Privacy & Security


Keep yourself protected by staying informed

Grand River Bank will never solicit personal information via email or telephone. Personal information can include access id’s, tax identification numbers, passwords, or debit card numbers.

FACTS

WHAT DOES GRAND RIVER BANK DO WITH YOUR PERSONAL INFORMATION?

WHY?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

WHAT?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

• Social Security number and income

• Account balances and payment history

• Credit history and credit worthiness

When you are no longer our customer, we continue to share your information as described in this notice.

HOW?

All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Grand River Bank chooses to share; and whether you can limit this sharing.

REASONS WE CAN SHARE YOUR PERSONAL INFORMATION

Does Grand River Bank share?

Can you limit this sharing?

For our everyday business purposes- such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes- to offer our products and services to you

Yes

No

For joint marketing with other financial companies

No

We don't share

For our affiliates' everyday business purposes- information about your transactions and experiences

No

We don't share

For our affiliates' everyday business purposes- information about your creditworthiness

No

We don't share

For nonaffiliates to market to you

No

We don't share

QUESTIONS?

Call 616.929.1600 or 888-929-4723 or go to grandriverbank.com


Page 2

WHAT WE DO

How does Grand River Bank protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

We also restrict access to nonpublic personal information about you to only those employees who need to know that information to provide products or services to you.

How does Grand River Bank collect my personal information?

We collect your personal information, for example, when you

• open an account or deposit money

• pay your bills or apply for a loan

• use your credit or debit card

We also collect your personal information from others, such as credit bureaus or other companies.

Why can't I limit all sharing?

Federal law gives you the right to limit only

• sharing for affiliates' everyday business purposes - information about your creditworthiness

• affiliates from using your information to market to you

• sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

DEFINITIONS

Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

• Grand River Bank does not share with our affiliates.

Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

• Grand River Bank does not share with nonaffiliates so they can market to you.

Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

• Grand River Bank doesn't jointly market.



Today’s modern world is more interconnected than ever before. Everything from online shopping to social networking to providing basic utilities requires the reliability and security of the Internet. Emerging cyber threats require the engagement of our entire society including government and law enforcement, the private sector, and members of the public.

All businesses face a number of cybersecurity challenges, like being the target of cybercriminals, having intellectual property stolen or being attacked to disrupt our way of life. Cybersecurity must become a priority for every business and every industry. Companies need to proactively protect their most vital assets, employees and customers. If a cybersecurity incident does occur, businesses need to readily respond, recover and collaborate with law enforcement by sharing threat information and aiding investigations.

Grand River Bank offers these tips and advice from StaySafeOnline.org to help our valued business customers take a risk management approach to cybersecurity:

STOP. THINK. CONNECT. Make it as difficult as possible for criminals and others to use your digital technology against you.

Keep a Clean Machine

- Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

- Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

- Protect all devices that connect to the Internet: Along with computers, your smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.

- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information

- Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.

- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.

- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals.

- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.

- Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

Connect With Care

- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the ways cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark as junk email.

- Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.

- Protect your $$: When banking and shopping, check to be sure the sites are security-enabled. Look for web addresses with “https://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

Be Web Wise

- Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, share with friends, family and colleagues and encourage them to be web wise.

- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.

- Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

Be a Good Online Citizen

- Safer for me, more secure for all: What you do online has the potential to affect everyone -at home, at work and around the world. Practicing good online habits benefits the global digital community.

- Post only about others as you have them post about you.

- Help the authorities fight cybercrime: Report stolen finances, identities and cybercrime to www.ic3.gov(the Internet Crime Complaint Center) and www.onguardonline.gov/file-complaint(the FTC).

• Multiple layers of encryption, firewalls, screening, and filtering routers.

• Secure sessions established through Secure Socket Layers (SSL).

• Use of 128-bit capable encryption protocol.

• Login ID and User passwords.

• Strong password requirements.

• Sessions are “timed out” after a specified period of inactivity.

• Security procedures audited by external certified examiners.

• Security penetration testing routinely performed by independent security firm.

To help our government fight the funding of terrorism and money laundering activities, Federal Law requires all financial institutions to obtain, verify and record information that identifies each persona who open an account. When you open an account with Grand River Bank, we will ask for your Name, Address, Date of Birth and other information that will allow us to identify you. We may also ask to see you driver’s license to other identifying documents.

