an evening sunset

California Consumer Privacy Act

CALIFORNIA CONSUMER PRIVACY ACT NOTICE

This California Consumer Privacy Act Notice (“California Privacy Notice”) supplements the information contained in St. Johns Bank’s Online Privacy Statement. This California Privacy Notice only applies to clients, visitors, users, and others who reside in the State of California and who interacts with St. Johns Bank (“Bank,” “we,” “our,” or “us”).

This California Privacy Notice provides information regarding your rights under the California Consumer Privacy Act (“CCPA”) for Personal Information you provide to us in any of the following contexts: 1) Individual with a business relationship, such as a sole proprietorship or d/b/a account; 2) Individual who is an authorized signer on a business account; 3) Individual who is a guarantor on a business or commercial loan; 4) Contact persons at business entities, such as a corporation or LLC; 5) Non-client of St. Johns Bank who has interacted with the Bank’s webpage or social media sites; 6) Trustee for a trust; or 7) Beneficiary for a trust for which St. Johns Bank is trustee.

You should also review the Online Privacy Statement, which describes our practices relating to Personal Information collected by and through our website (“Site”), Online Banking services, including mobile applications, and other online interfaces or platforms that we own or control (collectively, “Online Services”).

PERSONAL INFORMATION CATEGORIES THAT WE COLLECT

Under the CCPA, “Personal Information” is information that identifies or relates to you or that, along with other information, could identify you. It is important that you know and understand the types of Personal Information we collect, the purposes for collection, and our retention practices regarding your Personal Information. 

During the past twelve (12) months, we collected the following categories of Personal Information:

  • Identifiers, such as name, address, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver’s license number, and passport number;
  • Personal Information (as defined by the California Customer Records Act), such as name, signature, driver’s license number, date of birth, telephone number, and account names and numbers; 
  • Commercial information, such as the type, terms, and balances of products and services you have with us or that you applied for, financial information, such as your cash and account balances, property owned, and the balances of outstanding loans payable;
  • Protected Classification Characteristics under California or Federal Law, such as your age, gender, ethnicity, race, citizenship, sources of income, or veteran status;
  • Internet or Other Electronic Network Activity Information, such as your IP address, device identifier, browser and operating system used, date and time of your visit to the Online Services, and web pages viewed; 
  • Geolocation Data, such as your location when you use an Online Service;
  • Audio, Electronic, Visual, or Similar Information, such as event photographs, including attendees, security footage, images submitted to our social media sites, recordings of telephone calls, and electronic information, such as email correspondence and information entered on our Online Services;
  • Biometric Information, such as fingerprints, faceprints, and iris or retina scans;
  • Professional/Employment-Related Information, such as details regarding your current and/or past employment, salary, and professional credentials;
  • Education Information, such as your educational history, the names of educational institutions you attended, and any degrees conferred;
  • Sensitive Personal Information. We collected the following types of Sensitive Personal Information:
    • Social Security, driver’s license, state identification card, or passport numbers,
    • Account login information, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing account access,
    • Precise geolocation,
    • Racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership,
    • The contents of an individual’s mail, email, and text messages when we are the intended recipient, and
    • Biometric information that is processed for the purpose of uniquely identifying an individual; and
  • Profile Inferences. Inferences drawn from any Personal Information collected to create a profile reflecting your preferences, characteristics, predispositions, behavior, and attitudes. For example, we collect information about your account usage and payment history to determine the likelihood of default, and we collect information about products and services you have obtained from us, along with other personal information, to determine products and services that may pique your interest and to market those products and services to you.

SOURCES OF PERSONAL INFORMATION

We collected Personal Information from the following sources:

  • You or your authorized representative;
  • Our employees;
  • Our service providers;
  • Employers;
  • Educational institutions;
  • Our marketing and advertising providers;
  • Data brokers;
  • Our Online Services;
  • Security cameras and telephone recordings;
  • Government entities; and
  • Other financial institutions.

OUR PERSONAL INFORMATION SELLING AND SHARING PRACTICES

The CCPA considers any disclosure of Personal Information or Sensitive Personal Information to a third party for monetary or other valuable consideration to be a sale. Information sharing is defined as the disclosure of Personal Information or Sensitive Personal Information to a third party for the purpose of Targeted Interest-Based Advertising, which is advertising based on your interests determined by your browsing activities on third-party websites and other online services.

