, and returning the completed form to us by mail:
Pacific Mercantile Bank
Attn: Compliance Department
949 South Coast Drive, Suite 300
Costa Mesa, CA 92626
- Calling us toll-free at 1-877-450-2265 (Request Bank’s Compliance Department)
We will acknowledge receipt of your request within 10 business days and advise you how long we expect it will take to respond if we are able to verify your identity. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. Requests for specific pieces of personal information will require additional information to verify your identity. Additionally, if you ask us to provide you with specific pieces of information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is subject to the request.
If your identity cannot be verified we will attempt to contact you to gather additional information. We will advise you in our response if we are not able to honor your request. We will also notify you if your request has been denied due to the Bank’s inability to verify your identity. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Authorized Agent. Consumers may authorize an agent to act on his or her behalf and to exercise rights under the CCPA. If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request. Such authorization from the consumer must be notarized.
Changes to Our Privacy Notice
Questions or Concerns
You may contact us with questions or concerns about this Disclosure and our practices by writing us at:
Pacific Mercantile Bank
Attn: Compliance Department
949 South Coast Drive, Suite 300
Costa Mesa, CA 92626