This NOTICE AT COLLECTION is provided by Columbia Banking System, Inc. and its subsidiaries and affiliates (collectively, “Columbia”, “we”, “us”, or “our”), and applies to all California residents
("consumers" or "you"). Except as otherwise specified, “residents” or “you” when used throughout this notice refers to any individual residing in California, including those acting as a job applicant, employee, independent contractor, owner, director, or officer of Columbia and those we interact with in our business-to-business relationships.
Please read this Notice carefully as it describes how we collect, use, and retain information that relates to you (“personal information”). This Notice also provides information on how California residents can opt out of any processing activities deemed as a “sale” or “share” under California law.
If you have a disability that prevents or limits your ability to access this notice, please contact us at
1-833-427-5227 (employees and job applicants, contact Human Resources); we will work with you to provide this notice in an alternative format.
CATEGORIES OF PERSONAL INFORMATION WE MAY COLLECT
Depending on your relationship or specific interaction with individuals, we may collect the following categories of personal information:
|
Category of personal information |
Representative data elements |
|
Identifiers |
ü Real name ü Postal address ü Unique identifier or unique personal identifier ü Social Security number ü Passport number ü Driver’s license number ü Telephone number ü Email address |
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)) |
ü Name ü Signature ü Physical characteristics or description ü State or government issued identification card number ü Insurance policy number ü Employment information and history ü Bank account number ü Credit or debit card number ü Other financial information |
|
Category of personal information |
Representative data elements |
|
|
ü Medical Information ü Health insurance information |
|
Protected classification characteristics under California or federal law |
ü Date of birth/age ü Gender, including gender identity ü Military or veteran status ü Marital status ü Request for leave for employee(s) ü Request for pregnancy leave ü Request for family care leave ü Race/color ü Ethnicity or national origin or ancestry ü Religion ü Sexual orientation ü Disability |
|
Commercial information |
ü Records of personal property ü Products or services purchased, obtained, or considered ü Other purchasing or consuming histories or tendencies |
|
Biometric information |
ü Fingerprints ü Faceprints or face imagery ü Voiceprints and/or voice recordings that can be extracted ü Physiological characteristics ü Biological characteristics ü Behavioral characteristics ü Identifiable sleep, health, and exercise data ü Activity patterns |
|
Internet or other similar network activity |
ü Browsing history ü Search history ü Information regarding interaction with a website, application, or advertisement |
|
Device information Note: Some information included in this category may overlap with other categories. |
ü Device identifier or identifying information, characteristics, or settings about the device you use to access our online services ü IP address ü Information in cookies, pixel tags, or from other Collection Technologies ü Mobile ad identifiers ü Mobile device information (with permission, such as location, contacts, camera) |
|
Geolocation data |
ü Physical location ü Movements ü Precise geolocation |
|
Category of personal information |
Representative data elements |
|
Sensory data |
ü Audio ü Visual ü Electronic For example, in the employment context, this may include: ü Information captured from video, audio, monitoring, or surveillance systems ü Employee photographs Note: These data types are typically collected during phone and in-person interactions for security and training purposes. |
|
Professional or employment related information Note: Some information included in this category may overlap with other categories and may apply to all employees and their dependents, beneficiaries, and emergency contacts. |
ü Current and past job history or performance evaluation For example, in the employment context, this may include: ü Personnel records, including salary/wage information, occupation, and disciplinary notices and actions ü Job application and resume ü Employment contracts or independent contractor agreements ü Information from background checks ü Employment offer detail ü Other information you provide during screening and recruitment ü Records of involvement in company-sponsored events or community involvement as an employee |
|
Non-public education information (per the Family Educational Rights and Privacy Act) |
ü Education records, such as enrollment, grades, transcripts, and student schedules ü Student financial information, including tuition costs and reimbursement |
|
Inferences drawn from other personal information |
ü Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics Note: Inferences are not performed based on any sensitive personal information collected, as defined below. |
|
Sensitive Personal Information Note: Some information included in this category may overlap with other categories. |
ü Government identifiers (Social Security, driver’s license, state identification card, or passport number) ü Complete account access credentials (usernames, account numbers or card numbers, combined with any security or access code, password, or credential required for allowing access to an account) ü Precise geolocation ü Racial or ethnic origin, religious or philosophical beliefs, or union membership |
|
Category of personal information |
Representative data elements |
|
|
ü Biometric information when used for the purpose of uniquely identifying a consumer ü Personal information collected and analyzed concerning your health, including from employees’ certain medical conditions. For example, in the employment context, this may include: ü Employee benefit plan information, including dependents and beneficiaries ü Emergency contact information ü Employee leave information related to benefits (vacation), family and medical leave, or other disability leave ü Personal information collected and analyzed concerning your sex life or sexual orientation |
PURPOSES FOR COLLECTION AND USE OF PERSONAL INFORMATION
The purposes for which we collect and use each category of personal information and sensitive personal information depend on, among other things, our relationship or interaction with specific California residents. We may use the personal information we collect for the following business or commercial purposes:
|
Purpose for collection and use |
Example |
|
Provide and manage products and services |
