This California Consumer Privacy Act Disclosure explains how Synovus Bank and its corporate affiliates (collectively “Synovus,” “we” or “us”) collect, use, and disclose personal information relating to California residents covered by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”). This notice is provided pursuant to the CCPA.
Under the CCPA ‘Personal Information’ is information that identiﬁes, relates to, or could reasonably be linked directly or indirectly with a particular California resident. The CCPA, however, does not apply to certain personal information subject to privacy laws, such as Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA) and certain other laws.
The speciﬁc Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual. For example, this Disclosure does not apply to information that we collect about California residents who apply for or obtain our ﬁnancial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these customers, please refer to our Synovus Privacy Notice, Synovus Digital Privacy Statement and our Safety and Security Page.
Collection and Disclosure of Personal Information
Synovus Consumer Privacy Notice and Synovus Digital Privacy Statement provide consumers information concerning the privacy of personal information. The notice provides detailed information about our collection/disclosure practices and how we collect and use your personal information.
In the past 12 months, we have collected and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents covered by this disclosure:
Identiﬁers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Personal information, as deﬁned in the California safeguards law, such as contact information and ﬁnancial information
Characteristics of protected classiﬁcations under California or federal law, such as sex and marital status
Commercial information, including records of personal property, product or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Biometric information, such as fingerprints, voiceprint
Internet or other electronic network activity information, such as browsing history and interactions with our website
Geolocation data, such as device location and Internet Protocol (IP) location
Audio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings
Professional or employment-related information, such as work history and prior employer
Education information subject to the Family Educational and Privacy Act, such as student records, qualifications, confirmation of graduation and directory information
Inferences drawn from any of the Information listed above to create a proﬁle about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
The following categories of Sensitive Personal Information:
Social security, driver’s license, state identification card, or passport number
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
Racial or ethnic origin, religious or philosophical beliefs, or union membership
Contents of a consumer’s mail, email, and text messages unless we are the intended recipient of the communication
The processing of biometric information for the purpose of uniquely identifying a consumer
Personal information collected and analyzed concerning a consumer’s health
How We Collect and Use Your Personal Information
Categories of sources from which we collect Personal information:
Directly from you or your guardian/representatives
Websites, Mobile Apps, Email and Social Media managed by us
Our Third Parties, Service Providers and Credit Reporting Agencies from which we collect personal information or market data as part of providing products and services, completing transactions, or supporting operations
Outside merchants or business partners such as credit card or lending partnerships, or corporate clients
Outputs from analytics
Information from our affiliates or subsidiaries
Public records or publicly available data
Business or Commercial Purpose of Collecting and Disclosing Personal Information
In the past 12 months, we may have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business and commercial purposes and objectives, including the following:
Performing services, including maintaining or servicing accounts, providing customer service, processing or fulﬁlling orders and transactions, verifying customer information, processing payments, providing ﬁnancing, conducting advertising or marketing services, providing analytic services, or providing similar services
Helping to ensure security and integrity to the extent the use of personal information is reasonably necessary and proportionate for these purposes
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a current interaction with us, where the information is not disclosed to a third party and is not used to build a profile or otherwise alter the California resident's experience outside the current interaction with us
Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this speciﬁcation and other standards
Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service. Debugging to identify and repair errors that impair existing intended functionality
Undertaking internal research for technological development and demonstration
Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reﬂecting legal or regulatory guidance, codes or opinions)
Third parties that assist us with our business operations also collect and use information (including Personal Information) through the sites and may share the collected information with us. For example, our service providers collect and share information with us to analyze the performance of the Sites and to detect and prevent fraud. We also may share information with third party service providers upon your request.
The categories of third parties to whom we disclosed Personal Information for our business purposes described in this privacy disclosure are:
Affiliates and Subsidiaries of Synovus
Businesses, Vendors, Contractors, and Service Providers who we partner with to provide services such as website hosting, data analysis, payment processing, order fulﬁllment, preventing and detecting fraud, information technology and related infrastructure, customer service, email delivery, marketing, and marketing research activities
Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries, and auditors, who promote the bank and its ﬁnancial services and products to customers and other prospective customers
Other Third Parties who enable customers to conduct transactions online and via mobile devices, support mortgage and fulﬁllment services, loan processes and aggregators (at the direction of the customer)
Government Agencies as required by laws and regulations
Sale or Sharing of Personal Information and to Limit Use and Disclosure of Sensitive Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA. We do not and will not sell your personal information. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration. We do not knowingly collect or share personal information from children under 16 without parental or legal guardian consent.
We do not disclose sensitive personal information for purposes other than those specified in CCPA or outside the scope of the Gramm Leach Bliley Act exception. Our Privacy Notice discloses applicable areas where you may opt out of sharing your personal information.
Retention of Personal Information
We take necessary steps to ensure that your personal information is only retained for the minimum period necessary for the purposes set out in this disclosure. We utilize the following criteria to determine the duration for which we will retain your personal information:
To fulfill the business or commercial purpose for which the personal information was collected, used or disclosed.
To comply with applicable laws, regulatory requirements or requests, audit requirements, or orders from competent courts.
Consumer Access Request
Rights under the CCPA
If you are a California resident, you have the right to:
Receive this notice at the time or before collection of your personal information.
Request we disclose to you free of charge the following information covering the 12 months preceding your request:
The categories of Personal Information about you that we collected.
The categories of sources from which the Personal Information was collected.
The business or commercial purpose for collecting, selling, or sharing your Personal Information.
The categories of third parties to whom we disclosed your personal information to.
The specific pieces of Personal Information we collected about you.
Request we delete Personal Information we collected from you.
Request we correct inaccurate information we maintain about you.
Be free from unlawful discrimination for exercising your rights under the CCPA.
To complete a request, we will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. To look into your request, we will verify your identity, by collecting additional Personal information such as Driver’s License, State ID, or Military ID (front and back). Requests for speciﬁc pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and veriﬁcation of identity, such as Driver’s License, State ID, or Military ID directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access, correction, or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identiﬁcation numbers, ﬁnancial account numbers, healthcare or medical identiﬁcation numbers, account passwords or security questions and answers, or any speciﬁc pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all veriﬁed requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
How to Exercise Your Rights
If you are a California resident, completing a request for yourself or on behalf of someone else you may submit a request by:
Contacting us using our toll-free number: 1-888-SYNOVUS (1-888-796-6887)
You are about to leave the Synovus web site for a third-party site
Third-party sites aren't under our control, and we are not responsible for any of the content or additional links they contain. We don't endorse to guarantee the goods or information provided by third-party sites, and we're not responsible for any failures or inaccuracies. Third-party sites may contain less security and may have different privacy policies from ours.