CCPA Privacy Policy

 

 

Effective October 17, 2025

This Old Second National Bank (“Old Second”) Notice for California Residents is applicable to consumers residing in California only and is  considered a supplement to, and not a replacement of, Old Second’s U.S. Privacy Policy found here: https://www.oldsecond.com/clientuploads/pdf/PrivacyPolicy.pdf. This Notice is applicable to Old Second’s various divisions, including FreedomRoad Financial and Performance Finance. The California Consumer Privacy Act of 2019 (“CCPA”) give consumers the right to request that a business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of personal information the business has collected. The CCPA defines “personal information” as: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include de-identified or aggregated consumer information, or publicly available information that is lawfully made available to the general public from federal, state, or local government records. The majority of personal information Old Second collects is covered by other laws, rules and regulations, including but not limited to the Gramm-Leach-Bliley Act and its related implementing regulations, and is therefore exempt from the provisions of the CCPA. As such, while most of the categories below are exempt from coverage under the CCPA, below are the categories of personal information collected, the categories of sources collected from, the purposes and the parties we share with. Not all of the example information below is collected from all consumers. Old Second retains these categories of your personal information for only as long as necessary to fulfill the purposes outlined in this CCPA Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, Old Second considers the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which the information was obtained, and whether Old Second can achieve those purposes through other means, as well as applicable legal requirements.

Categories of Personal Information	Categories of sources collected from	Business or commercial purposes for collection	Categories of third parties with whom we share
Identifiers, such as name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.	Consumers, our customers, or their agents, third party referral or due diligence sources, automatic collection via cookies and other tracking technologies (such as a tracking pixel).	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements, confirming your identity or other information about you; monitoring our website traffic and performing web analytics to understand how users interact with our website to optimize user experience.	Affiliates or subsidiaries, business partners, service providers such as payment processors or financial institutions, professional service organizations such as auditors and law firms, our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s), and monitoring our website.
Signature, telephone number, education and employment history.	Consumers, our customers, or their agents, third party referral or due diligence sources.	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements, confirming your identity or other information about you.	Our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s).
Legally protected classifications (such as age, race, color, national origin, gender, disability, marital status, military status or other protected characteristics).	Consumers.	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements.	Our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s).
Commercial information, such as personal property records, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This may include account numbers and various financial statements or other summaries of financial information.	Consumers, our customers, or their agents, third party referral or due diligence sources.	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements, confirming your identity or other information about you.	Our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s).
Voice recordings (biometric information).	Consumer.	Servicing or maintaining account security when consented to, confirming your identity, or other information about you.	Our technology and third-party security providers.
Internet, geolocation or other electronic network activity, including usage information and device information such as traffic and search history, browser type and operating system.	Consumer, automatic collection via cookies and other tracking technologies (such as a tracking pixel).	Internet monitoring and security, monitoring our website traffic and web analytics in order to estimate audience size and usage patterns; understand and save user preferences for future visits; compile aggregate data about website traffic and website interactions to resolve issues and offer better website experiences; customization of our website for individual user needs; and ensuring browsing security for users interacting with our website.	Our technology and third-party security providers, third-party companies monitoring our website traffic and activity.
Professional or employment related information.	Consumers, our customers, or their agents, third party referral or due diligence sources.	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements.	Our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s).
Inferences drawn from other personal information.	Consumers, our customers, or their agents, third party referral or due diligence sources.	Evaluating, establishing, servicing or maintaining account(s) or finance arrangements.	Our processors and technology vendors internally used in the normal course of evaluating, establishing, servicing or maintaining account(s).

How We Use Personal Information

Old Second may use or disclose personal information we collect as necessary to perform a business purpose. Old Second does not sell any California consumer’s personal information to any third parties, and we have not done so in the preceding twelve (12) months. Old Second will not collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice. Old Second does not knowingly sell or share personal information of minors under sixteen (16) years of age.  

In addition to the purposes and uses described above, we use information in the following ways:

• To identify you when you visit our website.
• To provide products and services.
• To improve our services and product offerings.
• To process transactions and provide services you request from us.
• To respond to inquiries related to support or other requests.
• To maintain, support and service accounts.
• To provide our third-party relationships with information to facilitate transactions for you or to provide you with goods or services.
• To send marketing and promotional materials including information related to our or third party products, services or promotions.
• To conduct research and analysis of our business, products and services.
• To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property or safety of our company and our users, employees, or others.
• To debug, identify and repair errors that impair existing intended functionality of our website and services.
• To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.

We may de-identify information of consumers for research and other purposes and aggregate such information.