ü Establish your account(s) and/or preferences, process transactions for our products and services including checking accounts, credit cards, loans, investment accounts, as well as additional products for businesses such as commercial financing and payment services. ü Support the ongoing management and maintenance of our products and services including to provide account statements, online banking access, online services, customer service, payments and collections, and account notifications. ü To respond to your inquiries and fulfill your requests. ü To provide important information regarding the products or services for which you apply or may be interested in applying for, or in which you are already enrolled, changes to terms, conditions, and policies and/or other administrative information. ü To allow you to apply for products or services (for example, to prequalify for a mortgage, apply for a credit card, or to open an account) and evaluate your eligibility for such products or services. |
|
Purpose for collection and use |
Example |
|
Provide and manage human resource services for hiring and performance |
ü Talent planning and recruitment. ü Hiring practices, such as processing applications, pre- employment screening, onboarding, employment agreements and establishing your employee account(s) and/or preferences. ü Support employee training, education, and development. ü Employee performance management. |
|
Support employment benefits administration |
ü Provide benefits to employees, including dependents and beneficiaries, including healthcare or medical, retirement, insurance, and other benefit plans. ü Support benefit claims processing. |
|
Support our everyday human resource operations, including to meet risk, legal, and compliance requirements |
ü Manage pay and compensation activities. ü Administer employee performance management and corrective actions. ü Perform accounting, monitoring, and reporting. ü Comply with policies, procedures, and contractual obligations, including compliance requirements such as reporting. ü Enable information security and anti-fraud operations and verify your identity. ü Support audit and investigations, complete legal requests and demands, as well as exercise and defend legal claims. ü Enable the use of service providers, third parties and contractors for business purposes. |
|
Support our everyday operations, including to meet risk, legal, and compliance requirements |
ü Perform accounting, monitoring, and reporting. ü Enable information security and anti-fraud operations, verify your identity, as well as credit, underwriting, and due diligence. ü Support audit and investigations, legal requests and demands, as well as exercise and defend legal claims. ü Enable the use of service providers for business purposes. ü Manage our business relationships. ü Comply with policies, procedures, and contractual obligations. ü Verify or enforce our terms of use or other applicable policies. ü For purposes of compliance, fraud prevention, technical support, and safety, including emergency response and protecting the security of account and personal information. |
|
Purpose for collection and use |
Example |
|
|
ü Collect information through our social media pages and other online interactions with you to assist in verifying your identity and account status. We may combine this online information with information collected from offline sources or information we already have. ü Defend or protect us, you, our client, or third parties, from harm or in legal proceedings. ü Respond to court orders, lawsuits, subpoenas, and government requests. |
|
Manage, improve, and develop our business |
ü Personalize, develop, as well as improve our products and human resource services. ü Support customer relationship management. ü To personalize your experience on our websites and enhance websites. ü To allow you to participate in surveys and other forms of market research, sweepstakes, contests, and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how Personal Information is used and shared. ü Conduct research and analysis, including to drive innovation in recruiting, retention, and employee management. ü Support employee relationship management. |
|
Research and Analytical Purposes |
ü Understand how you use our websites, mobile applications, and other digital properties (collectively, the “Sites”). ü The methods and devices you use to access our Sites. ü Make improvements to our Sites. ü Conduct research and analysis, identify usage trends, determine effectiveness of promotional campaigns, and to drive product and services innovation. |
|
Marketing and Advertising Purposes |
ü Send you marketing and advertising communications about our products and services, tailored to your interests or more general in nature. |
|
Provide and manage digital and mobile products and services |
ü Information stored on your device, such as location, camera, contacts, or other features you are enrolled in to enrich and simplify your own user experience and improve our services, as well as provide additional security to protect your account. |
RETENTION
We retain your personal information, including sensitive personal information, for the period necessary to fulfill the purposes outlined in this Notice unless a longer retention period is required or permitted by law. Please note that in many situations we must retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
REQUESTS TO OPT OUT OF SELLING OR SHARING
While we do not disclose your personal information in exchange for money, we, our service providers, and third parties engaged on our behalf may use cookies, pixel tags, or similar online tracking technologies (collectively, “Collection Technologies”) to gather personal information when you use, access, or otherwise interact with our websites, mobile applications, or other digital properties, which may be deemed as a “sale” or “share” of personal information under California law. The categories of personal information we may sell, or share include:
• Internet or other similar network activity
• Device information
• Unique identifiers or unique personal identifiers
For information about how you can opt out of the selling or sharing of your personal information, please refer to our Notice of Right to Opt Out of Sale/Sharing at columbiabank.com/privacy/opt-out- sale-sharing.
ADDITIONAL INFORMATION
For a comprehensive description of how we collect and use your personal information, please refer to our Privacy Notice for California Residents at columbiabank.com/privacy/privacy-notice-for-california- residents and Digital and Mobile Privacy Notice at columbiabank.com/privacy/digital-privacy-notice.
For more information on our privacy practices and to exercise your rights, visit columbiabank.com/privacy or call, toll-free, 1-833-427-5227.
