Home
FDIC logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

FDIC logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

PCB Notice at Collection - California Employee Privacy Notice California Consumer Privacy Act (“CCPA”)

Effective Date: January 1, 2024

Scope and Overview

This Notice at Collection – California Employee Privacy Notice (“Employee Privacy Notice”) supplements the information contained in PCB Bank’s California Privacy Notice (see www.mypcbbank.com/privacy-policy/privacy-notice-for-california-residents)  and applies to all employees, or independent contractors who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as revised by the California Privacy Rights Act of 2023 (CPRA) and any terms defined in the CCPA have the same meaning when used in this Notice. 

PCB Bank is committed to protecting the privacy and security of your personal data. This Notice at Collection - Employee Privacy Notice describes how PCB Bank and its subsidiaries, affiliates, and related entities (collectively, "PCB Bank," "we," or "us") collect and process personal data about you during and after your employment. This Employee Privacy Notice applies to current and former employees who are residents of California.

 This Employee Privacy Notice describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of California. This Employee Privacy Notice also describes your rights regarding the personal data that we hold about you including how you can access, correct, and request erasure of your personal data.

 We will only process your personal data in accordance with this Employee Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.


Collection of Personal Data

For purposes of this Employee Privacy Notice, personal data means any information about an identifiable individual. Personal data excludes anonymous or de-identified data that is not associated with a particular individual. To carry out our activities and obligations as an employer, we may collect, store, and process the following categories of personal data for the purpose of administering the employment relationship with you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender, if necessary to administer benefits such as health insurance or any other benefits.
  • Marital and dependent status, only when needed to administer benefits such as health insurance or other benefits.
  • Beneficiary and emergency contact information.
  • Government identification numbers such as a taxpayer identification number, passport number, driver's license number, or other identification card number.
  • Bank account details and payroll information.
  • Wage and benefit information.
  • Performance information.
  • Insurance enrollment information. 
  • Start date and job title.
  • Location of employment.
  • Education and training.
  • Employment records (including professional memberships, references, work history, and proof of work eligibility).
  • Photograph for identification purposes. 
  • U.S. Military Status and Rank   
  • Other personal details included in a resume or cover letter or that you otherwise voluntarily provide to us.

We will collect the majority of the personal data that we process directly from you. In limited circumstances third parties may provide your personal data to us, such as former employer(s), credit reporting agencies, official bodies (such as regulators or criminal record bureaus), medical professionals, or other applicable sources related to your employment.

Use of Personal Data

We only process your personal data where applicable law permits or requires it, including where the processing is necessary for the performance of our employment contract with you, where the processing is necessary to comply with a legal obligation that applies to us as your employer, for our legitimate interests or the legitimate interests of third parties, to protect your vital interests, or with your consent if applicable law requires consent. We may process your personal data for the following legitimate business purposes and for any other purposes of performing the employment contract with you:

  • Employee administration (including payroll and benefits administration).
  • Business management and planning.
  • Processing employee work-related claims (for example, insurance claims).
  • Accounting and auditing, including examinations by banking regulatory agencies.
  • Conducting performance reviews and determining performance requirements.
  • Assessing qualifications for a particular job or task.
  • Gathering evidence for disciplinary action or termination.
  • Creating and submitting reports as required by applicable laws or regulations.
  • To comply with our legal, regulatory, or other corporate governance requirements.
  • Education, training, and development requirements.
  • Health administration services.
  • Complying with health and safety obligations.

We will only process your personal data for the purposes we collected it for or for compatible purposes. If we need to process your personal data for an incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.

 We may also process your personal data for our own legitimate interests, including, but not limited to, the following purposes:

  • To prevent fraud. 
  • To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.

Collection and Use of Special Categories of Personal Data

The following special categories of personal data, if collected, may be considered sensitive and may receive special protection: 

  • Racial or ethnic origin.
  • Citizenship or immigration status.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Data concerning health.
  • Data concerning sex life or sexual orientation.
  • Data relating to criminal convictions and offences.

We may collect and process the following special categories of personal data when you voluntarily provide them for the following legitimate business purposes, to carry out our obligations under employment law, for the performance of the employment contract, or as applicable law otherwise permits:

  • Data relating to leaves of absence to comply with employment law. 
  • Physical or mental health condition or disability status to ensure employee safety in the workplace and provide appropriate workplace accommodations.
  • Race or ethnic origin for work permit purposes.

Where we have a legitimate need to process special categories of personal data about you for purposes not identified above, we will only do so only after providing you with notice and, if required by law, obtaining your prior, express consent.


Data Sharing

We will only disclose your personal data to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the employment relationship with you, including third-party service providers who provide services to us or on our behalf. Third-party service providers may include, but are not limited to, payroll processors, benefits administration providers, and data storage or hosting providers. These third-party service providers may be located outside of California.

 We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us as your employer. We do not permit our third-party service providers to process your personal data for their own purposes. We only permit them to process your personal data to the limited extent required to provide their services to us, and only to carry out the purpose for which we disclosed your personal data to them. Third-party service providers are not permitted to use your personal data for any other purpose or in any manner that would constitute a violation of any federal, state or local financial and/or banking laws or regulations including, but not limited to, the California Consumer Privacy Act and the Gramm-Leach-Bliley Act.  

 We may also disclose your personal data for the following additional purposes where permitted or required by applicable law:

  • To our affiliates, including PCB Bancorp, for the purposes set out in this Employee Privacy Notice and as necessary to perform our employment contract with you.
  • As part of our regular reporting activities to our affiliates, including PCB Bancorp.
  • To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your personal data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum personal data necessary for the specific purpose and circumstances.
  • To protect the rights and property of PCB Bank and its affiliates, including PCB Bancorp.
  • During emergency situations or where necessary to protect the safety of persons.
  • Where the personal data is publicly available.
  • If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is necessary, and we will anonymize the data where technically and reasonably feasible.
  • For additional purposes with your consent where such consent is required by law.

Data Security

We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.


Data Retention

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any banking laws and regulations governed by various regulatory agencies, legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider our statutory obligations, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means. We specify the retention periods for your personal data in our data retention policy. 

 

Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. Once you are no longer an employee of the company, we will retain and securely destroy your personal data in accordance with our document retention policy and applicable laws and regulations.


Rights to Know, Right to Delete and Right to Correct

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your employment. By law, you may have the right to request access to, correct, and delete the personal data that we hold about you, subject to all retention laws under the applicable banking laws and regulations governed by various banking regulatory agencies.  

 

We may request specific information from you to confirm your identity in order to process your right to access, correct and delete your personal data.  Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, deleted, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.


Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, deletion and correction rights described above, please submit a verifiable consumer request to us by either: 

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please complete the Right to Know,Right to Delete and Right to Correct Request form, include the contact information in the space provided, and sign and date the form. We cannot respond to your request if we cannot verify your identity or if we do not receive proper document supporting/evidencing authorization to make request on your behalf. 

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Making a verifiable consumer request does not require you to create an account with us. 

Right to Opt-Out 

We do not sell the personal information of employees, consumers, and minors we actually know are less than 16 years of age. 


Changes to This Employee Privacy Notice

We reserve the right to update this Employee Privacy Notice at any time, and we will provide you with a new Employee Privacy Notice when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. 


Contact Information

If you have any questions or comments about this notice, the ways in which PCB Bank collects, uses or shares your information described above and in the California Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: (888) 979-8133
Website: www.mypcbbank.com/privacy-policy
Email: privacy@mypcbbank.com
Postal Address:

PCB Bank
Attn: Compliance Department
3701 Wilshire Boulevard, Suite 900
Los Angeles, California 90010