Privacy Policy (including Online and Mobile Banking)

Charlesbridge, MHC, Dedham Savings, and South Shore Bank (the Company) and its Trustees, Directors, Officers, and employees recognize the obligation to maintain the privacy and confidentiality of our clients’ non-public personal information (NPPI) as well as the nature of relationships between clients and the Company. It is the Company’s policy to comply with all federal and state laws and regulations relating to the privacy of the Company’s clients, consumers, and employees.

To help clients understand how the Company protects NPPI, a Privacy Notice is distributed to clients that describes The Company’s privacy policies and practices. The Privacy Notice will be provided at account opening and whenever there is a change to the Notice. The Notice is also available on the Dedham Savings and South Shore Bank websites.

Except as permitted by law or as otherwise described below, the Company does not disclose any NPPI about its current or former clients to anyone. The Company may use NPPI that it collects and maintains to support products and services it provides. The Company does not sell lists, client names or account information.

The Company collects, retains, and uses NPPI about clients from various sources including the following:

• Information the Company receives on applications or other forms, including, but not limited to, identifying information such as address, telephone number, e-mail address, Social Security Number, date of birth, security questions, assets, income and other debts;
• Information about transactions and relationships with the Company or others, such as account balance, payment history, overdraft history, parties to transactions or information about communications with the client; and
• Information the Company receives from a consumer-reporting agency, such as credit history.

The Company is permitted under law to disclose NPPI about clients to other third parties in certain circumstances. For example, the Company may disclose NPPI to its data processing servicer to process account transactions and to others for loan originations, such as attorneys, appraisers, and title insurance companies. In addition, the Company must respond to government subpoenas and report to credit bureaus. The Company does not use, retain, or disclose any personal medical information about clients for marketing purposes or to make credit decisions.

The Company uses information that it collects to better serve clients in the areas of fraud prevention, more efficient servicing of accounts, improved processing of transactions, verification of available funds, validation of creditworthiness and compliance with laws and regulations. Employees may access information when needed to maintain accounts or to provide services.

Limiting Sharing

Information regarding how a client may restrict the sharing of NPPI is set forth in the Privacy Notice.

Client NPPI shall not be disclosed to third parties without first providing a Privacy Notice compliant with Regulation P, 12 CFR 1016, subject to the exceptions provided in Regulation P, sections 1016.13, 1016.14, and 1016.15, summarized below:

Section 13 permits the institution to provide consumer information to a nonaffiliated third party to perform services for the institution or functions on the institution’s behalf if the institution has provided the Privacy Notice to the consumer and the institution has entered into a contract with the third party. The contract must require the third party to maintain the confidentiality of the information to at least the same extent that the institution must maintain its confidentiality. The contract also must limit the third party’s use of the information solely to the purposes for which the information is disclosed or for permitted purposes under Section 14 or Section 15.

Section 14 permits the institution to provide information about a consumer to nonaffiliated third parties without providing the affected consumer either the Privacy Notice or the opt out notice when the information is provided to service or process a financial product or service requested or authorized by the consumer. It also allows providing information to nonaffiliated third parties as necessary to carry out a transaction for a consumer or to administer or maintain the product or service of which the transaction is a part.

Section 15 provides additional exceptions under which the institution may disclose consumer information to nonaffiliated third parties that do not have to be described in the institution’s Privacy Notice and from which the consumer may not opt out. The list includes:

• Information disclosures made with the consent of or at the direction of the consumer, provided that the consumer has not revoked the direction or consent.
• Information disclosures to protect the security of the financial institution or the confidentiality of its records, or to protect against actual or potential fraud or unauthorized transactions, to control risk or to resolve consumer disputes or inquiries.
• Information disclosures to persons holding a legal or beneficial interest relating to the consumer or persons acting in a fiduciary or representative capacity relative to the consumer.
• Information disclosures to the financial institution’s attorneys, accountants, auditors, agencies rating the financial institution or agencies assessing the financial institution’s compliance with industry standards.
• Information disclosures specifically permitted or required by law (and in compliance with the Right to Financial Privacy Act) to the federal government.
• Information provided to a consumer reporting agency in accordance with the Fair Credit Reporting Act.
• Information disclosed to a nonaffiliated third party in connection with the proposed or actual sale, merger, transfer or exchange of a financial institution or an operating unit of a financial institution.
• Information disclosed to comply with a properly authorized subpoena or summons, or to regulatory authorities having jurisdiction over the financial institution.

The Company may exchange limited NPPI with companies that conduct marketing services on its behalf or with other financial institution partners to offer jointly endorsed financial products or services.

The Company does not have any control over the disclosure or use of public personal information. Other third parties may use the information to contact clients about their products, without any involvement by the Company.

The Company also takes steps to safeguard client information. The Company restricts access to personal and account information to those employees who need to know that information to provide products or services. Employees will be provided with training in privacy rules and regulations at time of hire and, at least, annually. For purposes of compliance with Sections 314 (a) and 314(b) of the U.S.A. Patriot Act, only employees with the authority to participate in this information sharing shall divulge financial information or records of a client to anyone outside the institution. These designated employees are named on the Company’s Call Report for section 314(a) sharing and FinCEN is notified by the Company of its employee’s designees for section 314(b) sharing. It is also Company policy to cooperate with governmental agencies in their properly made, legitimate requests for information. Employees who violate these standards are subject to disciplinary measures. The Company maintains physical, electronic, and procedural safeguards that are designed to comply with federal standards to guard NPPI.

Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.

Opting Out of Location Tracking. If you initially consented to the collection of geo-location information through the Services, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. Please note, however, that if you withdraw consent to our collection of location information, you may no longer be able to use some features of the App.