The types of personal information we collect and share depend on the product or service you have with us. This information can include:
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
We collect your personal information, for example, when you
Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and non-financial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
For Alaska, Illinois, Maryland and North Dakota Customers. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing – without your authorization.
For California Customers. We will not share personal information with nonaffiliates either for them to market to you or for joint marketing - without your authorization. We will also limit our sharing of personal information about you with our affiliates to comply with all California privacy laws that apply to us.
For Massachusetts, Mississippi and New Jersey Customers. We will not share personal information from deposit or share relationships with nonaffiliates either for them to market to you or for joint marketing - without your authorization.
Within the Visa infrastructure, data is securely stored and transmitted using
standard industry practices that adhere to PCI-DSS security standards.
Specifically, Visa adheres to the following principles:
• Data in transit is encrypted.
– For transmission of sensitive data within internal networks, the channel
– For external transmissions, the data and channel are both encrypted.
• Sensitive data at rest is encrypted. Data at rest (stored in the database) is
protected through the following controls:
– Production systems are protected using a Visa zone security
architecture that ensures bank data at rest is in restricted zones that are
segmented from other zones, and that Visa corporate networks are
segmented by firewalls and not accessible from the Internet.
– Firewall restrictions include: IP, application, and data type.1/14/20
– Procedures are in place for strict logical access to data; access to
production data is on an individual and by-request basis, restricted to
promote separation of duties, and inclusive of annual access
– IDS/IPS are in place with the zone architecture to prevent common
• PI are collected, received, used, processed, stored and/or disclosed in
accordance with the requirements defined by the Key Controls, the
European General Data Protection Regulation (GDPR), California Consumer
Protection Act (CCPA), the Gramm Leach-Bliley Act (GLBA), the Payment
Card Industry Data Security Standards (PCI-DSS), the Personal Information
Policy and Records, and Information Management Policy.
• Visa engages a qualified security assessor (QSA) annually to validate Visa's
compliance with PCI-DSS.
In order to provide services to cardholders, we collect and store the following
information on our secure infrastructure:
• Mobile account information
• Device information
– Operating system
– Unique device identifiers
– IP addresses
• Cardholder information
– First Name
– Last Name
– Email Addresses
– Phone Numbers
• Card details
– Card number1/14/20
– Card Expiration Date
– Billing Address
– Card Nickname
– CVV2 (collected for validation purposes but not stored)
• Why do we store the above-referenced data?
– For security purposes, we store device information and monitor
– For analytical and reporting purposes, we store information about
mobile application usage and participation in card services.
– For customer service and troubleshooting purposes, we store detailed
information about system events.
• No sensitive information is stored on the mobile device. However, the
following may be securely stored on the device:
– Payment tokens may be stored in a secure cryptography protected
– Long-lived user tokens used for fingerprint authentication.
• In cases where data must be passed to external systems/parties to support
a service, cardholders must opt-in to the service via the app.
Substitute Checks and Your Rights
Your privacy is very important to us. We would like to advise you that Internet email is not secure. Please do not submit any information that you consider confidential. We recommend you do not include your social security or account number or other specific identifying information.
You are leaving CNB Bank's website and linking to a third party site. Please be advised that you will then link to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of CNB Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. CNB Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.