Security & Privacy Policy

Home / Privacy Policy

1. Overview

Section 502-509 of title V of the Gramm-Leach-Bliley Act (GLBA), and its implementing Regulation P, (also known as the Privacy Rule) requires financial institutions to provide notice to customers about their privacy policies and practices; describe the conditions under which they may disclose nonpublic personal information about consumers to nonaffiliated third parties; and provide a method for consumers to prevent companies from disclosing that information to most nonaffiliated third parties by opting-out of that disclosure. Furthermore, the Fair Credit Reporting Act (FCRA) and the Right to Financial Privacy Act (RFPA) contain provisions to ensure protection of the financial information of consumers.

2. Definitions

The following definitions apply to this Policy:

  • Consumer – means an individual who obtains or has obtained from a financial institution a financial product or service that is to be used primarily for personal, family, or household purposes and includes such an individual's legal representative. A consumer includes an individual who provides nonpublic personal information in order to obtain a determination about whether he or she qualifies for a loan. A consumer also includes an individual who applies for a loan, regardless of whether credit is extended to that person.
  • Customer – means a consumer who has a "customer relationship" with a financial institution. A "customer relationship" is a continuing relationship between a consumer and a financial institution under which the institution provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes.
  • Nonpublic Personal Information – means any information that is not publicly available and that a consumer provides to a financial institution to obtain a financial product or service from the institution; results from a transaction between the consumer and the institution involving a financial product or service; or a financial institution otherwise obtains about a consumer in connection with providing a financial product or service.

3. Policy Statement

Patriot Pacific Financial requires all employees, affiliates, and service providers to comply with all consumer protection regulations regarding the privacy and disclosure of consumer information. Patriot Pacific Financial also complies with all disclosure requirements regarding its privacy policies and practices by providing customers with privacy notice that clearly describes Patriot Pacific Financial's practice of collecting, protecting, and sharing customer's nonpublic personal information (NPI) with affiliates and third parties at the time that a customer relationship is established. Wherever local privacy regulations are more stringent than the requirements set forth in this Policy, the more stringent requirement will be followed.

Patriot Pacific Financial will send a copy of the privacy notice to all new customers in the timeframes specified in the Privacy Rule. Patriot Pacific Financial will also provide a privacy notice annually during the continuation of the customer relationship, if applicable.

4. Privacy Notice Requirements

Patriot Pacific Financial complies with the following privacy notice requirements under the GLBA and, when applicable, the FCRA. Further, the GLBA provides that Patriot Pacific Financial will obtain a "safe harbor" and will satisfy the disclosure requirements for notices if it chooses to use the model form provided under the GLBA.

A. Initial Privacy Notices

Patriot Pacific Financial is required to provide an initial privacy notice to customers when a customer establishes a relationship with Patriot Pacific Financial by providing any personally identifiable financial information in an effort to obtain a mortgage loan.

Patriot Pacific Financial is also required to provide a consumer a privacy notice before sharing NPI with nonaffiliated third parties outside of the exceptions described below. If Patriot Pacific Financial doesn't share information with nonaffiliated third parties, or if it only shares within the exceptions, Patriot Pacific Financial does not have to provide a privacy notice to consumers.

If Patriot Pacific Financial is required to provide a privacy notice to consumers, it may choose to give a "short-form notice" instead of a full privacy notice. The short-form notice must:

  • Explain that Patriot Pacific Financial's full privacy notice is available on request;
  • Describe a reasonable way that consumers may obtain the full privacy notice; and
  • Include an opt-out notice.

B. Annual Privacy Notices

Patriot Pacific Financial also sends annual privacy notices to their customers during the continuation of the customer relationship, if applicable. The annual notice must accurately describe Patriot Pacific Financial's privacy policies and practices in effect at the time the notice is sent.

Annually means at least once in any period of 12 consecutive months during which that relationship exists. Patriot Pacific Financial does not send privacy notices after the relationship with the customer has ended.

