Battle Creek State Bank
Privacy Policy

Effective Date: May 1, 2026

1. OVERVIEW

Battle Creek State Bank (“we,” “us,” or “our”), a Nebraska state-chartered bank, respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (this “Policy”). The Digital Branch primary location is referred to as Creek Side branch operating with Battle Creek State Bank (BCSB).

This Policy describes the types of information we may collect from you or that you may provide when you:

  • Visit our website or use our online banking portal

  • Open or maintain an account with us

  • Use any of our banking products or services

  • Contact us by phone, email, postal mail, or in person

Please read this Policy carefully. By opening an account or using our services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is incorporated by reference into our Account Agreement and Terms and Conditions. Federal law (Gramm-Leach-Bliley Act) also requires us to provide the bank account owner, you, a separate privacy notice describing our information-sharing practices; the required notice is set forth in Section 2 below.

1.1 Data Controller

For purposes of applicable data protection laws, Battle Creek State Bank (BCSB) is the controller of your personal information. Our contact information is:

Creek Side Branch (Primary) of Battle Creek State Bank Branch (Secondary)

Battle Creek State Bank-- Creek Side Branch, PO Box 126, Oakland, NE 68045

Phone: 402-685-9235 or 402-675-2035

Email: privacy@battlecreekstatebank.com

Website: www.battlecreekstatebank.com

1.2 Regulatory Oversight

Battle Creek State Bank is chartered under the laws of the State of Nebraska and is regulated by the Nebraska Department of Banking and Finance. Our deposit accounts are insured by the Federal Deposit Insurance Corporation (FDIC). For regulatory complaints, you may contact:

Nebraska Department of Banking and Finance

1526 K Street, Suite 300

Lincoln, NE 68508

Phone: 402-471-2171

Website: ndbf.nebraska.gov

2. FEDERAL PRIVACY NOTICE (GRAMM-LEACH-BLILEY ACT)

WHAT DOES BATTLE CREEK STATE BANK DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information collected and shared depend on the product or service you have with us. This information can include:

  • Social Security number and income

  • Proof of Address

  • Account balances and payment history

  • Credit history and credit scores

When you are no longer our customer, we continue to share your information as described in this notice following regulatory requirements.

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information, the reasons Battle Creek State Bank chooses to share, and whether you can limit this sharing.

Reasons we can share your personal informationDoes Battle Creek State Bank share?Can you limit this sharing?
For our everyday business purposes—such as processing your transactions, maintaining your account(s), responding to court orders and legal investigations, or reporting to credit bureaus.YesNo
For our marketing purposes—to offer our products and services to you.YesNo
For joint marketing with other financial companies.NoWe don’t share
For our affiliates’ everyday business purposes—information about your transactions and experiences.NoWe don’t share
For our affiliates’ everyday business purposes—information about your creditworthiness.NoWe don’t share
For nonaffiliates to market to you.NoWe don’t share

Questions? Call 402-685-9235

2.1 How Does Battle Creek State Bank Protect My Personal Information?

We use security measures that comply with federal law to protect your personal information from unauthorized access and use. These measures include computer safeguards, encrypted data storage and transmission, multi-factor authentication, and secured physical facilities. See Section 6 for a full description of our security practices.

2.2 How Does Battle Creek State Bank Collect My Personal Information?

We collect your personal information, for example, when you:

  • Open an account or deposit money

  • Pay your bills or apply for a loan

  • Use your debit or credit card

  • Apply for or use online banking

  • Contact customer service

We also collect your personal information from others, such as credit bureaus, affiliates, and other companies.

2.3 Why Can’t I Limit All Sharing?

Federal law gives you the right to limit only:

  • Sharing for affiliates’ everyday business purposes—information about your creditworthiness

  • Affiliates from using your information to market to you

  • Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See Section 7 for your rights under Nebraska and other applicable state laws.

2.4 Definitions

Affiliates means companies related by common ownership or control. They can be financial and non-financial companies. Battle Creek State Bank does not share with our affiliates.

Nonaffiliates means companies not related by common ownership or control. They can be financial and non-financial companies. Battle Creek State Bank does not share with nonaffiliates so they can market to you.

