NexTier Bank Privacy Disclosure

NexTier Bank collects nonpublic personal information from three primary sources. First, information provided directly by the consumer on applications and other forms: name, address, telephone, Social Security number, date of birth, employment, income, and assets. Second, information about transactions with the bank: account balances, payment history, debit-card activity, bill-pay and wire-transfer history, and online banking sign-in metadata. Third, information received from consumer reporting agencies and public record sources as part of underwriting and fraud screening: credit report data, identity verification results, and tax-lien or bankruptcy records.

The bank also collects device and session data when a consumer uses online banking or the mobile app: IP address, device fingerprint, browser or app version, and geolocation where the consumer has authorised it. Session data supports fraud detection, multi-factor authentication, and session management under the security posture described in the security page.

NexTier Bank may share nonpublic personal information with three categories of third parties. Affiliates within the NexTier Incorporated corporate family for ordinary corporate purposes including integrated statements, joint fraud detection, and cross-entity customer support. Service providers that perform services on behalf of the bank under a written contract requiring confidentiality: core banking processors, card processors, statement-printing vendors, mobile-app operators, fraud-detection vendors, and document-retention providers. Service providers are contractually prohibited from using the data for any purpose beyond the service being rendered. Nonaffiliated third parties in specific regulatory contexts: as directed by the customer, in response to legal process, to prevent fraud, or through permitted joint-marketing arrangements where the consumer has not opted out.

The bank does not sell personal information to data brokers or third-party advertisers. The bank does not use behavioural advertising tracking across third-party websites. Cookies on nextier.at support session management and product preferences; see the cookie preferences panel in online banking settings.

The federal GLBA gives consumers the right to opt out of certain sharing of nonpublic personal information with nonaffiliated third parties. NexTier Bank honours opt-out requests in writing, by mail to Privacy Officer, NexTier Bank, Butler, Pennsylvania, or by email to privacy@nextier.at. Include your full name, account number and a clear statement opting out of marketing sharing. GLBA requires a 30-day window after receipt of a privacy notice to process an opt-out; the bank applies the opt-out within 30 days of receipt regardless of whether the request arrived during the notice window.

Opt-out applies to future marketing sharing; it does not apply to disclosures required for servicing the account, meeting regulatory obligations, or fraud prevention. An opt-out remains in effect until revoked in writing by the consumer. The bank sends an annual privacy notice reminder with a renewed opt-out option, and revisits the disclosure whenever material changes are made.

NexTier Bank retains nonpublic personal information for at minimum seven years after account closure, matching the Internal Revenue Service retention guideline for financial records and the Bank Secrecy Act record-retention requirements. Certain records — including Suspicious Activity Reports, litigation records, and loan files — are retained for longer periods as required by law. Retention beyond the statutory minimum follows a documented schedule reviewed annually.

Consumers have the right to request access to their nonpublic personal information held by the bank, to request correction of inaccuracies, to opt out of marketing sharing, and to file complaints. Requests should be submitted to privacy@nextier.at. The bank responds within 30 days; identity verification is required before any data release. Additional rights apply under the Fair Credit Reporting Act for credit report disputes, and consumers can consult the Consumer Financial Protection Bureau and the Privacy Rights Clearinghouse for general rights information.

Concerns about this Privacy Disclosure or the bank's handling of nonpublic personal information should be raised first with the NexTier Bank Privacy Officer at privacy@nextier.at. The Privacy Officer acknowledges within three business days and responds substantively within 30 days. Consumers dissatisfied with the bank's response can escalate to federal regulators.

Consumer Financial Protection Bureau complaints can be filed online at consumerfinance.gov, by phone at 855-411-CFPB (2372), or by mail to the CFPB in Washington, DC. The CFPB routes complaints to the financial institution for a response within 15 days. The CFPB portal tracks the complaint through resolution and the consumer reviews the bank's response.

Complaints alleging deceptive or unfair practices beyond banking can also be filed with the Federal Trade Commission. State-level complaints route through the Pennsylvania Department of Banking and Securities. For general privacy rights education, the Privacy Rights Clearinghouse provides nonpartisan consumer information.