PRIVACY NOTICELAST UPDATED: April 28, 2023
This Privacy Notice (“Privacy Notice”) explains how Silicon Valley Bank, a division of First-Citizens Bank & Trust Company (”SVB”), and other SVB branded businesses of First-Citizens Bank & Trust Company collect, use and disclose Personal Data from or about you in connection with our products and services.
TABLE OF CONTENTS
- SCOPE AND APPLICATION
This section sets out the applicability of this Privacy Notice and provides links to other applicable notices
- THE DATA WE COLLECT ABOUT YOU
This section describes the type of data we collect about you.
- HOW WE COLLECT YOUR PERSONAL DATA
This section describes how we collect the Personal Data.
- HOW WE USE YOUR PERSONAL DATA
This section describes how we use your Personal Data.
- HOW WE DISCLOSE YOUR PERSONAL DATA
This section explains how we disclose your Personal Data.
This section describes the measures we have in place to protect your Personal Data.
- YOUR RIGHTS AND CHOICES
This section describes the choices and individual rights that you may have with respect to your Personal Data.
- RETENTION PERIOD
This section addresses the measures we have in place for retaining Personal Data.
- THIRD-PARTY SERVICES
This section explains that we are not responsible for the information use, disclosure, security, and other practices of third parties.
- USE OF THE SERVICES BY MINORS
This section explains that our services are not directed to individuals under the age of sixteen (16).
- JURISDICTION AND CROSS-BORDER TRANSFER
This section addresses where Personal Data may be processed, and it identifies the measures in place for our transfer of Personal Data outside of the EEA and the UK.
- UPDATES TO THIS PRIVACY NOTICE
This section explains that we may update this Privacy Notice from time to time and directs our users to the "Last Updated" legend above to learn when the notice was last updated.
- CONTACT US
This section includes our contact details.
1. SCOPE AND APPLICATION
This Privacy Notice describes our practices in connection with data that we collect through:
- Websites operated by us from which you are accessing this Privacy Notice;
- Software applications made available by us for use on computers and mobile devices ("apps") that link to this Privacy Notice;
- Our social media pages;
- Email messages that we send to you that link to this Privacy Notice; and
- If you are outside the U.S., communications and interactions we have with you.
SVB Wealth LLC (“SVBW”) and SVB Investment Services Inc. (“SVBIS”) are wholly-owned, non-bank subsidiaries of Silicon Valley Bank. If you are a client of our SVB Private Bank, SVBIS or SVBW, please click here for an additional privacy notice applicable to you.
If you are a California resident click here for the SVB California Privacy Rights Acts (CPRA) Notice. If you are a California resident who is also a client, other privacy notices will be made available to you or mailed to you. Please click here to exercise your do not share rights.
2. THE DATA WE COLLECT ABOUT YOU
"Personal Data" is data that identifies you as an individual or relates to you as an identifiable individual.
- Identity Data, including name, username, date of birth, gender, marital status, and title.
- Contact Data, including postal address, email address, and telephone numbers.
- Financial Data, including bank account and payment card details.
- Identification Data, such as Social Security number, driver's license or passport numbers.
- Transaction Data, including details about payments to and from your bank accounts and other details of products and services you have purchased from us.
- Device Data, including your Internet Protocol (IP) address, your login data, the domain and host names from which you access the Internet, the date and time you access our online properties, browser and operating system data and the Internet address of the site from which you linked to our website.
- Profile Data, including your username and password and your transactions, interests, communications and other preferences, feedback, and survey responses.
- Usage Data, including data about how you use our websites and apps, products, and services.
- Biometric data, including fingerprints, voice recordings or keystroke patterns.
- Derived device geolocation information, such as approximate geographic location inferred from an IP address.
- Marketing and Communications Data, including correspondence and other communications for the purposes of providing client support and your communication preferences.
