Skip to content

Poppy Bank Digital Privacy Notice

On-Line and Mobile Banking Privacy Policy for US Residents

Effective: 03/12/2024 

Introduction

Poppy Bank respects your privacy. This Digital Privacy Notice for US residents (this “Notice”) applies to your use of our websites and mobile applications that link to or from or expressly references this notice. The term “Poppy Bank”, “we”, “us” or “our” on any website we own or control and, in this Notice, refers to Poppy Bank and our affiliates or subsidiaries that link to this Notice. This Notice describes how Poppy Online Services may collect, use and share information from or about you. Depending upon your relationship with us, you may receive other Poppy Bank privacy notices providing additional detail about our privacy, including our Customer Privacy Statement which more broadly governs Poppy Bank’s handling of customer personal information. Please be sure to check the Policies before providing us with your personal information.

Customer Privacy Statement and CCPA privacy notice

Types of Information We Collect 

This notice describes our policies and practices with respect to our collection, protection, use and sharing of Personal Information (“PI’’) including a subset of PI called Sensitive Personal Information (“SPI”).  We also collect Nonpublic Personal Information as discussed below.

What information is considered Personal Information (“PI”) and Sensitive Personal Information (“SPI”)

We define PI as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could be reasonably linked directly or indirectly, with you, your household, or your communication device (computer, tablet, mobile phone, etc.) 

We define SPI as PI that reveals a person’s TIN, account login information, precise geolocation, racial or ethnic origin, genetic data, religious or philosophical beliefs, union membership, identifying biometric information. We commit to using PI responsibly and safeguarding it according to our detailed security standards. In no event do we sell your or others PI.  

In the past 12 months Poppy Bank has collected and disclosed the following categories of Personal Information for business purposes: 

  • Name
  • Address 
  • Date of birth
  • Telephone number
  • Email address 
  • Internet or other electronic network activity including IP address, browsing history and website interaction

In the past 12 months Poppy Bank has also collected and disclosed the following categories of Sensitive Personal Information for business purposes:

  • Tax ID number, driver’s license, passport or ID card number
  • Geolocation
  • Bank account number and other financial information

Poppy Bank collects Personal Information and Sensitive Personal information from a variety of sources including directly from you in the context of an on-line credit or deposit application and from your devices when you visit www.poppy.bank or our social media webpages and profiles, or providing your email address or phone number if you decide to opt into any of our communications options, such as receiving text messages or emails from us.

Poppy Bank collects Personal Information and Sensitive Personal Information for a range of purposes including the following:

  • Validation and identification of our customers
  • Communication with our customers
  • Processing financial transactions including when you initiate a transaction (for example, when you upload a check image while using Poppy Bank Mobile Deposit). This information will only be used or shared in order to provide the service that you requested.   This information is collected and analyzed to assist us with fraud detection and for other security purposes, and to enhance our ability to optimize your experience while on our site. It will only be used for the purpose(s) stated within this Notice and retained by Poppy Bank for only as long as needed to fulfill the business purpose(s)
  • Offering targeted marketing and personalized advertising that may be of interest to our customers and potential customers
  • To prevent fraud, including by confirming your identify and/or location (for example, we may use your device’s physical location for fraud prevention purposes, if you are conducting a transaction)
  • For legal, compliance and risk management purposes.
  • Other legally permissible or everyday business purposes, including data analysis, product development and compliance with law enforcement and other legal processes 
  • To allow you to access features within our website or mobile application, when you request those features
  • To maintain and upgrade the security of the services we provide to you and any data or information collected about you
  • Where processing personal information of job applicants, for purposes of hiring 
  • Where processing personal information of former employees, for purposes of providing retirement or related benefits

Poppy Bank Mobile Banking App 

As part of your use of our mobile application, the app processes Personal Information including when: 

  • Accessing the Images taken by device’s camera to support Mobile Check Deposit functionality. The Camera Setting can be disabled by the user.
  • Providing access to Location Data to enable integration with Maps to identify nearby branches and ATMs. The Location Setting can be disabled by the user. 
  • Providing access to Local and External Storage to allow users to attach a file within a Secure Message. This functionality cannot be disabled by the user. 
  • Accessing the Contact List on the device (including contact list names, email addresses and phone numbers) to support Person to Person (P2P) Payments. The Contacts Setting can be disabled by the user.
  • Accessing the Phone State to support an integrated anti-malware / fraud tool. This functionality cannot be disabled by the user.

