WEBSTER CITY FEDERAL SAVINGS BANK 

PRIVACY POLICY 

(Revised 03/15/06) 

 

 

Webster City Federal recognizes that consumers have become increasingly concerned about the privacy of their personal information. We consider privacy of consumer's personal information an important element of public trust and confidence in our bank. We have consistently demonstrated our ability to protect such sensitive information that consumers have given us in confidence. However, new privacy concerns are emerging due to changes in the financial industry, technology and regulations. 

 

We reconfirm our commitment to consumers that we will take all reasonable steps consistent with state and federal laws, regulations and normal business practices protecting consumer privacy by keeping confidential information shared with us. We do not disclose any nonpublic personal information about anyone except as permitted by law. 

Information about consumers is collected, used and retained only where it is reasonably necessary and useful in administering our business and in providing financial products and services to our customers. We have procedures intended to assure that consumers' information is accurate, current and complete in accordance with commercial standards, applicable laws and regulations. Our safeguards comply with the standards published by banking regulators. Security procedures and policies limit employee access to personally identifiable information to those with a business reason to know such information. In addition, employees are informed of and trained in their responsibility to protect confidential customer information. 

 

The bank may provide or disclose specific information about consumers' accounts or other business relationships with us when: 

1. Developing financial products and services, 

2. Providing advisory assistance, 

3. Requested or expressively authorized by a customer, 

4. Necessary to properly execute a transaction initiated by a consumer, 

5. Required to assert a legal claim, and 

6. Lawfully permitted or required. 

 

In addition, we may provide information to consumer reporting agencies and to third parties participating with us to offer financial or other related products. 

 

Pretext Calling 

Information that we have about our customers is available to our employees and agents on a need to know basis so they can do their jobs. We prohibit our employees and agents from giving information about customers to anyone in a manner that would violate any applicable law or privacy policy. We do not provide information about customers to anyone without first verifying who they are and whether they may have legal access to the information. We have trained our employees to protect information that we have about customers. 

We value our banking relationship with our customers. Our goal is to serve our customers as effectively and conveniently as possible, and to make sure they feel confident that information about their banking relationship with us is treated with the utmost care. 

 

DEFINITIONS 

The following definitions will help explain the use of certain terms in this policy. 

 

A. Affiliate means any company that controls, is controlled by, or is under common control with another company, such as if we owned an insurance company or an investment service offering uninsured financial products. 

 

B. Collect means to obtain any information that is organized or retrievable on a personally identifiable basis, irrespective of the source of the underlying information. 

 

C. Consumer means an individual and his or her legal representative who obtains a financial product or service from us that is to be used primarily for personal, family, or household purposes. 

Examples: 

1. An individual who applies to us for a loan for personal, family, or household purposes is a consumer of a financial service, regardless of whether the loan is extended. 

2. An individual who provides nonpublic personal information to us in connection with obtaining or seeking to obtain financial, investment, or economic advisory services is a consumer regardless of whether we establish an ongoing advisory relationship. 

 

D. Customer means a consumer that has a customer relationship with us.  

 

E. Customer Relationship means a continuing relationship between a customer and us under which we provide one or more financial products or services to the consumer that is to be used primarily for personal, family, or household purposes.  

Examples: 

1. A deposit, loan, fiduciary, or investment account relationship with us;  

2. An insurance product purchased from us;  

A consumer does not, however, have a continuing relationship with us if the consumer only obtains a financial product or service in an isolated transaction, such as withdrawing cash from our ATM or purchasing a cashier's or traveler's check. 

 

F. Nonaffiliated third party means any person except an affiliate or a person employed jointly by a bank and any company that is not the bank's affiliate.  

 

G. Nonpublic personal information means personally identifiable financial information provided by a consumer to our financial institution resulting from any transaction with the consumer or any service performed for the consumer, or otherwise obtained by the financial institution and any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information. 

1. Nonpublic personal information includes: 

a. The fact that an individual is one of our consumers or customers, unless that fact is available from government records or required to be disclosed to the general public by law; 

 

b. An individual's street address and telephone number if that address and number are derived in whole or in part using personally identifiable financial information that is not publicly available, such as any account numbers. 

2. Nonpublic personal information excludes: 

a. Publicly available information that is derived without using any nonpublic personal information; 

b. Any list description, or other groupings of consumers (and publicly available information pertaining to them) that is derived without using any nonpublic personal information.  

 

H. Personally identifiable financial information means any information provided to a financial institution in obtaining, resulting or providing a financial product or service to a consumer. 

 

I. Publicly available information means any information that a financial institution has a reasonable basis to believe is lawfully made available to the general public: 

1. From federal, state, or local government records; 

2. That is required to be disclosed to the general public by federal, state, or local law; 

3. From widely distributed media. Examples: 

a. Government records. Publicly available information contained in government records includes information contained in government real estate records and security interest filings. 

b. Widely distributed media. Publicly available information from widely distributed media includes information from a telephone book, a television or radio program, a newspaper, or an Internet site that is available to the general public without requiring a password, special fee, or similar restriction. 

 

J. Reasonable basis means the financial institution has taken steps to determine if the information is available to the general public and individuals have not directed that the information not be made available. 

 

RISKS 

Management will ensure that adequate controls have been put in place to manage and monitor risk. To manage risk the bank will: 

 

1. Implement policies and controls according to the sensitivity and importance of the data; 

 

2. Establish an effective risk monitoring process. 

 

3. Monitor developments and changes in consumer and banking laws, regulations and interpretive rulings and take adequate measures to comply with them; 

 

4. Consult with legal counsel, when necessary as determined by management, to ensure that we have valid and enforceable contracts; 

 

5. Assess whether we may be subjected to unexpected assertions of jurisdiction by courts, agencies and taxing authorities when we enter into new geographic, product or service markets. 

