Stonebridge Bank

• Personal Banking
• Business Banking
• Current Rates
• Online Banking
• About Stonebridge
• Open An Account

Your Privacy

NOTICE OF YOUR FINANCIAL PRIVACY RIGHTS

I. PURPOSE

Stonebridge Bank recognizes that our customers have important expectations of privacy in their banking relationships with us. We respect these concerns and the importance of protecting the personal information entrusted to us by our customers.

This policy reaffirms the Bank’s realization and respect for the privacy expectations and rights of our customers. This policy provides guidance to bank personnel as well as assurance to our customers that we will act in compliance with all applicable laws and regulations.

II. OUR MISSION STATEMENT

At Stonebridge Bank, the basis of each customer’s relationship with us is trust. Our customers have chosen to do business with Stonebridge Bank, and we are obligated to honor that relationship with great care, beginning with the information that our customers have chosen to share with us. We believe that customer privacy should not be compromised. At the same time, we want to offer our customers the array of financial products and on-line services needed to accomplish their financial goals. We believe we can do both. The following privacy policy describes our commitment to safeguard and protect our customer’s financial and personal information.

III. DEFINITIONS

A. Employee - As used in this policy, “employee” includes all directors, officers, and employees of the bank.

B. Consumer - An individual who obtains or has obtained a financial product or service from a bank that is to be used primarily for personal, family, or household purposes, or that individual’s legal representative. Examples of a consumer would include: an individual that applies for a consumer loan, an ATM user, an individual that purchases cashier checks, or individual that has obtained an account for personal, family or household purposes.

C. Customer - A customer is a consumer who has established a “continuing relationship” with our Bank. A customer may include, a consumer that obtains a loan with the bank, or has a deposit account with the bank.

D. Nonpublic Personal Information - Nonpublic Personal Information means personally identifiable information, that a consumer provides to the bank to obtain a financial product or service. Nonpublic personal information does not include information that is readily available to the public. For example, the fact that a customer relationship exists with the bank would presumably be nonpublic personal information. It is only if personally identifiable information relating to a consumer is publically available that such information is excluded from nonpublic information.

E. Publicly Available Information - Any information that a bank has a reasonable basis to believe is lawfully made available to the general public from federal, state, or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, state, or local law. (For example, a published telephone directory or the public record of real estate transactions.)

F. Affiliate - An affiliate is a company that the bank owns or controls, a company that owns or controls the bank, or a company that is owned or controlled by the same company that owns or controls the bank.

G. Nonaffiliated Third Party - A nonaffiliated third party company is a company that is not an affiliate of the bank.

IV. RESPONSIBILITY AND BOARD RESOLUTION

The Board of Directors is responsible for overseeing the Bank’s Privacy Program. The Board will assure that this policy is appropriately implemented and maintained. The President and Compliance Officer, and other persons so designated by the Board of Directors, are responsible for carrying out this policy and making recommendations to the Board of Directors to change or revise this policy as necessary from time to time.

The Board recognizes that its customers’ expectations of financial privacy and preserving customer trust is one of the core values of the Bank. The Board resolves to abide by the following guidelines for the responsible use and protection of our customer’s information:

1. We will always value the trust of our customers and the importance of keeping their personal financial information confidential.
2. We will provide our customers with our policy on using their personal financial information responsibly and protecting it.
3. We will hold our employees to the highest standard of conduct in ensuring the confidentiality of customer information.
4. We will use information responsibly in order to provide our customers with significant benefits, including fraud prevention, improved products and services, and to comply with laws.
5. We will establish procedures to maintain accurate information and respond in a timely manner to our customers’ request to change or correct information.
6. We will use a combination of safeguards to protect our customers against the criminal use of their information and to prevent unauthorized access to it.
7. At our customer’s request we will restrict information that we may share with third parties for marketing purposes and honor their preferences.
8. We will require the companies we do business with to adhere to privacy principles which are similar to our own.

