Of the above categories and examples, the following is considered sensitive personal information:
- Identifiers (social security, driver's license, state identification card, or passport number)
- Protected Classifications (racial or ethnic origin)
- Account Information (Company account log-in information in combination with any required security or access code, password or credentials allowing access to the Company account)
- Financial Information (financial account information)
- Biometric Information (fingerprints)
- Geolocation Data (IP address, GPS location)
- Medical and Health Information
- Content of Mail, Email and/or Text Messages Where the Company is Not an Intended Recipient
The following is NOT considered personal information under the CCPA/CPRA:
- Publicly available information, including information that is lawfully made available from federal, state or local government records, information that is lawfully made available to the general public by a consumer or from widely distributed media, and information made available by a person to whom a consumer had disclosed the information if the consumer has not restricted the information to a specific audience.
- Lawfully obtained, truthful information that is a matter of public concern.
- Deidentified or aggregate consumer information.
The following is a list of categories of third parties to whom your personal information is disclosed to in the past 12 months, as described in the chart above:
- Government agencies
- Payroll providers
- Communications providers
- Benefits providers
- Information technology and security providers
- Human resources information systems
- Recruiters and/or staffing agencies
- Professional employer organizations
- Social media
Categories of Sources from Which Personal Information is Collected
The Company collects your personal information from the following categories of sources:
- You, the consumer under the CCPA.
- Recruiters and/or staffing agencies.
- Personal references and/or former employers.
- Government agencies.
Business Purposes for Which Personal Information is Disclosed
The Company collects, discloses, and shares your personal and sensitive personal information for the following business purposes:
- To fulfill the reason for which you provided the information.
- To maintain the safety and security of the Company's premises and networks.
- To respond to requests as required by applicable law, court orders, or government agencies/regulations.
- To facilitate your employment with the Company, including for purposes related to employment verification, promotion, discipline, payroll, etc.
- To verify and respond to consumer requests.
- To communicate with you regarding your employment.
- To ensure compliance with local, state, and federal laws related to infectious diseases.
Selling/Sharing of Personal Information and Sensitive Personal Information
The Company does not sell or share your personal or sensitive personal information as defined under the CCPA/CPRA.
Use and Disclosure of Sensitive Personal Information
The Company does not use or disclose your sensitive personal information for purposes other than the following:
- To perform the services reasonably expected by an average consumer who requests those services.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at the Company and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- For short-term, transient use.
- To perform services on behalf of the Company.
- To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company.
- To collect or process sensitive personal information where the collection or processing is not for the purpose of inferring characteristics about a consumer.
Your Privacy Rights Under the CCPA
The CCPA confers the following rights on your regarding your personal information:
- The Right to Know. The right to know what personal information the Company has collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business purpose for collecting, or sharing personal information, the categories of third parties to whom the Company discloses personal information, and the specific pieces of personal information the business has collected about you.
- The Right to Delete: The right to delete personal information that the Company has collected from you, subject to certain exceptions.
- The Right to Correct: The right to correct inaccurate personal information that the Company maintains about you.
- The right not to receive discriminatory treatment by the Company for the exercise of privacy rights conferred by the CCPA, including an employee's right not to be retaliated against for the exercise of their CCPA rights.
How to Exercise Your Privacy Rights Under the CCPA
You may exercise your privacy rights under the CCPA as described above through one of the following methods:
An authorized agent is a natural person or business entity that you have authorized to act on your behalf. An authorized agent can make a request under the CCPA on your behalf if the authorized agent provides the Company with your written and signed permission to make the request. The Company may deny a request from an authorized agent if the agent does not provide to the Company your signed permission demonstrating that they have been authorized by you to act on their behalf. For requests to delete, correct, or know, the Company may also require you to either verify your identity directly with the Company or directly confirm with the Company that you provided the authorized agent permission to submit the request.
How We Will Verify Your Request Under the CCPA
The Company has established the following reasonable methods for verifying that the person making a request to delete, correct, or know is the person about whom the Company has collected information. The Company may request additional information from you for the purposes of verifying your identity when you are seeking to exercise your rights under the CCPA and for security and fraud-prevention purposes. For example, the Company may request that you provide the amount of your last paycheck, date of birth, and last four digits of your social security number to verify your identity. If the Company collects any new personal information about you for verification purposes, such information will be deleted as soon as possible after processing your request.
How We Will Respond to Your Request Under the CCPA
Ten (10) business days after receiving a request to delete, correct, or know, the Company will confirm receipt of your request and provide you with information regarding how the Company will process your request. The Company will respond to your request to delete, correct, or know in 45 calendar days after receipt of the request. If the Company cannot verify your request, the Company may deny your request. If necessary, the Company may take up to an additional 45 calendar days to respond to your request. If so, the Company will provide you with notice and an explanation as to why it will take more than 45 days to respond to your request.
Personal Information of Consumers Under 16 Years of Age
The Company does NOT have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.
Contact Us
If you have questions or concerns about the Company's privacy policy and information practices, please contact Human Resources at fm_hrbp@mechanicsbank.com.
Date Last Updated: July 30, 2024
Changes to Our Privacy Notice
Mechanics Bank reserves the right to amend this PRIVACY NOTICE for California Residents at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.