Privacy Notice

Effective Date: January 1, 2026

Last Updated: January 15, 2026

INTRODUCTION

At Peoples Bank of Alabama ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal information responsibly. This Privacy Notice describes how we collect, use, share, and protect your personal information through our banking services, websites, mobile applications, and other digital services (collectively, the "Services").

Data Controller: Peoples Bank of Alabama acts as the data controller for the personal information described in this notice.

By using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy notice.

WHAT DOES PEOPLES BANK OF ALABAMA DO WITH YOUR PERSONAL INFORMATION?

WHY? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

WHAT? The types of personal information we collect and share depend on the products and services you have with us. This information can include:

  • Your name and address
  • Social Security number and income
  • Account balances and payment history
  • Credit history and credit scores

HOW? All financial companies need to share customers' personal information to run their everyday business operations. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Peoples Bank of Alabama choose to share; and whether you can limit this sharing.

INFORMATION SHARING PRACTICES

Reasons we can share your personal information

Do we share?

Can you limit this sharing?

For our everyday business purposes – such as to process your transactions, maintain your accounts, respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes – to offer our products and services to you

Yes

Yes

For joint marketing with other financial companies

No

We don't share

For our affiliates' everyday business purposes – information about your transactions and experiences

Yes

No

For our affiliates' everyday business purposes – information about your creditworthiness

No

We don't share

For our affiliates to market to you

No

We don't share

For nonaffiliates to market to you

No

We don't share

To opt out of our marketing communications: Call 877.788.0288, visit a local branch, or mail: Compliance Department, Peoples Bank of Alabama, 1912 Cherokee Ave, SW., Cullman, AL 35055

1. PERSONAL INFORMATION WE COLLECT

We collect personal information from various sources to provide banking services and comply with legal requirements.

Categories of Personal Information

Identifiers and Personal Records

  • Name, alias, postal address, email address, phone number
  • Social Security number, driver's license number, passport number, state ID
  • Account names, unique identifiers, online identifiers, IP addresses
  • Date of birth, signature, emergency contact information

Financial Information

  • Account balances, payment history, transaction records
  • Credit/debit card numbers, credit history, investment activity
  • Income information, source of funds, employment details
  • Loan application data and creditworthiness information

Commercial Information

  • Records of products or services purchased or considered
  • Purchasing histories and consumer preferences
  • Account usage patterns and service interactions

Digital Activity Information

  • Browsing history, IP addresses, device information
  • Operating system data, session duration, browser type
  • Website and mobile app interaction patterns
  • Pages visited, time spent on pages, browsing patterns

Biometric Information

  • Fingerprints and other biometric identifiers used for authentication
  • Voice patterns for phone-based authentication

Geolocation Data

  • Device location information, GPS coordinates
  • Location inferred from IP address

Communications Content

  • Contents of emails, messages, and customer service calls
  • Audio and video recordings of interactions
  • Survey responses and feedback

Professional Information

  • Occupation, job title, employment history
  • Income verification and professional references

Sensitive Personal Information

  • Account login credentials and access codes
  • Precise geolocation data
  • Contents of personal communications
  • Protected classifications (race, religion, sexual orientation)

Sources of Information

We collect personal information from:

  • Directly from you when you open accounts, apply for loans, or use our services
  • Automatically through our websites and mobile applications via tracking technologies
  • Third parties including credit bureaus, service providers, and public records
  • Business partners and marketing companies
  • Government agencies and regulatory bodies

Lawful Basis for Processing

We process your personal information based on:

  • Contract Performance: To fulfill our banking services and agreements with you
  • Legal Compliance: To meet regulatory and legal obligations
  • Legitimate Interests: To prevent fraud, improve services, and conduct business operations
  • Consent: For marketing communications and non-essential services (which you may withdraw at any time)

2. HOW WE USE PERSONAL INFORMATION

We use your personal information for legitimate business and commercial purposes:

Primary Business Purposes

Account Services and Transaction Processing

  • Opening, maintaining, and servicing your accounts
  • Processing transactions, payments, and transfers
  • Providing customer service and technical support
  • Verifying your identity and preventing fraud

Regulatory Compliance and Legal Obligations

  • Complying with BSA/AML (Bank Secrecy Act/Anti-Money Laundering) requirements
  • Meeting regulatory reporting obligations
  • Responding to legal process and government requests
  • Conducting required background checks and verifications

