California Privacy Policy
This document outlines the California Privacy Policy of MidFirst Bank and its divisions (collectively “MidFirst,” “we,” “us,” or “our”), detailing how it collects, uses, disposes, and protects personal information of California residents in compliance with the California Consumer Privacy Act of 2018, as amended from time to time, (CCPA). The policy applies exclusively to California residents and covers personal information collected through various interactions with MidFirst Bank’s services, excluding MyMidlandMortgage.com. Personal information is that which identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with you or your household (“personal information”). This policy applies to personal information we collect and data we receive online and offline, such as when you apply for our products or services, use our websites or applications, contact customer support, visit our offices, or otherwise interact with us (collectively, the “Services”). “You” and “your” refer to any California resident who accesses or uses the Services.
The specific personal information that we collect, use and disclose relating to a California resident covered by the CCPA will vary based on our relationship with you. For example, this policy does not apply with respect to personal information we collect about California residents who apply for or obtain our financial products or services for personal, family or household purposes. For more information about how we collect, disclose and secure information relating to these customers, please see our Gramm-Leach-Bliley Act Privacy Notice at https://www.midfirst.com/privacy_notice.
We may change this California Privacy Policy from time to time. When we do, we will post the revised policy on this page with a new “effective date” date at Section 14 of this California Privacy Policy. Any changes to this California Privacy Policy will become effective when posted unless indicated otherwise.
1. PERSONAL INFORMATION WE COLLECT, USE OR SHARE
In the past 12 months, we may have collected the following categories of personal information when you engage our Services:
Category | Required Information |
Personal Identifiers | Personal unique identifiers, such as real name or alias, federal or state issued identification numbers, including, Social Security Number, driver’s license number, passport number, Green Card number or other information that identifies you for ordinary business purposes |
Personal Information | Personal information, including contact details (e.g. telephone and mobile numbers, mailing address and email address), personal and business financial information (e.g. account number and balance, financial statements), payment card details (e.g. credit and debit card numbers) |
Commercial Information | Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
Internet or Online Information | Unique device identifiers (e.g. Media Access Control M [MAC] and Internet Protocol [IP] addresses, browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement to understand our customer base, advertise to you, monitor the performance of our Services, improve the user experience, and to ensure the security of our Services |
Geolocation | Any information used to identify your physical location, Geolocation, device location and IP address |
Audio and Visual Information | Audio, electronic, visual or similar information, such as call and video recordings, or photograph |
Biometrics | Physiological, such as fingerprints, voice pattern recordings , or photographs for fraud prevention and behavioral, such as typing or transaction patterns to authenticate the user |
Employment Information | Professional or employment-related information, such as work history, information from background checks, resumes, personnel files, qualifications, training, and work preference, payroll and benefit information, leave and absence information, and performance and disciplinary information |
Education Information | Details of your education and qualifications, such as institutions attended, degrees obtained, and confirmation of graduation |
Characteristics of Protected Classes | Characteristics of protected classes or groups under state or federal law, such as race, ethnicity, national origin, gender, age, marital status, veteran or military status, disability, citizenship, and immigration status |
Inferences | Inferences based on information about an individual to create a summary about, for example, an individual’s characteristics, such as creditworthiness |
Sensitive Personal Information | Social Security number, Driver’s license number, State Identification number, passport number, precise geolocation, information concerning health, debit or credit card information with codes or credentials to allow access, account log-in in combination with any required security code or password, biometric information processed to identify an individual, union membership, or any information that reveals a consumer’s citizenship or immigration status |
2. WHERE WE COLLECT YOUR PERSONAL INFORMATION
We collect personal information from the following categories of sources:
- Directly from you, when you provide it to us digitally or physically (e.g. where you contact us by email or telephone or by any other means) or from someone on your behalf, including others you have authorized or directed to disclose information to us;
- Public records or widely available sources, including media and other records and information made available by federal, state, or local governments;
- Outside companies or organizations that provide data to support activities such as fraud prevention, underwriting, and marketing. Examples may include internet service providers, social networks, data brokers, advertising networks, and data analytics providers;
- Outside companies or organizations from whom we collect personal information to support human resource and workforce management activities, such as service providers and social networks; and
- Outside companies or organizations from whom we collect personal information to provide products and services, complete transactions, support our everyday operations, or for business management and development.
3. USE OF YOUR PERSONAL INFORMATION
We may collect, process, and disclose your personal information for various business or commercial purposes, as permitted by law, including:
- To provide you with, or evaluate your eligibility for, products and services that your or your company request from us and to provide services, products or information you may have requested;
- To comply with and enforce applicable legal and regulatory requirements, relevant industry standards, contractual obligations and our company policies;
- To detect, prevent, or investigate fraud, suspicious or other illegal activities;
- To support employment, infrastructure, and human resource management;
- To enforce our policies and terms of use;
- To protect our rights, privacy, safety or property, operations, security and/or that of our affiliates, business partners, you or others; and
- To allow us to pursue available remedies or limit the damages that we may sustain.
