What types of personal information are collected?
The types of personal information we may collect and use will depend on how you interact with us. This information can include:
- Personal identifiers, such as Social Security number, driver’s license, date of birth, voice prints, voice biometrics and other personal information necessary to verify your identity, and access authorization information, such as username, passcode and security questions and answers
- Information you provide on applications or other forms in order to receive our products and services, such as banking information and demographic information
- Account-related and transaction data, such as account number, balance and transactions and information about beneficiaries
- Recordings and transcripts of customer service calls and communications
- Recordings of voiceprints and voice biometrics you provide for account services
- Contact information you provide, such as name, email address, and telephone number(s) in order to receive transactional, product and marketing information from us
- Device data, such as device type, web browser type and version, operating system type and version, internet protocol address, mobile network information, general location (e.g., city, state, or country), cookie IDs, device IDs, mobile advertising IDs, and likely connections among different browsers and devices that you use
- Online/mobile activity data, such as login data, search history, language, statistical identifiers, and information about how you use and interact with our Online Services or advertising
- Marketing data, such as marketing preferences, information about products or services we think you might like, and inferences based on your interactions with us or information we learn about you
- Communications data, such as your communication preferences and details or the content of your communications with us
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We retain personal information for a period of time as required by laws and regulations and the necessary business purpose. We securely delete personal information as soon as legally permitted and in accordance with our internal retention policy.
How does Millennium Trust collect my personal information?
We collect information in a variety of contexts when you use our Online Services. For example, we may collect information:
- Directly from you. We collect information directly from you when you submit information to us, such as when you open an account or deposit money, pay fees or conduct transactions through your account, use your credit or debit card or provide banking information, register for a product or service or request information about a product or service, submit or upload information or input in any free-text boxes or forms through our Online Services, or complete a survey, sweepstakes or other promotion.
- Automatically when you use our Online Services. We, and others on our behalf, may collect the information described in this policy, such as device, online/mobile, or communications data, automatically when you interact with us online. This includes using cookies to collect information such as site visitorship and device data, user navigation and user behavior
- From our service providers.
We may also collect information in other contexts, such as from our phone calls, chats and emails with you, or from third-party data sources for fraud prevention, identity verification, or marketing purposes.
How can personal information be used?
We use personal information that is collected about you for many purposes, such as:
- Providing, maintaining and servicing your accounts and delivering products and services, by verifying your identity, processing applications for products or services such as to open an account, and processing transactions
- Determining your financial interests and needs in order to recommend relevant products and services
- Authenticating your identity, preventing fraud, and keeping your information and financial transactions secure
- Advertising and marketing
- Optimizing your online and mobile experience and improving our products and services
- Performing analytics using aggregated and de-identified information regarding your use of our Online Services
- Complying with and enforcing applicable legal requirements, industry standards, contractual obligations and our policies
- Managing workforce activities and personnel generally, including for recruitment, performance management, career development, payments administration, employee training, leaves and promotions.
How does Millennium protect my personal information?
To protect your personal information from unauthorized access, use, or disclosure, we maintain technical and organizational security measures that comply with federal and state laws. These measures include computer safeguards, secured files and restricted access to buildings, as well as training employees to comply with privacy standards and policies which are designed to protect personal information.
When Can Information be Shared?
Below are reasons Millennium Trust may be permitted to share the personal information collected and whether you can limit this sharing under Federal law (note, these rights may be different for California residents as detailed below):
|Reasons we can share your personal information||Does Millennium share?||Can you limit this sharing?|
|For our everyday business purposes – we share with service providers and other third parties, such as executing brokers and subcustodians, to process your transactions and maintain your account(s); or with other third parties to authenticate your identity and prevent fraud. We also share with regulators, courts, attorneys, and auditors and similar parties in response to court orders, legal or regulatory inquiries and legal investigations, or report to credit bureaus||Yes||No|
|For our marketing purposes – to offer our products and services to you, we share with service providers, including to analyze and improve our Online Services and to target our marketing||Yes||No|
|For joint marketing with other financial companies||Yes||No|
|For our affiliates' everyday business purposes—information about your transactions and experiences||Yes||No|
|For our affiliates' everyday business purposes—information about your creditworthiness||Yes||Yes|
|For our affiliates to market to you||Yes||Yes|
|For nonaffiliates to market to you||No||We don't share|
Why can't I limit all my sharing?
