Privacy Notice

It is the policy of Citizens Deposit Bank & Trust to adhere to the following Privacy Policy


Purpose and Objectives

This policy reaffirms and formalizes our bank's realization of and respect for the privacy expectations and rights of our customers regarding financial information and other related information, which the bank has or gathers in the normal course of business. It is intended to provide guidance to bank personnel as well as assurance to our customers. We will also, of course, act in compliance with all applicable laws and regulations.


Employee: For the purpose of this policy, "employee" includes all directors, officers, and employees of the bank as well as any attorney, agents, or outside vendors, who become privy to customer information.

Consumer: An individual who obtains or has obtained a financial product or service from a bank that is to be used primarily for personal, family, or household purposes, or that individual's legal representative. An example of a consumer would be a loan applicant. A consumer is not necessarily a customer.

Customer: A person who has established a "continuing relationship" with our bank. (For example, an approved loan applicant who signs a note would be a customer)

Nonpublic personal information: Personally identifiable information relating to a consumer, except when there is a reasonable belief that the information is publicly available. For example, the fact of a customer relationship with the bank, presumably, would be nonpublic personal information. It is only if personally identifiable information relating to a consumer is publicly available, that such information is excluded from nonpublic information.

Publicly available information: Any information that a bank has a reasonable basis to believe is lawfully made available to the general public from Federal, State, or local government records; widely distributed media; or disclosures to the general public that are required to be made by Federal, State, or local law. (For example, a published telephone directory, or the public record of real estate transactions)


The Board of Directors has the ultimate responsibility to appropriately establish and maintain this policy and assure that is being observed in the daily operation of the bank. The Compliance Officer is responsible for carrying out this policy and making recommendations of any changes to the board of directors as necessary.

Privacy Principles

The bank recognizes the following eight elements of its privacy policy, which have become standard within the banking industry:

  1. Recognition of Customer's Expectation of Privacy
  2. Use, Collection and Retention of Customer Information
  3. Maintenance of Accurate Information
  4. Limiting Employee Access to Information
  5. Protection of Information via Established Security Procedures
  6. Restriction on the Disclosure of Consumer Information
  7. Maintaining Customer Privacy in Business Relationships with Third Parties
  8. Disclosure of Privacy Principles to Customers

Recognition of Customers' Expectation of Privacy

Customers of our bank are entitled to the absolute assurance that the information concerning their financial circumstances and personal lives, which the bank has obtained through various means, will be treated with the highest degree of confidentiality and respect. Certain expectations of privacy also contain legal rights of customers which are either granted or confirmed to them through various federal and state laws and regulations. All employees are directed by this policy to assure customers of the bank's commitment to preserving the privacy of their information.

Use, Collection and Retention of Consumer Information

It is the policy and practice of the bank to collect, retain and use information about consumers and customers (both individual and corporate) only where the bank reasonably believes the gathering of such information would be useful and allowed by law to administer the bank's business and/or to provide products, services or opportunities to its customers.

Maintenance of Accurate Information

Executive management is directed to establish procedures to ensure that, to the extent practicable, all customer information is accurate, current and complete in accordance with reasonable commercial standards. The bank will respond promptly and affirmatively to any legitimate customer request to correct inaccurate information, including forwarding of corrected information to any third party who had received the inaccurate information. The bank will further undertake to record that the customer requested such corrective action and follow up with any third party to ensure that they have processed the correction.

Limitation of Employee Access

Executive management will take all steps necessary to ensure that only employees with a legitimate business reason for knowing personally identifiable customer information shall have access to such information. To the extent practicable, access will be limited by computer access codes and granting limited access to areas in which sensitive customer information is retained. Employees will be informed at the time of their initial employment of these standards and periodically reminded of these standards during training sessions at least once during each calendar year. Willful violation of this element of this policy will result in disciplinary action against the offending individual. Inadvertent violations will be dealt with in a manner to ensure that such violations are not repeated.

General Restriction on the Disclosure of Customer Information

The bank will not, except in cases allowed or required under the law, reveal specific information about customer accounts or other nonpublic personal information to any nonaffiliated third parties unless the customer has been provided the required privacy disclosures and is given the opportunity to decline or "opt out."

Business Relationships with Third Parties

If the bank is requested to provide personally identifiable to a third party and that request is in all respects consistent with other elements of this policy, the bank will accede to the request only if the third party agrees to 3 adhere to similar privacy principles, no less stringent than set forth in this policy, that provide for keeping such information confidential.

Disclosure of Privacy Principles to Customers

Disclosure of the privacy notice (Appended as a part of this policy) shall be provided to customers initially and then annually thereafter. A notice of the right to "Opt Out" will accompany each privacy notice, unless our bank shares nonpublic personal information only with entities in the three categories of exceptions listed below. If our bank does share nonpublic personal information only within the three categories of exceptions, a simplified privacy notice will be provided to customers.

The notice may be delivered by hand, by mail, or electronically, as specified in the pertinent banking regulation. If the notice is provided electronically, the consumer must be required to acknowledge receipt as a necessary condition for obtaining a financial product or service.

