Privacy Policy

Last Updated: May 2, 2024

The Federal Home Loan Bank of San Francisco (the “Bank,” “we,” or “us”) respects and values your privacy, and we are dedicated to sharing our methods and approach to how we collect, use, disclose, and protect your Personal Information in this policy (“Privacy Policy”). This Privacy Policy describes how the Bank handles your Personal Information:

  • From visitors to our website https://fhlbsf.com as it may be modified, relocated and/or redirected from time to time or web-based applications (“Websites”)
  • Through software applications made available by us for use on or through computers and mobile devices (“Apps”)
  • Contacts from our members and/or prospective members
  • Contacts for suppliers of goods and services to the Bank
  • From any other individual about whom the Bank obtains personal information in the provision of services to our member (“Member Services”)

The items outlined above are collectively called “Services.” If you are a California Resident, you can review the Additional Information For California Residents below.

Assistance For the Disabled

Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact [insert email address] for assistance.

Notice at Collection for California Residents

The Bank collects the Personal Information identified in Section “Information We Collect About You” below for the purposes identified in Section “Uses of Personal Information” and retains it for the period described in Section “Retention Period”. We do not sell your Personal Information or disclose it for cross-context behavioral advertising (“sharing”). We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you. To the extent you provide the Bank with Personal Information about other California residents, you are responsible for providing this notice to them.

INFORMATION WE COLLECT ABOUT YOU

For the purposes of this Privacy Policy, Personal Information is information that relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. For example, the Bank collects the following types of Personal Information:

  • Contact and Basic Information: for example, name, title, phone numbers, mailing address, email address, organization, and job title.
  • Registration Information: for example, information necessary to process or respond to newsletter requests, event/seminar registration, dietary preferences (excluding special categories), subscriptions, and requests to download information.
  • Professional Data: for example, information about individual participation in conferences, credentials, and associations.
  • Government Data: for example, government identifiers, date of birth, and due diligence data.
  • Special Categories: in limited circumstances, the Bank receives special categories of Personal Information as is necessary for a specific business purpose that may include, for example, social security numbers, religious or other beliefs, racial or ethnic origin, sexual orientation, and health data.
  • Member Service Information: for example, member employee contact information, third-party data related to member business-related requests.
  • Device Data: IP address, unique device identifiers, cookies and other data linked to a devices, and usage data about our Websites.

COOKIES AND SIMILAR TECHNOLOGIES

We may use tracking technologies which may run on your device when you use the website. These technologies include cookies which are small data/text files that store information on your computer. Cookies allow the Bank to collect information including browser type, the amount of time spent on the Website, and pages visited. We may use this information to enhance your online experience and to facilitate your use of this Website. We collect aggregated site-visitation statistics that we may use to measure the effectiveness of this Website and to improve our products and services. Accepting the cookies used by this Website does not give us access to your Personal Information.

You can manage website cookies in your browser settings. You always have the choice to have your device warn you of the time a cookie is being sent or change these settings by accepting, rejecting or deleting cookies. If you do not accept these cookies, you may experience some inconvenience in your use of this Website and you may not be able to access portions of this Website at all if you disable cookies on your browser.

GOOGLE ANALYTICS

We use cookies provided by Google Analytics, a third-party service provider, to assist us in better understanding our Website visitors. These cookies collect data tied to a user’s IP address, such as the length of time a user spends on a page, the page a user visits, and the websites a user visits before and after visiting the Website. Based on this information, Google Analytics compiles aggregate data about Website traffic and Website interactions, which we use to offer better Website experiences and tools in the future. For more information on Google Analytics, visit https://support.google.com/analytics.

