This Website Privacy Policy describes how Byline Bank (“we,” “our,” or “us”) collects, uses, shares, and protects information when you visit our website www.bylinebank.com or use any of the services offered through our website, mobile apps, or other websites where this Website Privacy Policy is posted (collectively, “Website”). Unless specifically stated otherwise, this Website Privacy Policy applies only to information collected on the Website and through use of any of the Website services and does not apply to information collected offline. By using the Website, you agree to the collection and use of information by us in accordance with this Website Privacy Policy.
We also handle and use personal information collected from consumers, whether via the Website or other means, in accordance with our Privacy Notice. If you are a California resident, please see Appendix A: Privacy Information for California Residents for supplemental California-specific privacy information.
While this Website Privacy Policy describes how we treat personal information collected from the Website, please be aware that additional terms and conditions may apply for certain parts of our Website.
We may revise this Website Privacy Policy at any time. We will notify you of any material changes by posting the new Website Privacy Policy here and by changing the “Effective Date” at the end of the Website Privacy Policy.
Information you provide to us. We may collect personal information about you when you provide it to us while using or interacting with the Website such as your name, Social Security number, email address, telephone number, mailing address, business name, login information, location, financial information, account information, messages you submit via the Website’s form, and other information that may personally identify you.
Information we collect automatically. As you use our Website, we may use technologies that collect certain information about you automatically. We may collect, among other things, your IP address, location, device type, date and time of visit, operating system, browser type and version, your activities on the Website, and information about how you use the Website. If you are visiting the Website via a mobile device, we may also collect your mobile device’s unique device ID and information about how you use the Website.
Information we receive from third parties. From time to time, we receive information about individuals from our third-party service providers, affiliates, and partners. For example, we receive information on our email campaigns from our third-party service providers, including whether you have read an email sent by us or on our behalf, forwarded an email, and when and how many times you have opened an email. We may also receive information from third party analytics on the Website that allow us to improve our Website and services.
We use this information to administer the Website, assess our advertising programs, improve our Website and marketing efforts, and as generally permitted under applicable law. We also use information we gather to track activity within our Websites and to gather demographic information. We sometimes use the information that we collect to improve the design and content of our Websites and to enable us to personalize your Internet experience. We also may use this information to analyze how our Website is used, as well as to offer you products, programs, or services that may be of particular interest to you. We may also use information we collect automatically that is otherwise de-identified, aggregated, or anonymous for any purpose.
Byline Bank advertises online and offline. To understand how our online advertising performs, we (or our service providers) may collect certain information regarding your usage of the Website, using cookies, IP addresses, and other technologies such as anonymous identifiers.
“Cookies” are pieces of information generated by web servers and stored in your computer for future access. For example, our Website includes Cookies used by the Google Analytics Demographics and Interest Reporting cookie, which facilitate our use of Google Analytics Advertising Features, described below. You may disable the use of cookies by our Website, but this will limit the functionality available to you on future visits. For more information on how Google Analytics collects and processes data, please see http://www.google.com/intl/en/policies/technologies/ads/.
Our Website has implemented the following Google Analytics for Display Advertisers Feature: Google Analytics Demographics and Interest Reporting. This feature is used to help us understand how our advertising performs and to improve our marketing efforts and the Website. Our Website may use Google Remarketing with Google Analytics. We use Google Remarketing or similar tools to advertise to you online. As our third-party vendor, Google may show you ads on sites across the Internet using cookies and/or device identifiers to serve ads based on your past visits to our website. We reserve the right to test, turn-on, or turn-off any of the Google Advertising features from time to time without explicating announcement or disclosure.
The Website does not respond to Do Not Track signals.
We may share your information with third parties that assist us in providing our services, for advertising and marketing purposes, and potentially other reasons. In addition, we may transfer any information in our databases to a third party as part of a transfer of business assets, or release information to comply with requests from law enforcement and government agencies, to enforce the terms of our services, and to protect our customers and others. We may also share your information with third parties if we believe disclosure is necessary to enforce or protect our rights, property, or safety, or that of our users or third parties. We may share aggregate, de-identified information with others, including affiliated companies and non-affiliated companies for any legal purpose.
Cookies. If you do not wish us to place cookies, you may set your browser to refuse some cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Website may then be inaccessible or may not function properly. Information on deleting or controlling cookies can be found at www.aboutcookies.org.
Opt-Out. You may opt out of receiving future marketing communications from us any time we request your personal information. You can opt out by using the unsubscribe process listed below. We will use commercially reasonable efforts to process such request in a timely manner.
Protecting the privacy of our children is essential to Byline Bank. Our Website is not designed to market to children under the age of thirteen (13) or obtain information or data from them.
