Privacy Policy
1. INTRODUCTION
First Republic Bank (“First Republic” or “we” or “us”) respects your privacy. This Privacy Policy (this “Policy”) describes our policies and practices with respect to our collection, protection, use and sharing of Personal Information (“PI”). This Policy also describes a subset of PI called Sensitive Personal Information (“SPI”).
We may add to, delete or otherwise change the terms of the Policy from time to time. When we make changes, we will post the amended policy on our website, firstrepublic.com (the “Site”). Any changes to the Policy will become effective immediately upon our posting of the Policy, and your use of the Site and our services is deemed to constitute your agreement with the Policy terms. Please be sure to check the Policy before providing us with PI. We encourage you to review the Policy carefully, as it relates to your experience with First Republic, from exploring a potential partnership, to opening and maintaining an account with us, to including additional services that support your evolving financial needs.
If you are, or apply to become, a customer of First Republic with respect to products or services used primarily for personal, family or household purposes, you have additional privacy rights, as reflected in our Federal customer privacy notice and our California-specific customer privacy notice.-
2. WHAT IS PERSONAL INFORMATION (“PI”) AND SENSITIVE PERSONAL INFORMATION (“SPI”)?
We define PI as information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you, your household, or your communications device (computer, tablet, mobile phone, etc.). We define SPI as PI that reveals a person’s government identifier, account login information, precise geolocation, racial or ethnic origin, genetic data, religious or philosophical beliefs, union membership, identifying biometric information, health, sexual orientation or identity, or the contents of communications of which we are not an intended recipient. We commit to using PI responsibly and safeguarding it according to our detailed security standards. In no event do we sell your or others’ PI.
-
3. HOW DOES FIRST REPUBLIC COLLECT AND STORE YOUR PERSONAL INFORMATION, AND WHAT TYPES DOES IT COLLECT AND STORE?
First Republic collects PI about you when you actively provide it to us, such as by completing an online form, providing PI at your discretion or responding to a request for information, or providing your email address or phone number if you decide to opt into any of our communications options, such as receiving text messages or emails from us. We also will collect any additional PI you may send to us by text, email or otherwise.
We also may collect PI about you from the following sources: our affiliates; the internet, including social media websites and other websites; other financial institutions with whom you have accounts, if you elect to have an account aggregation service; conferences; the press or other print media; credit reporting agencies; and other persons (including persons who might refer you to us for a possible customer relationship) and organizations as permitted under applicable law.
When you provide First Republic with PI deemed to be particularly sensitive, we categorize it as SPI and treat that information with extra care. First Republic collects SPI in the same way we collect PI – directly from you and from your interactions with our services, as well as from the sources described above. For example, when you use one of our ATMs we know where that ATM, and therefore you, are located at that moment.
Listed below are the category and description and/or example for types of personal information about you we may have collected or may collect about you. These types of information are PI only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.Category
Description and/or Example Value(s)
(Not an exhaustive list)Identifiers
Your name, postal address, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers.
Internet or other similar network activity
Browsing history, search history, information on your interaction with our website, mobile application(s) or an advertisement. This may include hardware and browser information about your computer or device, including Media Access Control (MAC) address, computer type and brand, screen resolution, operating system name and version, device manufacturer and model, browser type and language used. It also may include mobile application usage data, such as the date and time our mobile application on your device accesses our servers, and what information and files have been downloaded to the application.
Geolocation data
Meaning the physical location or movements of the device you use to connect with us online. If you use the mobile application, the physical location of your device through the use of, for example, Bluetooth, satellites, cell phone towers, Wi-Fi signals or other technologies.
Sensory data
Audio, electronic, visual or similar information.
“Personal Customer Information” (some of which may be identifiers or Professional/ employment-related information as well)
Your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information.
Commercial information
Records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.
Biometric information
Fingerprints or voiceprints. Our mobile applications may allow you to use third-party authentication features, such as biometric technology (such as fingerprint scanning), to access our mobile applications on your device.
Professional or employment-related information
Your current or past job history.
Personal characteristics
Pieces of personal information that are related to classifications legally protected from discrimination, such as race, national origin, ethnicity, marital status, age and gender.