Security and Fraud Prevention

  • Detecting and preventing security incidents and fraudulent activity
  • Protecting against deceptive or illegal activity
  • Monitoring for suspicious transactions
  • Maintaining the security of our systems and facilities

Marketing and Communications

  • Offering our products and services that may interest you
  • Sending promotional materials and service updates
  • Conducting market research and customer surveys
  • Personalizing your banking experience and targeted advertising

Risk Management and Credit Decisions

  • Assessing creditworthiness for loans and credit products
  • Managing portfolio risk and loan performance
  • Setting appropriate credit limits and terms
  • Monitoring account performance and payment history

Service Improvement and Analytics

  • Analyzing usage patterns to improve our services
  • Developing new products and features
  • Conducting internal research and data analysis
  • Optimizing our digital platforms and user experience

Use of Sensitive Personal Information

We limit our use of sensitive personal information to:

  • Providing the banking services you request
  • Preventing and detecting security incidents
  • Ensuring compliance with legal and regulatory requirements
  • Verifying your identity and maintaining account security
  • Retention: Sensitive personal information is retained for no longer than necessary for these purposes, typically 7 years after account closure or as required by law

3. HOW WE SHARE YOUR INFORMATION

We do not sell personal information for money. We do not share personal information for cross-contextual behavioral advertising purposes.

We may share your personal information with the following categories of recipients:

Service Providers and Vendors

  • Technology service providers and IT consultants
  • Payment processing companies
  • Data analytics and marketing service providers
  • Cloud storage and infrastructure providers
  • Professional advisors including auditors and legal counsel

Regulatory and Government Entities

  • Federal and state banking regulators
  • Law enforcement agencies when required by law
  • Government agencies requiring regulatory reports
  • Courts and legal authorities pursuant to valid legal process

Credit and Financial Partners

  • Credit reporting agencies and bureaus
  • Joint marketing partners (with appropriate limitations)
  • Loan servicers and investors
  • Financial institutions facilitating transactions

Business Transfers

  • In connection with mergers, acquisitions, or sales of business assets
  • During bankruptcy or similar proceedings
  • To entities assuming control of our operations

Emergency and Legal Situations

  • To protect the safety of individuals
  • To prevent fraud or illegal activities
  • To enforce our agreements and protect our rights
  • As required by applicable law or regulation

We require all third parties to maintain appropriate safeguards for your personal information and to use it only for authorized purposes.

4. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixels, and other tracking technologies to enhance your digital experience.

Types of Technologies Used

Essential Cookies

  • Required for basic website functionality
  • Cannot be disabled without affecting site performance

Performance Cookies

  • Track website performance and user behavior
  • Help us improve our digital services

Targeting/Advertising Cookies

  • Personalize advertising and marketing content
  • Measure advertising effectiveness

Analytics Tools

  • Google Analytics (opt-out: tools.google.com/dlpage/gaoptout)
  • Internal analytics platforms

Third-Party Partners

We work with service providers including:

  • Google Analytics: For website performance measurement
  • Meta/Facebook Services: For advertising measurement and custom audiences
  • Other advertising networks: Subject to your cookie preferences

Your Cookie Choices

  • Browser Settings: Configure your browser to reject cookies
  • Manage Cookie Preferences: Manage preferences via “Consent Preferences” icon in bottom left corner of all pages
  • Opt-Out Programs: Visit youradchoices.com or networkadvertising.org/choices
  • Mobile Settings: Reset advertising identifiers in device settings

5. MOBILE APPLICATION DISCLOSURES

Our mobile application may request access to certain device features:

Device Permissions

With your consent, our app may access:

  • Camera (for check deposits and document scanning)
  • Location (to find nearby branches and ATMs)
  • Contacts (for money transfer features)
  • Storage (to save documents and transaction records)
  • Biometrics (for secure login using fingerprint or face recognition)

You can modify these permissions through your device settings at any time.

