• The fact that an individual is a customer of the Bank.
  • Identification information including account numbers, social security numbers, driver’s license numbers, similar identification numbers, or family names.
  • Types of accounts, dollar amounts of such accounts, and the manner in which the customer has used or managed these accounts, currently or in the past.

Responsibility
The Board directs executive management to implement this policy and supervise its execution.

Privacy Principles
The Bank recognizes the following eight elements of its privacy policy, which have become standard within the banking industry:

  1. Recognition of Customer’s Expectation of Privacy
  2. Use, Collection and Retention of Customer Information
  3. Maintenance of Accurate Information
  4. Limiting Employee Access to Information
  5. Protection of Information via Established Security Procedures
  6. Restrictions on the Disclosure of Account Information
  7. Maintaining Customer Privacy in Business Relationships with Third Parties
  8. Disclosure of Privacy Principles to Customers

Risk Elements
Failure to properly protect client information carries with it substantial risk to the Bank. Financial risk could occur due to business loss of the clients directly affected or from fines and penalties imposed by various legal entities under GLB or other laws or regulations. Perhaps most important, though, is the risk to the Bank’s reputation. If our client community should perceive us as being careless in handling their confidential information, it could severely jeopardize our ability to prosper. Once gained, such a reputation is very difficult to overcome. Therefore, it is extremely important that all employees understand that keeping client data confidential is one of the most important things that we do and that they make every effort at all times to comply with the requirements of this policy.

Another risk is that data may be contained on the hard drives of workstations or servers which have become obsolete and that unauthorized parties could gain access to that data once the computers leave the Bank. To mitigate this problem, management will either physically destroy the drives or employ software techniques to obliterate the data entirely.

Recognition of Customer’s Expectation of Privacy
Customers of the Bank are entitled to the absolute assurance that the information concerning their financial circumstances and personal lives, which the Bank has obtained through various means, will be treated with the highest degree of confidentiality and respect. Certain expectations of privacy also contain legal rights of customers which are either granted or confirmed to them through various federal and state laws and regulations. All employees are directed by this policy to assure customers of the Bank’s commitment to preserving the privacy of their information. The Bank will post a notice in all banking offices and its Web site which contains an abbreviated version of this policy and the name and telephone number of the person from whom the customer can receive additional information, including this policy in its entirety. That notice is included in the appendix to this policy and is designed to be both a posted notice and a direct disclosure to customers under circumstances described later in this policy.

Use, Collection and Retention of Customer Information
It is the policy and practice of the Bank to collect, retain and use information about customers (both individual and corporate) only where the Bank reasonably believes the gathering of such information would be useful and allowed by law to administer the Bank’s business and/or to provide products, services or opportunities to its customers.

Maintenance of Accurate Information
Executive management is directed to establish procedures to ensure that, to the extent practicable, all customer financial information is accurate, current and complete in accordance with reasonable commercial standards. The Bank will respond promptly and affirmatively to any legitimate customer request to correct inaccurate information, including forwarding of corrected information to any third party who had received the inaccurate information. The Bank will further undertake to record that such corrective action was requested by the customer and follow up with any third party to ensure that they have processed the correction.

Limitation on Employee Access
Executive management will take all steps necessary to ensure that only employees with a legitimate business reason for knowing personally identifiable customer information shall have access to such information. To the extent practicable, access will be limited by computer access codes and granting limited access to areas in which sensitive customer information is retained. Employees will be informed at the time of their initial employment of these standards and will undergo refresher training sessions at least once during each calendar year covering both the policy and Bank procedures. This training will also address procedures concerning information security which will pertain to our information systems. Willful violation of this element of this policy will result in disciplinary action against the offending individual. Inadvertent violations will be dealt with in a manner to ensure that such violations are not repeated.

Protection of Information
The Bank will maintain appropriate security standards and procedures to prevent unauthorized access to customer information. Such procedures should prevent access by not only unauthorized employees, but others as well. Such others include but are not limited to, all non-employees with otherwise legitimate reasons for being on bank premises, computer “hackers”, and all intruders on bank premises. These procedures will also address improper dissemination of information by telephone or face to face contact by employees.

Restrictions on the Disclosure of Account Information
The Bank will not reveal specific information about customer accounts or other personally identifiable data to any unaffiliated third parties for their independent use, except for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information, or in the performance of corporate due diligence, unless it meets with one or more of the following criteria:

  • The information is provided to help complete a customer initiated transaction.
  • The customer requests it.
  • The disclosure is required or allowed by law, such as by subpoena, other legal process, or for investigation of fraudulent activity
  • The customer has been informed about the possibility of disclosure for marketing or similar purposes through a prior communication, and is given the opportunity to decline or “opt out.”

