I. PURPOSE

The Board of Directors and Management of the Bank understand how important personal privacy is to our customers. In the interest of protecting the privacy of our customers, the Board has adopted this Privacy Policy. The Bank knows that customers expect and deserve privacy and security for their personal and financial affairs; therefore, the Bank must take all steps necessary to safeguard sensitive information that has been entrusted to us by our customers. To that end, the Bank has adopted the following standards and procedures intended to prevent misuse of customer information.

II. PERMISSIBLE REASONS TO COLLECT AND MAINTAIN INFORMATION

The Bank will collect, retain, and use information about our customers only when it will help administer our business or provide products, services, and other opportunities to customers. The Bank will collect and retain information about customers only for specific business purposes. When the Bank does so, the Bank will disclose to our customers why we must gather the information. It is the policy of the Bank to use customer information to protect and administer customer records, accounts, and funds. The Bank must also collect information to comply with certain laws and regulations. Finally, the Bank may use the information to create new products or improve existing products, services, and delivery systems. The Bank does not disclose any nonpublic personal information about customers or former customers to anyone, except as permitted by law.

III. TYPE OF INFORMATION COLLECTED

We only collect customer information that: 1) you provide to us on applications for our products and services; 2) we receive from an outside company, such as a consumer reporting agency; 3) we receive about you from companies affiliated with Presidio Bank such as service providers and vendors; and, 4) we receive in response to requests made to third parties about you or to confirm information that you have provided to us, particularly in the process of evaluating applications for loans.

IV. LIMITING EMPLOYEE ACCESS

The Bank will implement procedures that limit employee access to personally identifiable information to those employees with a business reason to know such information about customers. All employees will be informed about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and the Code of Business Conduct. Bank management is directed to take appropriate disciplinary measures to enforce employee privacy responsibilities.

V. SECURITY PROCEDURES

Bank management is directed to maintain security standards and procedures to help prevent unauthorized access to confidential information about customers. The Bank will update and test the standards and procedures on an ongoing basis to ensure the protection and integrity of customer information.

VI. RESTRICTIONS ON DISCLOSING INFORMATION

The Bank will comply with the requirements of the California Financial Information Privacy Act (Division 1.2). The Bank will not sell, share, transfer, or otherwise disclose nonpublic personal information to or with any nonaffiliated third parties without the explicit prior consent of the consumer to whom the nonpublic personal information relates, except as permitted by law; Bank may be required to disclose customer information to government entities, courts, or other entities (in response to subpoenas or other legal processes). Customer consent is not required should the Bank be required to disclose information as provided in the preceding sentence. The Bank will not discriminate against or deny an otherwise qualified consumer a financial product or a financial service because the consumer has not provided consent to authorize the Bank to disclose or share nonpublic personal information pertaining to him or her with any nonaffiliated third party. However, the Bank is not prohibited from denying a consumer a financial product or service if the Bank could not provide the product or service to a consumer without the consent to disclose the consumer's nonpublic personal information, and the consumer has failed to provide consent. The Bank will utilize a form, statement, or other writing to obtain consent to disclose nonpublic personal information to nonaffiliated third parties. The form, statement, or writing will meet all of the requirements of the California Financial Information Privacy Act.