Privacy and Security

Privacy Notice

FACTS What does HomeTrust Bank do with your personal information?
What does HomeTrust Bank do with your personal information?
Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What does HomeTrust Bank do with your personal information?
What?
The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security number and income
  • account balances and payment history
  • credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice.

What does HomeTrust Bank do with your personal information?
How?
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons HomeTrust Bank chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does HomeTrust Bank share? Can you limit this sharing?
Reasons we can share your info:
For our everyday business purposes –
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Does HomeTrust Bank share?
YES
Can you limit this sharing?
NO
Reasons we can share your info:
For our marketing purposes –
to offer our products and services to you
Does HomeTrust Bank share?
YES
Can you limit this sharing?
NO
Reasons we can share your info:
For joint marketing with other financial companies
Does HomeTrust Bank share?
YES
Can you limit this sharing?
NO
Reasons we can share your info:
For our affiliates’ everyday business purposes –
information about your transactions and experiences
Does HomeTrust Bank share?
YES
Can you limit this sharing?
NO
Reasons we can share your info:
For our affiliates’ everyday business purposes –
information about your creditworthiness
Does HomeTrust Bank share?
NO
Can you limit this sharing?
We don’t share
Reasons we can share your info:
For our affiliates to market to you
Does HomeTrust Bank share?
NO
Can you limit this sharing?
We don’t share
Reasons we can share your info:
For our nonaffiliates to market to you
Does HomeTrust Bank share?
NO
Can you limit this sharing?
We don’t share
Questions? Call 1.800.627.1632 or go to htb.com
Who we are
Who is providing this notice? HomeTrust Bank
What we do
How does HomeTrust Bank protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does HomeTrust Bank collect my personal information? We collect your personal information, for example, when you

  • open an account or deposit money
  • pay your bills or apply for a loan
  • use your credit or debit card

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing? Federal law gives you the right to limit only

  • sharing for affiliates’ everyday business purposes-information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

Definitions
Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.

  • Our affiliates include a bank holding company and a wholly owned service corporation acting as trustee on mortgage loans.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates we share with can include investment firms, credit card issuers and insurance agencies.
Joint marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include investment firms, credit card issuers, and insurance agencies.

California Consumer Privacy Act Disclosure

 

This California Privacy Notice (“Notice”) applies to customers, visitors, and others (“consumers” or “you”) of HomeTrust Bank, (“we”, “HTB” or “us”) who interact with the Bank, the Bank’s mobile applications, or website (collectively “Services”) that are residents of California, defined below. It is important that you read this Notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing your Personal Information so that you understand how and why we are using your data. This Notice supplements those other notices and is not intended to override them.

This Notice describes:

  • Personal information we collect;
  • How we collect your personal information;
  • How we share your personal information;
  • How we use your personal information;
  • How we protect your information;
  • Sale of personal information;
  • California privacy rights;
  • Changes to this Notice; and
  • Questions, concerns or requests for information.

Personal Information We Collect

“Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to any individual or a household. It does not include anonymous or aggregated data that cannot be associated with an individual or household.

In the past 12 months, we may have collected, and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents covered by this disclosure:

  • Identifiers, such as name, data of birth, and government-issued identifier (e.g., driver’s license, Social Security number);
  • Contact information, such as phone numbers, email address, postal address;
  • Financial information, such as financial history, information from credit reference agencies and fraud prevention agencies;
  • Characteristics of protected classifications under California or federal law, such as name, signature, sex, and marital status. Some information may overlap with other categories;
  • Commercial information, such as personal property purchases and transaction information;
  • Internet or network activity information, such as browsing history and interactions with our website and mobile application;
  • Geolocation data, such as device location and Internet Protocol (IP) location;
  • Audio, electronic, visual and similar information, such as call and video recordings;
  • Professional or employment-related information, such as work history and prior employer;
  • Education information, such as student records and directory information;
  • Marketing and Communications Information, such as marketing campaign data, click throughs, your preferences and consent in receiving marketing from us and our third parties, and your communication preferences; and
  • Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.