Business Relationships With Third Parties
If the Bank is requested to provide personally identifiable information to a third party and that request is in all respects consistent with other elements of this policy, the Bank will accede to the request only if the third party agrees to adhere to similar privacy principles, no less stringent than set forth in this policy, for bank employees.

Disclosure of Privacy Principles to Customers
The Bank will advise its customers of this privacy policy. The disclosures may be in the form of, but not limited to:

  • Information provided at the time a customer opens a new account or obtains a new product or service.
  • Periodic disclosures, at least annually, mailed or otherwise distributed to customers (statement stuffers, customer newsletters, etc.).
  • Posting of Customer Privacy Policy, or an abbreviated form of the policy, at banking offices and the Bank’s Web site.

Testing for Compliance With Policy
The Bank will make every effort to train and remind employees of the importance of the matters discussed in this policy and the necessity of adhering to the procedures given them. However, it is inevitable that some will not fully understand or will forget parts of this training. For that reason, the Bank will periodically test for compliance. This might take the form of hiring an outside party to call and attempt to obtain data, it could involve monitoring telephone calls or something else entirely. However the Bank chooses to test for compliance, it will be a regular part of this program.

Information Shared with Credit Reporting Agencies and Error Resolution
The Bank, as with the majority of financial institutions, shares information about accounts of its customers with consumer reporting agencies. The Bank will take all steps necessary to ensure the accuracy of such information, and will take prompt remedial action to correct any information which the bank has reported that is found to be incorrect. If a customer believes that we have reported incorrect information to such an agency, he or she is directed to write the bank at its main office address:

State Bank
Attention: Compliance Officer
7526 Hancock Drive
Wonder Lake, IL 60097

The customer is required to include his or her complete name, current address, telephone number, and social security number. The writing should also include the account number, type of account, and the specific item of information in dispute, along with the reason the customer believes the information to be in error.

The Bank is required to conduct an immediate investigation of the matter referenced in the customer’s assertion of erroneous reporting. The Bank must respond to the customer’s assertion in writing within ten business days of the Bank’s receipt of any such assertion and such writing must include the Bank’s findings on the matter, including any corrective measures taken. If the Bank, through reasons beyond its control, is either unable to confirm or deny the customer’s assertion or if it is unable to effect the required corrective action within the allotted 10 business days, the customer will be informed of the Bank’s actions taken to date and the probable time frame during which the matter will be resolved.

The customer also has the right to “opt out”, under the Fair Credit Reporting Act, from having information shared about his or her account with any third party, including a consumer reporting agency unless the transaction is “initiated by the customer”. The latter condition is considered to be met if the customer has opened a deposit or loan account with the Bank, or has granted permission to a third party, consistent with the provisions of the Fair Credit Reporting Act, to inquire from the Bank concerning specific past or present account activity. The condition is not met if the Bank has received information regarding a customer from any other source.

A customer may elect to “opt out” of any sharing of information by the Bank with any third party in those situations which are “not initiated by the customer” by writing to the Bank at the address shown above. The Bank will be bound, by the customer’s request alone, to take immediate action to ensure that the information is not shared.

Employee Education and Training
Executive management is directed to provide a copy of this policy to all bank employees and to obtain a receipt from each employee acknowledging that fact. After any amendments or modifications to this policy have been duly adopted, a copy of the amended policy will also be given to each employee, again acknowledged by receipt.

At least once during each calendar year, the Bank will conduct a meeting of all employees during which matters affecting customers’ rights to privacy will be discussed. Such meetings will include discussions on the following:

  • The proper use of customer information.
  • Procedures for maintaining security of information.
  • The importance of confidentiality and customer privacy.
  • Any incidents, or patterns of behavior, which are covered under this policy.

Record Keeping and Reporting
Executive management will maintain a separate file for the purpose of retaining any customer complaints which relate to this policy. The information regarding any complaint should include the exact nature of the complaint, describe the corrective actions taken, and confirm that the corrective actions resolved the complaint.

Executive management will make an annual report to the board concerning customer complaints which shall include the frequency and nature of such complaints and corrective actions taken. Complaints of a nature sufficient to present a risk of regulatory enforcement action and/or civil money penalties are required to be reported if and when they occur. Additionally, management will report annually concerning training, testing and anything else of a material nature.

Review of Policy
The Board of Directors will make a review of this policy at least once each year and make any revisions and amendments it deems appropriate. The Chief Executive Officer will be responsible for suggesting more frequent revisions as situations or changes in laws or regulations dictate.

