Privacy Policy

How TONHANKS Global Trust Financial Group collects, uses, shares, and protects your personal and financial information.

Effective: January 23, 2026
Last Revised: February 1, 2026
Applies to: All US & International Customers
Jump to: Scope Information Collected How We Use Data Information Sharing Security Cookies & Tracking Your Rights Children's Privacy International Policy Updates Contact Us

1 Scope of This Policy

This Privacy Policy applies to all customers and users of TONHANKS Global Trust Financial Group ("TONHANKS," "we," "our," or "us"), including its subsidiaries and affiliates. It covers information collected through:

  • Our branch locations and ATM networks across 180+ markets worldwide
  • Our online banking platforms, including desktop and mobile applications
  • Telephone banking and customer support interactions
  • Account applications, loan requests, and investment enrolment forms
  • Third-party services integrated with our banking ecosystem

Important: This policy is issued pursuant to the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) for European customers, and applicable state and international data protection laws.

2 Information We Collect

We collect information necessary to provide banking services, verify identities, prevent fraud, and comply with regulatory requirements. The categories of information include:

Category Examples Purpose
Identity Data Full name, date of birth, Social Security Number, passport or government-issued ID KYC compliance, identity verification
Contact Data Email address, phone number, mailing address Account communications, security alerts
Financial Data Account balances, transaction history, credit scores, income documentation Account management, lending decisions
Technical Data IP addresses, browser type, device identifiers, login timestamps Security monitoring, fraud detection
Biometric Data Fingerprint scans, facial recognition data (where applicable) Multi-factor authentication
Employment Data Employer name, job title, annual income, employment history Loan underwriting, payroll services

How We Collect Information

  • Directly from you when you open accounts, apply for products, or contact customer service
  • Automatically through cookies, analytics tools, and server logs when you use our digital platforms
  • From third parties including credit reporting agencies (Experian, Equifax, TransUnion), identity verification services, and government databases
  • From public sources including property records, court records, and publicly available demographic information

3 How We Use Your Information

We process your personal information only for legitimate business purposes, including:

Account Services

  • Processing deposits, withdrawals, wire transfers, and other banking transactions
  • Managing your savings, checking, retirement, and investment accounts
  • Issuing and servicing debit cards, credit facilities, and lines of credit
  • Providing customer support and resolving account inquiries

Security & Compliance

  • Verifying your identity under Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
  • Detecting and preventing fraudulent activity, unauthorised access, and financial crimes
  • Filing Suspicious Activity Reports (SARs) with FinCEN as required by the Bank Secrecy Act
  • Complying with court orders, subpoenas, and regulatory examination requests

Product & Service Improvement

  • Analysing usage patterns to improve our digital banking platforms
  • Conducting internal research and developing new financial products
  • Personalising your banking experience with tailored recommendations

We will never: Sell your personal information to data brokers, marketing companies, or any third party for commercial purposes unrelated to providing you banking services.

4 Information Sharing & Disclosure

We share your information only in the following circumstances:

Within the TONHANKS Family

Your information may be shared among TONHANKS Global Trust Financial Group subsidiaries and affiliates for account servicing, internal auditing, and regulatory reporting purposes.

With Service Providers

We engage carefully vetted third-party vendors who assist us with payment processing, data hosting, identity verification, and IT security. All vendors are bound by strict contractual data protection obligations and are prohibited from using your data for any purpose other than providing services to TONHANKS.

As Required by Law

  • Federal and state regulatory agencies (OCC, FDIC, CFPB, SEC, FinCEN)
  • Law enforcement agencies pursuant to valid legal process
  • Credit bureaus for reporting and verification purposes
  • Courts and legal proceedings where TONHANKS is a party

With Your Consent

We may share information with third parties when you explicitly authorise us to do so, such as when initiating transfers to external financial institutions, enrolling in third-party insurance products, or linking your accounts with authorised financial applications.

