California Consumer Privacy Act

California Consumer Privacy Act (CCPA) Notice

 Last updated. July 2025

 

The words "we," "us," and "our" mean Hana Bank USA, and the words "you" and "your" mean you, the consumer who resides in the State of California. We adopt this notice to comply with the California Privacy Rights Act (CPRA), which amended the California Consumer Privacy Act (CCPA). This Notice explains what personal information we collect and how we use personal information about California residents. The Notice also explains certain rights that California residents have under the CCPA. This Notice explains how California residents can exercise their CCPA rights to request that we: (1) provide certain personal information that we have collected about them during the past 12 months, along with related information described below; or (2) delete certain personal information that we have collected from them.

Collection of Personal Information

During the past 12 months, we have collected the following categories of your personal information. We have also provided each category of sources from which we collected the personal information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the personal information.

Categories of Personal Information that we may collect

  • Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, signature, physical characteristics or description, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, other financial information, medical information, health insurance information, or other similar identifiers
  • Employment Information: Federal and state tax filings, emergency contacts, beneficiaries, dependents, spouse, immigration status, legal issues, health information, work history, salary
  • Biometric information: Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings from which an identifier template can be extracted (e.g., faceprint, a minutiae template, voiceprint), and keystroke patterns, gait patterns, and sleep, health, or exercise data that contain identifying information
  • Image and Video: Pictures, moving visual images with or without audio
  • Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
  • California State or Federal Law characteristics of protected classifications: Race, color, religion, national origin, sex, gender identity, gender expression, sexual orientation, marital status, medical condition, military or veteran status, national origin, ancestry, disability, genetic information, request for family care leave, request for leave for an employee's own serious health condition, request for pregnancy disability leave, retaliation for reporting patient abuse in tax-supported institutions, age (over 40)
  • Internet or other electronic network activity information:
    • Browse history, search history, and information regarding a consumer's or individual's interaction with an Internet Website, application, or advertisement
    • When you visit a website, your device and browser may automatically disclose certain information (such as device type, browser application, browser settings, IP address, and other technical communications information)
  • Professional or employment-related information and references: Current or past job history or performance evaluations, school or degrees earned

Sensitive Personal Information

  • The following categories of Sensitive Personal Information comprise Personal Information that may reveal:
  • Social Security, driver's license, state identification card, or passport number;
  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • Precise geolocation;
  • Racial or ethnic origin, sex, religious or philosophical beliefs, or union membership;
  • Citizenship or Immigration Status;
  • The contents of mail, email, and text messages unless the business is the intended recipient of the communication; and
  • The processing of biometric information for the purpose of uniquely identifying a person.

Categories of sources from which we collect

  • From deposit and/or credit applicants and bank customers, third-party service vendors, public information.
  • From Credit Reporting Agencies with your authorization
  • From contract or agreement
  • From the specific application or software when you access our online or mobile banking application or our website
  • From security cameras or similar devices when you visit our branches, facilities, and ATMs
  • Employment Information: From resumes, job applicants, employees, and former employers

Our business or commercial purpose for collecting

  • To provide and manage products and services. Establish and process transactions including checking accounts, loans, online banking access, customer services, and everyday operations
  • To qualify you for an account or credit with us
  • To perform services for our daily business.
  • To qualify you for an appointed position
  • To validate your identity when accessing or visiting our sites, applications, branches, facilities, and ATMs in connection with our products, services, and daily business
  • To validate your identity when accessing our sites and applications
  • Employment Information: Process employment applications. Provide benefits to employees and dependents, including healthcare plans and retirement plans

Categories of third parties with whom we share

  • Shared with our service providers to service your account
  • Government agencies, including to support regulatory and legal requirements
  • Shared with vendors that assist us in protecting your accounts and personal information from fraud, identity theft, and providing security and safety for our customers and employees
  • Employment Information: Shared with service providers for employee payroll, healthcare, and retirement plans

Personal information does not include:

  • Publicly available information from government records
  • De-identified or aggregated consumer information
  • Information excluded from the CCPA's scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

Hana Bank USA Privacy Notice and Hana Bank USA Online Privacy Notice: You can access our privacy notice and online privacy policy notice via this link: Hana Bank USA Privacy Policies & Notices or by visiting our website at https://www.hanabank.us/privacy-policy

Sale or Share of Personal Information

We do not sell personal information for monetary or other valuable consideration OR share any personal information for cross-context behavioral advertising about customers, including minors under 16 years of age. During the past 12 months, Hana Bank USA has disclosed the categories of personal information listed above for its business purposes.

Retention of Personal Information

The length of time that we intend to retain each category of Personal Information will depend on a number of criteria, including (i) the length of time we are required to retain Personal Information to comply with applicable legal and regulatory requirements, (ii) the length of time we may need to retain Personal Information to accomplish the business or commercial purpose(s) for which such Personal Information is collected, used, or disclosed (as indicated in this Notice), and (iii) whether you choose to exercise your right, subject to certain exceptions, to request deletion of your Personal Information.

Your Rights under the CCPA

You have the following rights under the CCPA regarding your personal information:

  • Right to know:

a. The categories and/or specific pieces of personal information we have collected
b. The categories of sources from which the personal information was collected
c. The purposes of collecting the personal information
d. The categories of third parties with whom we share the personal information
e. The categories of information that we sell or disclose to third parties

  • Right to delete personal information we collected
  • Right to correct inaccurate personal information we collected
  • Right to limit uses of personal information we collected
  • Right not to be discriminated against for exercising any of these rights

Right to Opt-Out of the Sale or Share of Personal Information

You do not need to request the right to opt-out of the sale or sharing of your personal information because we do not sell or share your personal information with third parties as defined under CCPA. We do need to collect certain personal information to provide banking services to you. If you do not want to provide that necessary personal information, we will not be able to provide you with our banking services.

Authorized Agent

When you use an authorized agent to submit a request to know, a request to delete, or a request to correct, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your identity directly with us or directly confirm with us that you gave the authorized agent permission to submit the request.

How to Exercise Your Rights

You may submit a request by:

Contacting us at:  

  • 212-689-5292 Monday through Friday from 9:00 AM to 5:00 PM EST;
  • Send a written request at Compliance Department, 222 Bridge Plaza South, Suite 730, Fort Lee, NJ 07024; or
  • Fill out online inquiry form at Contact Us.

We are required by law to verify your identity before releasing any of your information to you.

Privacy and personal information protection laws, other than the CCPA, apply to the personal information that we collect, use, and disclose. When these laws apply, personal information may be exempt from, or outside the scope of, requests. As a result, in some instances, we may decline all or part of a request related to your personal information. This means that we may not provide some or all of this personal information when you make a request. Also, we may not delete some or all of this personal information when you make a deletion request.

Questions

If you have any questions, you may write to us at Hana Bank USA, Attention: Compliance Department, 222 Bridge Plaza South, Suite 730, Fort Lee, NJ 07024 or call (212) 689-5292.

Changes to This Notice

We may change or update this Notice from time to time. When we do, we will post the revised Notice with the "last updated" date.