You can take a few precautions to protect yourself from other online threats:

• Install a Firewall, anti-virus software, and anti-spyware and keep your virus definitions and browser and security software current.

• Exercise reasonable care when downloading software and opening email attachments.

• Have your computer analyzed by a qualified technician if you suspect your computer is running abnormally, you are receiving an unusual amount of “pop-up” pages, or you notice that you are being redirected to other web pages.

• Beware of using non-encrypted wireless connections with computers, phones, and portable devices to send sensitive information from public wireless locations or even from home wireless networks. Using scanning devices, individuals can intercept unencrypted signals and view or obtain your information.

• Beware of “shoulder surfers” while using a computer in public areas who may be trying to intercept your passwords or information.

• Use strong passwords with a combination of uppercase and lowercase letters, numbers, and symbols. Change passwords periodically and always change pre-assigned temporary passwords. When creating PINs and passwords, do not use birth dates, addresses, phone numbers, etc. that are easily guessed from personal information.

• Never use the “save ID and password” option in your browser at home, or on a laptop or public computer.

• Do not email personal and financial information to non-secure sites. Because of the potential for loss, avoid storing personal information on a laptop computer.

• Properly dispose of old computers and ensure all sensitive information is removed from the hard drive. Reformatting the hard drive may not be sufficient - use specialized software to erase information.

• Review your bank statements closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact us immediately.

If you are a customer who has provided sensitive account or personal information in response to an unsolicited Grand River Bank email or phone call, immediately contact Grand River Bank at 616.929.1600. We are available to serve you Monday through Thursday from 8 AM - 5 PM and Friday from 8 AM - 5:30 PM.

Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. Grand River Bank recommends following these tips to keep your information and your money safe.

1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.

2. Log out completely when you finish a mobile banking session.

3. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.

4. Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary permissions.

5. Download the updates for your phone and mobile apps.

6. Avoid storing sensitive information like passwords or a social security number on your mobile device.

7. Tell your bank immediately if you change your phone number or lose your mobile device.

8. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you are punching in sensitive information.

9. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturers recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.

10. Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you do not know. And be wary of ads (not from your security provider) claiming that your device is infected.

11. Watch out for public Wi-Fi. Public connections aren't very secure, so do not perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.

12. Report any suspected fraud to your bank immediately.

Though the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. According to Symantec, 12 adults become a victim of cybercrime every second. Grand River Bank recommends the following tips to keep you safe online:

1. Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.

2. Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.

3. Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.

4. Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother's maiden name, etc. Be wary of requests to connect from people you do not know.

5. Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi- Fi networks, be cautious about what information you are sending over it.

6. Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.

7. Read the site's privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects. If you don't see or understand a site's privacy policy, consider doing business elsewhere.

Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Grand River Bank recommends following these tips to keep your small business safe.

1. Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.

2. Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.

3. Partner with your bank to prevent unauthorized transactions.

4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.

5. Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

Effective July 29, 2015, Microsoft released Windows 10. Windows 10 ships with two (2) browsers: Internet Explorer 11 and the new Microsoft Edge browser. The new browser is enabled by default, and will be used when accessing websites following the Windows 10 Update. At this time, Grand River Bank continues to test the new Microsoft Edge browser with all of our Online Banking programs. Personal Online Banking and Business Online Banking are both supported by Edge. Additional testing is being done on Remote Deposit Capture and is NOT supported by Edge. If using Remote Deposit Capture, Internet Explorer 10 is the preferred and supported browser. If you need additional assistance or information, please call our customer service representatives at 616.929.1600.

The following are Grand River Bank minimum system requirements for Online Banking:


CPU

Dual Core Intel Xeon E5520 (2.26 GHz)

Memory

2 GB

Operating System

Windows 7 Standard

Windows 8 Standard

Windows 10 Standard

Drive Configuration (Raid 5/SAN)

60 GB System Drive (C:)

Web Browser

Internet Explorer 9

Internet Explorer 10

Internet Explorer 11 (limited)

Microsoft Edge (limited)

Google Chrome (limited)

Firefox (limited)

Safari (limited)

Protect Yourself Against Phishing

Phishing usually comes in the form of fraudulent emails that appear to come from legitimate sources. These ask customers to verify personal information or link to counterfeit Web sites that appear real.