Byline protects your information, including Social Security number. Our policies and procedures protect the confidentiality of your information, prohibit the unlawful disclosure of your information, and limit access to your information to employees and others with legitimate business purposes. These protections apply to all personal information, including Social Security numbers, collected or retained in any way by Byline in connection with customers and their accounts, employees or any other relationships. Individuals applying for or obtaining a product or service from us to be used primarily for personal, family or household purposes may obtain more information about our security measures by reviewing our Privacy Notice.
Although we have implemented generally accepted industry standards to protect your information, no online transmission of data or method of electronic storage is 100% secure. While we strive to secure your information, we cannot guarantee its absolute security.
The Website may provide links to other websites. When you choose to use a link to visit another website, you are then subject to the security and privacy policy of that website. Byline Bank is not responsible for the privacy, security, accuracy, or reliability of the information on third party websites. You access such links at your own risk. We recommend you read the privacy policy of a website before disclosing any of your information. Links to third party websites do not imply an affiliation between us and the website owner, or any endorsement, approval, or verification of any content contained on those websites.
If you have any questions or concerns regarding our Website Privacy Policy, please speak with your local branch representative, or call us at (773) 244-7000.
You may Opt-Out of receiving future marketing communications from us by contacting us.
This Privacy Information for California Residents (Appendix) supplements Byline Bank’s Website Privacy Policy. This Appendix applies only to individual visitors, users, applicants, and customers of Byline Bank (the “Bank” or “we”) or our website who reside in the State of California (“consumers” or “you”).
Byline job applicants and employees, please see section, “Byline Bank Job Applicants, Employees, and Others” below and the “Careers” section of the Byline Bank website.
This Appendix is provided pursuant to the California Consumer Privacy Act (“CCPA”), and the California Privacy Rights Act (“CPRA”) (and collectively, “CCPA/CPRA”). The CPRA is an expansion of the CCPA. Any terms used but not defined in this Appendix have the meaning given in the CCPA/CPRA.
This Appendix does not apply to Personal Information excluded from the scope of the CCPA/CPRA, such as:
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). Under the CPRA, Personal Information includes a sub-category of information requiring enhanced online protection, referred to as “Sensitive Personal Information.” Sensitive Personal Information includes, for example, your social security number, or financial account number and password. We may use or disclose your Sensitive Personal Information for the purposes permitted in the CPRA.
Note, Personal Information does not include:
Below are the categories of Personal Information that we may have collected or shared for a business purpose in the preceding twelve (12) months, as permitted by law and depending on the product or service you receive:
Categories of Personal Information | Categories of Sources from which the Personal Information is Collected | How We Use the Personal Information (Business Purposes) | Categories of Services Providers and Third Parties with whom Personal Information is Shared |
Identifiers. This may include a real name, alias, address, email address, phone number, online identifier, IP address, account username and password, job title, or other similar identifiers. | You or your agents; our other customers; our third party service providers; ad networks; data analytics providers; our affiliates; and social media networks. | To provide you with information, products, or services; to advertise or market to you; and for our own legal obligations and business needs. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers; our affiliates; data analytics providers; prospective purchasers of our business; outside auditors and lawyers; and social media networks. |
Sensitive Personal Information. This may include identifiers listed in the preceding category plus personal information that reveals your: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; and the contents of communications (email, mail, or text) where we are not an intended recipient. | You or your agents; our other customers; our third-party service providers and contractors; ad networks; data analytics providers; our affiliates; and social media networks | To provide you with information, products, or services; to advertise or market to you; and for our own legal obligations and business needs. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers and contractors; our affiliates; data analytics providers; prospective purchasers of our business; outside auditors and lawyers |
Internet and network information. This may include information on your interaction with a website, application, or advertisement, such as browsing history and how you use your account. |
You or your agents; our third-party service providers and contractors; ad networks; data analytics providers; our affiliates; and social media networks. | To provide you with information, products, or services; to advertise or market to you; to improve our products and services; for our own legal obligations and business needs; and to secure our website. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers and contractors; our affiliates; data analytics providers; and social media networks. |
Device information. This may include the operating system of your device, device identifier, the type of device you are using, or your geolocation information. | You; our third party service providers; data analytics providers; our affiliates; and social media networks. | To provide you with information, products, or services; to advertise or market to you; to improve our services and products; to secure our websites; and for our own business needs. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers; data analytics providers; and social media networks. |
Other information you submit to us. This may include requests or communications you submit to us. | You or your agent. | To provide you with information, products, or services; to advertise or market to you; and for our own legal obligations and business needs. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers; our affiliates; prospective purchasers of our business; and outside auditors and lawyers. |
Inferences we draw about you. This may include the derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data that helps us identify which products and services you may be interested in. | You or your agents; our third-party service providers and contractors; data analytics providers; our affiliates; and social media networks; and drawn from other categories of Personal Information collected. | To provide you with information, products, or services; to advertise or market to you; and for our own business needs. | Entities that we are required to share with pursuant to law or electronic fund transfer network operating rules/guidelines, or for legal proceedings; service providers; and our affiliates. |
We obtain the categories of Personal Information listed above from the following categories of sources:
We may combine Personal Information that you provide us through our website with other information we have received from you, whether online or offline, or from other sources, such as, from our service providers. For more information, please see the “What information is collected on the Website?” section of our Byline Bank Website Privacy Policy. Our website uses “cookies” to improve functionality and performance. Please see the “Your choices” section of the Byline Bank Website Privacy Policy for more information.
