3.7.3 Privacy Policy and Disclosure Policy

Security First Bank

Last Revised: January 27, 2025

The directors, management, and staff of Security First Bank are concerned about and respect the privacy of customers’/consumers’ personal financial information We understand that our customers furnish sensitive information to the bank in the course of daily business, and the bank is committed to treating such information responsibly. We know that our customers expect privacy and security for their personal and financial affairs.

The bank will take all the necessary steps to safeguard sensitive information that has been entrusted to us by our customers. The following privacy policy and disclosure outlines our bank’s practice regarding personally identifiable financial information for consumers and those consumers who become our customers.

IMPLEMENTATION

TYPES OF INFORMATION THE BANK COLLECTS

At Security First Bank we collect nonpublic, personal information about you from many sources, including the following:

  • Information we receive from you on applications or other forms

  • Information about your transactions with us

  • Information about your transactions with our affiliates

  • Information about your transactions with nonaffiliated third parties

  • Information we receive from a consumer reporting agency

Nonpublic, personal information does not include that which is available from government records, widely distributed media, or government-mandated disclosures.

TYPES OF INFORMATION THE BANK DISCLOSES

The bank does not disclose any personal financial information to any nonaffiliated or affiliated third party. By law the bank may disclose certain personally identifiable information without allowing consumers the right to opt out of the bank’s sharing agreements in the following circumstances:

  • To companies who perform transaction processing for the bank in the following circumstances:

    • If the transaction, service, or product is requested or authorized by the consumer

    • To maintain or service a consumer’s account as part of a private label credit card or other loan extension program

    • In connection with a securitization, secondary market sale (including servicing rights), or similar transaction related to a consumer

  • To disclose information necessary to enforce the bank’s legal or contractual rights or the rights of any other person who is engaged in the financial transaction

  • To disclose information required in the ordinary course of banking business, such as the settlement of claims or benefits, the confirmation or information to the consumer or the consumer’s agent and the billing processing, or clearing of items in the normal course of business

  • To provide information to insurance rate advisory organizations, guaranty funds or agencies that are rating the bank, persons who are assessing the bank’s compliance with industry standards and the bank’s attorneys, accountants, and auditors.

  • To the extent permissible under the Right to Financial Privacy Act

  • To a consumer reporting agency under the Fair Credit Reporting Act

  • To comply with federal, state, or local laws, rules, and other applicable legal requirements

SAFEGUARDING CUSTOMER INFORMATION

At Security First Bank we protect consumer privacy by ensuring that only employees who have a business reason for knowing information have access to it. The bank has appointed a financial privacy coordinator, the Director of Compliance, who is responsible for maintaining internal procedures to ensure that our customers’ information is protected. For example, information in loan files can only be accessed by employees who work in the loan origination or loan operations departments.

All employees have a copy of this policy and are trained at least annually regarding the importance of safeguarding customer information. The financial privacy coordinator, the human resources director, and the appropriate department manager will take disciplinary action against any employee who violates the bank’s privacy policy and procedures.

If we change our policy or practice by, for example, adding a category of information that we will disclose to a third party, we will notify existing customers and give them an appropriate time period to opt out of the disclosure.