Inferences drawn from other personal information
A summary we might make based on your apparent personal preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We might, for example, infer your race, ethnicity or gender based on your name.
Sensitive Personal Information
- Government Identifiers including your social security number, state identification card or tax ID.
- Account Access Information including your username, password, debit or credit card numbers or other security codes that may allow access to an account.
- Precise Geolocation such as where you access a First Republic ATM or mobile application.
- Racial or Ethnic Origin (as required by law) including your country of birth or current nationality.
- Union Memberships or any information from which such a membership could be inferred.
- Religious or Philosophical Beliefs including organizations you belong to or charitable donations.
- Biometric Information collected to uniquely identify you, such as your fingerprint, voice, attributes, picture, iris scan or traits.
- Health, Sexual Orientation or Sexual Identity Information including any information that might reveal the gender of your spouse.
We retain personal information for all the above categories for as long as necessary to achieve the purpose for which it was collected, to fulfil legal or contractual obligations, or for as long as permitted by applicable law. We may retain aggregated or de-identified information indefinitely.
-
4. OUR BUSINESS PURPOSES FOR COLLECTING PERSONAL INFORMATION — WHY WE COLLECT YOUR PERSONAL INFORMATION AND HOW WE USE THE INFORMATION
We may use the PI and SPI we collect from you for a variety of purposes permitted by law, including:
- To provide you with information about our products and services, and to provide you with our products and services, including to service loans we make to you.
- To communicate with you, including in response to your inquiries and to fulfill your requests, and to inform you of changes to terms and conditions relating to the products you receive from us or the First Republic services in which you are enrolled.
- To allow you to apply for our products and services and to evaluate your eligibility for such products or services, including your creditworthiness.
- To personalize our services for you by informing you about First Republic products and offers tailored to you.
- To prevent fraud, including by confirming your identity and/or location (for example, we may use your device’s physical location for fraud prevention purposes, if you are conducting a transaction).
- To improve our services’ interface and functionality (for example, we may use your device’s physical location to provide you with personalized location-based services, content and offers, such as informing you when you are approaching one of our ATMs or banking locations, or offering you a coupon or reward that can be redeemed at a nearby location).
- To allow you to access features within our website or mobile applications, when you request those features.
- To maintain and upgrade the security of the services we provide to you and any data or information collected about you.
- For legal, compliance and risk management purposes, including to monitor our compliance with fair lending laws and regulations.
- Other legally permissible or everyday business purposes, including data analysis, product development and compliance with law enforcement and other legal processes.
Use of PI from cookies and tags. We (including our service providers) may use cookies, which are pieces of data that are stored in memory on an Internet user’s device, as well as tags, which tie to cookies and allow us to manage the data gathered from cookies. We use these technologies to collect information such as website visitors’ browser type, web pages visited, the time spent on each page, and which tasks a visitor performs on the page. We use this information to help improve your and others’ online experiences with us, to update and improve the user interfaces of our website and mobile applications, for security purposes, to recognize your device(s) so you can access our online products and services, to personalize your services, and to display personalized products and offers tailored to you. You may change the settings on your browser to either automatically decline cookies, to decline or accept the cookies from a particular site on a case-by-case basis, or in some instances, to automatically delete cookies upon exiting the browser. If you choose not to accept cookies from our website, you may experience some reduced functionality or other inconveniences while accessing the site or other online products and services. For more information about why we use cookies and similar technologies to better serve you and how to set your preferences to protect your privacy, please read our Cookie Notice and the information provided in our Trust Center. If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”) and its amendment: the California Privacy Rights Act (“CPRA”). We honor your California privacy rights as described below in Section 9, “What Additional Privacy Rights do California Residents Have?”
In accordance with the Gramm-Leach-Bliley Act (“GLBA”), any cookie choices you have made, or may make, through our Cookie Preference Center, accessible through our Trust Center, will only apply to our public website and will not affect or be applicable to our Online Banking Websites. This is because our Online Banking Websites require certain cookies to operate, provide you with certain the features and functionality, and are only used for purposes permissible by the GLBA.
Certain web browsers allow you to make and set privacy choices that are applicable and communicated from your web browser to the websites you visit. If you have made privacy settings within the web browser you are using, and the settings request that certain cookies are turned off, when accessing our Online Banking Websites, not all of the features and/or functionality of those websites may be available, and the websites may not operate correctly.
Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. This analytical tool uses cookies and similar technologies to help analyze how users use the services. The PI generated about usage, including visitors' IP addresses, is transmitted to Google. The PI is then used to evaluate visitors’ usage, compile statistical reports on website activity, and provide other services relating to website activity and internet usage. For further information about the collection and use of data through Google Analytics, please refer to https://www.google.com/policies/privacy/partners/. Google offers the ability to opt out of tracking through Google Analytics cookies; for more information, visit https://www.tools.google.com/dlpage/gaoptout.
Adobe technologies. We also use analytics and other services provided by Adobe Systems, Inc. Adobe uses cookies and similar technologies that allow us to analyze PI about users of our website. For more information about Adobe’s privacy practices, please refer to adobe.com/privacy.html. Adobe offers the ability to opt out of certain data collection practices; for more information, visit adobe.com/privacy/opt-out.html.
-
5. WHEN AND TO WHOM DOES FIRST REPUBLIC DISCLOSE PERSONAL INFORMATION?
As stated above, we do not sell PI under any circumstances, and we also do not disclose PI to any non-affiliated entities for their own marketing purposes.
We may disclose the PI and SPI we collect with our affiliates, as permitted by applicable law, and with our service providers we believe to be necessary or appropriate, consistent with applicable laws, for the following purposes: (a) to comply with applicable legal requirements (for example, responding to subpoenas) and regulatory requirements (for example, monitoring of fair lending law compliance); (b) to respond to requests from public and government authorities; (c) to enforce and investigate violations of applicable Terms and Conditions; (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (e) to allow us to pursue available remedies or limit the damages that we may sustain; and (f) to evaluate or conduct a merger, divestiture, restructuring, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock. We engage service providers to deliver services to you on our behalf, such as bill payment, money transfers, check processing, wiring services and payment solutions; and to assist us with technology support, operational support, and other forms of assistance. We contractually bind our service providers to protect the confidentiality and security of the PI we share with them. With respect to products or services used primarily for personal, family or household purposes, you have additional privacy rights, as reflected in our customer privacy notice, available at https://www.firstrepublic.com/~/media/frb/documents/pdfs/privacy/privacy-notice.pdf. In addition, California residents have additional privacy rights, as reflected in our California privacy notice, available at https://www.firstrepublic.com/-/media/frb/documents/pdfs/privacy/privacy_notice-california.pdf.
Further, we may disclose the following categories of personal information to the following categories of third parties:
- Government Entities
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Sensory data
- “Personal Customer Information”
- Commercial information
- Biometric information
- Professional or employment-related information
- Personal characteristics
- Inferences drawn from other personal information
- Sensitive Personal Information
- Operating Systems and Platforms
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Biometric information
- Affiliates
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Sensory data
- “Personal Customer Information”
- Commercial information
- Biometric information
- Professional or employment-related information
- Personal characteristics
- Inferences drawn from other personal information
- Sensitive Personal Information
- Government Entities
-
6. WHEN AND WITH WHOM DOES FIRST REPUBLIC SHARE PERSONAL INFORMATION FOR ADVERTISING PURPOSES?
PI from online advertising. In order to deliver the most relevant digital advertising to you, we and third-party advertisers may collect PI about your online activities over time and across different websites when you use our services. Some of the advertisements that click-through to our services contain cookies that allow for the monitoring of your response to these advertisements, may be interest-based, and may use PI about your online and offline interests to customize the online ads you see. Interest-based advertising helps us deliver content that is more likely to be of interest to you, and when you use our services, we use PI about your activities to help us determine which of our ads are more likely to appeal to you. If you do not wish to have us and/or third-party advertisers know which advertisements and subsequent websites you have viewed, you may opt out at AboutAds. Additionally, the Digital Advertising Alliance website contains important information about interest-based advertising, cookies, behavioral advertising, and what opting out will and will not do.