Some of these may be considered Sensitive Personal Data depending on the impact it may have on your rights and interests. “Sensitive Personal Data” refers to Personal Data that is at a higher level of sensitivity where the unauthorized disclosure of this type of data may cause harm to the individual.
We may change your data in a way that makes it unrecognizable as your Personal Data, and it will no longer be considered Personal Data. To the extent that the data we collect is not considered Personal Data under applicable law, we may use and disclose it for other purposes.
Please do not send us any Sensitive Personal Data if you are not a client. This includes Social Security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership.
If you disclose any Personal Data relating to other people (such as our clients' beneficial owners) to us, you represent that you have the authority to do so and to permit us to use the data in accordance with this Privacy Notice.
3. HOW WE COLLECT YOUR PERSONAL DATA
We collect Personal Data when you choose to provide it to us, such as when you apply to open an account with us and receive banking or other services for personal, family, or household purposes or on behalf of your employer. We also collect Personal Data when you sign up to use our services or receive our publications; request marketing material to be sent to you; complete a survey or questionnaire; contact customer service or otherwise communicate with us; or provide us with feedback.
We also collect certain Personal Data automatically from your interactions with our online properties, including:
- Through your browser or device. Certain data is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type, screen resolution, operating system name and version, device manufacturer and model, language, Internet Protocol (IP) address, and browser type and version. We use this data to ensure that our online services function properly. We may also derive your approximate location from your IP address.
- Through your use of our apps. When you download and use one of our apps, we may track and collect app usage data, such as the date and time the app on your device accesses our servers, in order to ensure that the app functions properly and to understand how it is used.
- Physical Location. We may collect the physical location of your device by, for example, using satellite, cell phone tower, or Wi-Fi signals, for fraud prevention and in order to provide you with personalized location-based services and content. You may be able to manage the collection settings of your device's location.
In addition, we may receive your Personal Data from other sources, such as third parties and publicly available sources, including, for example, social media platforms, publicly available databases, government agencies, credit reference and financial crime prevention agencies, consumer reporting agencies, specialist data and research companies, and event or joint marketing partners.
4. HOW WE USE YOUR PERSONAL DATA
We use Personal Data for the following purposes:
- Providing our products and services or fulfilling your requests.
- To communicate with you and to share important notices;
- To evaluate your or your employer's eligibility for products and services;
- To provide you or your employer with products and services, including opening and maintaining your account; managing payments, fees, and charges; collecting amounts owed to us; processing your transactions; and providing you with related customer service;
- To respond to your questions and fulfill your requests and otherwise manage our relationship with you or your employer;
- To send administrative information to you, such as changes to our terms, conditions, and policies.
- Providing you with our newsletter or other marketing materials and other advertising.
- To send you marketing related emails, with information about our services, products, and other SVB news. If you do not want to receive marketing materials, after opting in (if applicable), you may opt out of those marketing communications at any time by following the opt-out instructions contained in the marketing messages or by contacting us.
- Analyzing Personal Data for providing personalized content and improving services.
- To analyze or predict users' preferences in order to improve our online services;
- To better understand your interests and preferences, so that we can personalize our interactions with you and provide you with content, information, and offers that we believe will be relevant and interesting to you.
- Accomplishing our business purposes.
- For data analysis, including to improve the efficiency of our digital services;
- For audits, to verify that our internal processes function as intended;
- To address legal, regulatory, or contractual requirements, including requirements intended to prevent money laundering;
- To control risk of fraud and for security monitoring purposes, such as to detect and prevent cyberattacks or attempts to commit identity theft or other fraud;
- For enhancing, improving, maintaining, or modifying our products and services, as well as undertaking quality and safety assurance measures;
- For identifying and understanding usage trends;
- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our existing and prospective clients;
- For troubleshooting, testing, system maintenance and reporting.
- Sharing with service providers and subprocessors.
- For any of the uses above, but also for services, analytics, data storage, security, or fraud prevention.
Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal or regulatory obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal basis for processing your Personal Data. However, in relation to sending direct marketing communications to you, we may rely on legitimate interests or consent. If you do not want to receive marketing materials, you may opt out of those marketing communications at any time by following the opt-out instructions contained in the marketing messages or by contacting us.
We have set out in the table below a description of the ways we use your Personal Data and which of the legal bases we rely on to do so. We have also identified our legitimate interests, where appropriate. For individuals in China, we do not rely on legitimate interests, so our processing of your Personal Data will be based on your consent.
We may process your Personal Data on more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you would like details about the specific legal basis on which we rely, if more than one is set out in the table below.
|Purpose/Activity||Type of data||Legal basis for Processing|
|To register your employer as a new client||(a) Identity
|Performance of a contract with your employer (our client)|
|To provide banking and other services to you or your employer (our client); which will include:
To manage payments, fees and charges
To collect and recover money owed to us
To provide functionality of the services
To provide operations and general business
|(a) Performance of a contact with your employer (our client)
(b) Necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you or your employer (our client) which will include:
To notify you about changes to our terms, services or service messages
To provide customer service
|(a) Performance of a contract with your employer (our client)
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how clients use our products/services)
|To administer and protect our business and our online properties (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and also include:
To provide fraud prevention and security
To support Legal and compliance obligations or requests
To facilitate emergency and incident response
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|For Marketing, which may include:
To deliver relevant online content and marketing to you and measure or understand the effectiveness of the marketing we serve to you
To enable you to partake in a competition or complete a survey
To use data analytics to improve our online properties, products/services, marketing, client relationships and experiences
To make suggestions and recommendations to you about products/services that may be of interest to you
To build relationships and enhance engagement
To personalize services
To Improve and develop new products and services
(e) Marketing and Communications
|(a) Necessary for our legitimate interests (to study how clients use our products/services, to develop them, to grow our business and to inform our marketing strategy)
(b) With your consent, where required by applicable law
(c ) Necessary for our legitimate interests (to define types of clients for our products and services, to keep our online properties updated and relevant, to develop our business and to inform our marketing strategy)
(d) Necessary for our legitimate interests (to develop our products/services and grow our business)
5. HOW WE DISCLOSE YOUR PERSONAL DATA
We disclose Personal Data as follows:
|Affiliated or third party service providers||To facilitate services such as information technology, system administration, website hosting, data analysis, customer service, email services, and auditing.|
|Our affiliates||To market to you|
|Third parties in connection with a sale or other business transaction||To transfer your Personal Data to a third party in connection with a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). After the transfer is complete, if all or part of our assets are sold, then your Personal Data may be transferred to the new owner so services can continue to operate.|
With respect to Personal Data in China, when providing that data to other parties or transferring that data outside of China, except where required or permitted by law, we will not disclose your Personal Data without seeking and obtaining your separate consent, and will notify you of the recipient’s identity, contact information, the purpose and method of processing, the categories of Personal Data, the method and procedure to exercise your rights against the overseas recipient (if cross-border data transfer is involved).
For a list of affiliated and third-party service providers that SVB shares personal data with, along with more specific information, please email us at email@example.com.
We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.
|To comply with applicable law and regulations||This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Data, including:
We use reasonable organizational, technical, contractual and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the "Contact Us" section below.
7. YOUR RIGHTS AND CHOICES
You may opt out of receiving marketing emails from us by following the opt-out instructions contained in each email, or you may visit our Commercial Bank Preference Center if you are an SVB Commercial Bank client or our SVB Private Preference Center if you are an SVB Private client.. Even if you opt out of marketing emails from us, we will continue to send you important administrative messages. If you consented to push notifications, you may opt out of receiving such push notifications from us through the settings of your device.
