Privacy Policy / Do Not Call Policy

1. Recognition of a Customer’s Expectation of Privacy
The Bank recognizes and respects the privacy of its customers and will disclose these principles of financial privacy when establishing a customer relationship.

2. Use, Collection, and Retention of Customer Information
The Bank will collect, retain and use information about individual customers only where we believe it would be useful (and allowed by law) to administer business and to provide products, services and other opportunities to its customers. The Bank collects nonpublic personal information from the following sources:
-Information we receive on applications or other forms
-Information about transactions with us or our affiliates
-Information about transactions with nonaffiliated third parties
-Information from a consumer reporting agency

3. Maintenance of Accurate Information
The Bank will establish internal procedures that ensure a customer’s financial information is accurate, current and complete in accordance with reasonable commercial standards. The Bank will respond to requests to correct inaccurate information in a timely manner.

4. Limiting Employee Access to Information
The Bank will limit employee access to personally identifiable information to those with a business reason for knowing such information. The Bank will ensure employees understand the importance of confidentiality and customer privacy. The Bank will take appropriate disciplinary measures where necessary to enforce employee privacy responsibilities.

5. Identifying Risks
The Bank will identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information. Management shall develop, implement, and maintain procedures to control the identified risks. The Privacy Risk Assessment for safeguarding customer information will be reviewed annually.

6. Restrictions on the Disclosure of Account Information
The Bank will not reveal specific information about customer accounts or other personally identifiable data to unaffiliated third parties for their independent use, except for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information or in the performance of bona fide corporate due diligence, unless:
- the information is provided to help complete a customer initiated transaction;
- the customer requests it;
- the disclosure is required by/or allowed by law (i.e. subpoena, investigation of fraudulent activity, etc.); or
- to a credit bureau or similar information reporting agency
If you decide to close your account(s) or become an inactive customer, we will continue to adhere to the practices of this policy.

7. Maintaining Customer Privacy in Business Relationships with Third Parties
If personally identifiable customer information is provided to a third party, the Bank will insist that the third party adhere to similar privacy principles that keep such information confidential. When applicable, contracts with service providers shall specifically require them to protect the security, confidentiality, and integrity of all customer information that is under their control. Contractual performance will be monitored.

Do Not Call Policy

Bank Iowa is committed to honoring the requests of its current and prospective customers. In support of this commitment and pursuant to regulations set forth by the Federal Communications Commission (FCC) and the Federal Trade Commission's (FTC) telemarketing regulations, Bank Iowa Board of Directors has adopted the following policy.

For the purpose of this policy, the term "telephone solicitation" means any call that is made to a consumer at a residential phone number for the purpose of encouraging the purchase of products and services from the Bank. The term does not include a call to the following:
-Any person that has given the bank prior permission to call; or
-Any person with whom the bank has an established business relationship

It is the policy of Bank Iowa that employees will initiate telephone solicitation calls for marketing purposes only to persons who have established business relationships with Bank Iowa. Such calls will be placed only between the hours of 8:00 a.m. and 9:00 p.m. Employees will identify themselves by name, and provide the Bank name and phone number.

If a consumer with whom we have an established banking relationship requests that the Bank does not call them in the future to provide information about products or services, we will honor their request and place them on the Bank's internal Do Not Call list. Consumers may register for this service online at www.bankiowabanks.com, click the location where they bank, and click contact us. They may also contact the bank either by phone or written request at:

Bank Iowa
701 W. Sheridan Avenue
P.O. Box 308
Shenandoah, IA 51601

The request must provide the 10-digit residential telephone number that is not to be called and the person's name and address.

Once a request has been made, the Bank will add the telephone number to the Bank's internal Do Not Call list within thirty (30) days. The Bank will retain the telephone number and name on the internal list for five (5) years, unless the consumer requests to have their number removed. If a telephone number changes, the consumer must submit the new number to be added to the Bank's internal Do Not Call list.

In the event the Bank decides to initiate telephone solicitation calls for marketing purposes to consumers who do not have an established business relationship with the bank, the following additional provisions will be included in this policy.

The Bank will honor Do Not Call requests on behalf of consumers listed on the National Do Not Call Registry maintained by the Federal Trade Commission and various State Agency lists as well as our own Bank Iowa internal Do Not Call list. The National Do Not Call Registry will be accessed at least every 31 days to maintain updated lists.

Any employee involved in telephone solicitation with the Bank will be trained, informed, and directed to comply with the Bank's Do Not Call policy. Management will review the policy with these employees on a regular basis.

If a consumer requests a copy of our Do Not Call policy, we will send a copy via U.S. Mail or electronic mail.