Poppy Bank collects Sensitive Personal Information exclusively for the purpose of performing the services reasonably expected by an average consumer who requests those services and for the purpose of complying with any applicable laws and regulations.

Poppy Bank shares Personal Information or Sensitive Personal Information collected with our service providers and vendors who provide services to support our business activities.

Poppy Bank has not sold Personal Information or Sensitive Personal Information collected in the preceding 12 months to any third party.

Listed below are the category and description and/or examples for types of personal information about you we may have collected and or may collect about you. These types of information are PI only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

Category Description and/or Example (Not an Exhaustive List)
Identifiers Your name, postal address, online and device identifiers, Internet Protocol (IP) address, email address, account name, Social Security Number, driver’s license number, passport number or other similar identifiers
Internet or other similar network activity Browsing history, search history, information on your interaction with our website, mobile application or an advertisement. This may include hardware and browser information about your computer or device, including Media Access Control (MAC) address, computer type and brand, screen resolution, operating system name and version, device manufacturer and model, browser type and language used. It also may include mobile application usage data, such as the date and time our mobile application on your device accesses our servers, and what information and files have been downloaded to the application; Analyze traffic on our website or mobile applications
Geolocation data Meaning the physical location or movements of the device you use to connect with us online. If you use the mobile application the physical location of your device through the use of, for example, Bluetooth, satellites, cell phone towers, Wi-Fi signals or other technologies
Personal Customer Information Your name, signature, Social Security Number, physical characteristics or descriptions, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information
Biometric information Fingerprints or voiceprints. Our mobile application may allow you to use third-party authentication features, such as a biometric technology (such as fingerprint scanning or facial recognition), to access our mobile application on your device.
Professional or employment related information Your current or past job history
Sensitive Personal Information
  • Government Identifiers including your social security number, state identification card or Tax ID.
  • Account Access Information including your username, password, debit or credit card numbers or other security codes that may allow access to an account
  • Precise Geolocation such as where you access a Poppy Bank ATM or mobile application
  • Racial or Ethnic Origin (as required by law) including your country of birth or current nationality
  • Biometric Information collected to uniquely identify you, such as your fingerprint ID, face ID, voice, attributes, picture, iris scan or traits

Information Collected Automatically 

Finally, Poppy Bank may also collect non-personal information as defined by GLBA (nonpublic personal information is “personally identifiable financial information” that is not “publicly available”.  See table above for the types of browser and application information collected.

Use of PI from Cookies and Tags  

We (including our service providers) may use cookies, which are pieces of data that are stored in memory on an Internet user’s device. We only use this information with your consent. 

Retention of Personal Information

Poppy Bank takes into account the following criteria when defining the duration for which your Personal Information and Sensitive Personal Information will be retained:

  • We will retain your Personal Information and Sensitive Personal Information for as long as we maintain a business relationship with you in order to be able to provide the contracted services.
  • We will retain your Personal Information and Sensitive Personal Information for as long as it is required by any applicable law or regulation.
  • Additionally, we might retain your Personal Information and Sensitive Personal Information in connection to any relevant legal claim for the periods necessary to sustain those claims and in relation to any potential regulatory audits or investigations or any other relevant legal matter.

When and To Whom Does Poppy Bank Disclose Personal Information? 

As stated above, we do not sell PI under any circumstances, and we also do not disclose PI to any non-affiliated entities for their own marketing purposes. 