Note that we may aggregate data we collect on an anonymous basis that does not identify you for any purpose otherwise allowed by applicable law, such as for research, analysis, modeling, marketing, and advertising, as well as improvement of our Services.
A. Customers, Contacts, and Visitors. In addition to the purposes described immediately above, we may also use personal information of customers, contacts and visitors to:
- Process account applications and transactions, and facilitate other customer account activities;
- Verify your identity or authenticate you or your device (such as when you access account information, conduct transactions or call MoneyLine), and to enhance our security measures and prevent fraud;
- Help you efficiently access and manage your information and preferences;
- Provide you with customer support, and quality assurance of the same;
- Operate and improve our business and operations, including internal administration, auditing and troubleshooting for our Services;
- Provide personalized content and information, which could include customized services for you, or offers of various products or services that you may be interested in;
- Monitor metrics such as total number of visitors, traffic, and demographic patterns; and
- Provide, improve, test, and monitor the effectiveness of the Services, diagnose and fix technology issues, and develop and test new products and features.
B. Job Applicants. In addition to the essential purposes described above, we may use Job Applicant information to solicit applicants for job openings and to process an application for employment submitted to us in response to a posted/open position. If hired, California employees receive disclosures during and after onboarding that provide additional details regarding our workforce privacy practices.
C. Online User Activity. We use information that we collect via cookies to further the business purposes described above. Information collected via cookies is used to understand our customer base, advertise our Services to you and other prospective consumers, monitor the performance of our Services, improve the user experience, and to ensure the security of our Services.
See below in Section 5 for your choices regarding cookies.
D. Aggregated/De-identified Information. Collected personal information may be aggregated and/or de-identified, meaning we remove any details that identify you personally. We may share this aggregated and /or de-identified information with third-party providers to help deliver products, services, and content that are better tailored to the users of our online services and for our own business purposes where permissible by applicable laws and regulations.
4. DISCLOSING YOUR PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your personal information to service providers, contractors and third parties to carry out specific business or commercial purposes. In the last 12 months, we have disclosed the following categories of personal information for business or commercial purposes to service providers and to the following categories of third parties:
Personal Data Category | To Whom We Disclose |
Personal Identifiers | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development Entities to whom you or your representative have authorized disclosure Representatives of California residents Government Agencies as required by law or regulation Our affiliates, for internal business purposes |
Personal Information | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development Entities to whom you or your representative have authorized disclosure, including data aggregators, such as Plaid or Yodlee, and third-party applications Representatives of California residents Government Agencies as required by law or regulation Our affiliates, for internal business purposes |
Commercial Information | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development Entities to whom you or your representative have authorized disclosure including data aggregators, such as Plaid or Yodlee, and third-party applications Representatives of California residents Government Agencies as required by law or regulation Our affiliates, for internal business purposes |
Internet or Online Information | Service Providers and contractors in connection with monitoring metrics such as total number of visitors, traffic, and demographic patterns, identifying advertising opportunities, monitoring the performance of our website, improving the user experience on our website, and ensuring the security of or Services, including verification and authentication to prevent fraud |
Geolocation Data | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, data analytics, business management and development, and for verification and authentication to prevent fraud |
Audio and Visual Information | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development, and Government Agencies in the event of criminal activity |
Biometrics | Service Providers and contractors in connection with providing authentication services and fraud prevention |
Employment Information | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management |
Education Information | Service Providers and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management |
Characteristics of Protected Classes | Government Agencies in connection with routine and required reporting Service Providers and contractors in connection with human resource activities and workforce management |
Inferences | Service Providers, and contractors in connection with providing products or services, completing transactions, supporting our everyday operations, business management and development and in connection with human resource activities and workforce management |
Sensitive Personal Information | Service Providers, and contractors, in connection with providing products or services, completing transactions, supporting our everyday operations, advertising business management and development and in connection with human resource activities and workforce management |
Personal Information may also be disclosed externally when we believe it is necessary or appropriate to: (i) comply with applicable legal requirements, including, but not limited to, regulatory, court, and law enforcement demands (e.g., subpoenas, court orders, etc.); (ii) respond to an emergency or otherwise protect the rights and property of MidFirst and our employees, agents, customers, or others, including to enforce our policies and terms of use; (iii) address fraud, security, or technical issues; and (iv) in connection with, or during negotiation of, any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
5. SHARING OR SELLING YOUR PERSONAL INFORMATION
While we do not sell your personal information in exchange for any monetary consideration, we do use technologies such as cookies, pixel tags, web beacons, and other similar technologies, to help us measure traffic, usage, and other trends by your use of our Services on our website. The use of some of these technologies constitutes a ‘share’ or ‘sale’ of personal information under the CCPA. You can manage your data sharing preferences via the Do Not Sell or Share My Personal Information link in the website footer or see the Section “Exercising Your Rights Under the CCPA” below. Note that your selection is specific to the device, website and browser you are using, and is deleted whenever you clear your browser’s cache.
