Notice at Collection and Privacy Policy for California Residents
This California Consumer Notice and Privacy Policy (“CCPA Privacy Policy”) supplements the Flagstar Online Privacy Statement and is provided by Flagstar Bank, N.A. and Flagstar Advisors that link to or otherwise provide this CCPA Privacy Policy. It applies solely to California consumers, which includes visitors to publicly-accessible sections of our Sites, job applicants, and personnel working on behalf of our business clients and partners.
This CCPA Privacy Policy does not apply to:
- Flagstar personnel (e.g., employees, officers, or directors), their emergency contacts or their relatives for whom we administer benefits; or
- Personal information collected, processed or disclosed in connection with our provision of financial products or services pursuant to the Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act.
This CCPA Privacy Policy uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 (the “CCPA”), as amended by the California Privacy Rights Act of 2020 (the “CPRA”), and its implementing regulations (the “CCPA/CPRA”).
Collection and Use of Personal Information
We may collect (and may have collected during the 12-month period prior to the effective date of this CCPA Privacy Policy) the following categories of personal information about you depending on your relationship or interaction with us, as defined by the CCPA, as amended:
- Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers
- Additional Data Subject to Cal. Civ. Code § 1798.80: signature, physical characteristics or description, state identification card number, insurance policy number, education, medical information, and health insurance information
- Protected Classifications: characteristics of protected classifications under California or federal law, such as race, color, national origin, religion, age, sex, gender, gender expression, pregnancy, sexual orientation, marital status, medical condition, disability, citizenship status, and military and veteran status
- Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
- Biometric Information: imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information
- Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
- Geolocation Data: any information used to identify your physical location
- Sensory Information: audio, electronic, visual, and similar information
- Employment Information: professional or employment-related information, such as information relating to your job position (e.g., job title, job description and office location), talent management information (e.g., résumé information, occupation details, education details, certifications and professional associations, historical compensation details, previous employment details, and preemployment screening and background check information, including criminal records information) and emergency contact information.
- Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We may use (and may have used during the 12-month period prior to the effective date of this CCPA Privacy Policy) your personal information for the purposes described in our Online Privacy Statement and for the following business purposes specified in the CCPA/CPRA:
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytics services, providing storage, or providing similar services
- Providing advertising and marketing services to you, except for cross-context behavioral advertising;
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us
- Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
We do not collect or process sensitive personal information with the purpose of inferring characteristics about California consumers covered by this CCPA Privacy Policy.
To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.
Retention of Personal Information
We will retain your personal information for the period reasonably necessary to achieve the purposes described in our Online Privacy Statement and this CCPA Privacy Policy, or any other notice provided at the time of collection, taking into account applicable statutes of limitation and records retention requirements under applicable law.
Sources of Personal Information
During the 12-month period prior to the effective date of this CCPA Privacy Policy, we may have obtained personal information about you from the following categories of sources:
- Directly from you, such as when you contact us
- Your devices, such as when you visit our Online Services
- Our affiliates and subsidiaries
- Vendors who provide services on our behalf
- Professional services organizations, such as auditors and law firms
- Our business clients
- Our business partners (e.g., brokers, correspondents, appraisers, prior servicers) and investors
- Our joint marketing partners
- Beneficiaries, counterparties and other third parties related to a transaction
- Other individuals, such as in connection with a referral
- Recruiting and talent agencies
- Data analytics providers
- Online advertising services
- Government and government-sponsored entities
- Social networks
- Publicly accessible sources
- Data brokers, such as credit bureaus and background check services
Sale or Sharing of Personal Information
We do not sell your personal information in exchange for monetary compensation. We may disclose your personal information by allowing certain third parties (such as online advertising services) to collect personal information via automated technologies on our websites and apps for cross-context behavioral advertising purposes. Under California law, these kinds of disclosures may be considered a “sale” when the personal information is exchanged for non-monetary consideration, or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes. You have the right to opt out of these types of disclosures of your information, as detailed below in the “California Consumer Privacy Rights” section.
We may sell or share for cross-context behavioral advertising purposes (and may have sold or shared during the 12-month period prior to the Last Updated date of this CCPA Privacy Policy) the following categories of personal information about you to online advertising services:
- Identifiers
- Online Activity
We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age.
Disclosure of Personal Information
During the 12-month period prior to the effective date of this Statement, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties: