Digital Privacy Notice

Information We Collect and How We Collect It

Third-Party Tracking and Advertising

How We Use Your Information

How We Share Your Information

Your Privacy Choices

Social Media

Data Security

Changes to This Notice

Contact Us

Third-Party Tracking and Advertising

We want you to know that third-party companies may also use cookies or other tracking tools on our online services. This typically happens when we use trusted third-party providers to help us with site analytics, advertising, and social media integration. For example:

• Analytics: We use services like Google Analytics to understand how visitors use our site. These services use their own cookies or similar identifiers to collect data about site traffic and behavior. This helps us analyze usage patterns and improve our webpages. Google Analytics, for instance, can provide us aggregate data on which pages are most popular, how long users stay on each page, and what site referred you to us. Google’s ability to use and share information about your visits to our site is restricted by Google’s own privacy policies. If you don’t want to be part of Google Analytics’ data collection, you can opt out by installing the Google Analytics Opt-out Browser Add-on (a small tool provided by Google).
• Advertising Partners: We may partner with advertising networks or social media platforms to show you Sunflower Bank ads on other sites. These partners may place cookies or web beacons on our site (or use similar tracking via our ads on their site) to collect information about your online activities over time and across different websites. This practice is commonly called interest-based advertising or online behavioral advertising. It allows us, for example, to show you a Sunflower Bank offer on another website after you’ve visited our site. Important: The data collected via these third-party cookies and trackers may be used by those third parties for their own purposes, according to their privacy policies. We do not control the data practices of these third parties. However, we want to reassure you that we do not share information that identifies you personally with unaffiliated third parties for their own marketing use, unless we have your consent.

Do Not Track: Some web browsers offer a “Do Not Track” (DNT ) setting that signals to websites that you do not want to be tracked across different sites. Currently, our websites do not respond to DNT signals, because there is not yet a consistent industry standard for how to interpret them. Instead, we offer the choice tools described below (like cookie controls and advertising opt-outs) to manage your tracking preferences.

How We Use Your Information

We use information that we collect about you for a variety of purposes — all aimed at serving you better, operating our business, and protecting against risks. Here are the main ways in which we may use your information (whether collected directly from you or automatically):

• To provide and improve our services: We use your information to deliver the products and services you request. For example, if you fill out an online form to open an account or apply for a loan, we use that information to process your request. We also use data to understand how our customers use our online services and how we can make them better. Usage information (like clicks and page visits) helps us improve site navigation, design, and content relevance.
• To personalize your experience: Information about you can help us customize our interactions. This might mean remembering your preferences (so the site greets you by name or shows the last page you visited) or tailoring the content and ads you see to match your interests. The goal is to make your interactions with Sunflower Bank more convenient and relevant to you.
• For communication and customer service: We may use your contact information (like email or phone number) to send you important updates about your accounts or transactions, respond to your inquiries, or notify you about changes to our services. If you reach out with a question or issue, we will use your information to help resolve it and follow up with you.
• For marketing (with your choices respected): We might use your information to let you know about new products or special offers that might interest you. For example, we could send email newsletters or show you promotions on our website. You have control over marketing messages – if you decide you no longer want to receive promotional emails, you can unsubscribe using the link in the email or by contacting us (see Your Privacy Choices below). We do not spam, and we do not sell your information to outside telemarketers.
• To protect against fraud and security risks: Keeping your accounts and information secure is a top priority. We use personal and device information to detect and prevent fraud, unauthorized transactions, hacking, and other security issues. For instance, we might flag a login attempt that comes from an unusual location or device. We also use data to verify your identity when necessary (such as when you reset your password or contact us for support).
• To comply with legal obligations: Like all financial institutions, we are sometimes required by law to collect, retain, or share certain information. This includes using your information to meet regulatory requirements, respond to court orders or lawful requests by authorities, or fulfill our obligations for tax reporting, record-keeping, and audits. If necessary, we will use and disclose information to enforce our terms of use or other agreements, or to protect the rights, property, or safety of our customers and our organization. (For example, sharing data with law enforcement to prevent fraud or investigate a crime.)

We will only use your personal information in ways that are consistent with the reasons it was collected, and we strive to limit our use to what is appropriate and relevant for each purpose. If we ever need to use your information for a new purpose that isn’t covered by this notice, we’ll let you know and obtain consent if required.