C. Information Included in Privacy Notices

The privacy notice includes:

  • The categories of NPI that Patriot Pacific Financial collects;
  • The categories of NPI that Patriot Pacific Financial discloses;
  • The categories of affiliates and nonaffiliated third parties to whom Patriot Pacific Financial discloses NPI;
  • The categories of NPI about former customers that Patriot Pacific Financial discloses and the categories of affiliates and nonaffiliated third parties to whom Patriot Pacific Financial discloses NPI about former customers;
  • If Patriot Pacific Financial discloses NPI to a nonaffiliated third party, a separate statement of the categories of information it discloses and the categories of third parties with whom Patriot Pacific Financial has contracted;
  • An explanation of the consumer's right under Regulation P §1016.10(a) to opt-out of the disclosure of NPI to nonaffiliated third parties, including the method(s) by which the consumer may exercise that right at that time;
  • Any disclosures made under section the Fair Credit Reporting Act (that is, notices regarding the ability to opt-out of disclosures of information among affiliates);
  • Patriot Pacific Financial policies and practices with respect to protecting the confidentiality and security of NPI.

D. Exceptions to Privacy Notice Requirement

Exceptions for processing transactions at consumer's request – Exceptions to the initial privacy notice, opt-out and for service providers and joint marketing do not apply if Patriot Pacific Financial discloses NPI as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with:

  • Servicing or processing a financial product or service that a consumer requests or authorizes;
  • Maintaining or servicing the consumer's account with Patriot Pacific Financial, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or
  • A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer.

5. Opt-Out Notice

Opt-out means a direction by the consumer that Patriot Pacific Financial may not disclose NPI about that consumer to a nonaffiliated third party, other than as permitted by law. The opt-out notice is a clear and conspicuous notice to all customers that accurately explains the right to opt-out under that section. The notice states:

  • That Patriot Pacific Financial discloses or reserves the right to disclose NPI about a consumer to a nonaffiliated third party;
  • That the consumer has the right to opt-out of that disclosure; and
  • A reasonable means by which the consumer may exercise the opt-out right.

6. Revised Notices

The Privacy Rule is designed to enable consumers to make opt-out decisions based on an accurate description of a financial institution's privacy policies and practices. Before disclosing NPI about a consumer to a nonaffiliated third party other than as described in Patriot Pacific Financial's most recent privacy notice, Patriot Pacific Financial must provide the consumer a revised initial notice, a new opt-out notice, and reasonable opportunity to opt out.

7. Delivery Requirements

Patriot Pacific Financial provides the required privacy and opt-out notices simultaneously. Patriot Pacific Financial provides privacy notices and opt-out notices so that each consumer can reasonably be expected to receive actual notice in writing. The notice can be hand-delivered, mailed, or, if the consumer consents, delivered electronically.

8. Prohibition on Disclosure of Account Notices

The Privacy Rule prohibits financial institutions from sharing account numbers or similar access numbers or codes for marketing purposes. This prohibition applies even when a consumer or customer has not opted-out of the disclosure of NPI concerning his or her account.

Under no circumstances will Patriot Pacific Financial disclose, other than to consumer reporting agencies, access codes or account numbers for use in marketing.

9. Limitations on Re-disclosure or Re-use of NPI

When a financial institution receives NPI from a nonaffiliated financial institution, its disclosure and use of the information is limited as follows:

  • For NPI received under any of the privacy and opt-out notice exceptions outlined above, the financial institution is limited to disclosing the information to the affiliates of the financial institution from which it received the information; disclosing the information to its own affiliates; and disclosing and using the information pursuant to any of the privacy and opt-out notice exceptions.
  • For NPI received other than under any of the privacy and opt-out notice exceptions outlined above, the recipient's use of the information is unlimited, but its disclosure of the information is limited to disclosing the information to the affiliates of the financial institution from which it received the information; disclosing the information to its own affiliates; and disclosing the information to any other person, if the disclosure would be lawful if made directly to that person by the financial institution from which it received the information.

10. Fair Credit Reporting Act and Privacy

The Fair Credit Reporting Act (FCRA), among other things, allows financial institutions to share information with others about its own transactions or experiences with a consumer. However, when a financial institution shares information about third-parties' transactions with a consumer, such as sharing a list of its customers and information such as their credit scores with another financial institution to jointly market or sponsor other financial products or services, it could cause the financial institution to be considered a consumer reporting agency that is subject to strict guidelines under FCRA. Furthermore, civil or criminal penalties could apply if a financial institution fails to comply with any requirements of the FCRA.