How We Collect Your Personal Information

The categories of sources from whom we collected this Personal Information are:

  • Directly from a California resident consumer or that consumer’s agent
  • Service Providers, Consumer Data Resellers and other third parties
  • Public Record Sources (Federal, State or Local Government Sources)
  • Website or Mobile App Activity
  • Third parties or institutions representing a client

How We Share Your Personal Information

The categories of third parties we have disclosed Personal Information to in order to carry out the business purposes described in this privacy notice are:

  • Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities
  • Partners and Third Parties who provide services such as payment, banking and communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors, who promote the Bank and its financial services and products to customers and other prospective buyers
  • Other Third Parties who enable customers to conduct transactions online and via mobile devices, support mortgage and fulfillment services, vehicle loan processes and aggregators (at the direction of the customer)
  • Government Agencies as required by laws and regulations

How We Use Your Personal Information

Our primary purpose for collecting Personal Information is to provide you with information, products, and services you request. We may also use your Personal Information for the following business purposes:

  • To provide you with a product, service or information about a product or service that you request from us or which we believe may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
  • To detect potentially malicious, deceptive, fraudulent, or illegal activity on all aspects of the Bank’s digital and physical locations, and further mitigate, prevent, report, or prosecute those responsible.
  • As necessary or appropriate to protect the rights, property, or safety of us, our customers, or others.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

How We Protect Your Personal Information

We are committed to the privacy and security of information you provide to us for business purposes and beyond. We maintain physical, electronic, and procedural security safeguards to protect Personal Information we maintain against loss, alteration, access, or disclosure, and require service providers that have access to Personal Information do the same.

Sale of Personal Information

In the past 12 months, we have not “sold” Personal Information, including Personal Information of minors under the age of 16. For purposes of this Notice, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.

California Privacy Rights

This section describes your rights under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Please note that privacy provisions of the CCPA do not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”) (e.g. Personal Information collected on consumers who apply for or obtain one of our financial products or services for personal, family or household purposes).

CCPA applies to California residents only. For purposes of CCPA, a California resident is a person who is in California for a purpose that is not temporary or transitory or is domiciled in California but is outside of the state for a temporary or transitory purpose. The rights described here within do not apply to residents of other U.S. states or persons who reside outside of the United States.

The CCPA provides California consumers the right to know about Personal Information collected, disclosed, or sold. If you are a California resident, you have the right to:

  1. Request we disclose to you free of charge the following information covering the 12 months preceding your request:
    1. the categories of Personal Information about you that we collected;
    2. the categories of sources from which the Personal Information was collected;
    3. the categories of Personal Information sold or disclosed to third parties;
    4. the categories of third parties with whom such Personal Information was sold or disclosed;
    5. the business or commercial purpose for collecting or selling Personal Information; and
    6. the specific pieces of Personal Information we collected about you;
  2. Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception;
  3. Opt-out from having your Personal Information sold to third parties (this is not applicable to us as we do not sell your Personal Information); and
  4. Be free from unlawful discrimination for exercising your rights under the CCPA.

How to Exercise Your Rights

If you are a California resident, you may submit a request by:

  1. Filling out a request form
  2. Calling: 800.627.1632

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access twice within a 12-month period.

The verifiable consumer request must:

  1. Include your full legal name, email, and phone number, which we will need to contact you in order to verify that you are the person about whom we collected Personal Information or an authorized representative.
  2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Our Obligations

We will acknowledge the receipt of your request and provide additional information on our procedure for verifying your identity. In some instances, we may need additional information to verify your identity. If your request is being made on behalf of another person, we may require authorization and identity verification directly from the person for whom the request is being made.

We are prohibited from disclosing social security numbers, driver’s license numbers, or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, and specific pieces of information that pose potential unauthorized access to an account or relationship through identity theft or fraud or similar act.

We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Changes to This California Consumer Privacy Act Disclosure

We may change or update this Notice from time to time. When we do, we will post the revised Notice on the HTB website with its effective revision date. Where changes to this Notice will have a fundamental impact on the nature of how we collect, use, or share your Personal Information, we will give advance notice of such changes.

Questions, Concerns or Requests for Information

Should you have any questions or comments about the process, this Notice, or our practices, please

contact us by:

  1. Writing to us at:
    HomeTrust Bank
    Attention: Compliance Department
    315 Ridgefield Court
    Asheville, NC 28806
  2. Filling out a request form.

CCPA Disclosure – Revised 12.2021