If you have visited our website, we may share the following categories of personal information with the following categories of third parties for purposes of cross-context behavioral advertising:
- Advertising networks
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other personal information
- Internet Service Providers
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other personal information
- Data Analytics Providers
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Commercial information
- Inferences drawn from other personal information
- Social Networks and Other Websites
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other personal information
- Data Brokers
- Identifiers
- Internet or other similar network activity
- Geolocation data
- Commercial information
- Inferences drawn from other personal information
- Advertising networks
-
7. WHAT SECURITY MEASURES DOES FIRST REPUBLIC TAKE TO PROTECT PERSONAL INFORMATION?
To help prevent unauthorized access to any of your PI, we seek to use reasonable organizational, technical, and administrative measures to protect the PI we maintain within our organization. In addition to the safeguards we apply to protect your PI, there are steps you can take to protect it as well, such as never sharing your passwords and maintaining them in a secure location. The steps you take to complement the many safeguards we apply are particularly important. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at (888) 408-0288. For more information, please visit our Security and Fraud Prevention Center.
-
8. HOW CAN YOU KEEP THE PERSONAL INFORMATION WE STORE ABOUT YOU UP TO DATE?
If you would like to update PI that you have provided to us, you may contact us through one of the means listed in the “How to Contact Us” section below. Residents of California may also submit a request under the California Consumer Privacy Act as detailed in the section below. Note that First Republic’s ability to provide certain services may depend on our ability to collect and use your personal information; requests to delete required personal information may result in our inability to provide certain services you requested.
-
9. WHAT ADDITIONAL PRIVACY RIGHTS DO CALIFORNIA RESIDENTS HAVE?
If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”) and its amendment: the California Privacy Rights Act (“CPRA”). We honor your Consumer Rights Requests, as described below, and we are prohibited by law and by First Republic policy from discriminating against you for exercising any of your rights.
A. Right to Know
If you are a California resident, you have the right to know what PI we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared your PI, subject to the exemptions and exceptions outlined below. (See below on “How to Submit a Request.”) You may request that we provide a description of the categories of PI we have collected (a “Categories Request”) or a request for access to the specific pieces of PI we have collected (a “Specific Pieces Request”).
If you make a Categories Request, we will need to verify your identity to a reasonable degree of certainty. A reasonable degree of certainty may include you providing us with at least two pieces of information specific to you, so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- The categories of PI we collected about you
- The categories of sources for the PI we collected about you (e.g., social media websites and government records available to the public)
- Our business or commercial purpose for collecting your PI
- The categories of third parties other than service providers with whom we shared your PI
If you make a Specific Pieces Request, we will need to verify your identity to a reasonably high degree of certainty. A reasonably high degree of certainty may include you providing us at least three pieces of information specific to you, so that we can identify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- The specific pieces of PI we collected about you
- The categories of PI we collected about you
- The categories of sources for the PI we collected about you (e.g., social media websites and government records available to the public)
- Our business or commercial purpose for collecting your PI
- The categories of third parties other than service providers with whom we shared your PI
B. Right to Request Deletion
You have the right to request that we delete any of your PI that we collected from you and retained. We are not obligated to comply with your request if we have a legal basis to retain the PI, such as to:- Complete a transaction for which we collected the personal information, to provide a product or service you requested, or for purposes reasonably anticipated within the context of our ongoing business relationship with you or otherwise fulfill a contract with you
- Detect security incidents; protect against malicious, deceptive, fraudulent or illegal activity; or prosecute those responsible for that activity
- Debug our systems so as to identify and repair errors that impair existing intended functionality
- Enable solely internal uses of the information that are reasonably aligned with your expectations based on our relationship with you, or otherwise use the information internally, in a lawful manner that is compatible with the context in which you provided the information
- Comply with a legal obligation
If you make a request for us to delete PI, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your PI from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.
C. Right to Correct Inaccurate Personal Information
You have the right to request that First Republic correct any inaccurate PI that we have collected about you. If you make a request for us to correct your PI, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have corrected your PI (directed our service providers and contractors to do so as well), or whether we are declining to grant your request due to an exception to the CPRA requirements.
D. Right to Opt-out of Our Sharing of Your Personal Information with Third Parties for Cross-Context Behavioral Advertising Purposes
You have the right to request First Republic not to share your PI with third parties for purposes of cross-context behavioral advertising (as well as not to sell you PI, but as noted, we do not sell any PI). Click here to access our Trust Center to exercise your opt-out rights.
