Online Privacy Practices and Privacy Notice​​

 

Effective date: 03/2024

Online Privacy Practices

These Online Privacy Practices (this “Online Privacy Notice”) describe how we collect information when you visit or use our website, any of our mobile applications, or any other online service offered by Comerica Bank. How we handle information about you when you visit our website will depend on what you do when visiting comerica.com and other websites owned by Comerica Bank. The terms “Comerica,” “we,” “our,” or “us” mean Comerica Bank, its parent company, Comerica Incorporated, and its affiliates and subsidiaries. This Online Privacy Notice does not apply to Comerica’s third-party service providers or any other business, entity, or individual not owned, directly or indirectly, by Comerica.

See below for a link to our general privacy notice applicable to consumers as required by federal law.

Customer Information

Solely Visiting Our Website

If you visit our website to solely read information and do not use any of our online services (offered to non-customers and/or customers), then we collect and store only the name of the domain from which you access the Internet, the date and time you access our website, Internet address of the website from which you linked directly to our website and your zip code. We may record the "IP address" assigned to you by your internet service provider as part of this process. We use the information we collect to measure the number of visitors to different sections of our site, and to help make our website more useful to visitors.

Using Our Services

We recommend that when you complete your online transactions, you should log off completely before visiting other sites and/or restart your personal computer. This may clear your cookies (see "Cookies" discussion below). We also recommend that you do not visit other sites during your online banking session with us.

When you visit our website and use our website or our mobile applications to engage in account opening or electronic banking services (e.g. Comerica Web Banking® or Comerica Treasury Mobile®), then there may be times when you are asked to provide information about you that is personally identifiable ("Personal Information"). This may include the following:

Personal

  • your first, middle and last name,
  • your zip code, home or other physical address (including the street name and name of a city or town),
  • your e-mail address,
  • a telephone number,
  • social security number,
  • account number,
  • date of birth,
  • mother's maiden name,
  • password or any other identifier that permits physical or online contact with you,
  • geolocation, and
  • biometric information, including for example your voice print, fingerprint, or facial geometry scan.

Financial

  • Average Account Balance,
  • Household Income,
  • Federal Income Tax Bracket,
  • Monthly Debt,
  • Monthly Rent, and
  • Available Down Payment Amount.

Other

  • Account Preferences,
  • Needs for Savings,
  • Challenge/Security Questions,
  • User IDs, and
  • Passwords.

Please note that user IDs, personal IDs, passwords, and PINs along with tokens or challenge/security questions would be provided by you only in connection with you opening or logging onto one or more of our services or when you set up and use an aggregation service that allows you to consolidate your financial account information from a variety of sources. Comerica Bank would never request personal information (e.g., social security number, user IDs, or passwords) via unsolicited e-mail. Be cautious when clicking on links in e-mails or responding to e-mails you have received, particularly when the message is urgent or threatening. By doing so, you may unwittingly downloaded viruses or spyware that may cause you to be redirected to a fraudulent site, even when you type in a legitimate site address, such as comerica.com/privacy. If you are concerned that an e-mail you have received may not be from Comerica Bank, then please send the suspicious e-mail to us at ReportFraud@comerica.com.

Personal Information might be needed or requested from you for you to be able to open deposit accounts online or to register for online banking and other services, or to fill out our forms or applications for services for special promotions or contests, or to accomplish transactions you request. This may result in sharing Personal Information with third parties (such as data processors or service bureaus) as part of servicing your accounts or transactions. We may also collect Personal Information from your installation and use of our mobile applications and share it with our third party service providers for fraud detection and prevention purposes.

Cookies, Web Beacons and Other Technologies

As mentioned above, we collect information from your online visits to our website and your use of our online banking services to help gather statistics about usage and effectiveness, personalize your experiences and tailor our interactions with you. We do so through the use of various technologies, including the use of cookies, web beacons and other use-tracking devices.

Definitions

  • Cookies. A "cookie" is generally a small piece of data sent from a website and stored in a user's web browser while the user is browsing the internet. A "session cookie" is a cookie that exists in temporary memory only while the user is reading and navigating a particular website. A session cookie is typically deleted when the user closes his or her browser. A "persistent cookie" is a cookie that generally outlasts the user's current online session and may be sent back to the server every time the user visits the same website. Persistent cookies are commonly referred to as "tracking cookies" since the user's activity on a particular website may be tracked over time.
  • Web Beacons. A "web beacon" is an object that is embedded in a web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail. It is basically a technique to track who is reading a web page or e-mail. Web beacons, also called "web bugs" are often invisible to the user because they may be very small (only 1-by-1 pixel) and/or are made to blend in with the background color of the webpage, document, or e-mail message. Web bugs are identified with HTML IMG tags in the webpage.

