California Residents

BBVA USA
California Consumer Privacy Act (“CCPA”) Notice at Collection and Privacy Policy

 


The following CCPA Notice at Collection and Privacy Policy shall not apply to the collection, processing, sale or disclosure of any information (i) that a consumer provides to us to obtain a financial product or service from us, or (ii) about a consumer resulting from any transaction involving a financial product or service between us and the consumer; or (iii) we otherwise obtain about a consumer in connection with providing a financial product or service to that consumer.

To better understand your rights in respect of any such information excluded from the following CCPA Notice at Collection and Privacy Policy, please instead reference the BBVA Privacy page, which you may visit at https://www.bbvausa.com/policy/privacy-policy.html.


This NOTICE AT COLLECTION AND PRIVACY POLICY FOR CALIFORNIA RESIDENTS supplements the information contained in the Consumer Privacy Disclosure of BBVA USA and each of the following affiliates of BBVA USA: NY Branch of BBVA, S.A.; BBVA Insurance Agency, Inc.; BBVA Securities Inc.; BBVA Wealth Solutions, Inc.; and BBVA Open Platform, Inc. (collectively, “we,” “us,” or “our”) and applies solely to consumers who reside in the State of California (“consumers” or “you”). We adopt this statement to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this statement. For California residents, the provisions of this Notice at Collection and Privacy Policy prevail over any conflicting provisions of the BBVA USA Consumer Privacy Disclosure, the BBVA Mobile Banking Application Privacy Policy, the BBVA Online Privacy Policy, and/or the BBVA ClearSpend Service Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA (“Personal Information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category Examples Collected

A. Identifiers. 

A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Categories of Personal Information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law. 

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information. 

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information. 

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

YES

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.

YES

G. Geolocation data. 

Physical location or movements. 

YES

H. Sensory data. 

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

I. Professional or employment-related information.

Current or past job history or performance evaluations. 

YES

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

YES

K. Inferences drawn from other Personal Information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

Personal Information does not include:

  • Publicly available information from government records. 
  • De-identified or aggregate consumer information. 
  • Other information to the extent excluded from the CCPA's scope, like:
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CalFIPA), and the Driver's Privacy Protection Act of 1994; 
    • Health or medical information that constitutes clinical trial data or that is otherwise covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), or the California Confidentiality of Medical Information Act (CMIA); 
    • Personal Information we may collect from a natural person (including, without limitation, emergency contact information for that natural person and such other Personal Information we may need in order to administer benefits for such natural person) in the course of the natural person applying for a job with us or otherwise in connection that natural person acting as our employee, owner, director, officer, medical staff member, or contractor; and 
    • Personal Information we may collect from a natural person who is acting as an employee, owner, director, officer, or contractor of another company with which company we are communicating or for which company we are otherwise evaluating or actually providing a product or service

Sources of Personal Information

With respect to each of the categories of Personal Information listed in the table above, we obtain such Personal Information from a variety of sources, including from:

  • our customers and consumers, with respect to both online and offline interactions they may have with us or our service providers, and other entities with whom you transact;
  • others with whom you maintain relationships who may deal with us on your behalf;
  • credit bureaus; 
  • identify verification and fraud prevention services;
  • marketing and analytics providers;
  • public databases;
  • social media platforms;
  • advertising networks; 
  • government entities;
  • internet service providers and the devices you use to access our websites, mobile applications, and online services;
  • operating systems and platforms; and
  • data brokers.

Use of Personal Information

With respect to each of the categories of Personal Information listed in the table above, we may use or disclose such Personal Information for any one or more of the following business purpose:

  • To fulfill or meet the reason for which the information is provided. For example, if you provide us with Personal Information in order to open a banking or mortgage account;
  • To provide you with information, products or services that you request from us;
  • To provide you with email alerts, event registrations and other statements concerning our products or services;
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
  • To detect and protect against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecute the same;
  • To debug to identify and repair errors in our systems;
  • As otherwise necessary or appropriate to protect the rights, property or safety of us, our customers, consumers, or others;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • For such purposes as may be necessary or appropriate in connection with audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
  • To improve our website and apps and present their content to you;
  • For testing, research, analysis and product development;
  • For short-term, transient use including contextual customization of ads; and/or 
  • As otherwise described to you when collecting your Personal Information or as otherwise set forth in the CCPA.

Sharing Personal Information

With respect to each of the categories of Personal Information listed immediately below, we may disclose such Personal Information to a third party for any of the business purposes identified above.