Joint Marketing means a formal agreement between nonaffiliated financial companies that together market financial products or services to you. Battle Creek State Bank does not jointly market.

3. INFORMATION WE COLLECT

3.1 Information You Provide to Us

We collect information that you provide directly to us when you:

  • Open or apply for an account

  • Complete our customer identification and verification process

  • Use our banking products or services

  • Contact customer support

  • Participate in surveys or promotions

  • Communicate with us via email, phone, mail, or in person

Categories of Personal Information We Collect:

  • Identity Information: Name, date of birth, Social Security number, government-issued identification documents (driver’s license, passport), and photographs as necessary for identity verification.

  • Contact Information: Email address, phone number, physical address, and preferred communication methods.

  • Financial Information: Bank account information, payment card details, transaction history, account balances, credit history, source of funds, and employment information.

  • Technical Information: IP address, device identifiers, browser type and version, operating system, and login information when you use our online or mobile banking services.

  • Transaction Information: Details of transactions you carry out through our services, including dates, amounts, payees, and account references.

Sensitive Data: We may collect sensitive personal data, including biometric data for identity verification, precise geolocation data, government identification numbers (SSN, tax ID), and financial account credentials. We will obtain your explicit consent before processing sensitive data as required by applicable law.

3.2 Information Collected Automatically

When you access or use our online banking portal or mobile application, we automatically collect:

  • Device information (device type, operating system, unique device identifiers)

  • Usage information (pages viewed, features used, time spent, clickstream data)

  • Location information (IP-based location; GPS location only with your permission)

  • Network information (internet service provider, connection type)

  • Log data (access times, error logs, referring URLs)

3.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Identity verification services and KYC/AML providers

  • Credit bureaus and financial institutions

  • Payment processors and correspondent banks

  • Fraud prevention and cybersecurity service providers

  • Public databases and government registries

3.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies on our website and online banking portal to:

  • Recognize you when you return to our platform

  • Remember your preferences and settings

  • Understand how you use our services

  • Detect and prevent fraud

  • Improve our platform’s performance and security

Your Cookie Choices: You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our online banking platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

4. HOW WE USE YOUR INFORMATION

4.1 Purposes of Processing

We use your personal information for the following purposes:

To Provide Banking Services:

  • Process your account registration and onboarding

  • Verify your identity and conduct required customer identification checks

  • Process transactions and maintain your account

  • Issue and manage debit cards, loans, and other banking products

  • Provide customer support and respond to inquiries

  • Send transaction confirmations and account notifications

For Legal and Regulatory Compliance:

  • Comply with Federal and Nebraska banking regulations

  • Meet Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) obligations

  • Comply with economic sanctions and OFAC requirements

  • Respond to legal process, subpoenas, and government requests

  • File Suspicious Activity Reports (SARs) as required by law

  • Maintain required records and audit trails

  • Report to tax authorities as required by law

For Security and Fraud Prevention:

  • Detect, prevent, and investigate fraud and suspicious activity

  • Protect against security threats and cyberattacks

  • Monitor transactions for unusual patterns

  • Verify the legitimacy of transactions and account activity

To Improve Our Services:

  • Analyze usage patterns and trends

  • Conduct research and development

  • Test new features and functionality

  • Troubleshoot technical issues

  • Optimize platform performance

For Marketing and Communications:

  • Send promotional materials about our products and services (with your consent where required)

  • Provide information about new features and products

  • Send newsletters and updates

  • Conduct surveys and gather feedback

For Business Operations:

  • Manage risk and maintain operational integrity

  • Conduct internal audits and quality assurance

  • Train staff and develop policies

  • Protect our legal rights and interests

We process your personal data based on the following grounds:

  • Consent: When you have provided explicit consent, particularly for processing sensitive data or for marketing communications.

  • Contract Performance: To fulfill our obligations under our agreements with you, including your Account Agreement and applicable disclosures.

  • Legal Obligation: To comply with Federal and Nebraska banking laws, AML/BSA regulations, OFAC requirements, and other legal requirements.

  • Legitimate Interests: To pursue our legitimate business interests in providing secure banking services, preventing fraud, and improving our platform, provided these interests are not overridden by your privacy rights.

