Privacy and Security Policy

FACTS	WHAT DOES GOLDWATER BANK, N.A. DO WITH YOUR PERSONAL INFORMATION?
Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and income account balances and payment history credit history and credit scores
How?	All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Goldwater Bank, N.A. chooses to share; and whether you can limit this sharing

Reasons we can share your personal information			Does Goldwater Bank, N.A. share?	Can you limit this sharing?
For our everyday business purposes— such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus			Yes	No
For our marketing purposes— to offer our products and services to you			Yes	No
For joint marketing with other financial companies			No	We Don't Share
For our affiliates’ everyday business purposes— information about your transactions and experiences			No	We Don't Share
For our affiliates’ everyday business purposes— information about your creditworthiness			No	We Don't Share
For affiliates to market to you			No	We Don't Share
For non – affiliates to market to you			No	We Don't Share

Questions?

If you have any questions regarding this notice or the information shared by Goldwater Bank, N.A., you may reach us in a manner that is convenient to you: Phone – 480.281.8200 Fax – 480.281.8222 Internet – www.goldwaterbank.com Email – gbnewaccts@goldwaterbank.com

Our website brings together a combination of industry-approved security technologies to protect data for the bank and for you, our customer. It features a VeriSign-issued Digital ID for the bank's Internet Service Provider hosting our website, Secure Sockets Layer (SSL) protocol for data encryption, and a router and firewall to regulate the inflow and outflow of server traffic.

Secure Data Transfer

Once a server session is established on an https secure page, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.

Router and Firewall

Secure forms must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank.

Using the above technologies, your Internet loan application and check reorder transactions are secure.

On September 2, 2011, the FDIC issued a warning to banks and consumers regarding fraudulent emails claiming to be from the FDIC.

The fraudulent messages state:

"Dear clients,

Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation."

The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.

Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades. Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to alert@fdic.gov. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.