 

SAFEGUARDS 

The bank is dedicated to the confidentiality and security protection of customer information. We have implemented safeguards to; 

1. Ensure the security and confidentiality of customer information, 

2. Protect against any anticipated threats or hazards to the security or integrity of such information, and 

3. Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any of our valued customers. 

The board has approved a written security policy and program that oversees the bank?s efforts to develop, implement and maintain an effective information security program. 

Annual reports describing the status of the information security program are presented to the board. The reports will include any breaches or violations and responsive actions or any recommendations for improvement. 

 

FAIR INFORMATION PRACTICES/PRINCIPLES 

The bank understands the new evolving marketplace and its information practices? impact on consumers and we have addressed these issues by identifying the core principles of privacy protection. We recognize the growing importance of confidentiality and privacy of consumer information and our privacy policy covers the following items: 

1. Notifying our consumers about our institution's information practices, 

2. Ensuring the accuracy of personal information maintained by the bank,  

3. Incorporating security measures to protect consumers? personal information, and 

4. Providing a mechanism to handle consumer questions or complaints about the handling of personal information.  

 

ACCESS/PARTICIPATION 

We believe that individuals should be able to access the data about themselves and to view the data in our files and to contest any data pertaining to accuracy and completeness. Our practice provides customers with the ability to ensure that confidential data is accurate and complete. We want customers to have the ability to contest inaccurate and incomplete data by making arrangements with bank officers to verify the information that has been collected. We also will allow customers to correct or allow customers to add comments to their data files pertaining to information that we use that affects past or future activities to make credit decisions and also pertaining to the confidentiality of such information. 

 

INTEGRITY/SECURITY 

Ensuring data integrity is a high priority, and we take reasonable steps to assure the accuracy of the information and the safeguarding of such confidential data. 

Security involves both the managerial and technical measures to protect against loss and the unauthorized access, destruction, use or disclosure of the data. We will guard against appropriate threats and misuse of data when physically feasible or possible. 

 

OVERSIGHT 

We believe that privacy protection can only be effective if there is a mechanism in place to ensure that the regulatory mandates are being met. The bank is committed to complying with all state and federal regulatory laws and good business practices ensuring the confidentiality of nonpublic information. We will work effectively with our supervisory agencies to ensure that we comply with all appropriate rules and will provide customers the opportunity to view and to correct their data if it is incomplete or inaccurate or to add statements to the information to provide clarifications, if necessary.  

Internet 

 

When visitors access our website to view any pages, read product information, or use our online tools, they do so without telling us who they are and without revealing any personal information. While we do not collect identifying information about visitors to our site, we do use standard software to collect information for the strict purpose of tracking activity on our site. This allows us to better understand how many visitors use our site and which pages and features are most popular. The only information we normally collect and store is: 1) the name of their Internet Service Provider, 2) the website that referred them to us, if any, 3) the date and time the page was accessed, and 4) the page or pages that were viewed. 

There are instances where visitors may elect to provide us with personal information. If they fill out one of our feedback or request forms or send us e-mail, they are transmitting the information that appears to them in the form or message. This will typically include information like their name, mailing address, telephone number or e-mail address and any other information necessary to fulfill their request. This is always their option, this information cannot be collected unless they specifically elect to send it to us. 

When visitors submit personally identifying information via one of our feedback or application forms, that information is encrypted, or scrambled, by the browser before it is transmitted back to our website. This effectively prevents anyone from intercepting and reading any of this information. Note that this encryption does not take place if they send us e-mail, but only when they use their web browser with one of our sites feedback or request forms. 

 

DISCLOSURE NOTIFICATIONS 

We will provide a clear and conspicuous notice that accurately reflects our privacy policy  

and practices to: 

1. Our customers, prior to the time that they establish a customer relationship. 

2. Consumers, at the time of, or prior to, providing a financial product or service to the consumer. 

 

Exception 

No initial notice to a consumer is provided if: 

1. We do not disclose any nonpublic personal financial information about the consumer to any nonaffiliated third party. 

2. The consumer does not have a customer relationship with us. 

A customer relationship is established at the time the bank and the consumer enter into a continuing relationship. If we and the consumer orally agree to enter into a customer relationship, we will provide our privacy policies and practices within a reasonable period of time. 

 

DELIVERY OF NOTICE 

We shall provide the privacy notice required so that each customer or consumer can reasonably be expected to receive actual notice in writing or, if the customer or consumer agrees, in electronic form. 

 

PROHIBITED DISTRIBUTION 

We will not provide the regulatory privacy notice explaining our policies and practices orally, whether in person or over the telephone. We will not: 

 

*Post a sign in our branch or office or generally publish advertisements of our privacy policies and practices to satisfy regulatory comments; or 

*Send the notice via electronic mail to a customer or consumer who obtains a financial product or service from us unless mutually agreed upon; or 

*Post the notice on a web page (or link to another Web page) unless the customer or consumer must access that page as a necessary step to obtain a particular financial product or service. 

 

RETENTION OR ACCESSIBILITY  

 

Our customer's privacy notice can be retained or obtained at a later time, in a written form or in the form of the original notice. 

 

Annual Notice to Customers 

We will provide a clear and conspicuous notice to our customers that accurately reflects our privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of twelve consecutive months during which that relationship exists. 

1. We shall provide the annual notice to a customer using a means permitted for providing the initial notice to that customer. 

2. We will not provide an annual notice to a customer with whom we no longer have a continuing relationship.  

 

Notice Content 

The initial and annual notice we provide describing our privacy policy and practices shall include each of the following items of information: