Consumer Privacy Policy
rev. 03/2023
| Facts | What does Bank of the Bluegrass & Trust Co. do with your personal information? |
|---|---|
| Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
| What? | The types of personal information we collect and share depend on the product or service you have with us. This information can include:
· Social Security number and income · account balances and payment history · credit history and overdraft history When you are no longer our customer, we continue to share your information as described in this notice. |
| How? | All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Bank of the Bluegrass & Trust Co. chooses to share; and whether you can limit this sharing. |
| Reasons we can share your personal information | Does Bank of the Bluegrass & Trust Co. share? | Can you limit this sharing? |
|---|---|---|
| For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus |
Yes | No |
| For our marketing purposes – to offer our products and services to you |
Yes | No |
| For joint marketing with other financial companies | No | We don’t share |
| For our affiliates’ everyday business purposes – information about your transactions and experiences |
No | We don’t share |
| For our affiliates’ everyday business purposes – information about your creditworthiness |
No | We don’t share |
| For nonaffiliates to market to you | No | We don’t share |
| For our affiliates to market to you | No | We don’t share |
| Questions? | Call 859-233-4500 |
| What We Do | |
|---|---|
| How does Bank of the Bluegrass & Trust Co. protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. |
| How does Bank of the Bluegrass & Trust Co. collect my personal information? | We collect your personal information, for example, when you
· open an account or deposit money · pay your bills or apply for a loan · use your credit or debit card We also collect your personal information from others, such as credit bureaus, affiliates, or other companies. |
| Why can’t I limit all sharing? | Federal law gives you the right to limit only
· sharing for affiliates’ everyday business purposes—information about your creditworthiness · affiliates from using your information to market to you · sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing. |
| Definitions | |
|---|---|
| Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies.
· Bank of the Bluegrass & Trust Co. does not share with our affiliate. |
| Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies.
· Bank of the Bluegrass & Trust Co. does not share with nonaffiliates so they can market to you. |
| Joint Marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
· Bank of the Bluegrass & Trust Co. does not jointly market. |
Online Privacy Policy
Effective Date: May 31, 2024
Overview and Scope
We at Bank of the Bluegrass & Trust Co. (the “Company,” “we,” “our,” or “us”) recognize the importance of protecting the privacy of personally identifiable information (“Personal Information” or “PII”) To that end, this Privacy Policy (“Policy”) discloses our practices regarding the collection, use, and disclosure of the PII we receive when you interact with our websites or applications or use our Services (collectively, the “Services”), or when you otherwise interact with us. Unless otherwise expressly agreed to in writing, your Personal Information will be processed according to the terms of this Policy. By using our Services, or by submitting information to us whether through our websites or applications (the “Site”) or in person, you accept the terms of this Policy.
Information We Collect
As between you and us, we are the owner of information collected by us or on our behalf. We collect several types of information, including:
Personal Information: We may collect PII from you when you complete forms, navigate web pages, and in connection with other activities, services, features, or resources we make available. PII means any information that is linked or reasonably linkable to an identified or identifiable natural person. PII does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of “Personal Information” or “PII” as defined by applicable laws.
The types of PII we may collect, use, store, and disclose include the following categories of information:
Personal Information Chart
| Category | Type of Information |
|---|---|
| Contact Information and Identifiers | First Name, Last Name, Social Security Number, Email, Phone Number, IP Address, Postal Address, etc. |
| Financial Information | Bank Account Balances, Payment History, Credit History, Overdraft History, Credit/Debit Card Number, Expiration Date, Security Code, Financial Account Number, Bank Account Information, External Account Numbers, Credit Score, Credit Reports, Personal Financial Statement, Tax Returns, LLC Operating Agreements, Corporate Bylaws, Articles of Incorporation, Copy of the Will, Probate Documents Appointing Executor, Trust Agreement, Authorized Signer(s), etc. |
| Internet Identifiers and Activities | Used to uniquely identify browsers, apps, or devices, which vary in permanence and user reset capability. Examples include Browsing History, Search History, Interactions with the Site, Device type, cookies in browsers, and Advertising IDs on Android devices. Unique identifiers and tracking tools collect general location data from devices. |
| Geolocation Data | Geolocation, beacon-based location, GPS location, More precise geolocation information may be gathered through Bluetooth, Wi-Fi, or other geolocation functionalities if enabled in the Apps, subject to user consent. You may disable our use of certain internet identifiers and activities through your device or browser settings. |
| Demographic Information | Household size, income, age, and similar information |
Sensitive PII: We may, if necessary, collect more sensitive categories of PII that may reveal information such as racial or ethnic origin, citizenship status, religious or philosophical beliefs, or trade union membership (“Sensitive PII”). Any Sensitive PII collected will only be shared and used to the extent necessary to provide the Site and our Services to you, or as otherwise permitted by applicable data privacy laws and regulations.
Deidentified Information: We may collect deidentified information from you that may not by itself reasonably identify you as the source when you use our Services, or otherwise interact with us (“Deidentified Information”). Deidentified Information may include: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law.
Children’s Information: The safety and privacy protection of children is very important to Bank of the Bluegrass. Children should always ask their parent or guardian for permission before sending personal information to anyone online. You understand that only the parent or legal guardian of a child under the age of 13 has authority to access the Site or any online banking services, even if the account has been established on behalf of that child. If you permit a child the age of 13 or older to use the Site or any online banking services, or make your user credentials available to such a child, you (a) represent and warrant that you are the child’s parent or legal guardian; and (b) consent to our collection of data of the child as described in this Privacy Policy. If you permit a child of any age to use the Site or any online banking services, or make your user credentials available to a child, you understand that you are responsible for all activity the child initiates from or to any of your accounts, even if they exceed your authorization.
How We Collect Information
The information we collect depends on how Users use our Services or otherwise interact with us. We collect PII and Deidentified Information in various ways, including:
Directly from You: We collect PII when you voluntarily submit PII to us while completing forms and in connection with other activities, services, features, or resources we make available. The PII we collect depends on how you use our Services, or how you choose to communicate with us.
Through Your Use of the Site: We may collect PII and Deidentified Information that your browser transmits when you use our Services or otherwise interact with us. We may also collect Deidentified Information about how you use our Services or otherwise interact with us through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.
A cookie is a small data file that is transferred to an internet browser, which enables the Site to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Site. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Site. Persistent cookies remain on your device for an extended period of time.
Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Site. Please refer to your internet browser’s instructions to learn more about these functions. If you reject cookies, the functionality of the Site may be limited and you may not be able to participate in several of the Site’s features.
Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Site that allow us to gather information about your browsing activities on the Site.
This Site employs Google Analytics for tracking site usage. Google collects and uses your information such as IP address, device type, and operating system to track and examine the use of this Site, to prepare reports on Site activity, and to share it with other Google Services. You can opt-out of Google Analytics using the browser plugin provided by Google HERE, and manage ad personalization settings in your Google account via My Activity.
From Third-Party Services: We may collect PII about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties’ services and/or third-party websites is governed by and subject to the terms and conditions of those third parties and/or third-party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third-party websites.
How We Use Information
We may use Users’ PII for lawful business purposes to help enhance Users’ experience. These purposes include:
Providing our Services: We may use your PII to fulfill the purpose for which you provide it. For example, if you give us an email address to sign up for communications from us, we will use that email information to contact you as requested.
Direct Marketing: We may use your PII to send you promotional materials. You have the right to opt-out of receiving direct marketing. To opt-out of marketing communications, please contact us with your request by emailing info@bankofthebluegrass.com or calling (859) 233-4500.
Customer Service and User Communications: We may use your PII to help us respond to your inquiries, questions, requests, and support needs more efficiently.
User Experience Personalization: We may use your information to personalize the Service to your interests and preferences. For example, we may use such information to tailor the content and information that we send or display to you, offer personalized recommendations, help, and instructions, or otherwise personalize your experience while using our Services. We may also use Users’ PII and/or Deidentified Information in the aggregate to analyze Users’ browsing and usage activities and patterns in order to understand Users’ interests and preferences with respect to our Services. This will help us optimize your experience on our Services.
Business Optimization: We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, conduct internal research and development, administer surveys or market research, and in managing our everyday business needs. We may also use your feedback to improve our Services, including monitoring, auditing, and analyzing trends, usage, and activities on the Site. All of this is done with the intention of making our Services more useful for you.
Safety and Security: We may use your PII and/or Deidentified Information to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Third-Party Use of Cookies and Other Tracking Technologies
Some content, including advertisements, of our Services is served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your PII or they may collect information, including PII, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third-parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see My Privacy Choices below.
How We Disclose Information
We may disclose Users’ PII to certain third parties for a business purpose as described below. Otherwise, we do not sell, share, or rent PII and will not disclose Users’ PII to third parties without your permission.
To Our Affiliates: We may disclose your PII to affiliates, including companies within the Bank of the Bluegrass group.
To Service Providers and Contractors: We may disclose your PII to service providers and contractors that assist us in providing user support, processing payments, shipping and delivering orders, marketing, advertising, communicating with Users, and promoting our Services, or that otherwise perform business functions on our behalf relating to our Services.
To Other Companies in Connection with Our Services: We may disclose your PII to third-party companies as necessary or reasonable for us to provide our services to you. For example, we may disclose your information to secondary mortgage companies such as Flagstar Bank, Rocket Mortgage, or Kentucky Housing Corp.
To Advertising and Marketing Partners: We may disclose Deidentified Information to third-party advertising partners who help us serve advertisements across the web. This information does not identify you personally, but may be used by those marketing and advertising partners and other third parties to enable them to recognize you on other sites and services. Depending on where you reside, this disclosure may be considered a “sale”, and you may have the right to opt out.
Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process.
Sale or Acquisition of Assets: In the unlikely event of a merger, acquisition, or other transaction involving the sale or transfer of our assets, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.