CUSTOMER INFORMATION PRIVACY NOTICE
(Abbreviated version)
The Bank recognizes that our customers both desire and have the right to privacy and confidentiality of the information they have entrusted to the Bank. To that end, the Bank has adopted a “Customer Privacy Policy”. The following eight Privacy Principles are included in that policy, which have been adopted as central guiding principles by several banking groups.

1. Recognition of Customer’s Expectation of Privacy
2. Use, Collection and Retention of Customer Information
3. Maintenance of Accurate Information
4. Limiting Employee Access
5. Protection of Information via Established Security Procedures
6. Restrictions on the Disclosure of Account Information
7. Maintaining Customer Privacy in Business Relationships with Third Parties
8. Disclosure of Privacy Principles to Customers

The above statement and list of principles offers only the issues addressed by the “Customer Privacy Policy”. Customers, who have either specific questions regarding the policy or who wish to obtain a copy of the entire policy, may do so by contacting the Bank, either in writing to the Bank, or by telephone during regular business hours.

State Bank
Attention: Compliance Officer
7526 Hancock Drive
Wonder Lake, IL 60097
(815) 728-8000

CUSTOMER INFORMATION PRIVACY NOTICE
(Full version)
Protecting your privacy is important to our Bank and employees. We want you to understand what information we collect and how we use it. In order to provide our customers with a broad range of financial products and services as effectively and conveniently as possible, we use technology to manage and maintain customer information. The following policy serves as a standard for all State Bank employees for collection, use, retention, and security of nonpublic personal information.

What Information We Collect
We may collect “nonpublic personal information” about you from the following sources:

  • Information we receive from you on applications,emails or other loan and account forms;
  • Information about your transactions with us or others; and
  • Information we receive from third parties such as credit bureaus.

“Nonpublic personal information” is nonpublic personal information about you that we obtain in connection with providing a financial product or service to you. For example, nonpublic personal information includes information regarding your account balance, payment history, and overdraft history.

Privacy for Internet Users
Our commitment to safeguard your privacy also extends to the Internet. If you are just browsing through our website, we do not request any personally identifiable information, nor do we collect unique identifying information about you unless you voluntarily and knowingly provide us that information, such as when you send us an email or complete an application online. If you provide us this information, it is only used internally and in furtherance of the purpose for which it was provided.

Service providers hosting our website and Internet banking service may collect general information on our website visitors simply to help us provide banking and other financial services to you online. They collect information on our behalf for security and statistical purposes. The information collected for these purposes may include:

  • The Internet address (referral site) which brought you to our web site;
  • The date and time you access our site;
  • The name and version of your web browser;
  • The Internet service provider you used when you accessed our site;
  • Your Internet Protocol (IP) address; and
  • The pages visited in our website and Portal.

Our service providers may use cookies to collect this type of general information on all website visitors and they may use cookies for security purposes within our Internet Banking product. Cookies may also be utilized for customization and personalization of the Portal. In the future, we may use aggregate, general, non-personally identifiable information collected through the Internet to help us market our products and services.

Additional information about IP addresses and cookies are provided below.

Internet Protocol (IP) Addresses
An IP address is a number that's automatically assigned to your computer whenever you're on the Internet. Web servers, the computers that "serve up" Web pages, automatically identify your computer by its IP address.

When collecting information for us, FundsXpress does not link IP addresses to anything personally identifiable, which means that a user's session will be logged, but the user remains anonymous.
FundsXpress may use IP addresses to audit the use of our site. They can and will use IP addresses to identify a user when necessary for security purposes.

What is a Cookie?
A cookie is a very small text file sent by a web server and stored on your hard drive, your computer’s memory, or in your browser so that it can be read back later. Cookies cannot “read” information about you from your computer or be used to “steal” information about you; and cookies don’t carry viruses. Cookies are a basic way for a server to identify you (most cookies actually identify the computer you happen to be using at the time, not you personally). Cookies are used for many things from personalizing start up pages to facilitating online purchases. Cookies help sites recognize return visitors and they perform a very important function when you engage in secure Internet banking. For your security, our Service Providers do not store any of your personal information in cookies. The cookies used in our Internet banking system and Portal are further described below.

Internet Banking Cookies
Our Internet banking product uses encrypted cookies that do not pass to your computer’s hard drive. Instead, the cookie is stored in your computer’s memory, identifying only your computer while you are logged on. Only our service provider can read the information in these cookies. This Internet banking cookie allows us to process multiple transactions during your session without requiring you to reenter your pass code for each individual transaction. The cookies for Internet banking simply provide another level of security for our Internet banking product. When you log off, or close your browser, the cookie is destroyed. A new cookie is used for each session. That way, no one can use the prior cookie to access your account. For additional security, the cookie expires after 10 minutes of inactivity. It must then be renewed by reentering your pass code. We do not (and cannot) use this cookie to collect or obtain new personal information about you. You must allow your browser to accept this cookie so you can use the Internet banking product.

