Truist Consumer Rights and CCPA Notice

California Consumer Privacy Notice (effective January 1, 2020)

Maintaining the privacy and security of your personal information is Truist’s highest priority. In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as SunTrust now Truist’s Consumer Privacy NoticeLink opens a new window and Online Privacy Practices Statement, set forth how we will interact with your personal information. Specifically, it provides information on how you may exercise your California privacy rights. This Notice is directed to consumers who reside in the state of California. That said, all of our consumers are welcome to submit questions or requests about their data.

It is important to note that Truist does not sell your data. To be clear, SunTrust now Truist, BB&T now Truist, and Truist have not and will not disclose or sell any consumer Personal Information to third parties for a business or commercial purposes. Because such sales do not occur and would violate company policy, there is no link on our websites to opt-out of such activity.

One of Truist’s privacy principles is that our consumers own their data. To help ensure transparency around our handling of consumer data, we have stood up a portal with our partner, OneTrust, to facilitate receiving and processing requests related to accessing and potentially deleting your data. This portal helps us meet certain legal and compliance requirements such as those under the California Consumer Privacy Act (CCPA). It also gives non-CA consumers a vehicle to make similar requests.

  • CCPA Privacy Notice

    • SunTrust now Truist’s Consumer Privacy NoticeLink opens a new window and Online Privacy Practices Statement provide consumers details about our practices concerning the privacy of your data. This Notice provides further information about our practices, along with details concerning how “Right to Know” and/or “Right to Request Deletion” requests may be submitted. This Notice is designed to provide additional information not covered elsewhere on our site, to ensure compliance with the notice provisions of the CCPA.

      The following are some general notes about Truist’s practices related to the collection, use and sharing of consumer data:

      As a financial institution, it is necessary for us to collect certain personal information from and/or about our clients in order to provide our products and services, fulfill consumer requests, to comply with the federal and state laws and other legal obligations. Below is a list of categories of data we may collect about our clients:

      • Personal Information (“information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,” as defined in the CCPA)
      • Demographic/Protected class information
      • Biometric information (ex: voice recordings when you contact a Call Center or leave a voicemail for a Truist teammate)
      • Commercial information
      • Professional or employment-related information
      • Education information
      • Geolocation (ex: your IP address when visiting a Truist website or your physical location when using a Truist ATM)
      • Internet or other electronic network activity information
      • Audio, electronic, visual, thermal or olfactory information
      • Personally Identifiable Health Information
      • Background/criminal record
      • Marketing opt-out/preference information
      • Inferences drawn from any of the above information

      It is necessary for Truist to share certain client data with affiliates and/or trusted service providers in order to provide our products and services, and to comply with legal and contractual obligations. When engaging such service providers, Truist ensures that such partners will maintain the information in accordance with our privacy and security standards, and only use the data for the use(s) specified in the contract. While certain Truist activities and responsibilities may be outsourced, Truist recognizes and embraces ultimate accountability for the privacy and security of the data entrusted to us. As noted above, it is a violation of Truist’s Consumer Privacy Notice to share consumer information with non-affiliated third parties for their marketing purposes. Consumer information will not be shared with third parties (non-service providers) absent prior authorization from the client or their agents.

  • Truist’s No Sale Policy

    • As noted above, it is a violation of company policy to sell client or consumer data. To be clear, Truist has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. Therefore, there is no opt-out for the sale of data provided on our website, since there is no activity to opt out from.

  • Consumer Access Requests

    • Consumers have a right under the CCPA to request that Truist disclose categories of information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

      Consumers are welcome to submit requests for more information by visiting our Consumer Rights Request Portal, hosted by OneTrust:

      • To submit a data access request for yourself, click here
      • To submit a data access request on behalf of another individual, click here
      • To dispute or appeal a prior data access request, click here

      Consumers are also welcome to submit requests by calling 877-782-3847

      All requests must be verified prior to receiving a response, using Truist authentication protocols. Requesters will be asked to supply certain basic Personal Information to enable us to validate the requestor is the consumer who is subject to the request, such as name, social security number and address. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.

      Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent or legal guardian of the consumer whose information is being requested. This will require the submission of a valid Power of Attorney, Birth Certificate, approved Truist authorization form, Guardianship Order or other court order granting authority to receive information, as appropriate.

      Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

      Please note that Truist is taking advantage of the exemption within the CCPA for data collected pursuant to the Gramm-Leach-Bliley Act (GLBA). This enables us to best protect the security of our clients when responding to requests. Data provided pursuant to GLBA is often highly sensitive Personal Information, including financial data, that could lead to identity theft should it land in the wrong hands. We will continue to provide access to sensitive financial data only through our established, secure mechanisms to obtain that information such as online or mobile banking, or visiting a branch. Therefore, specific pieces of data collected pursuant to GLBA will not be provided through the Consumer Rights Access Request Portal.

  • “Right To Request Deletion” Requests

    • Consumers also have a right under the CCPA to request deletion of their Personal Information collected or maintained by Truist.

      The submission methods, authentication protocols, and time frames for response are identical to those referenced above in the “Right to Know Requests” section. Keep in mind that the GLBA exemption and other legal exemptions may also apply to these requests. For example, Truist cannot delete data provided by a client to service an active (or recently active) account, because such data is still needed to provide the product or service and/or meet legal retention requirements. Another example would be the inability to delete certain data that is subject to a legal hold.

      Truist will explain in its response the manner in which it has deleted the personal information. Or, if an exemption applies restricting Truist’s ability to delete the data, Truist will describe the basis for the denial of the request in its response. Should an exemption apply precluding the destruction of the data, Truist will not use the consumer’s personal information for any other purpose than provided for by that exemption (for example, if certain data cannot be deleted due to a legal hold, we will ensure that such data is no longer used for Truist marketing purposes).

  • Non-Discrimination

    • The submission of a Right to Know or Right to Request Deletion request will have no impact on the service and/or pricing you receive from Truist. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services.

  • Updates

    • This Consumer Rights and CCPA Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date listed at the top of this page). If we revise this or other privacy notices in a manner that materially changes our privacy practices, we will provide conspicuous notice on our website and provide direct notice to our clients.

Contact Us

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 800.SUNTRUST (1-800-786-8787) or at SunTrust.Privacy@SunTrust.com.