As Disclosed or Consented To: We may disclose your PII for any other purpose disclosed by us at the time you provide that PII, or otherwise with your consent.
Security
The security and confidentiality of your PII is very important to us. We use commercially reasonable security measures to protect your PII. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications network.
California Privacy Rights
California’s “Shine the Light” law permits Users of our Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.
Your Privacy Choices
We strive to provide you with choices regarding the PII you provide to us. We have created mechanisms to provide you with the following control over your PII:
Tracking Technologies and Advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts or functions of our Services may then be inaccessible or not function properly.
Promotional Communications: If you do not wish to receive promotional emails, text messages and/or other direct marketing communications from us, you may opt-out at any time by following any instructions included in the communication or contacting us at info@bankofthebluegrass.com. Please be aware that although you may opt-out of promotional emails, text messages and/or other direct marketing communications, we reserve the right to email you administrative notices regarding our Services and other non-promotional messages, as permitted under the CAN-SPAM Act.
Sharing of Your Information for Third-Party Advertising: If you do not want us to share your PII with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending us an email with your request to info@bankofthebluegrass.com.
Account Information: If you ever wish to access, update, change, delete, correct, or otherwise control your PII, you may do so by sending us an email with your request to info@bankofthebluegrass.com. To help us process your request, please provide a valid email address or other contact information sufficient to allow us to respond to your request. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.
Other State Privacy Rights: Residents of certain states may have additional personal information rights and choices, including rights related to advertising and analytics activities that may be considered “sales” or “sharing” of your PII or “targeted advertising” under the laws and/or regulations that apply to you. Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your PII, in addition to other applicable privacy rights. If you believe you have such additional rights and wish to exercise them, please send us an email with your request, including the specific rights you wish to exercise, to info@bankofthebluegrass.com. Please be aware that your rights are limited to the extent permitted by applicable law.
We will make commercially reasonable efforts to respond to opt-out requests and handle requests to access, update, change, delete, or otherwise control your PII as quickly as possible.
GDPR Data Subject Rights
If you are a data subject located in the European Economic Area or the United Kingdom, the General Data Protection Regulation (EU) 2016/679 or the U.K. GDPR (collectively, the “GDPR”) grants you certain data privacy rights. Your rights include the:
- Right to Access: You have the right to request a copy of your PII.
- Right to Rectification: You have the right to request that we correct any mistakes in your PII.
- Right to Erasure: You have the right to request that we delete your PII.
- Right to Restrict Processing: You have the right to restrict processing of your PII.
- Right to Object to Processing: You have the right to object to our processing or your PII.
- Right to Data Portability: You have the right to receive your PII in a structured, commonly used and machine-readable format.
- Right to Not be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing.
To exercise your rights, please use the Contact Information described below. Please be aware that your rights are limited to the extent permitted by applicable law. For the purposes of compliance with the GDPR, we are the data controller of information we collect from data subjects through the Site.
Data Retention
We will retain Users’ PII while they maintain an account with us or to the extent necessary to provide our Services. Thereafter, we will keep PII for as long as necessary: (i) to respond to any queries from Users; (ii) to demonstrate we treated Users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. We delete PII within a reasonable period after we no longer need the information for the purposes set out in this Policy.
Cross Border Data Transfer
For data subjects within the EEA, it may be necessary for us to share that data subject’s PII outside the EEA, including to the United States, in order to deliver the services through the Site. In the event we transfer PII outside the EEA, we will take commercially reasonable measures to ensure the transfer complies with applicable data protection laws and PII is securely transferred.
Do Not Track Disclosure
Some internet browsers may transmit “do-not-track” signals to websites with which the browser communicates. The Site is currently designed to respond to these “do-not-track” signals.
SPAM
We do not participate in bulk email solicitations that you have not consented to receiving (i.e., “Spam”). We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third-party advertisers.
Third-Party Links
The Site and our Services may contain links to other websites or applications (“Linked Sites”) that are not owned by us. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for—and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Site.
Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and we are not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Site and read the privacy policies of Linked Sites.
Modifications
We reserve the right to update this Policy from time-to-time in our sole discretion. If our privacy practices change materially in the future, we will post an updated version of the privacy policy to the Site. It is your responsibility to review this Policy for any changes each time you use the Site or our Services. We will not lessen your rights under this Policy without your explicit consent. If you do not agree with the changes made, we will honor any opt-out requests made after the Effective Date of a new privacy policy.
Contact Information
If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:
Attn: Director of Marketing
Bank of the Bluegrass & Trust Co.
101 E. High Street
Lexington, KY 40507
(859) 233-4500
If you are a data subject located in the EEA or the UK, the GDPR grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority, please use the following resource: https://edpb.europa.eu/about-edpb/board/members_en. UK data subjects can utilized the following resource: https://ico.org.uk/global/contact-us/.
Effective Date
This Policy was last modified as of the effective date printed above. This version of the privacy policy replaces and supersedes any prior privacy policies applicable to the Site and our Services.