Categories of Personal Information that We Have Sold or Shared in the Past 12 Months
We do not sell or share Sensitive Personal Information. We do not sell Personal Information; however, we do share the following categories of Personal Information with our marketing service providers and their advertising networks for the purpose of serving you Targeted Interest-Based Advertisements: Personal Identifiers, Personal Information, and Internet or Other Electronic Network Activity. For information on how you can opt-out of Targeted Interest-Based Advertisements, please refer to the section titled “Right to Opt Out of the Sale/Sharing of Your Personal Information.”  

Sale or Sharing of Personal Information of Persons Under 16 Years of Age
We do not sell or knowingly share Personal Information or Sensitive Personal Information of persons under the age of sixteen.  As such, we do not have actual knowledge that we have sold or shared Personal or Sensitive Personal Information of persons under the age of sixteen within the past 12 months.

RECENT INFORMATION COLLECTION AND DISCLOSURE PRACTICES

We collect, use, and disclose your Personal Information and Sensitive Personal Information to manage our banking relationship, including to determine your eligibility for products and services and to process transactions on your accounts. The categories of third parties who may receive your Personal Information and Sensitive Personal Information for business purposes are:

  • Service Providers – unaffiliated companies that assist us in performing our business operations by processing data and/or transactions related to our banking operations or our relationship with you; fraud prevention and security; and those who assist us in managing our business and regulatory risk, such as our external auditors, insurance providers, and legal counsel;
  • Government Entities – our state and federal regulators and agencies, state and local law enforcement, and state and federal courts; and
  • Authorized Parties – persons you have authorized in writing to receive your Personal Information and/or Sensitive Personal Information or act on your behalf, such as a designated contact, your authorized agent for CCPA requests, and a person to whom you have given a power of attorney.

Our service providers are required to maintain the confidentiality of your Personal Information and Sensitive Personal Information and are restricted from using or disclosing this information other than as needed to perform their contractual obligations to us or as otherwise permitted by the CCPA. 

In the past twelve months, we collected and disclosed the following categories of Personal Information to third parties for the business and commercial purposes specified below:

 Personal Identifiers and Personal Information (as defined by the California Customer Records Act) were collected and disclosed for the following business and commercial purposes:

  • Identity verification and transaction authentication,
  • Fraud prevention and security,
  • To perform services on your behalf, such as processing transactions related to your accounts,
  • To evaluate your creditworthiness or eligibility for products and services,
  • To contact you,
  • To inform you of other products and services that we believe would be beneficial to you,
  • Regulatory reporting,
  • To comply with applicable laws and regulations,
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Personal Identifiers and Personal Information (defined by the California Customer Records Act) were disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

 Commercial Information was collected and disclosed for the following business and commercial purposes:

  • To review your existing products and services,
  • Fraud prevention and security,
  • To evaluate your eligibility for bank products and services,
  • To inform you of other products and services that we believe would be beneficial to you,
  • Regulatory reporting,
  • To comply with applicable laws and regulations, and
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Commercial Information was disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

 Protected Classification Characteristics were collected and disclosed for the following business purposes:

  • To comply with applicable laws and regulations, including federal and state anti-discrimination laws,
  • To provide reasonable accommodation due to a disability, and
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Protected Classification Characteristics were disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

 Biometric Information was collected and disclosed for the following business purposes:

  • Identity verification and transaction authentication,
  • Fraud prevention and security, and
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Biometric Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

 Internet or Other Electronic Network Activity Information was collected and disclosed for the following business and commercial purposes:

  • To verify your identity and authenticate transactions you initiated,
  • To process transactions and account maintenance functions,
  • Fraud prevention and security,
  • Analysis of your Site usage to determine improvements to the Site’s functionality,
  • To serve relevant advertisements to you based on your browsing history on websites and other online channels,
  • To market our products and services to you, and
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Internet or Other Electronic Network Activity Information was disclosed to the following categories of third parties: Service Providers, Advertising Networks, and Government Entities.

 Geolocation Data was collected and disclosed for the following business purposes:

  • To direct you to nearby St. Johns Bank locations, and
  • Fraud prevention and security.