Use of Cookies

You may choose to set your browser to reject cookies. However, we do not recommend disabling cookies on our website because you may not be able to log in or use basic features on our website such as Comerica Web Banking®. For more information see the "Help" information for the browser you are using. If you do not wish to have cookies placed on your computer, you should set your internet browser to refuse cookies before accessing our site, with the understanding that certain features of the site may not function properly without the aid of cookies. If you refuse cookies, you assume all responsibility for any resulting loss of functionality. Please see the heading "Our Response to Web Browser Do Not Track and Other Similar Mechanisms" below for further information.

Use of Web Beacons

With the assistance of a cookie, web bugs may collect the IP address of your computer, the URL of the page the web bugs come from and the time it was viewed, or other personal information. For example, web bugs may add information to a personal profile of what sites a person is visiting and to determine what banner ads to display based on the profile. Another use of web bugs is to provide an independent accounting of how many people have visited a particular website and to gather statistics about web browser usage at different places on the Internet. You may use the "view profiles" of the webpage you are viewing on our website to see whether the page is using a web bug.

Use of SMS/Text Messaging

If you use any SMS/text messaging services or otherwise permit us to communicate with you via SMS/text, we may collect your mobile phone number, your carrier's name, and the date, time, and content of your messages and other information that you may provide through your mobile device, which we may use to open, administer, and maintain your account (including to contact you regarding your account). Your mobile carrier and other service providers may also collect data from your SMS/text usage, and their practices are governed by their own policies and procedures. We will store your information on our systems or those operated by a vendor on our behalf, consistent with our security commitments.

Use of Biometric Technologies

We may collect, share and store your biometric information and biometric identifiers (collectively referred to as, "Biometric Information"). You may have the option to provide certain Biometric Information using our proprietary systems or through protocols provided by our third-party vendors (for example, we may capture your facial geometry by having you take a selfie from your mobile device when you open an account). We may collect and share such Biometric Information from you in order to assist us with validating and authenticating your identity during the account opening process and in validating the security of your account and authenticating you as a customer thereafter, both during online use of our services, mobile applications, and when calling our customer service offices. You will have the option to provide certain biometric information using our proprietary systems or through protocols provided by our third-party vendors (for example, we may capture your facial geometry by having you take a selfie from your mobile device when you open an account).

Comerica does not sell your Biometric Information to any third parties. We may share your Biometric Information with our third-party vendors to the extent necessary to enable us to provide you with our services and to use your Biometric Information in connection with the purpose for which it was collected (customer authentication or verification). We will maintain agreements with any such third-party vendors we use that require them to keep your Biometric Information confidential and secure and that otherwise complies with our obligations in these Online Privacy Practices.

We will store your Biometric Information on our systems or those operated by a third-party vendor on our behalf, consistent with our security commitments. Biometric Information used to authenticate your identity in the online account opening process will be retained for 7 days after authentication. Voiceprints will be retained for as long as you remain enrolled in the associated service. Following the termination of your account or your un-enrollment from the associated services your voiceprint will be permanently deleted. You will need to re-enroll (and provide your voiceprint to Comerica again) in order to utilize any of the services which rely on your voiceprint.

By enrolling in or using any of our offered biometric authentication or verification programs (for example, relying on selfie identification or voiceprint recognition), you acknowledge and consent to the collection, use and storage of your biometric information as described in these Online Privacy Practices and our Biometric Information Policy.

Software Development Kits (SDKs) –

Our mobile applications may include third-party SDKs that allow us and our service providers to collect information about your mobile app activity. In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, may allow us and our service providers to identify your mobile device over time for advertising purposes in compliance with applicable app store consent rules.

Use of Other Technologies

Comerica may use other use-tracking devices, which may change from time-to-time as technology changes, to help diagnose problems and to administer our website. We also may track browser types to help us understand our visitors' needs related to our website design.

Our website may include advertisements for third parties and their products, and those third-party advertisements and websites may include a cookie, web bugs, or other device of the third party. Comerica does not have control over the cookies, web bugs, or other devices used by third parties and does not have access to whatever information they may collect.

If you visit our website or engage in any online service that we offer, then we may collect and store the categories of Personal Information. We will not share the Personal Information you provide us at our website with a third party, except as described below under the heading "Categories of Third Parties with Whom Comerica May Share Information."