We also treat Global Privacy Control preference signals as valid requests to opt-out of the sale or sharing of your personal information. You can learn more about implementing opt-out preference signals by visiting the Global Privacy Control website at https://globalprivacycontrol.org/ or by exploring other developing technologies and services that offer this tool.
Additionally, most internet browsers allow you to block cookies. If you block cookies, your browsing experience may be affected, and you may not be able to use all the features of our Services. You can delete cookies that are already stored on your computer or device by following the instructions associated with your browser and operating system.
To learn more about your choices regarding the collection of your online activity or to opt out of interest-based advertising, visit https://www.aboutads.info/choices. If you choose to opt out, a cookie will be placed on your browser indicating your choice. Because cookies are stored by your browser, any opt-out choice you make is valid only for the computer/device and browser combination used to opt out. If you opt out of interest-based advertising, please note that you may still receive advertisements from us, but they will not be customized based on your online activities and you may still receive ads when you sign into your online and mobile banking account. Clearing your browser's cookies will remove your opt out because it is stored in a cookie, and you will need to opt out again.
6. USE OF SENSITIVE PERSONAL INFORMATION
We do not use or disclose sensitive personal information for purposes other than those which are necessary to perform the services or provide the goods reasonably expected and do not collect or process sensitive personal information for the purpose of inferring characteristics about a consumer.
7. MINORS
Our financial services are not targeted to children under the age of 16, nor do we knowingly sell or share personal information related to a consumer under the age of 16 without express consent.
8. DATA RETENTION
We retain your personal information no longer than reasonably necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
9. NOTICE OF FINANCIAL INCENTIVE
We do not provide a financial incentive or a price or service difference to customers in exchange for the retention or sale of their personal information. We may advertise our financial products and services or send promotions or offers to customers or other individuals, and unless a customer has opted out of such communications, the customer will continue to receive such notices irrespective of whether any information privacy request described here has been submitted. We do not offer financial incentives to deter individuals from making such requests.
10. SECURITY
We use technical, physical, and administrative security measures designed to comply with applicable law and protect the security of your personal information, including information you submit to us through the Site. This includes but may not be limited to device safeguards, encryption, and firewalls.
Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels (like email) to communicate sensitive or confidential information (such as your social security number) to us.
11. YOUR RIGHTS UNDER THE CCPA
If you are a California resident, you have the right to:
- Right to Know. You have the right to request access to, and a copy of, the categories of personal information we have collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the categories of third parties and service providers to whom we disclose it.
- Right to Correct. You have the right to correct inaccurate personal information that we maintain about you.
- Right to Limit or Delete. You have the right to request, in certain circumstances, that we limit the use of your sensitive personal information or delete personal information that we have collected directly from you.
- Right to Opt-out of Sale or Sharing of Personal Information. You have the right to opt-out of the Sale or Sharing of your personal information. You can manage your data sharing preferences via the Do Not Sell or Share My Personal Information link in website footer. Note that your selection is specific to the device, website and browser you are using, and is deleted whenever you clear your browser’s cache. We do not sell or share personal information for monetary gain.
- Right to Non-Discrimination. You have the right to be free from discrimination based on your exercise of your CCPA rights.
12. EXERCISING YOUR RIGHTS UNDER THE CCPA
Opting Out of the Selling or Sharing of Personal Information.
To opt out of the sale or sharing of your personal information, click the Do Not Sell or Share My Personal Information link in the website footer. You may choose your preference at any time by clicking on this link.
You (or an authorized agent) may submit a consumer request to know, correct, limit, or delete your personal information. To make a request, please do so by either:
- Going to https://www.midfirst.com/california-privacy-policy/submit-a-ccpa-request; or
- Calling us at 855.928.2146
Once you submit a request, we will verify your identity before acting on your request. If you have an account with us, we may ask you to provide personal identifiers we can match against information we may have collected from you previously, and to confirm your request using the email address or telephone number stated in the request. If you do not have an account with us, we may ask you to provide certain information, such as your first and last name, date of birth, address and the last four digits of your social security number to verify your identity.
13. CONTACT US
Please contact us about this California Privacy Policy or our Services at 855.928.2146.
You may review or update certain account information and review your recent transaction history by logging in to the Services or by contacting us. You can also adjust certain profile and privacy settings in your account settings.
14. EFFECTIVE DATE
This California Privacy Policy was last revised and is effective as of April 30, 2026.