Geolocation Data was disclosed to the following categories of third parties: Service Providers and Government Entities.

 Audio, Electronic, Visual, or Similar Information was collected and disclosed for the following business and commercial purposes:

  • Audio and visual information is collected for quality control monitoring, transaction verification, authentication, and security purposes,
  • Visual information is collected for promotional purposes, such as photos publicizing Bank events,
  • For fraud prevention, investigation, and security, and
  • For risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Audio, Electronic, Visual, or Similar Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

 Professional/Employment Information was collected and disclosed for the following business and commercial purposes:

  • Verification, credit underwriting, and transaction authentication purposes,        
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions, and
  • To inform you of other products and services that we believe would be beneficial to you.

Professional/Employment Information was disclosed to the following categories of third parties: Service Providers and Government entities.

 Education Information was collected and disclosed for the following business and commercial purposes:

  • Verification, credit underwriting, and transaction authentication,
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions, and
  • To inform you of other products and services that we believe would be beneficial to you.

Education Information was disclosed to the following categories of third parties: Service Providers and Government Entities.

 Sensitive Personal Information was collected and disclosed for the following business purposes:

  • To verify your identity and authenticate transactions you initiate,
  • Fraud prevention and security, and
  • For risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions.

Sensitive Personal Information was disclosed to the following categories of third parties: Service Providers, Government Entities, and Authorized Parties.

 Profile Inferences were collected and disclosed for the following business and commercial purposes:

  • Credit underwriting,
  • Risk management and mitigation, including audit, insurance, compliance, legal, and investigation functions,
  • To serve relevant advertisements to you based on your browsing history on websites and other online channels, and
  • To inform you of other products and services that we believe would be beneficial to you.

Profile Inferences were disclosed to the following categories of third parties: Service Providers and Government Entities

OUR SENSITIVE PERSONAL INFORMATION PRACTICES

We only collect, use, or disclose Sensitive Personal Information when necessary to perform services or provide products you would reasonably expect when you request products or services from us, for fraud prevention and information security, to perform services such as maintaining and servicing accounts, to ensure the physical safety of our employees and clients, or as otherwise authorized by the CCPA and its implementing regulations. We do not use or disclose Sensitive Personal Information for any purpose that enables an individual to exercise a right to limit our use or disclosure of Sensitive Personal Information under California law. Should we change our practice, we will notify you and provide you with the right to limit.

RETENTION OF PERSONAL INFORMATION

The length of time that we retain Personal Information depends on the following criteria: 1) the length of time the Personal Information is required to accomplish the purposes for which it is collected, used, or disclosed; 2) our corporate standards for record retention; 3) the length of time we are required to retain Personal Information to comply with applicable state and federal laws and regulations; and 4) whether the Personal Information is subject to a dispute, investigation, or legal hold. We do not retain Personal Information for longer than reasonably necessary for the disclosed purposes.

YOUR CCPA REQUEST RIGHTS

The CCPA gives you the right to make the following requests pertaining to your Personal Information:

Request to Know what Personal Information We Have Collected
You have the right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific Personal Information we have collected about you.

Request to Delete Your Personal Information
You have the right to request that we delete Personal Information we have collected about you, subject to certain exceptions. For example, we may deny your request if your Personal Information is required to provide you with a product or service, comply with state or federal laws or regulations, detect security incidents, for fraud prevention, or for certain other internal uses allowed by the CCPA.

Request that We Correct Inaccurate Personal Information
You have the right to request that we correct inaccurate Personal Information that we maintain about you. We may require you to submit documentation to substantiate your request if we believe our records are accurate and you did not produce documentation with your request. We will accept, review, and consider any documentation you provide in connection with your request to correct, and we will only use and maintain your documentation for the purpose of processing and responding to your request and complying with CCPA recordkeeping requirements. We may deny your request if we determine that the contested Personal Information is more likely than not accurate based on all of the information available to us.

HOW TO MAKE CCPA REQUESTS

You may make a Request to Know, Correct, or Delete by submitting the request to St. Johns Bank, 8924 St. Charles Rock Road, St. Louis, MO 63114, or by calling our Call Center at (314) 428-1059 ext. 3025. The Call Center is available Monday through Friday from 8:30 a.m. until 5:00 p.m. Central Time and Saturdays from 9:00 a.m. until 12:00 p.m. Central Time. To contact us at other times, please complete our online Contact Us form.