How We Share Your Information

Sunflower Bank does not sell your personal information to third parties, and we do not share it with outside companies for their own independent marketing purposes. However, we do share certain information with others in the following circumstances, as allowed by law or with your consent:

• Within the Sunflower Bank family: We may share information with our affiliates and subsidiaries (for example, our First National 1870 and our holding company FirstSun Capital Bancorp) as needed to service your accounts and provide our services. These companies are all part of the Sunflower Bank family, and any sharing is done to support your customer experience or our business operations in a seamless manner.
• Service providers and partners: We use trusted third-party companies to perform services on our behalf, and we may share information with them as needed for those services. This includes things like data hosting providers (who manage our website servers), payment processors, analytics companies, advertising partners, customer support tools, and email delivery services. When we share information with service providers, we require them to use it only for the purpose of providing services to Sunflower Bank, and to protect it in line with our standards.
• With your consent or at your direction: If you specifically request or agree to us sharing your information with a third party, we will do so. For example, if you link your Sunflower Bank account with a third-party financial app or use a service that requires us to share data at your request, we will transmit the information with your authorization.
• For legal and safety reasons: We may disclose information about you if we are required to do so by law or legal process, or if we believe in good faith that such disclosure is necessary to (a) comply with the law, regulations, or a legal request; (b) enforce our terms and other agreements; or (c) protect the rights, property, or safety of Sunflower Bank, our customers, or others. For instance, we might share information in response to a subpoena, or exchange information with other organizations to reduce fraud risk and enhance security.
• Business transfers: If Sunflower Bank ever merges with another company, or sells some of its businesses or assets, customer information could be transferred as part of that deal. If such a transfer happens, we would require the new owner to use and protect your information in a way that’s consistent with this Notice and the privacy choices you’ve made.

When we share information with third parties, we only share what is necessary. We may share aggregated data or de-identified information that cannot reasonably be linked back to you personally (for example, telling a business partner that “20,000 people viewed their offer on our site” without revealing who those people are). Sharing such aggregated or anonymized data is not restricted, because it does not identify any individual.

Your Privacy Choices

You have choices about how we collect, use, and share your information online. We want to empower you with tools and information to manage your privacy preferences. Here are some of the key choices and controls available to you:

• Cookie Preferences: You can control or delete cookies through your browser settings. Most web browsers allow you to refuse new cookies, disable existing cookies, or be notified when new cookies are set. If you choose to reject or disable cookies, please note that some parts of our site (such as account login or certain features) may become inaccessible or not function properly. For example, if you disable cookies, you may need to re-enter information repeatedly, or certain personalization features might not remember your preferences. Every browser is a bit different, so check the “Help” section of your browser menu for instructions on how to manage cookies. Additionally, if our site uses Flash cookies and you wish to disable those, you’ll need to adjust settings in Adobe Flash Player (if available) as browser settings won’t affect Flash content.
• Opting Out of Analytics: As mentioned, we use Google Analytics to help understand site usage. If you don’t want Google Analytics to collect information from your browser, you can install the Google Analytics Opt-Out add-on for your browser. This tells Google Analytics not to include your visits in their reports. Keep in mind this is specific to Google’s analytics; other analytics tools may have their own opt-out methods.
• Interest-Based Ads Opt-Out: If you prefer not to receive targeted advertising from us or our partners, you have options to opt out. Sunflower Bank participates in industry programs that allow consumers to control tracking for advertising purposes. You can visit the Digital Advertising Alliance’s opt-out page or the Network Advertising Initiative’s opt-out page to opt out of interest-based advertising by companies participating in those programs. These sites will allow you to opt out of many (but not all) of the third-party tracking cookies that advertisers use to show you personalized ads. Please note that even if you opt out of targeted ads, you may still see non-personalized Sunflower Bank ads online (for example, ads that are not tailored to you specifically).
• Marketing Communications: If you receive promotional emails or newsletters from us, you can always unsubscribe. Simply click the “unsubscribe” link in the email or follow the instructions provided. You can also contact us to request removal from our marketing lists. (Please note that even if you opt out of marketing emails, we may still send you transactional or service-related messages, such as account alerts or important notices about your services, since those are not marketing communications).
• Do Not Share/Sell My Info: As we stated above, Sunflower Bank does not sell your personal information to third parties. We also do not share your information with third parties for their own cross-context behavioral advertising purposes. This means there is no need for you to submit a “Do Not Sell or Share My Personal Information” request – we’ve already taken care of that by not engaging in those practices. If this policy changes in the future, we will update this notice and provide a way for you to opt out as required by law.

