California Consumer Privacy Notice

This Privacy Notice describes the categories and uses of personal information M&T Bank and its Affiliates, including our Wealth Advisory Services business (“WAS”) (“M&T Bank Corporation”) collect from you and other consumers residing in the state of California. This Notice also describes the rights that consumers may have under applicable law including the California Consumer Privacy Act (“CCPA”).

Last Updated: June 23, 2020

This Privacy Notice may be amended or updated from time to time to reflect changes in our Personal Information processing activities, or changes in applicable law. When a change is made, we will post the updated version of this Privacy Notice to the M&T Bank website https://www3.mtb.com/homepage/explore-the-m-and-t-bank-help-center/bank-policies/california-consumer-privacy-notice. All changes will become effective as of the Last Updated date above. We encourage you to regularly check the website to review any changes which we may make, and to review our M&T Bank Internet Privacy Policy, https://www3.mtb.com/homepage/explore-the-m-and-t-bank-help-center/bank-policies/privacy-policy, which covers our collection and use of information when you visit the M&T Bank website.

To obtain a version of this notice in larger print please call M&T Bank toll-free 1-800-724-2440.

Section 1: Categories of Personal Information Collected in the last 12 months

Category

Examples

Purpose

Access Data 

User name, passwords, Personal Identification Number (PIN), tokens, other authentication information including security question response(s). 

We collect this information to help us identify and authenticate you, for fraud prevention and similar purposes.

Account Data 

Account Number, Mortgage Numbers, Credit Card Number, Insurance Policy Number 

We collect this Personal Information to help us service your account.

Biometric Data 

Voice Print, Signature 

We collect this information for authentication purposes prior to disclosing any information about your account.

Communications Data

The contextualized information, in digital or physical form, involved in an exchange between one or more parties. Call logs, Call recording, Text or Email Messages 

We collect communications data as needed to service your account and do business with you. 

Contact Details 

The information required to contact an individual or an organization, e.g., Address, Phone numbers, E-Mail address 

We collect contact details as needed to identify you, contact you and do business with you. 

Demographic Data

Gender, ethnicity, nationality, place of birth, marital status, residency status, military/veteran status

We collect demographic information as needed to identify you, contact you and do business with you.

Financial Information

Information for our financial review to service your account or from payments processing pertaining to executed transactions. For example, transaction date, transaction amount, product account transactions. Also, information such as tax documentation, incomeinformation, paystubs 

We collect financial information in order to provide you the financial products and services yourequest. 

Government Issued Identification

Information used to identify and verify relevant individuals. Examples include Passport Number, State Issued Drivers’ License Number or ID numbers, Social Security Number / Taxpayer IdentificationNumber, Alien Registration Number 

We collect this information to help us identify and authenticate you, for fraud prevention andsimilar purposes. 

Health Data 

Information collected surrounding an individual's health. Medical information,disability data, genetic information 

We collect health data as needed to service your account and do business with you.

Legal / Court Data 

Legal/court Case, docket numbers, property registration information 

We collect legal / court data as needed to service your accountand do business with you. 

Name 

Individual's First, Middle and Last Name 

We collect this Personal Information as needed to identify you, contact you, and do business with you. 

Online / Digital Data 

IP address, Web browsing history, Unique Device Identifier, Cookie data, Apps Downloaded or Used, geographic tracking information 

We collect online and digital data to personalize our interactions with you and to administer andoptimize our sites.

Sensitive Personal Data

Date of birth, Gender identity, Race

We collect sensitive personal data during the onboarding process with the intention of developing a complete and accurate “Know Your Customer” (KYC) profile inline with regulatory requirements. 

We obtain the categories of Personal Information listed above from:

  • you or your authorized agents directly at account opening;
  • documents that you provide to us;
  • third parties that interact with us in connection with the services we perform (e.g., credit bureaus);
  • during account maintenance from you or your authorized agent on forms as required by law.
  • We may also obtain your Personal Information from advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, and social networks.

Failure to provide this information will prevent us from conducting business with you. This information may be combined with other personal data, including criminal convictions and offences, that we obtain from third party or publicly-accessible sources for the purposes of compliance with a legal obligation.

We do not collect the following pieces of information on our consumers: commercial information (purchasing of consumer histories or tendencies); geolocation (physical location or movements); sensory data; education information; or inferences drawn from other Personal Information (personal preferences, characteristics, psychological trends, redispositions, behavior, attitudes, intelligence, abilities, and aptitudes).

