Policy
Your privacy is important to us. This Online Privacy Policy ("Policy") explains how Flatirons Bank (the "Bank") collects, shares, uses, and protects your information when you visit or use the Bank website, mobile banking, Bank branded social media pages, and any interactions you may have while viewing content provided through Bank digital advertising campaigns (collectively, "Online Services").
Information Collected
When you visit or use the Bank's Online Services, we may collect personal information from or about you such as your name, email address, mailing address, telephone numbers(s), account numbers, limited location information (e.g. a zip code), username, and password. Information you provide to the Bank when you apply for or receive a Bank product or service is governed by the Bank's Privacy Notice. We may obtain information about you directly from you, through your use of the Bank's Online Services and from third parties (e.g. credit bureaus and demographic firms).
In addition to the personal information described above, we may collect certain information about your use of the Bank's Online Services. We may capture the IP address of the device you use to connect to the Online Services, the type of operating system and browser you use, information about the website you came from, the parts of the Online Services you access, and the website you visit next. When you utilize the Bank's online banking service, we may collect information such as unique identifiers, your screen resolution and other device settings, information about your location and analytical information about how you use your mobile device. We may ask your permission before collecting precise geo-location information through mobile banking.
Why We Collect Information
We may use the information collected through use of the Bank's Online Services to:
- Process applications and transactions;
- Verify your identity;
- Prevent fraud and enhancing the security of your account or the Bank's Online Services;
- Comply with laws, regulations, relevant industry standards, contractual obligations, and Bank policies;
- Provide service support;
- Respond to your questions and requests;
- Assess your satisfaction with our Online Services;
- Contact you about updates to the Bank's Online Services;
- Conduct research and analytics regarding the use of the Bank's Online Services;
- Provide you with tailored content and marketing messages; and
- Operate the Bank's business, or any other purpose that complies with applicable laws and regulations.
Information Sharing
The Bank does not sell or rent your personally identifiable information to third parties. The Bank limits sharing your information in accordance with your choices in response to the Bank's Privacy Notice. We share your information only with service providers that have agreed to confidentiality restrictions and use any personal information they collect on the Bank's behalf solely for the purpose of providing the contracted service to us, as otherwise described above to provide you with our services, and to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.
For example, we may share your information with:
- the Bank's third-party service providers;
- third parties in connection with a transaction such as a sale, consolidation, or merger of Bank businesses; and
- other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce the Bank's terms of use, other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise protect the rights, property, or security of Bank customers or third parties.
We may use information that the Bank collects on an aggregate or anonymous basis (it does not identify any individual customers) for various business purposes, where permissible under applicable laws and regulations.
Security
It is important to the Bank to provide a safe experience for customers utilizing the Bank's Online Services. When we collect identifying information from you, we protect that information with controls based upon nationally recognized security standards, regulations, and industry-based best practices. The Bank maintains customer authentication procedures to protect your personal information and account from identity theft. Please note that information you send electronically may not be secure when it is transmitted to the Bank. We recommend that you do not use insecure channels to communicate sensitive or confidential information (e.g. a Social Security number) to us.
Protect Your Information and Your Identity
While the Bank invests in the technology and processes to ensure it provides a secure environment for all your financial transactions, data transmissions, and communications, we believe protecting your identity and personal information is a team effort. We recommend you take steps to shield yourself and your computer from criminals that may try to obtain your personal information electronically.
Use Effective Passwords
We recommend you help safeguard your identity and personal information by using effective password protection. The following are tips for choosing more-secure passwords:
- Create original passwords that contain a combination of letters, numbers, and special characters if allowed.
- Use capital and lowercase letters.
- Ensure your passwords are at least eight characters.
- Use a unique password for each service or website.
- Avoid using software that saves or remembers your passwords.
- Change your passwords at least twice a year.
- Avoid using:
- Social Security number.
- Account numbers.
- Phone numbers or addresses.
- Birth dates or anniversaries.
- Obvious or common nicknames.
- Names of relatives or pets.
Identify Phishing
Phishing occurs when a criminal attempts to obtain your personal information through electronic communications, such as emails or text messages. These messages appear to be from a trustworthy entity, such as a bank, insurance company, or retailer. However, these messages are not legitimate. Criminals typically ask you to send your personal information to a website and then use that information to commit identity theft. Remember: The Bank DOES NOT request personal information by emails or text messaging. The following are tips for identifying phishing:
- The message generally concerns an "urgent matter" that requires you to "verify" information.