Portal Cookies:
Our service provider uses several cookies to provide features within the Portal. The “Web Trends” cookie is sent to all Portal visitors in order to help us collect general information on all Portal visitors. This cookie is sent to your computer hard drive and provides us information such as; when you accessed our site, which pages you accessed in the portal, and what Internet provider you used when you accessed our site. The information collected through this cookie is not personally identifiable and is only used for statistical purposes to assist us in our planning process and our marketing program.

When visitors register on the Portal and select the “Remember Me” checkbox, our service provider sends an additional cookie to your hard drive, which enables you to customize the Portal and bypass the login process each time you revisit the Portal. These cookies are retained on your computer until you either delete them or click on the Logout link within the Portal. These cookies only contain a unique user identification number and do not contain or collect any personally identifiable information.

When registered users login to the Portal, our service provider sends an additional cookie called a "per-session" cookie or "server-side" cookie. This "server-side" cookie resides in the browser and is only used to monitor the session by a unique identification number. This cookie is used for security purposes and you must allow your browser to accept the "server-side" cookie to use the Portal. The cookie is destroyed after eight hours.

When you click on advertisements of third party merchants within their Portal, they may also send you a cookie. You do not have to accept these cookies to use the Portal. Email Policies
In the future we may send you email notices for certain required disclosures if you choose to accept electronic disclosures or account statements. We may also send you emails marketing our products and services. We offer secure email through our Internet Banking service. You should use the secure mail service anytime you send us sensitive personal information.

External Third Party Links
Our website has numerous links to other third party sites. These links to external third parties are offered as a courtesy and a convenience to our customers.

WE ARE NOT RESPONSIBLE FOR THE PRIVACY AND SECURITY PRACTICES OR THE CONTENT OF LINKED THIRD PARTY SITES.

Third party merchants may collect personal information from you when you visit their websites. For example, they collect personal information from you when you provide billing information or send them an email. Some third party merchants may also send you a cookie to collect data on your Internet usage and preferences. When you click on advertisements at third party sites, the advertising company may also send you a cookie. With the exception of our service providers, we do NOT have access to the information collected by any third party, nor can we control how they use this information. If you have questions or concerns about the privacy policies and practices of linked third parties, please review their websites and contact them directly.

What Information We Disclose
We are permitted under law to disclose nonpublic personal information about you to other third parties in certain circumstances. For example, we may disclose nonpublic personal information about you to third parties to assist us in servicing your loan or account with us, to government entities in response to subpoenas, and to credit bureaus. We do not disclose any nonpublic personal information about you to anyone, except as permitted by law.

We may disclose a portion of the customer information that we collect on our Website and/or Portal to financial institutions that perform marketing services on our behalf and with whom we have joint marketing agreements. Our contract requires these financial institutions to protect the confidentiality of your personal information to the same extent that we must do. The disclosure of certain information to these financial institutions can help us market financial products and services that may be of particular interest to you or save you money.

Fair Credit Reporting Act Notice
We may share all or portions of customer information collected with companies in our organization. By sharing information about your accounts and relationships among our family, we can save you time and money. It will also be easier for you to access the wide range of products that we offer. You should know, however, that the law permits you to direct us NOT to share certain information with affiliate companies in our organization. If you prefer that we not disclose nonpublic personal information about you to our affiliates, you may opt out of those disclosures. That is, you may direct us NOT to make disclosures (other than those disclosures permitted by law). If you wish to opt out of disclosures to our affiliates, you may call the following toll-free number 815-728-8000 ext. 50 or send us email at customerservice@thestatebankgroup.com

If you decide to close your account(s) or become an inactive customer, we will continue to adhere to the privacy policies and practices described in this notice.

Our Security Procedures
We also take steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide products or services to you. Employees who violate these standards will be subject to disciplinary measures. We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Our Internet Banking service provider, has also developed security policies and procedures to protect the customer information that they must collect and maintain to help us process your banking transactions over the Internet. They have developed a top-of-the line security system to ensure your customer information is protected on the Internet and within the data center environment.
Customers, who have either specific questions regarding the policy or who wish to obtain a copy of the entire policy, may do so by contacting the Bank,either in writing to the Bank, or by telephone during regular business hours.

State Bank
Attention: Compliance Officer
7526 Hancock Drive
Wonder Lake, IL 60097
(815) 728-8000

ONLINE BANKING

CALL US!
815-728-8000
ONE NUMBER FOR ALL
BANKING LOCATIONS

BANK BY PHONE
815-728-HELP
ANYTIME
HELP LINE

REORDER CHECKS
EASY ONLINE
ORDERING