Navigation skipped

California Consumer Privacy Policy

This California Consumer Privacy Policy (“Policy”) applies to California residents. This Policy explains how BMO (“BMO,” “we,” “us,” “our”) collects, uses, retains, and/or discloses personal information about California residents, and as such includes our Notice at Collection. This Policy also explains how California residents may exercise certain rights they have under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). For non-California residents, please refer to our Privacy Code and our Digital Privacy Policy for additional information about BMO’s privacy practices. If you are a California resident who is a BMO employee, please refer to the California Employee Privacy Disclosure provided to you and available on the BMO intranet.

California Consumer Privacy Policy

  • Outlines what is and isn’t covered by the CCPA.

    What personal information is covered?

    Personal information means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular consumer or household. Common examples include social security numbers, account information, transaction histories, credit information, and biometric data. This Policy covers personal information whose collection is controlled by BMO.

    What personal information is not covered?

    Much of the personal information that financial institutions such as BMO collects is already subject to federal and state laws and regulations, and therefore is exempt from the CCPA. For instance, the CCPA does not apply to personal information collected, processed, sold, or disclosed in connection with financial products or services used primarily for personal, family, or household purposes pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”) and Fair Credit Reporting Act (“FCRA”). 

    For information regarding how BMO uses personal information collected in connection with personal, family, or household products and services, please see our U.S. Consumer Privacy Notice

    The personal information of California residents we collect, process, or disclose pursuant to this Policy does not include (i) publicly available information, (ii) de‐identified or aggregate consumer information, (iii) information excluded from the CCPA’s scope, such as GLBA and FCRA personal information, and (iv) personal information collected for a single, one‐time transaction in the ordinary course of business, and not retained. 

  • The categories of personal information we collect depend on the products or services you have with us, your use of BMO websites and services, and if you are a current, past or prospective employee of BMO. Over the past 12 months and on an ongoing basis, the categories of information we have collected and may collect includes:

    Personal information we collect

    Personal or Individual Identifiers

    First, Middle and Last Name, DBA or other alias, postal address, email address, phone numbers, Social Security number or other tax identification number, passport number, driver’s license number, military identification number, bank account number, credit card number, debit card number, signature, internet protocol address.

    Commercial Information

    Deposit and credit account numbers, assets and liabilities, sources of income, products or services purchased, obtained, or considered, records of transactions, other purchasing or consuming histories or tendencies, records of real property and personal property; other financial information such as assets and liabilities, financial statements, tax returns, other sources of income, insurance policy numbers.

    Professional or Employment Related Information

    Occupation, employment history, education, titles or positions, references, employers, companies you own, dependents and beneficiaries, salary or self-employment income; criminal history; credit history.

    Internet/Electronic Network Activity

    Information regarding interaction with BMO Financial Group’s internet websites, applications, advertisements, devices, networks and other digital resources, and information about your device and device usage while using BMO apps (see Digital Privacy Policy).

    Biometric and Geolocation Information

    Voice ID, voiceprint, fingerprint, or device location

    Audio, Visual and Similar Information

    Copies of passport, driver’s license or other photo IDs; images on building and ATM security cameras; voice message recordings, photos, and other images or videos (i.e. events, promotions)

    Health Information

    Health screening information where required to comply with applicable laws and regulations

    Inferences Drawn from Any of the Foregoing

    Certain inferences concerning an individual’s preferences and characteristics.

     

    Sensitive Personal Information

    Certain categories of information we may collect are considered “sensitive personal information” (“SPI”). SPI includes any personal information that reveals a consumer's social security number, driver's license number, state ID card number, passport number, account login information, financial account number, debit or credit card number, precise geolocation, an individual’s racial or ethnic origin, religious or philosophical beliefs, union membership, genetic information, biometric information, health information, sex life or sexual orientation. We do not use or disclose sensitive personal information, as defined by California law, for inferring characteristics, and only use and disclose sensitive personal information as necessary to perform the services or provide the goods reasonably expected by an average consumer, or as otherwise permitted by law.

