In observance of the federal holiday, our branches and offices will be closed on Tuesday, November 11th.

California Consumer Privacy Notice

Last Updated: August 2025

This California Consumer Privacy Notice (“CCPA/CPRA Notice”) describes our privacy practices regarding information we collect from users of Bank of Greene County’s (“BOGC”) website (https://www.thebankofgreenecounty.com/), its investor relations website (https://greenecountybancorp.q4ir.com/investors/corporate-profile/default.aspx) (collectively “Sites”) and mobile application (Sites and mobile application together, the “Online Services”). We recognize that users of our Online Services are concerned about their privacy, and we are committed to preserving your privacy when using the Online Services.

The terms “Bank of Greene County”, “BOGC,” “we”, “us”, or “our” on any website we own or control, and in this CCPA/CPRA Notice, refers to Greene County Bancorp, Inc., its affiliates and subsidiaries, including The Bank of Greene County and Greene County Commercial Bank. This CCPA/CPRA Notice provides general policies applied across all web platforms used by BOGC.

This CCPA/CPRA Notice may be amended or updated from time to time to reflect changes in our Personal Information processing activities, or changes in applicable law. All changes will become effective as of the Last Updated date listed at the top of the Notice.

We encourage you to regularly check these websites to review any changes which we may make, and to review our BOGC Website and Mobile Application Privacy Notice, which covers our collection and use of information when you access the Online Services.

This CCPA/CPRA Notice does not apply to any Personal Information that we collect from you in connection with products or services that you obtain for personal, family, or household purposes. If you have a financial product or service with us primarily for personal, family or household purposes, please review BOGC’s Consumer Privacy Notice, available here, which describes how BOGC processes your Personal Information in connection with these products and services.

To obtain a version of this notice in larger print, please call 518-943-2600.

Section 1: Categories of Personal Information We Currently Collect and Have Collected Within the Last 12 Months via the Online Services

Category Examples Purpose
Biometric Data Signature, facial recognition, fingerprint We collect this information for authentication purposes related to certain features of our Online Services.
Communications Data The contextualized information, in digital or physical form, involved in an exchange between one or more parties, text, secure messaging or e-mail messages We collect communications data as needed to do business with you, for fraud prevention, to respond to your requests and inquiries and similar purposes.
Contact Details The information required to contact an individual or an organization, e.g., address, phone numbers, e-mail address We collect contact details as needed to identify you, contact you, respond to your inquiries and as otherwise requested by you.
Geolocation Precise geolocation, physical locations or movements, such as device location We may collect geolocation data to perform the services or provide the goods reasonably expected by an average California resident who requests those goods or services. For example, a California resident’s precise geolocation may be used on a Site that is providing them with directions on how to get to a specific location.
Name Individual’s first, middle and last name We collect this Personal Information as needed to identify you, contact you, and do business with you.
Online Usage and Technical Data IP address, Web browsing history, Unique Device Identifier, Cookie data, Apps downloaded or used, geographic tracking, internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement information We collect online and digital data to personalize our interactions with you and to administer and optimize our sites.
Sensitive Personal Data Precise geolocation or biometric information We collect sensitive personal data to identify you, prevent and detect fraud and as otherwise permitted by you to facilitate your use of the Online Services.

We obtain the categories of Personal Information listed above from:

  • When you interact with the Online Services;
  • When you provide the information to us;
  • From your device or browser;
  • From third parties that interact with us in connection with the services we perform;
  • We may also obtain your Personal Information from advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, and social networks.

We retain your Personal Information for the life of your customer relationship with us. Once your customer relationship is terminated, we will continue to retain your Personal Information only for as long as it is needed for the purposes set forth in this CCPA/CPRA Notice, and for no longer than the maximum time period allowable under applicable law and regulation.

Section 2: Disclosure of Personal Information

We use and disclose for our business purposes the categories of Personal Information, including Sensitive Personal Information, relating to California residents as cited in Section 1 of this Notice to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business or commercial purposes, including the following:

  • Performing services, including providing customer service, verifying your information, providing advertising or marketing services providing analytic services, facilitating event management and execution, or providing similar services reasonably expected by the consumer who requests those services;
  • To prevent, detect and investigate security incidents that compromise the availability, authenticity, integrity or confidentiality of stored or transmitted Personal Information;
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions;
  • Helping to ensure security and integrity to the extent the use of Personal Information is reasonably necessary and proportionate for these purposes;
  • For short-term, transient use such as locating a branch or ATM;
  • To ensure the physical safety of natural persons;
  • To verify or maintain the quality or safety of a product, service, and to improve, upgrade, or enhance the product or service;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Undertaking internal research for technological development and demonstration; and
  • Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions).

With respect to each category of Personal Information that we disclosed for a business purpose, the categories of persons or entities to whom we disclose that Personal Information are:

  • BOGC Bank Affiliates and Subsidiaries;
  • Service Providers and Contractors who provide services such as website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, auditing, marketing, marketing research activities,  event management, and similar support services;
  • Service Providers and Contractors who provide services such as payment, banking and communication infrastructure, storage, and auditors, who promote the bank and its financial services and products to customers and other prospective buyers;
  • Service Providers and Contractors who enable use of the Online Services;
  • Other persons or entities to whom we may transfer Personal Information as an asset that is part of a merger, acquisition or other transaction in which such other person or entity assumes control of all or part of the business;
  • Government authorities as required by laws and regulations; and
  • Other persons or entities with which you may use or direct us to intentionally interact or to which you may use or direct us to intentionally disclose your Personal Information.

Section 3: Your Legal Rights

Under the CCPA, you have the right to exercise the following:

  • Right to access your Personal Information
  • Right to confirm and/or correct inaccuracies in your Personal Information
  • Right to limit the use and disclosure of your Sensitive Personal Information
  • Right to obtain a copy of the Personal Information about you that’s being processed in a usable and portable format
  • Right to delete or erase your Personal Information
  • Right to opt-out of the sale or sharing of your Personal Information for targeted advertising and
  • Withdraw consent for any processing where we have requested your consent.

Household Requests – We currently do not collect household data. If multiple members of the household make a right to access or right to deletion request, we will respond as if the requests are individual requests.

To exercise rights under the CCPA or CPRA, you must be a current resident of State of California. Only you, your authorized agent (a person or business entity registered with the California Secretary of State to conduct business in that state), or a person or entity to whom you have granted Power of Attorney to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

To exercise your rights call 888-439-4272 option 2, or email us at privacy@tbogc.com.

We must verify your identity in order to process your request. We do this by verifying your name, address, and the last four digits of your Social Security Number, so please include this information in your request. We may reach out for additional information to complete this process.

Please also include your email address if you wish to receive your response via email, as well as the nature of your request (access to, correction or deletion of your data). We will acknowledge receipt of your request within ten days and will provide a response to your request within 45 days.

Notice of Right to Opt Out of Sale or Sharing of Personal Information and Targeted Advertising

Residents of certain states have the right to opt out of the “sale” or “sharing” of their personal information and targeted advertising. Certain state laws broadly define “sale” in a way that may include when we share your information with third parties to provide you with offers and promotions that we believe may be of interest to you. It also may include allowing third parties to receive certain information, such as cookies IP address and/or browsing behavior, to deliver targeted advertising on our site or on other services.

We may provide the following categories of information to third parties for these purposes:

  • For sharing with third parties to send you relevant business opportunities, ranging from possible venture partnerships to employment opportunities: contact and account registration information; demographic and statistical information, customer records information and user-generated content, and geolocation.

If you would like to opt out of our use of your information for such purposes that may be  considered “sale” or “sharing” of your personal information or targeted advertising under applicable state laws, you may submit an opt-out request by accessing the “Do Not Sell or Share My Personal Information” link, emailing us at privacy@tbogc.com, or calling us at 888-439-4272 option 2.

Authorized Agent

You may appoint an authorized agent to submit a request on your behalf. In order to do so, you must provide the appropriate documentation to BOGC (Power of Attorney or proof of filing with the Secretary of State). In order for your authorized agent to act on your behalf, they must supply the appropriate documentation and verify their identity at the time they place the request.

Please note there are instances in which BOGC is required to maintain, or otherwise is not required to delete, your Personal Information. For example, BOGC is not required to delete your information if it is being used:

  • To complete a transaction or provide a service requested by you;
  • To detect security incidents or protect against malicious, deceptive, fraudulent, or illegal activity;
  • To enable solely internal uses based on your relationship with us, such as a Do Not Solicit request;
  • To comply with a legal obligation, such as federal recordkeeping requirements; or
  • Internally, in a lawful manner that is compatible with the context in which you provided the information.

California Non-Discrimination

California prohibits businesses from discriminating against you for exercising any rights under the CCPA or CPRA, including, but not limited to, by:

  • Denying you goods or services;
  • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Consumer Rights Requests Metrics

BOGC received 0 access, correction, or deletion requests, and have denied 0, during the 2024 calendar year. BOGC responded to such requests within 45 , on .

Section 4: Defined Terms

Personal Information Any information that can be used to identify an individual, directly or indirectly. Personal Information does not include:

  • publicly available information from government records;
  • deidentified or aggregated consumer information;
  • other information excluded from the CCPA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994
Processing Operations, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction
California Resident An individual that resides in the State of California and whose personal income is taxed by the State of California
Verifiable Consumer Request A request made by a consumer, on behalf of the consumer’s minor child, or by a natural person or a person registered with the California Secretary of State as a consumer’s authorized agent.

Questions about our Privacy Practices

If you have questions or concerns about our privacy notices or practices, please contact us at 518-943-2600.

Click here for PDF version