We may use the PI and SPI we collect from you for a variety of purposes permitted by law, including:  

  • We may disclose the PI and SPI we collect with our service providers.  
  • We engage service providers to deliver services to you on our behalf, such as bill payment, money transfers, check processing, wiring services, and payment solutions; and to assist us with technology support, operational support, and other forms of assistance.
  • We contractually bind our service providers to protect the confidentiality and security of the PI we share with them.  

Security Measures/Safeguard Steps that Customers Can Take to Protect Their Data 

Device Best Practices

  • Secure you mobile device with an automatic screen-lock to help keep your data protected. Most mobile devices offer the option of inputting a password, PIN, fingerprint and/or facial recognition pattern.   
  • Keep your mobile device operating system and applications as up to date as possible.
  • Delete your mobile banking text messages when you are done with your transactions.
  • Download mobile banking applications only from a trusted source.
  • Do not “jail break” or modify your mobile phone. This makes it much easier for hackers to download malware to your phone.
  • Remember to delete all information/data from your mobile device prior to donating, selling, or recycling it. 
  • Install and maintain anti-virus and anti-malware software on your mobile device and keep the software updated

User Best Practices

  • Choose a login ID that is at least 8 characters in length and includes letters, numbers, and special characters. Your letters should include both upper-case and lower-case letters.
  • Do not use passwords that include birthdays, names, social security numbers.
  • Do not use your mobile banking login ID and PIN for other online accounts.
  • Be cautious when entering your login ID and PIN in public.
  • Do not write down or share your login ID, password, or answers to your security questions.
  • Always logout of your mobile banking web session or mobile banking app when you are done.
  • Avoid using public wireless hotspots to complete your online banking needs.
  • Monitor your bank accounts and statements on a regular basis. Receive alerts from online banking to monitor activity by setting up email notifications.
  • If you think someone has learned or stolen your login ID and password, notify Poppy Bank immediately.
  • Keep your phone in a safe location. If you lose your phone, notify Poppy Bank Immediately. 
  • Whenever possible enable two-factor authentication.
  • Never send financial information in text messages or unsecured email messages. Never respond to “phishing” text or email requests asking for your financial information. Poppy Bank will never request your information in this manner.

Miscellaneous Disclosures

Privacy of Children

We recognize the importance of protecting privacy where children are involved. Our Sites and Mobile Apps are not intended for use by children, and we do not knowingly solicit personal information from or market to children under the age of thirteen.  If you are a parent or guardian who finds your child has provided us with information, please contact us and we will delete such information from our records.  Should you have additional questions or concerns, please contact us at 888.636.9994.  

Frictionless Preference Signals/Do-Not-Track

The Poppy Bank website recognizes browser “do-not-track” requests.  Additionally, you can select whether our websites may use cookies or related technologies such as web beacons, pixel tags, and Flash objects (“Cookies”) by submitting a request through our Cookie Preferences Manager.

Links to Other Websites 

Our Sites and Mobile Apps feature links to third party websites that offer goods, services or information.  Use of your information by the third-party is governed by your agreement with them, not by Poppy Bank. We recommend reviewing the third party’s policies before sharing your personal information to understand how they will use and store your account information. For example, consider whether they sell any of your personal information, and if your information will be transferred, processed, or stored outside of the United States. 

How Can I Contact Poppy Bank?

If you have any questions regarding this Policy, you can call us at 888.636.9994, email us at compliance-privacy@poppy.bank or write to us at:

Poppy Bank
438 First Street
Attention: Compliance Department
Santa Rosa, CA 95401

Changes to this Policy

We may add to, delete or otherwise change the terms of the Policy from time to time. When we make changes, we will post the amended policy on our website, www.poppy.bank.  Any changes to the Policy will become effective as of the date set forth above, and your use of the site and our services is deemed to constitute your agreement with the Policy terms. 

You are now leaving Poppy Bank

You are now leaving Poppy Bank's website. We do not control the URL you are going to, so do not share secure information such as online banking passwords.