     

    Sources of Collected Personal Information

    We obtain the categories of personal information listed above from different sources: 

    • Directly from you, or other individuals acting on your behalf. For example, when you use our products or services (through in‐person interactions at a branch, electronically, or over the phone). 
    • From third parties. From time to time, we receive personal information from third parties, like our business partners, vendors, credit reporting agencies, other financial institutions, your transactional counterparties, employee and customer referrals, and other entities, who are authorized to disclose certain personal information to BMO
    • From publicly available sources.Public records or widely available sources, including information from the media, and other records and information that are made available by federal, state, and local government entities. We also may collect personal information that you intentionally choose to make public, including via social media (e.g., we may collect information from public social media profile(s) to the extent individuals choose to make their profile(s) publicly visible and accessible). 
    • Our websites and mobile apps.We collect certain personal information when customers visit our banking website(s) or use our banking mobile application(s). Please refer to our Digital Privacy Policy for further information. 

  • When we collect personal information, we may use any of the categories of personal information we have collected for a range of commercial purposes, which will vary depending on the nature of your relationship with BMO. For example, we may use the same categories of personal information differently depending on whether you are an applicant for BMO services, a BMO customer, or a job applicant. In all cases, if a new purpose for using your personal information develops that is unrelated or materially different from these purposes, we will identify that purpose. 

    If you are visiting a BMO website please refer to our If you are visiting a B M O website please refer to our Digital Privacy Policy to learn more about the uses of your information.

     

    If you are a prospect or applicant for BMO services, a BMO customer, or an employee of a BMO customer, we may use your personal information to:

    • verify your identity; 
    • provide and manage products and services you have requested; 
    • complete transactions; 
    • understand your financial services requirements; 
    • report to consumer credit bureaus and business reporting companies; 
    • protect against fraud and manage risk; 
    • protect customers or the public from harm or illegal activities; 
    • respond to an emergency which we believe reasonably requires us to disclose information to assist in preventing death or serious bodily injury; 
    • determine suitability of products and services for you; 
    • better manage your relationship with us; 
    • make credit decisions and determine your eligibility for certain of our products and services, or products or services of others; 
    • resolve disputes; 
    • comply with legal or regulatory requirements, or as otherwise permitted by law; 
    • communicate with you regarding products and services that may be of interest; 
    • understand our customers and develop and tailor our products and services; and/or 
    • respond to any questions you may have.

     

    If you are a job applicant, we may use your personal information to:

    • determine your eligibility for the role for which you are applying; 
    • identify, and communicate to you, other potential opportunities at BMO that may be a good match for your qualifications;identify, and communicate to you, other potential opportunities at B M O that may be a good match for your qualifications; 
    • administer certain surveys and campaigns you may participate in at BMO or otherwise generate analytics; 
    • conduct our everyday business operations; 
    • respond to any questions you may have; and/or 
    • comply with legal or regulatory requirements, or as otherwise permitted by law.

     

    If you are a business contact at a vendor, service provider, counterparty, affiliate, or other business partner, we may use your personal information to:

    • conduct BMO’s everyday operations; 
    • secure your information; secure your information; 
    • prevent fraud; and/or 
    • comply with legal and regulatory obligations, or as otherwise permitted by law

     

    If you are a business contact at a non-profit or charitable organization with which we collaborate, we may use your personal information to:

    • further BMO’s charitable, redevelopment and philanthropic efforts; 
    • make credit decisions; make credit decisions; 
    • prevent fraud; 
    • service and open accounts; 
    • comply with legal and regulatory obligations; and/or 
    • communicate with you regarding products and services that may be of interest. 

     

    If you are a contact at a regulatory agency with which we interact, law firm, or trade organization, we may use your personal information to:

    • comply with applicable laws and regulations; 
    • conduct employee training and education; conduct employee training and education; 
    • further our public policy objectives; and/or 
    • seek legal and/or consulting advice. 

  • We will only use or disclose your personal information for the purpose(s) it was collected and as otherwise identified in this Policy. We do not sell your personal information to any other business or third parties for monetary or other valuable consideration. We may disclose your personal information within BMO for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure we have correct and up to date information about you (such as your current address or date of birth), and to better manage your relationship with us. 