SOURCES OF PERSONAL INFORMATION

The Bank may collect Personal Information from a variety of sources, including:

  • You/through our provision of Services, for example, when you sign-up for a newsletter, register for a conference, enter into a contractual relationship for Services, interact with us at an event, visit our Websites or networks, use our online applications, send us communications, or call or visit our office.
  • From other sources that may include:
    • Publicly available and subscription-based sources
    • Court documents and filings
    • Event sponsors
    • Our members
    • Counterparties in transactions or disputes
    • Social media
    • Our service providers, for example, IT and system administration services
    • Automated technologies, for example, browsing activity collected by automated technologies on the Website
    • Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services
    • Government or administrative agencies, for example, law enforcement, public health officials, other government authorities

The Bank needs to collect Personal Information in order to provide the requested Services to you or to provide Services to our members. If you do not provide the information requested, we may not be able to provide the Services. Where the Bank receives Personal Information from its members about employees or other individuals, the member is responsible for ensuring that any such Personal Information is transferred to us in compliance with applicable data protection laws and regulations.

USES OF PERSONAL INFORMATION

The purposes for which the Bank uses Personal Information are as follows:

  • Communication and/or the provision of financial services to our members. We engage in this activity to fulfil our ethical, legal and contractual obligations with our members.
  • Management of our business operations and administration of our member relationships. We engage in this activity to fulfil our ethical, legal and contractual obligations with members and suppliers.
  • Enhancing the functionality of our Websites. We engage in this activity because we have a legitimate interest in monitoring how our Website and Apps are used to help us provide better services to our Website and App users.
  • Fraud and security monitoring purposes. We engage in this activity because we have a legitimate interest to detect and prevent fraud, crimes and other misuses of our Websites and networks.
  • Data analysis to improve the efficiency of our Services and identify trends. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.
  • Auditing internal process for proper functioning. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.
  • To provide relevant marketing materials. We engage in this activity because we have a legitimate interest or because we have obtained consent.
  • Compliance with legal and regulatory obligations. We engage in this activity to manage our relationships with members, to comply with legal obligations, and/or because we have other legitimate interests.
  • To protect the rights, property, or safety of the Bank, you, or others.
  • To report suspected criminal conduct to law enforcement and cooperate in investigations.
  • To exercise the Bank’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
  • Incidental purposes: any incidental purposes related to, or in connection with, the above.

The Bank may aggregate and/or anonymize (de-identify) Personal Information so it is no longer considered Personal Information. We do this to generate other data for our use, which we may use and disclose for any purpose. We maintain de-identified information in a de-identified form and do not attempt to re-identify if, except that we may attempt to re-identify the information just to determine whether our de-identification processes function correctly.

DISCLOSURE OF PERSONAL INFORMATION

We may disclose Personal Information to:

  • Contractors, vendors, and services providers
  • Third parties, for example, auditors, lawyers, consultants, and accountants engaged by the Bank
  • Government or administrative agencies

We may also disclose Personal Information as necessary to:

  • Comply with applicable laws and regulations
  • To assist us in meeting our business needs
  • To cooperate with public and government authorities
  • To cooperate with law enforcement
  • To enforce our terms and conditions
  • To protect our rights, privacy, safety or property, and/or that of our affiliates, or others.

We do not sell or share your Personal Information as these terms are defined under applicable privacy laws.

PROTECTION OF PERSONAL INFORMATION

We have implemented reasonable measures to secure Personal Information from accidental loss or destruction and from unauthorized access, use, alteration and disclosure. Unfortunately, no transmission or storage system can be guaranteed 100% secure.

CHILDREN’S ONLINE PRIVACY PROTECTION ACT COMPLIANCE

Our services are not intended for individuals under the age of 18. We do not collect information from anyone under 13 years of age. If you are under the age of 13, you are not authorized to use our services or the Websites.

RETENTION PERIOD

We retain your Personal Information for the duration of our relationship with you, if any. We will retain your Personal Information for as long as is reasonably necessary for a specified business purpose or as required by legal, administrative, or procedural obligations, for example, a litigation hold.

THIRD-PARTY WEBSITES

The Website and Apps may contain links to unaffiliated third parties. This Privacy Policy does not apply to such third-party sites. When you click a link to visit a third-party website, you will be subject to their website’s privacy practices. We encourage you to review the privacy and security practices of any linked third-party website before

providing any Personal Information on that website.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

California Consumer Privacy Act, as amended (CCPA)

Pursuant to the CCPA, we are providing the following additional details regarding the categories of Personal Information about California residents that we collected and disclosed in the preceding 12 months. This policy does not apply to our employees, contractors, owners, directors, or officers where the Personal Information relates to their current, former, or potential role at the Bank. California job applicants can review the Bank’s Applicant Notice and Privacy Policy for more information about the Personal Information the Bank collects when you apply for a position with the Bank.