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for each of the business purposes identified above:

Category A: Identifiers

Category B: California Customer Records Personal Information categories

Category C: Protected classification characteristics under California or federal law

Category D: Commercial information

Category E: Biometric Information

Category F: Internet or other similar network activity

Category G: Geolocation Data

Category H: Sensory Data

Category I: Professional or employment-related information

Category J: Non-public education information

Category K: Inferences drawn from other Personal Information

With respect to each of the categories of Personal Information listed immediately above, we may disclose such Personal Information for a business purpose to the following categories of third parties:

  •  Our affiliates 
  • Service providers
  • Government entities
  • Such third parties as our customers or consumers may direct us to disclose their personal information

We do not, and will not, sell (as that term is defined by the CCPA) any Personal Information that we collect.

We do not disclose Personal Information of individuals we know to be under the age of 16 to any business or third parties for monetary or other valuable consideration as a “sale” under California law, without affirmative authorization.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we have collected about you. 
  • The categories of sources for the Personal Information we have collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).

  • If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
    • the categories of Personal Information about you that we have sold within the meaning of the CCPA and the categories of third parties to whom the Personal Information was sold; and
    • the categories of Personal Information about you that we disclosed for a business purpose.

Deletion Request Rights 

You have the right to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the Personal Information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you. 
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities. 
  3. Debug products to identify and repair errors that impair existing intended functionality. 
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law. 
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq. ). 
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent. 
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. 
  8. Comply with a legal obligation. 
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a request to us by either:

Only you or a person who you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. Under California law, you may designate an authorized agent to make a request on your behalf.  You may make such a designation by providing the agent with a signed permission to act on your behalf.  Your agent may be subject to the same verification procedures that we use to verify consumers who do not currently have a relationship with us.  Additionally, we may require you to verify your own identity in response to a request, even if you have chosen to use an agent, and ask that you directly confirm to us that you have provided the authorized agent permission to make a request on your behalf.  You may also make a verifiable consumer request on behalf of a minor child for whom you are an authorized parent or guardian, though please understand that, in connection with your assertion of such rights on behalf of a minor child, we may require that you submit a signed declaration under penalty of perjury confirming that you are an authorized parent or guardian of such minor child.

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Verifying Your Request

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.  We may otherwise limit our response to your request as permitted under applicable law.

Whenever feasible, we will match the identifying information provided by you to the Personal Information we maintain, or use a third-party identity verification service that complies with the CCPA. However, if we cannot verify your identity from the Personal Information that we maintain, we may request additional information from you, including among other potential requests, that you submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of your request. Any additional information so submitted shall only be used for the purposes of verifying your identity.

With respect to requests submitted on your behalf by your authorized agent, please note that we may deny a request from an authorized agent if the agent cannot provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request is excessive, repetitive or manifestly unfounded and, therefore, warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services. 
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
  • Provide you a different level or quality of goods or services. 
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer, and you may consent to receive certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. You may revoke your consent to participate or receive such financial incentive at any time.

Changes to Our Notice at Collection and Privacy Policy

We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will notify you through a statement on our website homepage.

Accessibility Statement

If you use assistive technology and the format of this privacy statement interferes with your ability to access information, please contact us at web_accessibility.us@bbva.com. To enable us to respond in a manner most helpful to you, please indicate the preferred format in which to receive the material and your contact information. Users who need accessibility assistance can also contact us by phone at 1-800-273-1057.

Contact Information

If you have any questions or comments about this statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

A Spanish version of this document is available at www.bbvausa.com/policy/ccpa-privacy-statement-es.html as a courtesy to our clients who use Spanish as their primary language. Although BBVA USA has taken every precaution possible to translate the original document correctly, the Spanish translation is only a courtesy to our clients. Please take note that all official documents from BBVA USA will be in English only.

Phone: 800-895-6621
Website: www.bbvausa.com/policy/california-data-request.html#contact-us
Email: privacy.us@bbva.com
Postal Address: BBVA USA
Attn: Office of the Data Protection Officer
701 32nd Street South 
AL BI-SC SNS
Birmingham, AL 35233
Last Updated: 08/14/2020

Provide the contact information associated with your account or job application. Do not include account numbers, social security numbers, usernames, passwords or other sensitive information. Please ensure that the information entered is correct and complete.

CCPA grants Individual Rights to California residents.

 

Exercise My Rights

Please provide details of your request.


 

 

About You

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  •  

Questions

Email us with questions or call CCPA Privacy Line - 1-800-895-6621

  •  

Privacy & Security

We're committed to protecting your personal information. See our privacy and security section for details.