We retain Personal Information about you no longer than necessary to fulfill the purpose for which that information was collected. Our record retention policy requires us to retain information and records, including Personal Information, for certain retention periods in accordance with applicable law and for as long as we need it for business purposes. At times, we may retain Personal Information beyond the applicable retention period, if for example, we are required by court order or other legal process to do so, or to help enforce or defend legal rights, or in response to a regulatory examination or audit. Generally, these requirements also apply to our service providers and contractors. When we destroy your Personal Information, we do so in a way that prevents that information from being restored or reconstructed.
We may use or disclose your Personal Information we collect for one or more of the following business purposes:
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We have listed in the table above the categories of Personal Information we have disclosed for a business purpose. We disclose your Personal Information to third parties that assist us in providing our products and services, for advertising and marketing purposes and for potentially other reasons. When we disclose Personal Information to third parties for a business purpose, we enter into a written agreement with the receiving third party that describes the purpose and requires the third party to both keep the Personal Information confidential and not use it for any purpose beyond the terms of the agreement.
We may also disclose your Personal Information when permitted by the CCPA/CPRA. For example, we will disclose Personal Information when required by law, regulation, court order, or subpoena or other legal process; to cooperate with law enforcement regarding or to help protect you or us from suspected fraudulent or illegal activity, or to exercise or defend against legal claims.
The CCPA and CPRA provide consumers who are California residents with specific rights regarding their Personal Information. This section describes your CCPA and CRPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information. Once we receive and confirm your verifiable request, we will disclose to you:
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers, contractors and third parties to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
You may access your account through online banking and the mobile application and update certain Personal Information. For Personal Information that cannot be changed through your online account access, you have the right to request that we correct inaccurate Personal Information, taking into account the nature of the Personal Information and the purposes for processing the Personal Information. You may contact us to request the correction(s) (see section “Exercising Correction Rights” below). Once we receive and confirm your verifiable request, we will use commercially reasonable efforts to correct the inaccurate personal information, as directed by you, pursuant to the CPRA.
To exercise the access, data portability, correction and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable request related to your Personal Information. You may also make a verifiable request on behalf of your minor child. We may accept a signed verifiable request from your attorney-in fact, a court-appointed guardian or conservator, or from a custodial parent on behalf of a minor child, upon receipt of documentation acceptable to us. You may only make a verifiable request for access or data portability twice within a 12-month period.
The verifiable request must:
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable request to confirm the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
In response to a request to know, we shall provide your Personal Information from the 12-month period preceding our receipt of your request. You can request that we provide Personal Information that we collected beyond the 12-month period as long as it was collected on or after January 1, 2022, and we are required to provide that information unless doing so proves impossible or would involve disproportionate effort. The response we provide will also explain the reasons we cannot comply with your request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We may decline all or part of your request if it relates to data that is subject to certain federal privacy or other laws, like those described in the “Applicability” section above, that we collected prior to January 1, 2022, or that is subject to another exemption under the CCPA/CPRA. For example, information subject to certain federal laws, such as the Gramm-Leach-Bliley Act or the Fair Credit Reporting Act, are exempt from
CCPA/CPRA requests. We also may not delete or correct certain Personal Information, if, for example, we have determined it is correct or we are required by state or federal law to maintain it.
The CCPA/CPRA defines a “sale” as the disclosure of Personal Information, to a business or third party, for monetary or other valuable consideration. The Bank does not sell and has not sold your Personal Information to a business or third party.
The CCPA/CPRA defines “sharing” as the disclosure of Personal Information to a third party for “cross-context behavior advertising.” The Bank does not “share” and has not shared your Personal Information with a third party for cross-context behavioral advertising.
We will not discriminate or retaliate against you for exercising any of your CCPA/CPRA rights. Unless legally permitted, we will not, on the basis of your exercising any CCPA/CPRA right:
However, we may offer you financial incentives for sharing your Personal Information, as permitted by the CCPA/CPRA. Any financial incentive we offer will reasonably relate to your Personal Information’s value. If we offer you such financial incentives, we will provide you with the terms that describe the material aspects of the program in writing. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
This Appendix does not apply to information collected from Byline Bank job applicants, employees, independent contractors, directors, and officers. We provide a separate notice prior to collecting information from such individuals who are California consumers.
Byline Bank may make changes to this Policy. Notification of changes will be posted on this web page. You should review the Byline Bank Website Privacy Policy periodically to keep up to date on our most current privacy policies.
Date Of Last Update: July, 2024.