E. Right to Limit the Use and Disclosure of Sensitive Personal Information
You have the right to request First Republic to limit our use and sharing of your SPI to only what is necessary to provide you with the services you have requested. We are not obligated to comply with your request if we have a legal basis to use or disclose the PI, such as to:
- Complete a transaction for which we collected the personal information, to provide a product or service you requested, or for purposes reasonably anticipated within the context of our ongoing business relationship with you or otherwise fulfill a contract with you
- Ensure security and integrity of our network to detect security incidents; resist malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; and, ensure physical safety
- Enable solely internal uses of the information that are reasonably aligned with your expectations based on our relationship with you, or otherwise use the information internally, in a lawful manner that is compatible with the context in which you provided the information
F. Exceptions
Certain PI is protected by federal and state privacy law other than the CCPA and thus the specific rights described above do not apply in the case where your PI is subject to additional federal and state privacy law. If you are, or apply to become, a customer of First Republic with respect to products or services to be used primarily for personal, family or household purposes, the PI we obtain from you (“Personal Customer Information”) in that context is protected under the Gramm-Leach-Bliley Act (“GLBA”) and the specific privacy rights within the CCPA do not apply. As noted, the rights of such customers of First Republic are set forth in our Federal customer privacy notice and our California-specific customer privacy notice.
G. How to Submit a Request
To invoke a right described above, please submit a consumer request to us by either:
- Clicking here to access our Consumer Rights Request Self-Service Portal to exercise your Right to Know, Right to Request Deletion, or Right to Correct Inaccurate Personal Information
- Clicking here to access our Trust Center to exercise your opt-out rights, e.g., Right to Opt Out of Sharing your Personal Information and Right to Limit the Use and Disclosure of Sensitive Personal Information
- Calling us at our Client Care Center: (844) 699-0424
- Sending your request to:
First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111To receive further instructions on how to invoke your rights, you may email us at PrivacyRights@firstrepublic.com.
You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s PI. If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.
In order to protect your PI from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, First Republic requires identity verification before granting any request to provide copies of, know more about, correct or delete your PI. Specifically, we require that any Consumer Rights Request submitted to us:- Provides sufficient information to allow us to reasonably verify you are the person about whom we collected PI or an authorized representative to act on your behalf
- Describes your request with sufficient detail to allow us to properly understand, evaluate and respond
We cannot respond to your Consumer Rights Request or provide you with PI if we cannot verify your identity or authority to make the Consumer Rights Request and confirm that the PI relates to you.
We endeavor to respond to a verifiable Consumer Rights Request within 45 days of its receipt, and within 15 days of receiving an Opt-out request. If we require more time to respond to a Consumer Rights Request (up to 45 additional days), we will inform you of the reason and extension period in writing. We will only use PI provided in a verifiable Consumer Rights Request to verify the requestor’s identity or authority to make the request. -
10. MISCELLANEOUS DISCLOSURES
A. Scope of Users
Our online products and services, including our website and mobile applications, are not directed to users under the age of 13. We do not knowingly collect PI online from any person we know to be under the age of 13.
Our online products and services, including our website and mobile applications, are designed for users from, and are controlled and operated by us from, the United States. By using our online products and services, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
B. Frictionless Preference Signals
Your browser may allow you to send us a “Global Preference Choices” (GPC) or “Do-Not-Track” request to communicate your privacy preferences to us. We honor “Global Preference Choices” (GPC) and “Do-Not-Track” request.
C. Links to Other Websites
Our website and mobile applications may feature links to third-party websites that offer goods, services or information. When you click on one of these links, you will be accessing content and services that are not subject to this Policy. We are not responsible for the information-collection practices of the other websites that you visit and urge you to review their privacy policies before you provide them with any PI. Third-party sites or services may collect, use and secure information about you in a way that is different from those described in this Policy.
-
11. HOW CAN I CONTACT FIRST REPUBLIC?
If you have any questions regarding this Policy, you can call us at (888) 408-0288, email us at PrivacyOffice@firstrepublic.com or write to us at:
First Republic Bank
Attn: Client Care Center
111 Pine Street
San Francisco, CA 94111
Fax: (415) 392-1413