We retain your Personal Information for the life of your customer relationship with us. Once your customer relationship is terminated, we will continue to retain your Personal Information only for as long as it is needed for the purposes set forth in this Privacy Notice, and for no longer than the maximum time period allowable under applicable law and regulation.

 

Section 2: Disclosure of Personal Information

In accordance with applicable law, we may disclose your Personal Information to:

Affiliates which include our related companies by common ownership or control

Governmental and Judicial Bodies which include national and local government agencies, regulatory bodies, law enforcement agencies and courts

Third Parties which include service providers, auditors, attorneys, and other professional advisors. Third Parties are subject to contractual obligations to only process the Personal Information in accordance with our instruction, and to use measures to protect the confidentiality and security of your Personal Information.

Reasons we can share your Personal Information

Does M&T Bank Corporation share?

Can you limit this sharing?

For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes – to offer our products and services to you

Yes

No

For joint marketing with other financial companies

Yes

No

For our affiliates’ everyday business purposes - information about your transactions and experiences

Yes

No

For our affiliates’ everyday business purposes - information about your creditworthiness

Yes

Yes

For our affiliates to market to you

Yes

Yes

For nonaffiliates to market to you

​No

​We don't share

Note: M&T Bank Corporation does not sell your Personal Information, therefore any rights that may be afforded to you under CCPA related to the sale of your Personal Information do not apply.

 

Section 3: Your Legal Rights

Subject to applicable law, you may have the right to exercise the following:

  • The right to request access to, or copies of, your Personal Information that we have collected, used, or disclosed for the previous 12 months.
  • The right to request deletion of your Personal Information that we process

Household Requests - We currently do not collect household data. If multiple members of the household make a right to access or right to deletion request, we will respond as if the requests are individual requests.

To exercise rights under the CCPA, you must be a current resident of State of California. Only you, your authorized agent (a person or business entity registered with the California Secretary of State to conduct business in that state), or a person or entity to whom you have granted Power of Attorney to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

To exercise the access or deletion rights, please submit a verifiable consumer request to us:

For customers of M&T Bank Corporation, call toll-free 1-800-724-2440, or go to mtb.com. From the Help Center section, click on Contact Us, then choose Submit feedback or questions. This form may be found here:mtb.com/help-center/top-banking-tasks/ask-question-submit-feedback.

For customers of the Wilmington Trust entities, contact your relationship manager, or call toll-free 1-866-771-7777, or email ConsumerRequest@wilmingtontrust.com.

Your request must include your:

  • Name;
  • Address;
  • Last 4 digits of your social security number.;
  • An email address, if you wish to receive a response via email
  • The nature of your request (access to or deletion of your data).

We will acknowledge receipt of your request within ten days, and will provide a response to your request within 45 days.

Authorized Agent

You may appoint an Authorized Agent to submit a request on your behalf. In order to do so, you must provide the appropriate documentation to M&T Bank (Power of Attorney or proof of filing with the Secretary of State). In order for your authorized agent to act on your behalf, they must supply the appropriate documentation and verify their identity at the time they place the requst.

Please note there are instances in which M&T Bank is required to maintain, or otherwise is not required to delete, your Personal Information. For example, M&T Bank is not required to delete your information if it is being used:

  • To complete a transaction or provide a good or service requested by you;
  • To detect security incidents or protect against malicious, deceptive, fraudulent, or illegal activity;
  • To enable solely internal uses based on your relationship with us, such as a Do Not Solicit request;
  • To comply with a legal obligation, such as federal recordkeeping requirements; or
  • Internally, in a lawful manner that is compatible with the context in which you provided the information.

California Non-Discrimination

California prohibits businesses from discriminating against you for exercising any rights under the CCPA, including, but not limited to, by:

  • Denying you goods or services;
  • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Consumer Rights Requests Metrics

M&T Bank has received zero (0) access, opt out, or deletion requests and has denied zero (0) requests as of July 1, 2020.

 

Section 4: Defined Terms

Personal Information

Any information that can be used to identify an individual, directly or indirectly. Personal Information does not include:

  • publicly available information from government records;
  • deidentified or aggregated consumer information;
  • other information excluded from the CCPA's scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

Processing

​Operations, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction

California Resident

​An individual that resides in the State of California and whose personal income is taxed by the State of California

​Verifiable Consumer Request

​A request made by a consumer, on behalf of the consumer’s minor child, or by a natural person or a person registered with the California Secretary of State as a consumer’s authorized agent.