6. HOW WE PROTECT YOUR INFORMATION

We implement comprehensive security measures:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Multi-factor authentication systems
  • Regular security monitoring and testing
  • Secure network infrastructure and firewalls

Physical Safeguards

  • Restricted access to facilities and records
  • Secure document storage and destruction procedures
  • Employee background checks and security training

Administrative Safeguards

  • Privacy and security policies and procedures
  • Regular employee training on data protection
  • Incident response and breach notification procedures
  • Vendor security assessments and contractual protections

7. INFORMATION RETENTION

We retain your personal information for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal and regulatory requirements (typically 7 years after account closure)
  • Resolve disputes and enforce our agreements
  • Meet audit and examination requirements

Specific Retention Periods:

  • Account information: 7 years after closure
  • Transaction records: 7 years
  • Marketing preferences: Until withdrawn
  • Sensitive personal information: Minimum time necessary for stated purposes

8. YOUR PRIVACY RIGHTS

General Rights

You have the right to:

  • Access your account information through online banking
  • Update your personal information to keep it accurate
  • Opt-out of marketing communications
  • Request correction of inaccurate information
  • File complaints about our privacy practices
  • Withdraw consent for non-essential processing

Consumer Request Procedures

Response Timeline: We will respond to verified requests within 45 days, with a possible 45-day extension if needed.

Identity Verification: We may require additional information to verify your identity before processing requests, including:

  • Account verification details
  • Government-issued identification
  • Security questions

Authorized Agents: You may designate an authorized agent to make requests on your behalf by providing:

  • Signed written authorization
  • Proof of your identity and the agent's identity
  • Power of attorney (if applicable)

Limitations on Rights

Federal banking laws may limit some privacy rights, particularly regarding information required for regulatory compliance and ongoing business relationships.

9. STATE-SPECIFIC PRIVACY RIGHTS

California Residents - CCPA/CPRA Rights

Your Rights Include:

Right to Know: Categories and sources of personal information collected, purposes for use, and categories of third parties with whom we share information

Right to Access: Request copies of personal information in a portable, machine-readable format

Right to Delete: Request deletion of personal information (subject to legal and regulatory exceptions)

Right to Correct: Request correction of inaccurate personal information

Right to Limit: Request limitation on the use of sensitive personal information beyond what is necessary to provide services

Right to Opt-Out: We do not sell or share personal information for cross-contextual behavioral advertising

Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights

Making Requests: California residents can exercise these rights by:

  • Calling: 877.788.0288
  • Mailing: Compliance Department, Peoples Bank of Alabama, 1912 Cherokee Ave, SW., Cullman, AL 35055

Virginia (VCDPA) and Colorado (CPA) Residents

Additional Rights:

  • Right to appeal denied consumer requests
  • Right to withdraw consent for non-essential processing
  • Right to data portability

Appeals Process: If we deny your consumer rights request, you may appeal by contacting us by phone at 877.788.0288 within 30 days. We will respond to appeals within 60 days.

10. CHILDREN'S PRIVACY

We do not knowingly collect personally identifiable information from children under 13 without verifiable parental consent. Our Services are not directed to individuals under 13 years of age. If we learn we have collected personal information from a child under 13, we will delete it promptly.

11. CHANGES TO THIS NOTICE

We may update this Privacy Notice periodically to reflect changes in our practices or applicable law. Significant changes will be communicated a mailed notice. Changes to the notice will be reflected by an updated effective date at the top of this notice. Your continued use of our Services after notice of changes constitutes acceptance of the updated policy.

12. ANNUAL PRIVACY POLICY

We will provide an annual privacy policy either electronically through online banking or by mail, as permitted and required by applicable law.

13. CONTACT INFORMATION

Privacy Contact Information

Compliance Department: Peoples Bank of Alabama
Phone: 877.788.0288
Mail: Compliance Department, Peoples Bank of Alabama, 1912 Cherokee Ave, SW., Cullman, AL 35055

General Questions or Concerns

Phone: 877.788.0288
Mail: Peoples Bank of Alabama, 1912 Cherokee Ave, SW., Cullman, AL 35055, Attention: Compliance Department

Consumer Rights Requests

Phone: 877.788.0288

Mail: Compliance Department, Peoples Bank of Alabama, 1912 Cherokee Ave, SW., Cullman, AL 35055

DEFINITIONS

Affiliates: Companies related by common ownership or control, including financial and nonfinancial companies.

Nonaffiliates: Companies not related by common ownership or control, including financial and nonfinancial companies.

Joint Marketing: A formal agreement between nonaffiliated financial companies to market financial products or services together.

Personal Information: Information that identifies, relates to, describes, or is capable of being associated with a particular individual.

Sensitive Personal Information: Personal information that reveals specific characteristics or activities requiring additional protection under applicable law.