Google Signals/Google Analytics:

If you are a Google customer and have enabled “Ads Personalization” on your Google account, we may use Google signals through Google Analytics to market our products and services to you across multiple devices. Google signals are session data from sites and applications that Google associates with users who have signed into their Google accounts and who have turned on the “Ads Personalization” feature. This means that if you sign into your Google account on your personal computer and then later sign in on your mobile device, and the “Ads Personalization” feature is enabled in your account settings, Google may track your interactions with our website and other websites you visit on both devices. We do not receive or collect any Personal Information about you from Google; rather, any data we receive from Google is anonymous and only enables us to see how visitors interact with our website. Google’s collection of this data may impact advertisements you see when you log into your Google account.

Google customers may opt-out of Ads Personalization by signing into their Google accounts and turning off Personalized Ads in their account settings or by visiting https://adssettings.google.com.

Permissions Specific to Android Devices:

We or our third-party vendors may also collect following information specific to customers who use Android devices:

  • Biometric Information: Allows us to collect your Biometric Information, such as your fingerprint, when you log in to one of our mobile applications.
  • Application permissions: Allows Google Play Store to keep a record from where you downloaded one of our mobile applications.
  • Application information: Allows us to collect information about applications installed on your device to check whether any of those applications might be risky. This helps us protect you and us from financial crime.
  • Read phone state: Allows us to know if you are on a call while using one of our mobile applications. This helps us to detect and prevent fraud.

Our Response to Web Browser Do Not Track and Other Similar Mechanisms

You may set your web browser to disable the ability for one or more websites to track your usage. For example, as stated above under the heading "Use of Cookies," you may choose to set your browser to reject cookies. We will respect any disabled cookies as a do not track mechanism that provides you a choice regarding the collection of Personal Information when you visit or conduct online activity on our websites regardless of whether your visit or online activity is a one-off occurrence or occurs over time. However, we may not be able to respond or take any action when it comes to other "do not track" technologies due to technology and industry standards constantly evolving. Also, we are unable to respond or take any action when you access third party websites or online services. Further, please note that if you set your browser to disable cookies or other tracking mechanisms, then your experience using our online services may not be the same depending on the particular service. Specifically, functionality of a service may be limited, may not function properly, or may not work at all. These functionalities include, but are not limited to, settings as to screen size and appearance, logon verification, and pre-populated information.

Other Parties May Collect Personal Information

Other parties that may collect Personal Information about you when you use one or more of our websites or mobile applications once or over time are generally limited to service providers with whom Comerica Bank may share in order to administer, process or service the product or service you are using online or one of our mobile applications.

Categories of Third Parties with Whom Comerica Bank May Share Information

Presently, Comerica Bank discloses Personal Information to third parties about our customers or former customers only as permitted by law. Please see our Consumer Privacy Notice(PDF, 312 KB) for more information.

As we develop our business, we may also buy and sell assets, and your Personal Information may be transferred as a result of a sale of assets. In the event that we are acquired by another company, your Personal Information may be part of the assets transferred to the acquiring party.

Please be aware that other services, provided by other companies via links to their website from Comerica's website, are not subject to these Online Privacy Practices. We encourage you to review third party service providers' privacy policies before sharing your Personal Information with them.

Process to Request Changes to Personal Information

We wish to maintain complete and accurate information about you and your account (including information you have entered through any Comerica Bank website). We have established procedures to assist you should you ever believe that our records contain inaccurate or incomplete information about you. Please contact us to complete or correct your Personal Information. We will investigate your concerns and properly correct any inaccuracies.

Security Standards and Data Retention

We safeguard any information our customers share with us according to strict standards of security and confidentiality. View detailed security information at your convenience (See Security link below). We retain your Personal Information for as long as we are required to do so under applicable law or other legal obligations, or if we otherwise have a legitimate business need to do so.

Children's Privacy Online

We do not knowingly solicit, collect, or use personal information from children under 13. For information concerning the Children's Online Privacy Protection Act (COPPA), visit the Federal Trade Commission's website at www.ftc.gov.

Changes to our Online Privacy Practices

We reserve the right to change our Online Privacy Practices. If we make updates to our Online Privacy Practices, we will update the Online Privacy Practices and revise the "Effective Date" at the top of these Online Privacy Practices. Any updates to our Online Privacy Practices become effective when we post the updates to our website. Your continued use of any portion of our website following the posting of the updated Online Privacy Practices will constitute your acceptance of the changes.

Acceptance of these Online Privacy Practices

Your use of one or more of our websites or our mobile applications, including disputes concerning privacy, is subject to these Online Privacy Practices and the Terms and Conditions of Use (see Terms and Conditions link below). By using our website, you are accepting the practices set out in these Online Privacy Practices and our Terms and Conditions of Use.

Questions or Concerns?

If you have any questions, concerns, or comments regarding this Online Privacy Notice or Comerica’s privacy practices in general, please contact us at 800-266-3742.

© 2024, Comerica Bank. All rights reserved.