Category of Personal Information Business Purpose Sources of Personal Information Categories of Recipients
Identifiers Labor Code § 1798.140(e):

(1) Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

(2) Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.

(5) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.		 Individuals and members Contractors, vendors, and service providers
Personal information described Civil Code § 1798.80(e) Labor Code § 1798.140(e)(1), (2), and (5) Individuals and members Contractors, vendors, and service providers
Characteristics protected by California or federal law Labor Code § 1798.140(e)(2) and (5) Individuals and members Contractors, vendors, and service providers
Commercial information Labor Code § 1798.140(e)(2) and (5) Individuals and members Contractors, vendors, and service providers
Internet or other electronic network activity information Labor Code § 1798.140(e)(1), (2), and (5) Individuals and members Contractors, vendors, and service providers
Professional or employment-related information Labor Code § 1798.140(e)(2) and (5) Individuals and members Contractors, vendors, and service providers

 

SALES AND SHARING

The Bank has not sold or shared Personal Information as defined or as contemplated by the CCPA in the preceding 12 months. As defined and contemplated by the CCPA, the Bank does not sell or share Personal Information of minors under the age of 18.

CALIFORNIA PRIVACY RIGHTS

As a California resident, you have the following rights:

  • Right to Know: California residents have a right to submit a verified request for specific pieces of Personal Information and for information about the Bank’s collection, use, and disclosure of your Personal Information.
  • Right to Delete:In certain circumstances, you have the right to submit a verified request we delete Personal Information that you have provided to the Bank. Please note that the right to request deletion is subject to certain exceptions under the CCPA.
  • Right to Correct Inaccurate Information: You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by the Bank, taking into account the nature of the personal information and the purposes of processing the personal information.
  • Right to Non-Discrimination: The Bank will not discriminate against California Consumers for exercising their rights under the CCPA.

The Bank does not offer financial incentives or price or service differences in exchange for the retention of a California Resident’s Personal Information.

Note on Sensitive Personal Information

The Bank does not infer characteristics from sensitive Personal Information. The Bank only uses sensitive Personal Information as necessary to perform the services or provide the goods the average person would reasonably expect when requesting those goods or services, to ensure security and integrity, short term transient use, to maintain the quality of our products and services, or for other purposes permitted by the CPRA and implementing regulations without the right to opt out.

HOW TO SUBMIT A VERIFIABLE REQUEST

The Bank will respond to requests from California residents in accordance with the CCPA if it can verify the identity of the individual submitting the request. California residents can exercise these rights by email at ccparequests@fhlbsf.com. We match Personal Information that you provide us against Personal Information we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal information), the more data points may be required to match information maintained by the Bank.

Please note, we may not be able to comply with your request if we are unable to confirm your identity or connect the information you submit in your request with Personal Information in our possession. Therefore, you should include information you have previously submitted to the Bank for the verification process. If we are unable to verify your identity, we may request additional information.

If you have questions on how to submit a verified request, please contact ccparequests@fhlbsf.com.

AUTHORIZED AGENT

You may designate an Authorized Agent to submit a request to delete, request to correct, or a request to know on your behalf. For the Bank to respond to a request from an Authorized Agent, the Bank may:

  • Request a copy of the written permission granting the Authorized Agent to make such a request on your behalf;
  • Request confirmation from you that your authorized the agent to make the request on your behalf; or
  • Request that you directly verify your own identity.

In the alternative, you can provide a power of attorney compliant with the California Probate Code.

CONTACT US

If you have questions or concerns regarding our Privacy Policy or practices, you may contact us via the following email address: websupport@fhlbsf.com.

CHANGES TO THIS PRIVACY POLICY

The Bank may update this Privacy Policy from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the top of this page. Any changes become effective when we post the revised Privacy Policy. Your continued use of our Services following these changes means that you accept the revised Privacy Policy.