5 Data Security Measures

Protecting your financial information is fundamental to our operations. We employ multiple layers of Premier-grade security:

Encryption & Infrastructure

  • AES-256 Encryption: All data at rest is encrypted using Advanced Encryption Standard with 256-bit keys
  • TLS 1.3: All data in transit is protected with the latest Transport Layer Security protocol
  • Hardware Security Modules (HSMs): Cryptographic keys are stored in FIPS 140-2 Level 3 certified hardware
  • Geo-Redundant Data Centres: Multi-site architecture with automatic failover across regions

Access Controls

  • Multi-Factor Authentication (MFA): Required for all online and mobile banking access
  • Role-Based Access Control (RBAC): Internal access is strictly limited by job function
  • Behavioural Analytics: AI-powered systems monitor login patterns and flag anomalies in real-time
  • Session Management: Automatic timeout and re-authentication after periods of inactivity

Monitoring & Response

  • 24/7 Security Operations Centre (SOC): Continuous monitoring by trained cybersecurity analysts
  • Intrusion Detection Systems (IDS/IPS): Real-time threat detection across all network endpoints
  • Annual Penetration Testing: Conducted by certified third-party security firms
  • Incident Response Plan: Documented and rehearsed procedures for breach notification within 72 hours

Certifications: TONHANKS Global Trust maintains SOC 2 Type II, ISO 27001, and PCI-DSS Level 1 certifications. Our security program is audited annually by independent external assessors.

6 Cookies, Tracking & Digital Analytics

Our digital platforms use cookies and similar technologies to maintain session state, remember your preferences, and improve service delivery.

Cookie Type Purpose Duration
Essential Session management, authentication state, security tokens Session only
Functional Language preferences, display settings, remembered account numbers Up to 12 months
Analytics Page views, navigation patterns, platform performance Up to 24 months

You may disable non-essential cookies through your browser settings at any time. Please note that disabling essential cookies may impact your ability to use online banking features.

We do not use advertising tracking cookies or share browsing data with third-party ad networks. We honour Do Not Track (DNT) browser signals.

7 Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

All Customers

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Account Closure: Close your accounts and request deletion of non-regulatory data
  • Opt-Out: Opt out of marketing communications at any time
  • Information Sharing: Limit the sharing of your information with affiliates for marketing

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and disclosed
  • Right to delete personal information (subject to regulatory retention requirements)
  • Right to opt out of the sale of personal information (TONHANKS does not sell personal data)
  • Right to non-discrimination for exercising privacy rights

European Customers (GDPR)

  • Right to data portability in a machine-readable format
  • Right to restrict processing of your personal data
  • Right to object to processing based on legitimate interest
  • Right to lodge a complaint with a Supervisory Authority

How to exercise your rights: Submit a verifiable request through your online banking dashboard under Account Settings, or by writing to our Data Protection Officer at the address provided in the Contact section below.

8 Children's Privacy

TONHANKS Global Trust Financial Group does not knowingly solicit or collect personal information from individuals under the age of 13. Our banking products are designed for adults aged 18 and older. If we learn that we have inadvertently collected information from a child under 13, we will promptly delete it and terminate the associated account.

For custodial accounts opened on behalf of minors, the parent or legal guardian is responsible for providing consent and managing the account. Information collected for custodial accounts is treated with the same protections as adult account data.

9 International Data Transfers

As a global financial institution operating in over 180 markets, your personal information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contractual clauses for transfers outside the EEA
  • Binding Corporate Rules (BCRs): Intra-group agreements governing data transfers within the TONHANKS family
  • Adequacy Decisions: Reliance on European Commission adequacy findings where applicable
  • Cross-Border Compliance: Adherence to local data protection requirements in each jurisdiction where we operate

10 Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable laws and regulations:

  • Active Accounts: For the duration of your relationship with TONHANKS
  • Closed Accounts: Minimum 5 years following account closure (per BSA/AML requirements)
  • Transaction Records: Minimum 7 years (per IRS and SEC record-keeping requirements)
  • Loan Files: Life of loan plus 7 years following payoff or charge-off
  • SARs and CTRs: Minimum 5 years from date of filing (per FinCEN requirements)

11 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or regulatory guidance. When we make material changes:

  • We will post the updated policy on this page with a new "Last Revised" date
  • For significant changes, we will provide 30 days' advance notice through your online banking dashboard and/or email
  • Continued use of our services after the effective date constitutes acceptance of the updated policy

12 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

  • Privacy Support: Submit requests through your secure dashboard or email privacy@tonhanks.com.
  • Email: privacy@tonhanks.com
  • Mail: Data Protection Officer, TONHANKS Global Trust Financial Group, Truist Center, 214 N Tryon St, Charlotte, NC 28202, USA
  • Online: Submit a request through your online banking dashboard under Account Settings > Privacy

We aim to respond to all privacy-related inquiries within 5 business days. Verifiable consumer requests under CCPA will be fulfilled within 45 calendar days.