We recognize the importance our customers place on the privacy and security of their personal information. Our goal is to protect your personal information in every way that we interact with you, whether it's on the telephone, in our lobby, at one of our ATMs, or on the Internet.
Below are several definitions of terms used within this policy:
Customer Information - Customer Information refers to personally identifiable information about a consumer, customer or former customer of this Institution.
Internet Protocol (IP) Address - an IP address is a unique address that devices use in order to identify and communicate with each other on a computer network. An IP address can be thought of as a street address or a phone number for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. We may use IP addresses to monitor login activity and for identification purposes when necessary for security investigations.
Cookie - a Cookie is a very small text file sent by a web server and stored on your hard drive, your computer’s memory, or in your browser so that it can be read back later. Cookies are a basic way for a server to identify the computer you happen to be using at the time. Cookies are used for many things from personalizing start up pages to facilitating online purchases. Cookies help sites recognize return visitors and they perform a very important function in secure Internet banking.
"Session" Cookies are used to monitor session activity within our Internet banking product. These Cookies are encrypted and only our Service Provider can read the information in these Cookies. The session Cookie facilitates the processing of multiple transactions during a session without requiring you to reenter your passcode for each individual transaction. Session Cookies used within our Internet banking product do not pass to your computer’s hard drive. Instead, the Cookie is stored in your computer’s memory, identifying only your computer while you are logged on. When you log off, or close your browser, the Cookie is destroyed. A new Cookie is used for each session; that way, no one can use the prior Cookie to access your account. For additional security, the Cookie expires after 10 minutes of inactivity. It must then be renewed by reentering your passcode. We do not use this Cookie to collect or obtain personal information about you.
An encrypted non-expiring Cookie is also used within our Internet banking product for the identification of this Institution.
Service Provider - In order to provide a full range of online financial services, we may use various third party providers. These third parties provide services such as: website hosting, Internet banking, bill payment, and account aggregation. Third party providers are referred to within this policy as “Service Providers”.
Information Collected on the Internet
If you are just browsing through our website, we do not request any personally identifiable Customer Information, nor do we collect unique identifying information about you unless you voluntarily and knowingly provide us that information, such as when you send us an email or complete an application online. If you provide us this information, it is only used internally and in furtherance of the purpose for which it was provided.
As part of providing online financial products or services, we may obtain information about our customers and website visitors from the following sources:
Service Providers hosting our website and Internet banking service may collect general information on our website visitors for security and statistical purposes. Such information may include:
When you click on advertisements in our website or advertisements on linked 3rd party web sites, you may receive another Cookie; however, you do not have to accept any Cookies from third party advertisements.
Use of Information Collected
Account aggregation sites allow you to consolidate account information from several sources into one online location. In order to provide this service, an aggregation provider may request your passcode and login information. You should ensure that the aggregation provider has appropriate policies to protect the privacy and security of any information that you provide.
If you provide information about your Bank of Chestnut accounts to an aggregation provider, we will consider all transactions initiated by an aggregator using the access or login credentials that you provide, to be authorized whether or not you were aware of a specific transaction.
If you decide to revoke the authority given to an aggregation provider, we strongly recommend that you also change your online passcode with this Institution. This will help ensure that the aggregation company cannot continue to access your account(s) with us.
We do offer aggregation services through our online banking product. Aggregation allows you to consolidate your accounts from other providers so that you can view all of your accounts in one location. We do not disclose any of the information consolidated through this service. We may use aggregate information, which is not personally identifiable, to better understand the types of account(s) or services which may be most beneficial to you.
When you enroll for our online services, we will send you a welcome email. We may also send emails marketing various products and services offered by this Institution. We will always provide you an opportunity to opt-in or opt-out of marketing related emails.
We will also send security related email notices when you sign-up for email (“notify me”) alerts on your account(s) or whenever you change your passcode, security question, or email address.
Beware of Phishing Attempts and Internet Scams
While email is convenient and has a good business use, it can also be misused by criminals for scams and various other fraudulent purposes. “Phishing emails” are frequently used by criminals to entice the recipient to visit a fraudulent website where they try to convince the recipient to provide personal information, such as ATM card numbers, account numbers, Social Security numbers, access Ids and passcodes. Some of these fraudulent websites may also be virus laden and can be used to download mal-ware to your computer. Fraudulent websites often look identical to a legitimate site, so it’s important to look very closely at the website address.
Below we have listed a few tips to help protect your personal information on the Internet:
External 3rd Party Links
Our website may include links to other 3rd party web sites. These links to external 3rd parties are offered as a courtesy and a convenience to our customers. When you visit these sites, you will leave our website and will be redirected to another site.
This Institution does not control linked 3rd party web sites. We are not an agent for these third parties nor do we endorse or guarantee their products. We make no representation or warranty regarding the accuracy of the information contained in linked sites. We suggest that you always verify the information obtained from linked websites before acting upon this information. Also, please be aware that the security and privacy policies on these sites may be different from our policies, so please read third party privacy and security policies closely.
This Institution and our Service Providers have developed strict policies and procedures to safeguard your Customer Information. Our policies require confidential treatment of your personal information. We restrict employee access to your personal information on a "need to know" basis and we take appropriate disciplinary measures to enforce employee privacy and confidentiality responsibilities. We have established training programs to educate our employees about the importance of customer privacy and to help ensure compliance with our policy requirements.
Furthermore, this Institution and our Service Providers maintain strong physical, electronic and procedural controls to protect against unauthorized access to customer information. Our computer systems are protected in the following ways:
We continually monitor technological advances and upgrade our systems to ensure your information remains secure.
Effective Date: May 15, 2010