To protect your privacy and the security of your Personal Information, we will verify your identity prior to completing your request. We do this by matching information you provide to information we have on file. We may ask you to provide a valid government-issued photo identification, such as a driver’s license, as part of the verification process. We may deny your request if we are unable to verify your identity.

Requests Submitted by Authorized Agents
You may authorize an individual or business to submit a Request to Know, Correct, or Delete on your behalf. For us to process the request, we must have a written document, signed by you, giving your authorized agent permission to make the request on your behalf. To protect your Personal Information, we may also verify your identity or confirm that you gave the authorized agent permission to submit the request(s). Your authorized agent may make a request by following the instructions in the “How to Make CCPA Requests” paragraph, above.

OUR RESPONSE TO YOUR REQUESTS

We will provide you with confirmation of your request within ten (10) business days of the date the request is received. We will generally respond to your request within forty-five (45) calendar days of the date we received the request. In some cases, we may take up to another forty-five (45) calendar days to respond when reasonably necessary. If this occurs, we will notify you before the end of the first forty-five (45) day period and provide you with the reason(s) why we need additional time to complete your request.

If you submit a Request to Delete or Request to Correct, we will tell you when we respond whether or not we were able to complete your request, and if not, the reason. If we delete or correct your Personal Information, we will also instruct any service providers that maintain the information to delete or correct the information, as applicable. 


Please note that the CCPA prohibits us from disclosing certain Personal Information, such as Social Security or driver’s license numbers, account numbers, health or medical identification numbers, or confidential account information, such as a password or security questions and answers. When we respond to a Request to Know pertaining to such information, we will provide you with a description of the Personal Information we collected.   

Your Personal Information may be subject to data privacy laws other than the CCPA. For example, the Gramm-Leach-Bliley Act regulates the privacy of consumer financial information that is collected when an individual obtains a bank product or service for personal, family, or household purposes. If we receive a Request to Know, Correct, or Delete that involves Personal Information that is subject to another privacy law, we may deny part or all of your request relating to that information because it is exempt from the CCPA. We will inform you of this in our response to your request.

OTHER CCPA RIGHTS

Right to Non-Discrimination for Exercising Your CCPA Rights
You have the right not to be discriminated against for exercising your privacy rights under the CCPA. We will not discriminate against you for exercising any of your CCPA rights.

Right to Opt Out of the Sale/Sharing of Your Personal Information
The CCPA gives you the right to opt out of the sale and sharing of your Personal Information and Sensitive Personal Information. We do not sell Personal Information or Sensitive Personal Information or share Sensitive Personal Information. You have the right to opt out of Targeted Interest-Based Advertising and may do so by implementing an opt-out preference signal that complies with California law, such as the opt-out notification pop-up on a supported web browser or browser extension when you first interact with our Site and you will immediately be opted out of sharing for Targeted Interest-Based Advertising. Please note that you will need to manage your cookie settings for each device and browser that you use to access the Online Services. 

Right to Limit Use and Disclosure of Sensitive Personal Information
The CCPA gives you the right to request that we limit our use and disclosure of Sensitive Personal Information to the purposes detailed in the CCPA and its implementing regulations. For more details, please refer to the section titled “Our Practices Relating to Sensitive Personal Information”. We limit our use and disclosure of your Sensitive Personal Information to the allowed purposes set forth in the CCPA and its implementing regulations. 

UPDATES TO THIS CALIFORNIA PRIVACY NOTICE

This California Privacy Notice was last updated on January 14, 2026. We reserve the right to make changes to both our Personal Information practices and this California Privacy Notice at any time. Please return to this Site frequently to determine if changes have been made. If we make significant changes to this California Privacy Notice, we will place a message on the homepage informing you of the change.

FOR MORE INFORMATION

If you have any questions about our California Privacy Notice or St. Johns Bank’s privacy practices, or if you need to access this notice in an alternative format due to having a disability, please contact us at 314-428-2059, Ext. 3025 or email us at CustomerService@stjohnsbank.com.

Accessibility Feedback Form