V. PRIVACY PRINCIPLES

Our Bank is committed to ensuring the protection of our customers’ information by following the eight standard privacy principles.

1. Recognition of Customer’s Expectation of Privacy
   
   At Stonebridge Bank, we believe the confidentiality and protection of customer information is one of our fundamental responsibilities. While information is critical to providing quality service, we recognize that one of our most important assets is our customers’ trust. Thus the safekeeping of customer information is a priority of Stonebridge Bank.
2. Use, Collection, and Retention of Consumer Information
   
   We collect, retain and use information about our customers only where we reasonably believe that it will help administer, effect and provide products, services and other opportunities to our customers.
   
   We collect and retain information about our customers only for specific business purposes. Upon request from our customers, we will tell them why we collect and retain this information.
   
   We use information to protect and administer customer records, accounts, and funds; to comply with certain laws and regulations; to help us design and improve our products and services; and to understand our customers financial needs so that we can provide quality products and superior service.
3. Maintenance of Accurate Information
   
   We are committed to collecting and maintaining accurate, current and complete customer data. We will respond promptly to inquiries received from our customers, or from third parties on behalf of our customers indicating that information we provided is inaccurate. We will investigate these inquiries in a timely manner, and update these records accordingly.
4. Limiting Employee Access to Information
   
   Employee access to personally identifiable customer information is limited to those with a business reason to know such information. Employees are educated on the importance of maintaining the confidentiality of customer information and on these Privacy Principles.
   
   All Stonebridge Bank employees are responsible for maintaining the confidentiality of customer information. Employees who violate these Privacy Principles will be subject to disciplinary measures.
5. Protection of Information via Established Security Procedures
   
   We are committed to the security of our customers’ financial and personal information. All of our operational and data processing systems are in a secure environment that protects our customer’s account information from being accessed by unauthorized third parties. We safeguard information according to established security standards and procedures, and we continually assess new technology for protecting information.
   
   We maintain and grant access to customer information only in accordance with our internal security standards. Our employees are trained to understand and comply with these information principles as well as to adhere to our Physical Security Policy, which further outlines and details the steps that will be taken to ensure the safety and security of our facilities and the information contained therein.
6. Restrictions on the Disclosure of Account Information
   
   It is the Bank’s policy not to disclose any nonpublic personal information about our customers or former customers to anyone or other personally identifiable data to non-affiliated third parties for their independent use, except for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information, or in the performance of bona fide corporate due diligence or business matters, unless:
   1. the information is provided to help complete a transaction, transfer or resolve an error involving a customer’s account;
   2. the customer requests or permits it;
   3. it is permitted or required by law;
   4. the customer has been informed about the possibility of disclosure for marketing or similar purposes through a prior communication and given the opportunity to decline (i.e., “opt out”).
7. Maintaining Customer Privacy in Our Business Relationships with Third Parties.
   
   We may occasionally require the services of outside vendors and other third parties. When doing so we will insist that these companies and third parties adhere to privacy principals which are similar to our own. They will be required to understand the importance of keeping all personal customer information in the strictest confidence.
8. Disclosure of Privacy Principles to Customers
   
   Disclosure of our privacy notice (appended as a part of this policy) shall be provided to customers initially and then annually thereafter. A notice of the right to opt out will accompany each privacy notice, unless our bank shares nonpublic personal information only within the three categories of exceptions, listed below.
   
   The notice may be delivered by hand, by mail, or electronically, as specified in the pertinent banking regulation. If the notice is provided electronically, the consumer must be required to acknowledge receipt as a necessary condition for obtaining a financial product or service.
   
   Any customer who may have questions about our Privacy Policy and Principles or have a questions about the privacy of their customer information should call Stonebridge Bank, at (800) 807-1666.

