We may add to, delete or change the terms of the Policy from time to time. When we make changes, we will post the amended policy on our website, firstrepublic.com (the “Site”). Any changes to the Policy will become effective immediately upon our posting of the Policy, and your use of the Site and our services is deemed to constitute your agreement with the Policy terms. Please be sure to check the Policy before providing us with PII. We encourage you to review the Policy carefully, as it relates to your experience with First Republic, from the outset when exploring a potential partnership, to opening and maintaining an account with us, and including the introduction of additional services that support your evolving financial needs.
If you are, or apply to become, a customer of First Republic with respect to products or services to be used primarily for personal, family or household purposes, you have additional privacy rights, as reflected in our customer privacy notice, available at: firstrepublic.com/~/media/frb/documents/pdfs/privacy/privacy-notice.pdf?la=en. (Note: As of December 9, 2019, Gradifi Inc. is no longer an affiliate of First Republic Bank and First Republic does not share PII with Gradifi.)
II. How Does First Republic Collect Your PII and What Types of PII Does It Collect?
First Republic collects PII about you when you actively provide it to us, such as by completing an online form, providing PII at your discretion or responding to a request for information, and when you interact with us online, such as browsing our website. For example, if you decide to opt in to any of our communications options, such as receiving text messages at a number you provide or emails at an email address you provide, we will collect the number or email address, and we will collect any additional PII you may send to us by text, email or otherwise.
We also may collect PII about you from the following sources: our affiliates; the internet, including social media websites and other websites; other financial institutions with whom you have accounts, if you elect to have an account aggregation service; conferences; the press or other print media; credit reporting agencies; and other persons (including persons who might refer you to us for a possible customer relationship) and organizations as permitted under applicable law.
Not all information that we collect from you is PII. We may collect information about you that we cannot use to identify you specifically. Listed below are the types of information about you that we may have collected within the past 12 months. These types of information are PII only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device.
- Identifiers, such as your name, postal address, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers.
- internet or other similar network activity, such as browsing history, search history, information on your interaction with our website, mobile application(s) or an advertisement. This may include hardware and browser information about your computer or device, including Media Access Control (MAC) address, computer type and brand, screen resolution, operating system name and version, device manufacturer and model, browser type and language used. It also may include mobile application usage data, such as the date and time our mobile application on your device accesses our servers, and what information and files have been downloaded to the application.
- Geolocation data, meaning the physical location or movements of the device you use to connect with us online. If you use the mobile application, the physical location of your device through the use of, for example, Bluetooth, satellites, cellphone towers, Wi-Fi signals or other technologies.
- Sensory data, such as audio, electronic, visual or similar information.
- “Customer Records” information (some of which may be identifiers or professional/employment-related information as well), such as your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information.
- Commercial information, such as records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.
- Biometric information, such as fingerprints or voiceprints. Our mobile applications may allow you to use third-party authentication features, such as biometric technology (such as fingerprint scanning), to access our mobile applications on your device.
- Professional or employment-related information, such as your current or past job history.
- Personal characteristics that are related to classifications legally protected from discrimination, such as race, national origin, ethnicity, marital status, age and gender.
- Inferences drawn from other PII, such as a summary we might make based on your apparent personal preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We might, for example, infer your race, ethnicity or gender based on your name and/or postal address.
III. Our Business Purposes for Collecting PII; How We Use the Information
We may use the PII we collect from you for a variety of purposes permitted by law, including:
- To provide you with information about our products and services, and to provide you with our products and services, including to service loans we make to you
- To communicate with you, including in response to your inquiries and to fulfill your requests, and to inform you of changes to terms and conditions relating to the products you receive from us or the First Republic services in which you are enrolled
- To allow you to apply for our products and services and to evaluate your eligibility for such products or services, including your creditworthiness
- To personalize our services for you by presenting First Republic products and offers tailored to you
- To prevent fraud, including by confirming your identity and/or location (for example, we may use your device’s physical location for fraud prevention purposes, if you are conducting a transaction)
- To improve our services’ interface and functionality (for example, we may use your device’s physical location to provide you with personalized location-based services, content and offers, such as informing you when you are approaching one of our ATMs or banking locations, or offering you a coupon or reward that can be redeemed at a nearby location)
- To allow you to access features within our website or mobile applications, when you request those features
- To maintain and upgrade the security of the services and any data or information collected
- For legal, compliance and risk management purposes, including to monitor our compliance with fair lending laws and regulations
- Other legally permissible or everyday business purposes, including data analysis, product development and compliance with law enforcement and other legal processes
IV. When and With Whom We Share Personally Identifiable Information
We may share the PII we collect with our affiliates, as permitted by applicable law, and with our service providers. We engage service providers to deliver services to you on our behalf, such as bill payment, money transfers, check processing, wiring services and payment solutions; and to assist us with technology support, operational support and other forms of assistance. We bind our service providers to protect the confidentiality and security of the PII we share with them.
We also share PII with others as we believe to be necessary or appropriate, consistent with applicable laws, for the following purposes: (a) to comply with applicable legal requirements (for example, responding to subpoenas) and regulatory requirements (for example, monitoring of fair lending law compliance); (b) to respond to requests from public and government authorities; (c) to enforce and investigate violations of applicable Terms and Conditions; (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (e) to allow us to pursue available remedies or limit the damages that we may sustain; and (f) to evaluate or conduct a merger, divestiture, restructuring, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.
We do not share PII with non-affiliated entities for those entities to use for their own marketing purposes and in no event do we sell PII.