Non-discrimination

Further, it is Old Second’s policy not to discriminate against a consumer because the consumer has exercised any of the consumer’s rights under the CCPA, including, but not limited to, by:

• Denying goods or services to the consumer.
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
  
  

• Providing a different level or quality of goods or services to the consumer.

• Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
  
  

Rights Under CCPA to Request Deletion/Correction, Rights to Opt Out

The CCPA gives a California consumer the right to request from Old Second:

• The categories of personal information collected about that consumer.
• The categories of sources from which the personal information is collected.
• The business or commercial purpose for collecting or selling personal information.
• The categories of third parties with whom Old Second shares personal information.
• The specific pieces of personal information collected about that consumer.

Further, the CCPA also gives a California consumer the right to request deletion or correction of the specific pieces of information collected about that consumer.  However, Old Second is not required to comply with a request to delete a consumer’s personal information if it is necessary for Old Second, or one of our service providers, to maintain the consumer’s personal information in order to:

• Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of Old Second’s ongoing business relationship with the consumer, or otherwise to perform a contract between Old Second and the consumer.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• To otherwise use the personal information in a lawful manner allowed by relevant laws, rules or regulations, including to comply with a legal obligation.
• To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
• Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

 

Although we do not “sell” your personal information for money, we may use some of your information for audience modeling for ongoing advertising, which may constitute a “sale” or “sharing” of data under certain privacy laws. You may opt-in or opt-out of online track-based targeted advertising (i.e., use of “cookies”) here: DO NOT SHARE OR SELL MY PERSONAL INFORMATION 

Cookies and Online Advertising

• Like many other companies, we use cookies and other tracking technologies such as tracking pixels and web beacons (collectively, “Cookies”). Cookies are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices.

  We set some Cookies ourselves and others are set by other entities. We use Cookies set by other entities to provide us with useful information to help us understand our website traffic, and improve our website and services, to conduct advertising, and to analyze the effectiveness of advertising. For example, we use Cookies from Google and Facebook. 

  Opting Out of Cookies

  • Browser Settings - Cookies can be blocked by changing your browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies), you may not be able to access all or parts of our website.
  • Platform Controls – You can opt out of Cookies set by specific entities by following the instructions at the following links:
  
  
  • Google: https://adssettings.google.com
  • Facebook: https://www.facebook.com/about/ads

Verifiable Consumer Request Procedure

Upon receipt of a verifiable consumer request (as defined below) for any or all of the items above, Old Second will provide a report describing such items within 45 days, but no later than 90 days.  If more than 45 days is needed, we will inform you of the reasons and how much additional time is needed.  If we cannot comply with a request, our response will explain why.  A verifiable consumer request may be made as either:

• a written request submitted through our CCPA Inquiry Page found here: https://www.oldsecond.com/forms/ccpa/.
  
  
• a verbal request made to our toll free number at 833-625-0546.

In order to comply with a request, it must be a “verifiable consumer request.”  To be considered a verifiable consumer request, we must be able to verify the consumer’s identity and/or right to access the information and the request is described with sufficient detail that allows us to properly understand, evaluate, and respond to it.  Further, a verifiable consumer request must be made by the consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, and that Old Second can reasonably verify. We may require at least two forms of identity verification. If we provide information responsive to a verifiable consumer request in electronic form, the information will be in a portable and, to the extent technically feasible, readily useable format that allows the consumer to transmit this information to another entity without hindrance.  Further, this information will only cover the twelve (12) month period prior to the request.  A consumer is allowed to make no more than two (2) requests for information or deletion during any twelve (12) month period.

Opt Out Preference Signals

Your internet browser may give you more control over your privacy preferences via a Global Privacy Control (GPC) signal. This is a setting in your browser that notifies the websites you visit of your preferences to opt out of selling or sharing your personal information under California law. If you have opted out via the GPC signal, Old Second sites will recognize this signal and process your preference automatically as it pertains to tags, cookies, and pixels that collect personal information when you visit an Old Second website. Please note, you will need to enable the signal on each browser that you use, as the signal is processed at the browser level and not applied if you visit an Old Second website from a different browser or device that does not have the GPC signal enabled. To opt out without GPC enabled, see the section Rights Under CCPA to Request Deletion/Correction, Rights to Opt Out above.

Automated Decision-making

You have the right to opt out of Old Second’s use of your personal information for profiling purposes. This opt out can be accomplished here: Consent Choices 

Updates

This Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date at the top of this page).

Contact Us

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 1-877-866-0202. You can also visit Privacy Policy for additional information.