    During the past 12 months, we have disclosed, for a business purpose, personal information to the following categories of third parties:

    Personal identifiers

    • third party vendors who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • third parties who are selling you goods or services where you have requested that we finance the purchase;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Commercial information

    • third party vendors who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • transactional counterparties;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Professional or employment-related information collected from a prospective customer or customer applicant

    • third party vendors who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • third parties who are selling you goods or services where you have requested that we finance the purchase;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Professional or employment-related information collected from a job applicant or former employee

    • third party vendors who contract with BMO to assist with background checks, candidate search, or onboarding;  
    • third party vendors who contract with BMO to provide services and benefits to employees and BMO;  
    • legal authorities and regulatory agencies;  
    • affiliates;  
    • third parties in connection with a proposed or actual sale or merger; and/or  
    • to third party lenders.

     

    Characteristics of protected classifications

    • service providers who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • third parties who are selling you goods or services where you have requested that we finance the purchase;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Internet/electronic network activity

    • service providers who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • third parties who are selling you goods or services where you have requested that we finance the purchase;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Biometric information

    • service providers who assist us in managing and servicing your account(s); and/or  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations.

     

    Audio, visual and similar information

    • service providers who assist us in managing and servicing your account(s);  
    • legal or regulatory authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations;  
    • consumer credit bureaus and business reporting companies;  
    • third parties who are selling you goods or services where you have requested that we finance the purchase;  
    • third parties, such as other creditors, when you have specifically authorized us to disclose your information;  
    • third parties in order to comply with a court order or other legal process; and/or  
    • third parties in order to protect our assets (for example, collection of overdue accounts).

     

    Sensitive personal information

    • third party vendors in connection with providing products and services, completing transactions, or for everyday business purposes;  
    • government agencies where required by law or regulation;  
    • our regulators; and/or  
    • third party vendors to manage our human resources.

  • If you are a California resident, you have certain rights with respect to your personal information, as described below. We reserve the right to verify your identity in connection with any request related to exercising these rights to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise these rights. Please note that your exercise of these rights is subject to certain exemptions that include, but are not limited to, safeguarding the public interest (e.g., prevention or detection of crime) and our interests (e.g., maintenance of legal privilege). 

    As a California resident, you have the following rights: 

    • Right to Know: You may submit a request that we disclose to you the categories of personal information we collect, the sources from which we collect that personal information, the business or commercial purpose for collecting personal information, categories of third parties with which we share personal information, and the specific pieces of personal information we have collected about you, or to access information related to an automated decision. You also have the right to know criteria used to determine the period of time for which we intend to retain each category of personal information, including sensitive personal information. 
    • Right to Delete Data: You may submit a request that we delete or remove certain personal information that we may have collected about you, as long as we are not otherwise obligated or permitted to retain or use that information for a lawful purpose. If we reject your request, we will notify you of the reason(s) for the rejection. Please note that not all personal information is eligible to be deleted. For example, BMO may retain personal information in order to comply with a legal obligation, detect security incidents, or complete transactions or services that you requested. 
    • Right to Correct: You have the right to request that we correct inaccurate personal information we may have about you. Please note that not all information is eligible for correction – for instance, some historical data is required by BMO to be maintained in its original form to preserve evidence of transactions, events, and other legally-significant records. We will use commercially reasonable efforts to correct eligible inaccurate personal information. 
    • Right to Non-Discrimination: You have the right to be free from discrimination for exercising your CCPA privacy rights. 
    • Rights Related to the Sale and Sharing of your Personal Information: You have the right to be notified at or before the point of collection the categories of sensitive personal information BMO collects about you and the purposes for which they are collected or used. You also have the right to know whether your personal information is “sold” or “shared” as those terms are defined in the CCPA and to opt out of such sale or sharing. BMO does not sell your personal information or share your sensitive personal information. BMO may share limited information when you visit our websites with third parties in order to better personalize advertising that may be of interest to you. 
    • Right to Opt-Out: Whenever feasible, BMO recognizes Global Privacy Control (“GPC”) signals that are transmitted by web browsers. That means that if you use a web browser with GPC enabled, our websites will treat that signal as a valid request to opt-out of the sharing of your personal information for that web browser. For more information about GPC, please visit Global Privacy Control. To opt out of sharing, if you are a California resident, you can also select “Your California Privacy Choices” on the footer of the Privacy website. If you use different browsers or devices, you will need to opt out on each and every time you clear your cookies. In addition, you can opt out of certain advertising using the instructions in our Digital Privacy Policy

    Section 6 sets out the process for you to submit a request with respect to your rights under this Policy, and explains the process we will use to verify your request. 