VI. EXCEPTIONS

There are certain situations when the Bank may share nonpublic personal information with third parties in order to administer and process customers transactions or to provide customers with services and products or to better serve our customers. The sharing of nonpublic personal information is permitted and in certain situations does not require a confidentiality agreement or an opt-out notice. These exceptions are described below.

1. Exceptions to the Opt Out Requirements for Service Providers and Joint Marketing
   
   
   1. The opt out requirements do not apply if our Bank provides nonpublic personal information about a consumer to a nonaffiliated third party to perform services for the Bank. This opt out requirement also does not apply if the nonaffiliated third party functions on the Bank’s behalf. However, the Bank must provide the initial notice as required, and must enter into a contractual agreement with the third party.
   2. This contractual agreement requires the third party to maintain the confidentiality of the information, and limits the third party’s use of the information solely for the intended purposes or as otherwise permitted by law.
2. Exceptions to Opt Out Requirements for Processing and Servicing Transactions
   
   The requirements for initial notice, for opt out, and for service providers and joint marketing do not apply if the Bank discloses nonpublic personal information for the following purposes:
   1. As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer.
   2. To service or process a financial product, or service requested or authorized by the consumer.
   3. To maintain or service the consumer’s account with the bank, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity.
   4. In connection with a proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer.
3. Other Exceptions to Notice and Opt Out Requirements
   
   There are additional exceptions to the opt out requirements. The requirements for initial notice, for opt out, and for service providers and joint marketing do not apply when the Bank discloses nonpublic personal information in the following circumstances:
   1. With the consent or direction of the consumer, provided that the consumer has not revoked the consent or direction.
   2. For the following protective or legal situations:
      1. To protect the confidentiality or security of the Bank’s personal records
      2. To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.
      3. For required institutional risk control or for resolving consumer disputes or inquiries.
      4. To persons holding a legal or beneficial interest relating to the consumer.
      5. To persons acting in a fiduciary or representative capacity on behalf of the consumer.
   3. To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating the Bank, persons that are assessing the Bank’s compliance with industry standards, and the Bank’s attorneys, accountants, and auditors.
   4. To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 USC 3401), to law enforcement agencies (including government regulators), self-regulatory organizations, or for an investigation on a matter related to public safety.
   5. To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 USC 1681) or from a consumer report reported by a consumer reporting agency.
   6. In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of that business or unit.
   7. To comply with federal, state, or local laws, rules, and other applicable legal requirements – specifically:
      1. To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities
      2. To respond to judicial process or government regulatory authorities having jurisdiction over the Bank for examination, compliance, or other purposes as authorized by law

VII. EMPLOYEE EDUCATION AND TRAINING

The Bank will ensure that each employee is provided a copy of the Bank’s Privacy Policy and Principles. After any amendments or modifications to this policy have been duly adopted, a copy of the amended policy will also be provided to each employee.

The Bank will provide on-going privacy training for all employees. The training may include among other important privacy topics the following:

1. The proper use of customer information
2. Procedures for maintaining security of information
3. The importance of confidentiality and customer privacy
4. Any incidents, or patterns of behavior, which are covered under this policy

VIII. RECORD KEEPING AND REPORTING

The Bank’s Compliance Officer will maintain a separate file for the purpose of retaining any customer complaints that relate to this policy. The information regarding any complaint should include the exact nature of the complaint, describe the corrective actions taken, and confirm that the corrective actions resolved the complaint.

The President and/or Compliance Officer will make an annual report to the Board concerning customer complaints. This report will include the frequency and nature of such complaints, and any corrective action taken by the Bank. Any complaint that presents a regulatory risk of enforcement action and/or civil money penalties will be reported to the Board in an expeditious manner.

IX. REVIEW OF POLICY

The Board of Directors will review this policy at least once each year, and make any revisions and amendments it deems appropriate. The President and/or Compliance Officer will be responsible for suggesting more frequent revisions as situations or changes in laws or regulations occur.

Last Revision Date: February 2008
Board Approved: February 21, 2008