5. HOW WE SHARE YOUR INFORMATION

5.1 Third Parties We Share With

We may share your personal information with the following categories of third parties:

Service Providers and Processors:

  • Identity verification and KYC due diligence and AML monitoring service providers

  • Cloud storage and hosting providers

  • Payment processors and correspondent banks

  • Customer support platforms

  • Analytics and data processing services

  • Cybersecurity and fraud prevention services

  • Marketing and communications platforms

  • Third parties including, without limitation, affiliates providing technology and cryptocurrency services.

Financial Institutions:

  • FDIC-insured banks and financial institutions

  • Payment networks and clearing houses (e.g., ACH, RTP, Fedwire)

  • Credit bureaus

Regulatory and Law Enforcement:

  • Nebraska Department of Banking and Finance

  • Federal regulators (FinCEN, OCC, OFAC, IRS, FDIC)

  • Law enforcement agencies

  • Courts and legal authorities

Professional Advisors:

  • Legal counsel

  • Accountants and auditors

  • Compliance consultants

5.2 Circumstances of Disclosure

We disclose your personal information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share your information.

  • For Service Delivery: To third-party service providers who assist us in operating our platform and providing services.

  • Legal Requirements: To comply with court orders, subpoenas, legal process, or regulatory demands.

  • Fraud Prevention: To investigate, prevent, or take action regarding suspected fraud or illegal activity.

  • Business Transactions: In connection with a merger, acquisition, sale of assets, or a similar transaction.

  • Protection of Rights: To protect Battle Creek State Bank’s rights, property, or safety, or that of our customers or others.

5.3 No Sale of Personal Information

Battle Creek State Bank does not sell your personal information to third parties. We do not exchange your personal data for monetary or other valuable consideration. Any sharing of information is limited to the purposes described in this Privacy Policy.

5.4 Data Processing Agreements

When we engage processors to handle personal data on our behalf, we enter into written contracts that:

  • Specify clear instructions for data processing

  • Define the nature, purpose, and duration of processing

  • Require confidentiality obligations

  • Ensure appropriate security measures

  • Require deletion or return of data upon request

  • Permit reasonable audits and assessments

6. DATA SECURITY

6.1 Security Measures

We implement comprehensive technical, physical, and administrative security measures to protect your personal information, including:

Technical Safeguards:

  • Encryption of data in transit (TLS) and at rest

  • Multi-factor authentication for online and mobile banking

  • Firewalls and intrusion detection systems

  • Regular security testing and vulnerability assessments

  • Secure software development practices

  • Access controls and authorization protocols

Physical Safeguards:

  • Secured branch facilities with restricted access

  • Secure data centers with environmental controls and monitoring

  • Backup and disaster recovery systems

Administrative Safeguards:

  • Employee background checks

  • Regular security training and awareness programs

  • Incident response and breach notification procedures

  • Access limited to employees with a business need to know

  • Confidentiality agreements with all personnel

6.2 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials and PIN

  • Using strong, unique passwords for online banking

  • Enabling multi-factor authentication when available

  • Not sharing your login information with others

  • Logging out after each online banking session

  • Promptly notifying us of any unauthorized account access

IMPORTANT: Battle Creek State Bank will never ask you to share your password via email, text message, or phone call. If you receive such a request, do not respond and contact us immediately at 402-685-9235 or 402-675-2035..

6.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Investigate the breach and assess its scope

  • Take immediate steps to contain and remediate the breach

  • Notify you within the timeframe required by applicable law

  • Notify the Nebraska Department of Banking and Finance and other applicable regulators

  • Provide information about the breach and steps you can take to protect yourself

  • Cooperate with law enforcement and regulatory authorities

7. YOUR PRIVACY RIGHTS

7.1 Rights Under Federal Law (GLBA)

Under the Gramm-Leach-Bliley Act, you have the right to:

  • Opt-Out of Certain Sharing: Limit our sharing of your personal information with nonaffiliated third parties for marketing purposes, as described in Section 2 above.

  • Receive This Privacy Notice: Receive a copy of our privacy practices annually and whenever we make material changes.

To opt-out of information sharing (to the extent we share), contact us (ask for the Branch Manager, or Compliance Officer) at 402-685-9235 and follow the steps prescribed.