Federal law gives you the right to limit only
- Sharing for affiliates' everyday business purposes, such as sharing information about your creditworthiness
- Affiliates from using your information to market to you
- Sharing for nonaffiliates to market to you
“Affiliates” means companies related by common ownership or control. They can be financial and nonfinancial companies.
“Nonaffiliates” means companies not related by common ownership or control. They can be financial and nonfinancial companies.
“Joint Marketing” means a formal agreement between nonaffiliated financial companies that together market financial products or services to you.
“Everyday Business Purposes” means the actions necessary by financial companies to run their business and manage client accounts, such as:
- Opening and servicing accounts, processing transactions and payments, and conducting mailings and auditing services
- Verifying your identify, detecting and preventing fraud, and protecting against security risks
- Responding to court orders and legal investigations or similar legal request
- Complying with legal, regulatory or contractual obligations and carrying out legal and business purposes
Notice To Consumers Who Are Residents Of California:
Submitting Requests Relating to Your Personal Information
Under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and related regulations (collectively, the “CCPA”), a consumer who is a resident of California has the following rights (please note that these rights are subject to certain exceptions and certain of these rights are subject to verification mechanisms):
- Right to Know Personal Information Collected About You. You have the right to know: (1) the categories of personal information we have collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting, selling, or sharing personal information; (4) the categories of third parties to whom we disclose personal information; and (5) the specific pieces of personal information we have collected about you. You also have the right to know the list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third party direct marketing purposes.
- Right to Know Personal Information Disclosed, Sold or Shared and to Whom. Since we sell, share and/or disclose your personal information, as described herein, you have the right to request that we disclose to you: (1) the categories of personal information that we collected about you; (2) the categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared; and (3) the categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
- Right to Request Deletion of Your Personal Information. You have the right to request that we delete your personal information. Following receipt of a request, we will let you know what, if any, personal information we can delete from our records. If we cannot delete all of your personal information, we will let you know the reason.
- Right to Correct Inaccurate Information. If you believe that any of the personal information we maintain about you is inaccurate, you have the right to submit a request for us to correct that information. Upon receipt of a request, we will use commercially reasonable efforts to correct the information as you direct.
- Right to Opt-Out of the Sale and Sharing of Your Personal Information. You may opt-out of the sale or sharing of your personal information by clicking here: https://www.mtrustcompany.com/privacy.
- Right to Limit the Use of Your Sensitive Personal Information. You may request that we limit the use or disclosure of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected, and certain other authorized purposes under the CCPA, by clicking here https://www.mtrustcompany.com/privacy.
- Right to Non-Discrimination for Exercising Your Rights. If you choose to exercise any of your rights, you have the right to not receive discriminatory treatment by us. If you are an employee, this includes the right not to be retaliated against for the exercise of your CCPA rights.
Consumers who are residents of California may exercise the above rights by calling 800.258.7878 or following this link: https://www.mtrustcompany.com/privacy.
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with requests to know, delete and/or correct.
Selling Personal Information
In addition to the business purposes listed above, we may disclose the following categories of personal information to third parties for the following purposes:
Category of Personal Information or Sensitive Personal Information
Sold to Third Parties?
Selling / Sharing
Personal identifiers such as Social Security number, driver’s license, date of birth and other personal information necessary to verify your identity
Cross-context behavioral advertising
Commercial information such as banking information, account-related and transaction data, such as account number
Internet or other electronic network activity information including device data, statistical identifiers, and information about how you use and interact with our Online Services or advertising
Cross-context behavioral advertising
Under the CCPA, the disclosure of data received by our third party advertising and social media partners may be considered a sale of personal information. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with the requests to know, delete and/ or the correct.
Our verification procedure may differ depending on whether you have an account with us or not and the request you are making. The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity but will require re-authentication before disclosing, correcting or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
- Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to correct or delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.
We will respond to requests to know, requests to delete and/or correct no later than 45 calendar days. If we cannot verify your request within 45 days, we may deny your request. If necessary, we may take up to an additional 45 days to respond to your request but in such an event will provide you a notice and an explanation of the reason that we will take more than 45 days to respond to your request.