Depending on your jurisdiction and our relationship with you, you may have certain privacy rights that you can exercise. These rights include the right to request to access, correct, modify, update, restrict processing, revoke consent, or delete Personal Data, to request explanation of processing rules of Personal Data, to object to or opt out of the processing of Personal Data, to object to any decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect you or to receive a copy of your Personal Data for purposes of transmitting it to another company. You may be able to request an explanation of personal data processing. To exercise these rights, you can contact us in accordance with the "Contact Us" section below or click here. We will respond to your request consistent with applicable law.
If you are a California resident, please see the CPRA Notice link in Section 1 or to exercise your privacy rights, you can click here.
You may make a privacy complaint with our designated jurisdictional representative, such as a Data Protection Officer (contact information below), or with a data protection authority for your country or region where you have your residence or place of work or where an alleged infringement of applicable data protection law has occurred. A list of EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. Information regarding the UK data protection authority is available here: https://ico.org.uk/. In China, you can contact the Chinese Supervisory authorities, which includes the Cyberspace Administration of China (“CAC”), the Ministry of Industry and Information Technology, the Ministry of Public Security, the State Administration for Market Regulation, financial regulators, as well as their respective counterparts at local levels. China Personal Data related complaints and reports can be submitted through https://www.12377.cn/.
We would, however, appreciate the chance to address your concerns before you approach a data protection authority, so please contact us first.
8. RETENTION PERIOD
We retain Personal Data for as long as needed or permitted to fulfill the purpose(s) for which it was obtained, including to satisfy any legal, compliance, accounting, or reporting requirements, and consistent with applicable law. We consider the following when determining our retention periods:
- The length of time we have an ongoing relationship with you and provide our products and services to you (for example, for as long as you have an account with us or continue to use our digital services);
- Whether there is a legal obligation to which we are subject (for example, to keep records of your transactions for a certain period of time, or a legal hold is in place);
- Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations;
- Our records retention schedule tiers
In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research, analytics, or statistical purposes, in which case we may use this information indefinitely.
9. THIRD-PARTY SERVICES
This Privacy Notice does not address the privacy, data, or other practices of any third parties, including any third party operating a website or service to which our online services link. The inclusion of a link on our online services does not imply endorsement of the linked site or service by us or our affiliates.
10. USE OF THE SERVICES BY MINORS
Our services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from, or direct any of our products or service to, individuals under age 16.
11. JURISDICTION AND CROSS-BORDER TRANSFER
Your Personal Data may be stored and processed in any country where we have affiliates or in which we engage service providers. (For a list of those countries, please contact us.) You understand that your data will be transferred to countries outside of your country of residence which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.
ADDITIONAL INFORMATION REGARDING THE EEA and the UK: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these “specified” countries is available here. The UK recognizes the EEA and many of the specified countries as providing an adequate level of data protection according to UK standards. For transfers from the EEA or the UK to countries not considered adequate by the European Commissionor the UK government, as applicable, we have put in place applicable measures where necessary to protect your Personal Data. You may obtain a copy of these measures by clicking here.
12. UPDATES TO THIS PRIVACY NOTICE
The "LAST UPDATED" legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on our online services.
13. CONTACT US
Silicon Valley Bank, a division of First-Citizens Bank & Trust Company, located at 3003 Tasman Drive, Santa Clara, CA 95054, is the entity responsible for SVB’s collection, use, processing and disclosure of Personal Data under this Privacy Notice.
If you have questions about this Privacy Notice, regardless of your jurisdiction, please contact us. Because email communications are not always secure, please do not include sensitive data in your emails to us. Options to contact us:
+1 (800) 774-7390 (U.S.)
By postal mail:
Chief Privacy Officer
Silicon Valley Bank
3003 Tasman Drive
Santa Clara, CA 95054
By email to the SVB Data Protection Officer
If you have questions with respect to Personal Data of China residents under this Privacy Notice, please contact the following entities:
SVB Venture Capital Investment Management (Shanghai) Co., Ltd.
By postal mail:
Global Privacy Office
SVB Business Partners (Beijing) Co., Ltd.
By postal mail:
Global Privacy Office