Privacy Policy

Welcome to the website of Chain Bridge Bank, N.A. (“Chain Bridge,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting the personal information you provide to us through our website. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website, https://www.ir.chainbridgebank.com (the “Site”). This policy applies to information we collect on this website and in email, text, and other electronic messages between you and this website.

Please read this policy to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website. By accessing or using this website, you agree to this privacy policy. This policy may change from time to time (see 17. Changes to This Privacy Policy). Your continued use of this website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

1. Information We Collect

We collect several types of information from and about users of our Site, including:

Personal Information: Information that identifies you as an individual, such as your name, email address, phone number, postal address, account numbers, Social Security number, and other similar information.
Non-Personal Information: Information that does not identify you personally, such as browser type, operating system, internet service provider, Internet Protocol address, pages visited, and the time and date of visits.

2. How We Collect Information

We collect information from you in the following ways:

Directly from You: When you fill out forms on our Site, use our products and services, or otherwise interact with us.
Automatically: As you navigate through the Site, we may use automatic data collection technologies to collect certain information about your device profile, browsing actions, and website traffic patterns.

3. Opting Out

We respect your privacy rights and provide you with options to manage how your personal information is used. Below we outline your ability to opt out of certain data collection practices, including marketing communications, targeted advertising, and the sharing of your personal information with third parties. Please review the following instructions to understand how you can exercise your opt-out rights.

Marketing Communications: You may manage your receipt of marketing communications by clicking on the "Unsubscribe" (or similar) link located on the bottom of an applicable marketing email and following the instructions found on any page to which the link may take you.
Investor Relations Communications: You may manage your receipt of press releases and other communications (e.g., SEC filings) that you’ve signed up to receive via email by clicking on the link on the bottom of such applicable email communication and following the instructions found on any page to which the link may take you.
Cookies: Please consult your device’s or browser's documentation or settings menus for the choices you may have regarding blocking cookies or other tracking technologies. For example, some browsers allow you to block all third-party cookies on websites.
Google Analytics: To opt-out of Google Analytics (the analytics provider we utilize), you may download the Google-provided browser add-on.

4. Use of Your Information

We may use the information we collect from you for the following purposes:

To provide, maintain, and improve our services.
To process your transactions and manage your accounts.
To respond to your inquiries and fulfill your requests.
To communicate with you about products, services, and updates.
To detect and prevent fraud and other unauthorized or illegal activities.
To comply with our legal and regulatory obligations.

5. Disclosure of Your Information

We may disclose your personal information to third parties under the following circumstances:

Service Providers: We may share your information with service providers who perform services on our behalf.
Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
Protection of Rights: We may disclose your information to protect the rights, property, or safety of Chain Bridge, our clients, or others.
Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction.

6. Security of Your Information

We implement a variety of security measures to maintain the safety of your personal information. These measures include encryption, firewalls, and secure server configurations. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

7. Cookies and Tracking Technologies

Our Site may use cookies and other tracking technologies to enhance user experience and analyze Site usage. You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. If you disable or refuse cookies, some parts of our Site may become inaccessible or not function properly.

8. Regulatory Compliance

Chain Bridge Bank, N.A. and its parent company Chain Bridge Bancorp, Inc. comply with applicable federal and state privacy laws and regulations. We provide specific notices and disclosures as required under these laws and ensure robust protections for your personal information.

Gramm-Leach-Bliley Act (GLBA) Compliance: We adhere to the GLBA requirements by implementing administrative, technical, and physical safeguards to protect your non-public personal information (NPI). We provide privacy notices outlining our practices for collecting, sharing, and protecting your information and offer you choices regarding the sharing of your NPI with third parties.
The Virginia Consumer Data Protection Act (“VCDPA”): If you are a Virginia resident, you have certain rights for personal data collected by businesses, including the rights to access, correct, delete, and obtain a copy of your data, and to opt out of targeted advertising, data sales, and certain profiling activities.
California Consumer Privacy Act (CCPA): If you are a California resident, you have specific rights regarding your personal information, including the right to access, delete, and opt-out of the sale of your personal information. We do not sell personal information as defined under the CCPA.
Depending on your state of residency, you may be able to exercise additional rights granted by applicable law in relation to the personal information about you that we have collected, subject to certain limitations.
General Data Protection Regulation (GDPR): If you are located in the European Union, we comply with the GDPR, which provides additional rights regarding your personal data, including the right to access, rectify, or erase your personal data, restrict processing, and data portability.

9. Data Retention and Disposal

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When your information is no longer needed, we will securely dispose of it according to our data retention policy and applicable laws.

Retention Periods: We maintain your information for different periods depending on the type of information, the purpose for which it was collected, and the legal requirements. For example, we may retain account information for a longer period as required under financial regulations.
Secure Disposal: Personal information that is no longer required will be destroyed, deleted, or anonymized in a manner that ensures it cannot be reconstructed or read.

10. International Data Transfers

If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions where our affiliates or service providers are located. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

We use Standard Contractual Clauses (SCCs) or other legally recognized mechanisms to ensure that cross-border transfers of personal data are protected according to applicable data protection laws.

11. Investor Relations and Financial Disclosures

As the wholly-owned subsidiary of publicly traded bank holding company, we may be required to disclose certain personal information as part of our financial and investor reporting obligations. We take steps to ensure that any such disclosures comply with applicable securities laws and regulations. We limit the personal information disclosed to what is necessary for regulatory filings and ensure that it is protected according to applicable privacy standards.

12. Incident Response and Data Breach Notification

Chain Bridge Bank, N.A. has implemented a comprehensive incident response plan to promptly address any data breaches or security incidents. In the event of a data breach involving your personal information, we will notify you and the appropriate regulatory authorities as required by law. This notification will include the nature of the breach, the types of data affected, the steps we have taken to address the breach, and any steps you can take to protect yourself.

13. Changes in Ownership or Control

In the event of a merger, acquisition, or other change in ownership or control of Chain Bridge Bank, N.A., your personal information may be transferred as part of that transaction. We will notify you of any such change and outline your choices regarding your information.

14. Third-Party Service Providers and Websites

We engage third-party service providers to perform certain services on our behalf. These service providers may have access to your personal information as necessary to perform their functions but are not permitted to use it for other purposes.

We require all third-party service providers to sign confidentiality agreements and adhere to our data protection standards to ensure the security and confidentiality of your personal information.

Our Site may contain links to third-party websites. We are not responsible for the privacy practices or content of these third-party sites.

15. Your Choices

Under laws and regulations protecting financial consumers, clients of Chain Bridge Bank, N.A. have the right to:

Access, update, and correct your personal information.
Opt-out of receiving marketing communications from us.
Delete your personal information, subject to certain legal exceptions.

16. Children’s Privacy

Our Site is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at communications@chainbridgebank.com or through our Banking Office at (703) 748-2005 so we can delete that information from our databases.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

18. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at communications@chainbridgebank.com or through our Banking Office at (703) 748-2005.