7.2 Rights Under the Nebraska Data Privacy Act

As a resident of Nebraska (or a state with a comparable data privacy law), you may have the following rights regarding your personal data:

  • Right to Know: The categories and specific pieces of personal data we have collected about you, the categories of sources from which we collected your personal data, the purposes for which we collect your personal data, and the categories of third parties with whom we share your personal data.

  • Right to Access: You may request a copy of the personal data we maintain about you.

  • Right to Correction: You may request that we correct inaccurate personal data we have about you.

  • Right to Deletion: You may request that we delete your personal data, subject to certain exceptions (e.g., data we are required to retain by law).

  • Right to Data Portability: You may request that we provide your personal data in a portable, machine-readable format.

  • Right to Opt-Out: You have the right to opt-out of the sale of your personal data (though we do not sell personal data) and of targeted advertising.

  • Right to Consent or Withdraw Consent: You have the right to consent to or withdraw consent for the processing of your sensitive data.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of these rights, you may:

  • Call us at 402-685-9235

  • Email us at privacy@battlecreekstatebank.com

  • Visit a branch in person

  • Mail a written request to:

    • Battle Creek State Bank -- Creek Side Branch, PO Box 126, Oakland, NE 68045.

Response Timeline: We will respond to your request within 45 days of receipt. If we need additional time (up to 90 days total), we will notify you of the extension and the reason.

Verification: To protect your privacy, we will verify your identity before processing your request. We may require additional information to confirm your identity.

7.4 Appeal Process

If we deny your request, you have the right to appeal our decision. To appeal:

  • Submit your appeal within 60 days of our decision

  • We will respond to your appeal within 60 days

  • If we deny your appeal, we will provide information on how to submit a complaint to the Nebraska Attorney General

7.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The authorized agent must provide:

  • Proof of authorization (power of attorney or signed permission)

  • Verification of their own identity

  • Verification of your identity

8. DATA RETENTION

8.1 Retention Periods

We retain your personal information for as long as necessary to:

  • Provide you with our banking services

  • Comply with legal and regulatory obligations

  • Resolve disputes and enforce our agreements

  • Prevent fraud and ensure security

Specific Retention Requirements:

  • Transaction records: 7 years (as required by federal banking regulations)

  • Customer identification records (BSA/AML): 5 years after account closure

  • Tax records: 7 years (as required by IRS regulations)

  • Customer communications: 7 years

  • Audit logs and security records: 7 years

  • Loan files: As required by applicable lending regulations

8.2 Dormant Accounts

Your account becomes dormant without activity for 9 consecutive months.

  • At 9 months, a notice will be sent to the available contact information informing the account will be closed in 90 days.

  • If dormant for the period required under Nebraska law, funds may be transferred to the State of Nebraska under escheatment (unclaimed property) laws

  • At the time of closure, for any reason, a notice is sent to the available address of the impending account status change.

  • Your account may be subject to $25.00 closure fees as disclosed in our fee schedule. The Bank reserves the right to hold and retain up to $25 as informed in the Customer Agreement.

8.3 Deletion of Data

Upon your request or when retention is no longer necessary, we will:

  • Securely delete or anonymize your personal data

  • Instruct our service providers to do the same

  • Retain certain data as required by regulatory law or for legitimate business purposes

9. DATA STORAGE

Battle Creek State Bank operates exclusively within the United States and stores data on servers located in the United States. Your information is processed by our employees and service providers operating within the United States. We do not transfer your personal data outside the United States. If our service providers operate in multiple U.S. states, we require them to maintain the same level of data protection required by this Policy and applicable law.

10. CHILDREN’S PRIVACY

Our online services are not directed to individuals under 18 years of age. We do not knowingly collect personal information online from minors under 18. Minors may only open accounts with the involvement of a parent or legal guardian, as required by law. If we become aware that we have collected personal information online from a person under 18 without appropriate parental consent, we will delete that information. If you believe we have collected information from a minor, please contact us immediately at 402-675-2035.