Attached will be our actual disclosure we deliver to consumer customers at deposit account opening and loan origination and annually by direct mailing or by using the alternate delivery method (notice on statements and website).

Exceptions to the Opt Out Requirement for Service Providers and Joint Marketing

12 CFR 216.13

The opt out requirements do not apply if our bank chooses to provide nonpublic personal information about a consumer to a nonaffiliated third party to perform services for the bank or functions on the bank's behalf, if our bank provides the initial notice as required and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of the information to at least the same extent that the bank must maintain that confidentiality and limits the third party's use of the information solely to the purposes for which it is disclosed or as otherwise permitted.

Exceptions to the Opt Out Requirements for Processing and Servicing Transactions

12 CFR 216.14

The requirements for initial notice, for opt out, and for service providers and joint marketing do not apply if the bank discloses nonpublic personal information:

  1. As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer.
  2. To service or process a financial product or service requested or authorized by the consumer.
  3. To maintain or service the consumer's account with the bank, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity.
  4. In connection with a proposed or actual securitization, secondary market sale (including sales of servicing rights) or similar transaction related to a transaction of the consumer.

Other Exceptions to Notice and Opt Out Requirements CFR 216.13

There are additional exceptions to the opt out requirements. The requirement for initial notice, for opt out, and for service providers and joint marketing do not apply when a bank discloses nonpublic personal information in the following circumstances:

  1. With the consent or direction of the consumer, provided that the consumer has not revoked the consent or direction.
  2. For the following protective or legal situations:
    a.   To protect the confidentiality or security of the bank's records pertaining to the consumer, service, product, or transaction.
    b.   To protect against or prevent actual or potential fraud unauthorized transactions, claims, or other liability.
    c.   For required institutional risk control or for resolving consumer disputes or inquiries.
    d.   To persons holding a legal or beneficial interest relating to the consumer.
    e.   To persons acting in a fiduciary or representative capacity on behalf of the consumer.
  3. To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating the bank, persons that are assessing the bank's compliance with industry standards, and the bank's attorneys, accountants, and auditors.
  4. To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 USC 3401), to law enforcement agencies (including government regulators), self-regulatory organizations, or for an investigation on a matter related to public safety.
  5. To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15USC1681) or from a consumer report reported by a consumer reporting agency.
  6. In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of that business or unit.
  7. To comply with federal, state, or local laws, rules, and other applicable legal requirements-specifically:
    a.   To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities; or
    b.   To respond to judicial process or government regulatory authorities having jurisdiction over the bank for examination, compliance, or other purposes as authorized by law.

Employee Education and Training

Executive management is directed to provide a copy of this policy to all bank employees and to obtain a receipt from each employee acknowledging that fact. After any amendments or modifications to this policy have been duly adopted, a copy of the amended policy will also be given to each employee, again acknowledged by receipt.

At least once during each calendar year, the bank will conduct a meeting of all employees during which matters affecting customers' rights to privacy will be discussed. Such meetings will include discussion on the following:

Record Keeping and Reporting

Executive management will maintain a separate file for the purpose of retaining any customer complaints, which relate to this policy. The information regarding any complaint should include the exact nature of the complaint, describe the corrective actions taken, and confirm that the corrective actions resolved the complaint.

Executive management will make an annual report to the board concerning customer complaints, which shall include the frequency and nature of such complaints and corrective actions taken. Complaints of a nature sufficient to present a risk of regulatory enforcement action and/or civil money penalties are required to be reported if and when they occur.

Review of Policy

The board of directors will review this policy at least once each year and make any revisions and amendments it deems appropriate. The Compliance Officer will be responsible for suggesting more frequent revisions as situations or changes in laws or regulations dictate.

Attachment (7.10.10)
FACTS What does Citizens Deposit Bank do with your personal information?
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security number and Account Information
  • Income and Account Balances
  • Payment History and Transaction history
When you are no longer our customer, we continue to share your information as described in this notice.
How? All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Citizens Deposit Bank chooses to share; and whether you can limit this sharing.


Reasons we can share your personal information Does Citizens Deposit Bank share? Can you limit this sharing?
For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
For our marketing purposes— to offer our products and services to you Yes No
For joint marketing with other financial companies No We do not share
For our affiliates' everyday business purposes— information about your transactions and experiences No We do not share
For our affiliates' everyday business purposes— information about your creditworthiness No We do not share
For non-affiliates to market to you No We do not share


Who we are
Who is providing this notice?

Citizens Deposit Bank

What we do
How does Citizens Deposit Bank protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

How does Citizens Deposit Bank collect my personal information?

We collect your personal information, for example, when you

  • Open an account or deposit money
  • Pay your bills or apply for a loan
  • Use your ATM or debit card
Why can't I limit all sharing?

Federal law gives you the right to limit only:

  • sharing for affiliates' everyday business purposes information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.


Companies related by common ownership or control. They can be financial and non-financial companies.

  • Citizens Deposit Bank does not share with our affiliates.

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Citizens Deposit Bank does not share with non-affiliated third parties so they can market to you.
Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Citizens Deposit Bank doesn't jointly market
Questions? Call 1.866.226.1762 or go to