  • To exercise your rights described above, please submit a verifiable consumer request to us by either: 

    Current employees may make a request to access, delete, or correct their personal information via the methods identified in the California Employee Privacy Disclosure. 

    Verification and Time for Completion

    Please note that identities of individuals submitting requests under this Policy must first be verified to protect you and BMO from fraud and identity theft. We verify consumer request(s) by comparing information you provide with information we maintain or possess on file. As part of this process, you may be asked to provide certain identifying information, which we will use for the purpose of verifying your identity, only. Please note that for certain requests, we reserve the right to ask you to provide us with a signed declaration under penalty of perjury affirming that you are the consumer whose personal information is the subject of the request. All requests typically will be fulfilled within forty‐five (45) days of submission. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.

    Designating an Agent

    If you wish to designate an authorized agent to submit a CCPA request on your behalf, you must provide us with a written and signed declaration (i) explaining that you intend to designate an authorized agent to assert your rights under CCPA, (ii) identifying by name and address the intended authorized agent, (iii) stating the specific right(s) you intend to have the agent assert on your behalf, and (iv) stating that you consent to the designated agent receiving personal information about you, the requestor. Alternatively, you may also provide us with legal documents demonstrating that you have designated another individual with power of attorney. Individuals wishing to designate an authorized agent must provide their written and signed declaration or other supporting documents to Designating an Agent: If you wish to designate an authorized agent to submit a C C P A request on your behalf, you must provide us with a written and signed declaration (i) explaining that you intend to designate an authorized agent to assert your rights under C C P A, (ii) identifying by name and address the intended authorized agent, (iii) stating the specific right(s) you intend to have the agent assert on your behalf, and (iv) stating that you consent to the designated agent receiving personal information about you, the requestor. Alternatively, you may also provide us with legal documents demonstrating that you have designated another individual with power of attorney. Individuals wishing to designate an authorized agent must provide their written and signed declaration or other supporting documents to privacy.matters@bmo.com prior to the submission of a CCPA request by the designated agent.

  • Our site and our services are not directed at individuals under the age of sixteen (16), and we do not knowingly solicit, collect or use personal information from children under 16. Minors under 16 are prohibited by this Policy from providing personal information through our site.

  • We retain personal information (including sensitive personal information) no longer than necessary or permitted with respect to the purpose(s) for which it was obtained and consistent with applicable law. To determine the appropriate retention period, we consider different criteria, including the sensitivity of the personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, the need for maintaining your personal information to provide you with products and services, and all applicable legal and regulatory requirements. Please note that we may, in certain special circumstances, need to retain personal information beyond our designated retention periods due to regulatory requirements or in response to a regulatory audit, investigation, or other legal matter. These requirements also apply to third parties who work with us.

Other important information

BMO is committed to protecting your personal information and privacy. We regularly review and, if appropriate, update this Policy from time to time, and as our services and use of personal information evolves. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our homepage at B M O is committed to protecting your personal information and privacy. We regularly review and, if appropriate, update this Policy from time to time, and as our services and use of personal information evolves. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our homepage at bmo.com/privacy. You can tell if this Policy has changed by checking the effective date that appears at the top of this Policy. We will update the date of this Policy each calendar year or each time it is changed.

 

Contact us

If you have any questions or concerns about our privacy practices or the privacy of your personal Information, please contact us at privacy.matters@bmo.com. You can also raise questions or concerns about our privacy practices by visiting one of our branches.

Continue your journey

  • Business conduct

    Learn how BMO protects privacy, handles complaints, and upholds ethical standards through transparent business conduct.

    Business conduct

  • BMO Whistleblower Hotline

    Learn more about how this service protects you and how to report an issue.

  • Accessibility

    Learn more about our commitment to accessibility.