Watch for emails that:

• Urge you to act quickly because your account may be suspended or closed, or to update your personal information.

• Don't address you by name, but use a more generic one like "Dear valued customer."

• Ask for account numbers, passwords, Access IDs, or other personal information.

We will NEVER ask for sensitive information, such as account numbers, access IDs or passwords, via e-mail.

Tips from the American Bankers Association for safeguarding your information:

• Do not give your Social Security number or other personal credit information about yourself to anyone who calls you.

• Tear up receipts, bank statements and unused credit card offers before throwing them away.

• Keep an eye out for any missing mail.

• Do not mail bills from your own mailbox with the flag up.

• Review your monthly accounts regularly for any unauthorized charges.

• Order copies of your credit report once a year to ensure accuracy. You may call 1-877-322-8228 for a free credit report from any or all three credit reporting agencies.

• Do business with companies you know are reputable, particularly online.

• Do not open email from unknown sources and use virus detection software.

• Protect your PINs (don’t carry them in your wallet!) and passwords; use a combination of letters and numbers for your passwords and change them periodically.

• Report any suspected fraud to your bank and the fraud units of the three credit reporting agencies immediately.

TransUnion: (800) 680-7289

Experian: (888) 397-3742

Equifax: (800) 525-6285

If you become a victim, contact:

• The fraud departments of the three major credit reporting agencies

• The creditors of any accounts that have been misused

• The local police to file a report

• The bank to cancel existing accounts held in your name and re-open new accounts with new passwords

We are committed to safeguarding our customers’ financial information. Maintaining our customers’ trust and confidence is a top priority. To learn more about how we protect your information, please review our privacy policy. .

What is identity theft?

Identity theft occurs when someone acquires your personal information and uses it without your knowledge to commit fraud or theft. It is a serious crime and cases are growing. An all-too-common example is when an identity thief uses your personal information to open a credit card account in your name.

No matter how cautious you are, there is no way to completely prevent identity theft from occurring. But there are ways you can help minimize your risk. This page contains valuable information on how you can protect yourself by managing your personal information wisely, the warning signs of identity theft, and what to do if you do become a victim.

Helpful Tips

• Don't give out personal information on the phone, through the mail or over the Internet unless you've initiated the contact or are sure you know whom you're dealing with.

• Don't carry your Social Security card with you; leave it in a secure place. Carry only the identification and credit and debit cards that you need.

• Don't put your address, phone number, or driver’s license number on credit card sales receipts.

• Social Security numbers or phone numbers should not be put on your checks.

• Shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail.

• Secure your credit card, bank, and phone accounts with passwords. Avoid using easily available information like birth date, the last four digits of your SSN, or your phone number. When opening new accounts, you may find that many businesses still have a line on their applications for your mother's maiden name. Use a password instead.

• Secure personal information in your home, particularly if you have roommates or hire outside help.

• Promptly remove mail from your mailbox. If you're planning to be away from home and can't pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold.

• Ask about information security procedures in your workplace. Find out who has access to your personal information and verify that records are kept in a secure location. Ask about the disposal procedures for those records as well.

• Before revealing any personally identifying information (for example, on an application), find out how it will be used and secured, and whether it will be shared with others. Ask if you have a choice about the use of your information. Can you choose to have it kept confidential?

Why is it important to review your credit report?

Your credit report contains important information about your current and past credit and payment history. Negative information in your credit report will lower your credit score, which could affect things such as qualifying for a loan or insurance or even getting a job. When you review your credit report make sure to check for accuracy and report any errors or discrepancies to the credit bureau.

Guard against Identity Theft

It is recommended that you check your credit report at least annually. Victims of identity theft often do not know they are victims until their credit reports reveal the evidence that someone else has used their personal information to open accounts in their name.

For more information on accessing your free credit reports, visit the Federal Trade Commission's web site or request your free credit report in any of the following ways:

1. Online at www.annualcreditreport.com

2. By calling toll-free 1-877-322-8228

3. Mail your request to:

Annual Credit Report Request Service

PO Box 105281

Atlanta, GA 30348