V. Other Information Collection, Use and Sharing
We also may collect, use and share information that is not PII as follows:
- Aggregated data. We may create or compile, or have created or compiled through our service providers, aggregated data consisting of pieces of information from various sources (including information collected by cookies, from accounts, transaction information, and any other information, including PII), which does not personally identify you or any other individual. We may use and share this aggregated data for our business purposes, including data analytics, research, marketing products and services, and other legal or business purposes.
- Information from online advertising. In order to best deliver relevant digital advertising to you, we and other third-party advertising service providers may collect information about your online activities over time and across different websites when you use our services. Some of the advertisements that click-through to our services contain cookies that allow for the monitoring of your response to these advertisements, may be interest-based, and may use information about your online and offline interests to customize the online ads you see. Interest-based advertising helps us deliver content that is more likely to be of interest to you, and when you use our services, we use information about your activities to help us determine which of our ads are more likely to appeal to you. If you do not wish to have us and/or our third-party advertising service providers know which advertisements and subsequent websites you have viewed, you may opt out at AboutAds. Additionally, the Digital Advertising Alliance website contains important information about interest-based advertising, cookies, behavioral advertising, and what opting out will and will not do.
To help prevent unauthorized access to any of your PII, we seek to use reasonable organizational, technical and administrative measures to protect the PII we maintain within our organization. In addition to the safeguards we apply to protect your PII, there are steps you can take to protect it as well, such as never sharing your passwords and maintaining them in a secure location. The steps you take to complement the many safeguards we apply are particularly important. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at (888) 408-0288. For more information, please visit our Security and Fraud Prevention Center at firstrepublic.com/privacy/security-and-fraud-prevention.
VII. Control Over Your Personally Identifiable Information
If you would like to update PII that you have provided to us, you may contact us through one of the means listed in the “How to Contact Us” section below. Note that certain information is required to provide the services; requests to delete required information may result in our inability to provide the services.
VIII. California Residents’ Privacy Rights
If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”). We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.
A. Right to Know
Subject to the exemption and exceptions mentioned below, if you are a California resident, you have the right to know what PII we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the PII during the past 12 months. (See below on “How to Submit a Request.”) You may request that we provide a description of the categories of PII we have collected (a “Categories Request”) or a request for access to the specific pieces of PII we have collected (a “Specific Pieces Request”).
If you make a Categories Request, we will need to verify your identity to a reasonable degree of certainty. A reasonable degree of certainty may include you providing us with at least two data elements specific to you, so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- The categories of PII we collected about you
- The categories of sources for the PII we collected about you (e.g., social media websites and government records available to the public)
- Our business or commercial purpose for collecting that PII
- The categories of third parties other than service providers (if any) with whom we shared the PII
If you make a Specific Pieces Request, we’ll need to verify your identity to a reasonably high degree of certainty. In order to verify your identity, a reasonably high degree of certainty may include you providing us at least three data elements specific to you. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- The specific pieces of PII we collected about you that you requested
B. Right to Request Deletion
You have the right to request that we delete any of your PII that we collected from you and retained, other than Personal Customer Information (as defined above). We are not obligated to comply with your request if we have a legal basis to retain the PII. If you make a request for us to delete PII, and you do not have any type of account with us, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your PII from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.
Certain PII is protected by federal and state privacy law other than the CCPA and thus the specific rights described above do not apply in the case of that PII. Specifically:
- If you are, or apply to become, a customer of First Republic with respect to products or services to be used primarily for personal, family or household purposes, the non-public PII we obtain from you in that context (“Personal Customer Information”) is protected under other state and federal law rather than the CCPA. As noted, the rights of such customers of First Republic are set forth in our customer privacy notice, available at firstrepublic.com/~/media/frb/documents/pdfs/privacy/privacy-notice.pdf?la=en.
- Also, if you are working for First Republic, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with First Republic, the CCPA currently does not provide you with the privacy rights described in this section VII.
D. How to Submit a Request
To request access to or deletion of your PII as described above, please submit a verifiable consumer request to us by either:
- Clicking here to access our CCPA Consumer Rights Request Self-Service Portal
- Calling us at our Client Care Center: (844) 699-0424
- Sending your request to:
First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111
To receive further instructions on how to request access to or deletion of your PII, you may email us at PrivacyRights@firstrepublic.com.
You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s PII. If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.
In order to protect your PII from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, First Republic requires identification verification before granting any request to provide copies of, know more about or delete your PII. We take special precautions to help ensure this. Specifically, we require that any request submitted to us:
- Provides sufficient information to allow us to reasonably verify you are the person about whom we collected PII or an authorized representative
- Describes your request with sufficient detail to allow us to properly understand, evaluate and respond to it
We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm that the PII relates to you.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. We will only use PII provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
IX. Information Retention
We retain information, including PII, for as long as necessary to achieve the purpose for which it was collected, to fulfill legal or contractual obligations, or for as long as permitted by applicable law. We may retain aggregated or de-identified information indefinitely.
X. Scope of Users
Our online products and services, including our website and mobile applications, are not directed to users under the age of 13. We do not knowingly collect PII online from any person we know to be under the age of 13.
Our online products and services, including our website and mobile applications, are designed for users from, and are controlled and operated by us from, the United States. By using our online products and services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
XI. Do Not Track Signals
Your browser may allow you to send us a “do-not-track signal” to communicate your privacy preferences to us. Our website currently does not respond to browser do-not-track signals.
XII. Links to Other Websites
Our website and mobile applications may feature links to third-party websites that offer goods, services or information. When you click on one of these links, you will be accessing content and services that are not subject to this Policy. We are not responsible for the information-collection practices of the other websites that you visit, and urge you to review their privacy policies before you provide them with any PII. Third-party sites or services may collect, use and secure information about you in a way that is different from those described in this Policy.
XIII. How to Contact Us
First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111
Fax: (415) 392-1413