11. NEBRASKA-SPECIFIC PROVISIONS

11.1 Compliance with Nebraska Data Privacy Act

Battle Creek State Bank complies with all applicable requirements of the Nebraska Data Privacy Act, which became effective January 1, 2025, to the extent applicable to state-chartered financial institutions.

We obtain your explicit consent before processing sensitive data, including:

  • Biometric data used for identity verification

  • Precise geolocation data

  • Government identification numbers (SSN, tax ID)

  • Financial account access credentials

You may withdraw your consent at any time, but this may limit our ability to provide certain services.

11.3 Data Protection Assessments

We conduct and document data protection assessments for processing activities that present heightened privacy risks, including:

  • Processing of sensitive data

  • Targeted advertising activities

  • Profiling that produces legal or similarly significant effects

These assessments are available to the Nebraska Attorney General upon request.

11.4 Nebraska Residents’ Complaints

Nebraska residents with unresolved privacy complaints may contact:

Nebraska Attorney General

  • Consumer Protection Division

2115 State Capitol

Lincoln, NE 68509

Phone: 402-471-2682

Email: ago.consumer@nebraska.gov

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 Types of Cookies We Use

  • Essential Cookies: Required for our online banking platform to function. These cannot be disabled. Includes authentication cookies, security cookies, and session management.

  • Functional Cookies: Enhance functionality and personalization, including language preferences, user settings, and remember-me functions.

  • Analytics Cookies: Help us understand how you use our platform, including usage statistics and performance monitoring.

12.2 Managing Cookies

You can control cookies through your browser settings. Browser-specific cookie management:

  • Chrome: Settings > Privacy and Security > Cookies

  • Firefox: Options > Privacy & Security > Cookies and Site Data

  • Safari: Preferences > Privacy > Manage Website Data

  • Edge: Settings > Privacy, search, and services > Cookies

13. DO NOT TRACK SIGNALS

Some browsers support “Do Not Track” (DNT) signals. Because there is no common understanding of how to interpret DNT signals, we do not currently respond to DNT browser signals. However, you may exercise your opt-out rights as described in Section 7 of this Policy.

14. THIRD-PARTY LINKS

Our website or online banking portal may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party services before providing your personal information.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices

  • Changes in applicable laws or regulations

  • New features or services

  • Security improvements

When we make material changes, we will:

  • Post the updated Privacy Policy on our website

  • Update the “Effective Date” at the top of this Policy

  • Notify you via email if you have an account with us and we have your email address on file

  • Provide conspicuous notice in our branches and online banking portal

  • Obtain your consent if required by law

Your continued use of our services after changes become effective constitutes your acceptance of the revised Privacy Policy.

16. CONTACT INFORMATION

16.1 Privacy Questions and Requests

For questions about this Privacy Policy or to exercise your privacy rights, contact:

Compliance Officer/ Privacy Officer

Battle Creek State Bank -- Creek Side Branch

PO Box 126

Oakland, NE 68045

Phone: primary at 402-685-9235 or 402-675-2035

Email: privacy@battlecreekstatebank.com

16.2 Regulatory Contact

For regulatory matters or complaints:

Nebraska Department of Banking and Finance

1526 K Street, Suite 300

Lincoln, NE 68508

Phone: 402-471-2171

Website: ndbf.nebraska.gov

Email: dob.consumer@nebraska.gov

16.3 Customer Support

For general customer support questions:

Phone: 402-685-9235 (Primary in Oakland); 402-675-2035 (Secondary in Battle Creek)

Email: support@battlecreekstatebank.com

Or visit any of our branch locations during normal business hours.

17. ADDITIONAL STATE-SPECIFIC RIGHTS

17.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Please contact us at [privacy@bcsb.example.com] for information about your California privacy rights.

17.2 Other States

Residents of other states with comprehensive data privacy laws (including Colorado, Connecticut, Virginia, Texas, and others) may have additional rights. Please contact us to inquire about rights specific to your state of residence.

18. ACCESSIBILITY

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you experience any difficulty accessing this Policy, please contact us at 402-685-9235 or visit any branch, and we will provide the information in an alternative format.

19. EFFECTIVE DATE AND VERSION

Version 2.0

Effective Date: 1 May 2026

Battle Creek State Bank

Any questions please call us: 402-685-9235 or 402-675-2035