Note on Public Computers: If you access our online services from a public or shared computer (for example, at a library or café), we encourage you to log out and clear the browser when you’re done. This will help remove any of our cookies or login information stored during your session. It’s a good privacy practice to ensure that the next person using the computer cannot access your information. While our cookies generally won’t contain sensitive personal details, they could allow someone to see that you had logged into a Sunflower Bank service if not cleared. Taking a moment to sign out and clear data helps protect your privacy.

Social Media

Sunflower Bank maintains official pages on popular social media platforms like Facebook, X (Twitter), LinkedIn, and YouTube, where we share news and updates and interact with customers. We love engaging with you on these platforms, and we want you to understand how information may be collected and used in those contexts:

• Information You Share or Post: Any content you post on our official social media pages (for example, comments on our Facebook posts or replies to our X (Twitter) posts) is generally visible to the public. Please avoid sharing sensitive personal information on these public forums. That means do not post things like account numbers, Social Security numbers, passwords, or other confidential details in comments or replies where others might see them. If you need to discuss something specific to your accounts, it’s better to do so through a private channel (like direct messaging or calling us) so we can protect your privacy.
• Information We May Collect: When you interact with us on social media, we may receive information about you from your social media profile. This could include your username, public profile information, and anything you choose to share with us directly (such as via direct message or in a comment). For example, if you message us on Facebook, we will see whatever information you include in that message. We might also see data like your interests or “Likes” on our posts, which helps us understand our audience generally.
• How We Use Social Data: Any personal information we receive through social media interactions will be used in accordance with this Digital Privacy Notice. For instance, if you reach out with a customer service question via X (Twitter), we’ll use your information to help resolve your issue and perhaps follow up to ensure you got what you needed. We might also use aggregate information about user engagement on social media to inform our marketing strategies (for example, understanding which types of posts get the most feedback).
• Third-Party Social Media Platforms: Remember that social media platforms are third-party services with their own privacy policies. We do not control how Facebook, X (Twitter), LinkedIn, or other platforms collect and use your data. If you visit our official Sunflower Bank page on a social platform, that platform may be collecting usage information about you (even if you don’t specifically interact with us) via cookies or other tracking. Those activities are governed by the social media site’s policies, not Sunflower Bank’s. We recommend reviewing the privacy settings and policies of any social media services you use to manage how your data is shared.
• Your Interactions Are Voluntary: Engaging with us on social media is completely voluntary. If you’re more comfortable, you can always contact us through more private channels (such as phone, secure messaging through online banking, or visiting a branch) instead of social media. We want you to reach out in whatever way you prefer, and we’ll be happy to assist you while respecting your privacy.

Data Security

We take security seriously and use a combination of technical and organizational measures to protect your personal information from unauthorized access or misuse. Some of the steps we take include:

• Encryption: When you access our online banking or submit sensitive information through our website, we use encryption protocols like SSL (Secure Sockets Layer) to encrypt the data in transit. This means that personal information (such as login credentials or payment details) is scrambled during transmission so that it can’t be easily intercepted by others. You’ll often see a padlock icon in your browser and an “https” address, indicating the connection is secure.
• Secure Systems: The information you provide to us online is stored on secure servers that are protected by firewalls and other technologies. We limit access to these systems to only those personnel and service providers who need it to perform their duties. We also employ malware protection, intrusion detection, and other safeguards to monitor and protect our networks.
• Procedural Safeguards: Beyond technology, Sunflower Bank maintains policies and procedures designed to protect your information. This includes regular employee training on privacy and security, strict authentication processes for customer identity verification, and programs to detect and prevent fraud. If we work with third-party service providers, we require them to uphold strong security standards as well.
• Financial Privacy Regulations: As a financial institution, we operate under federal privacy and security laws that require us to protect customer information. We regularly undergo audits and examinations for compliance. Keeping personal information secure is one of our most important priorities, and we continuously update our security practices to adapt to new threats.

While we are committed to safeguarding your data, it’s important to note that no website or internet transmission is 100% secure. There is always some risk in transmitting information electronically. We therefore cannot guarantee absolute security of information provided via the internet. You share and transact with us online at your own risk, but rest assured we are using all reasonable means to protect you. If we ever experience a data breach that compromises the privacy or security of your personal information, we will follow all applicable laws and regulations to notify you and address the issue. For your part, we encourage you to use strong passwords, keep your account credentials confidential, and contact us immediately if you suspect any unauthorized activity on your account.