- The sender may ask for ATM or credit card numbers, personal identification numbers, usernames, passwords, and other information they can use to commit identity theft.
- The sender's name is usually generic, such as "Customer Service Department."
- The message may point you to a domain name that is spelled very close to or appears to be related to the legitimate domain name.
Protect Your Computer from Spyware
Spyware, which includes keystroke loggers, screen and mouse recorders, and other types of malware, allow distant hackers to extract sensitive data from your computer. These programs often slow down your computer and send harvested information to criminals. The following are tips for protecting your computer from spyware:
- Never open any email attachments, web links, or files if the sender or source is not trustworthy or cannot be confirmed.
- Install a firewall and anti-virus software on your computer.
- Use an email spam-filtering software.
- Avoid using public computers shared by many individuals to pay your bills, check your account balance, or transact business.
Understand Social Engineering
Social engineering occurs when a criminal uses human interaction to manipulate a person into providing information. People have a natural tendency to trust. Social engineering attempts to exploit this tendency to steal information. Protect your personal and confidential information by only sharing it with legitimate, identifiable sources.
Implement Security Measures on Your Mobile Device
Configure your mobile device to require a passcode to gain access. Avoid storing sensitive information on the mobile device. Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information such as passwords and bank account numbers. Consider configuring your device to automatically delete its contents after ten failed passcode attempts.
Cookies, Web Beacons, and Other Technologies
The Bank and its third-party service providers use information collected from cookies, web beacons, and similar technologies for the following purposes:
- to allow the Bank's Online Services to operate as you have requested;
- to understand how our Online Services are accessed and used;
- to recognize when you return to our website;
- to assess the effectiveness of advertising and readership content;
- to deliver marketing communications that may be of interest to you; and
- for other purposes above under "Use of Collected Information."
Cookies
Cookies are small pieces of data sent from a website and stored on a device. Cookies may enable us to capture and compile statistical information about how you use the Bank's Online Services, including information relating to your device's IP address, the frequency of your visits, readership data (such as the average length of visits, which pages are viewed or shared during a visit or other interactions with Bank content, such as time spent viewing videos, PDFs read and links clicked), authentication information, acceptance or rejection of website terms, and periods of inactivity. Cookies can be managed or deleted on your device. However, denying or deleting cookies may degrade your experience with our Online Services.
Web Beacons
Web beacons are invisible tags that may be placed on a webpage, in advertisement, or in an email or other message. They usually work in conjunction with cookies, registering when a particular device visits a particular page. For example, web beacons may count the number of individuals that visit the Bank's website from a particular advertisement or who enroll in a service after viewing a particular advertisement.
Linking to Third-Party Websites
The Bank may provide links to websites (e.g. Apple App Store, Google Play) that are owned or operated by other companies ("Third-Party Websites"). When you visit a Third-Party Website, you will be subject to that website's privacy and security practices, which may differ from the Bank's. You should familiarize yourself with the privacy policy, terms of use, and security practice of the linked Third-Party Website before providing information on that website.
Individuals Residing Outside of the United States
The Bank's Online Services are based in the United States and are controlled, operated, and administered by the Bank from its offices within the United States. The Bank does not target its Online Services to individuals residing outside of the United States. Mere accessibility to the Bank's Online Services does not indicate an intent to offer the Bank's Online Services outside of the United States. This Policy is provided in accordance with and subject to applicable United States law. If you decide to continue accessing the Bank's Online Services from your location outside the United States, you agree that your use of the Online Services is subject to this Policy and your personal information may be transferred or processed in the United States.
Protecting Children's Privacy Online
The Children's Online Privacy Protection Act protects children under the age of thirteen from the online collection of personal information. Some of the Bank's Online Services are directed at a general audience and are accessible to the public. The Bank's Online Services are not directed to individuals under the age of thirteen. We request these individuals to not provide personal information through any of the Bank's Online Services. The Bank does not knowingly collect, use, or disclose personal information from children under the age of thirteen without obtaining written, verifiable consent from a parent or legal guardian.
Changes to this Policy
We may change this Policy from time to time. When we do, we will let you know by appropriate means such as by posting the revised Policy on the Bank's website with a "last updated" date. Any changes to this Policy will become effective when posted on the Bank's website unless indicated otherwise. We recommend that you review this Policy regularly for changes. Your continued use of the Bank's Online Services after we have changed this Policy indicates your acceptance of the revised terms.