Overview
At Bloomfield State Bank, the basis of each customer relationship is trust. We know that whether you are an existing customer, or considering doing business with Bloomfield State Bank, you have an interest in how we collect, retain and use information about you and your relationship with us.

We have an obligation to honor your trust, beginning with protecting the confidential information you share with us. We believe that your privacy should not be compromised. At the same time, we want to offer you the array of financial products and services you need to accomplish your financial goals. We believe we can do both through the privacy policy outlined below.

Privacy Principles
We believe the confidentiality and protection of customer information is one of our fundamental responsibilities. And while information is critical to providing quality service, we recognize that one of our most important assets is our customers' trust. Our bank recognizes the following eight elements of its privacy policy, which have become standard within the banking industry. We use these Privacy Principles to guide us in dealing with customer information.

1. Recognition of Customer's Expectation of Privacy.
2. Use, Collection and Retention of Customer Information.
3. Maintenance of Accurate Information.
4. Limiting Employee Access to Information.
5. Protection of Information via Established Security Procedures.
6. Restrictions on the Disclosure of Consumer Information.
7. Maintaining Customer Privacy in Business Relationships with Third Parties.
8. Disclosure of Privacy Principles to Customers.

Recognition of Customer's Expectation of Privacy
Customers of Bloomfield State Bank are entitled to the absolute assurance that the information concerning their financial circumstances and personal lives, which the bank has obtained through various means, will be treated with the highest degree of confidentiality and respect. Certain expectations of privacy also contain legal rights of customers, which are either granted or confirmed to them through various federal and state laws and regulations. All employees are directed by this policy to assure customers of the bank's commitment to preserving the privacy of their information. The bank will post a notice in all banking offices and its Web site, which contains an abbreviated version of this policy. That notice is included as part of this policy and is designed to be both a posted notice and a direct disclosure to customers under circumstances described later in this policy.
 

Information We Collect at Bloomfield State Bank
We accumulate information about our customers from a variety of sources. For loan and deposit accounts, information regarding your financial status, such as employment, income, etc. comes from you voluntarily, in person, by mail, or through our web site. Bloomfield State Bank develops other data as a function of providing a product or service to you. Still other information is obtained from outside sources, such as credit bureaus and other creditors. We may also obtain demographic and household information about you from specialized firms.

How We Use This Information
We collect, retain, and use information about you only where we reasonably believe that it will help us to:
• mitigate potential risks or loss to Bloomfield State Bank;
• protect and administer your records, accounts and funds;
• comply with certain laws and regulations;
• help us design or improve our products and services; or
• understand your financial needs so that we can provide you with quality products and superior service.

Maintenance of Accurate Information
At Bloomfield State Bank, we work hard to ensure that your financial information is accurate, current and complete in accordance with reasonable commercial standards. We also pledge to respond to requests to correct inaccurate information in a timely manner. Please let us know immediately if you believe that our records contain inaccurate or incomplete information about you, or if anything changes, such as your name and address. The bank will respond promptly and affirmatively to any legitimate customer request to correct inaccurate information, including forwarding of corrected information to any third party who had received the inaccurate information. The bank will further undertake to record that such corrective action was requested by the customer and follow up with any third party to ensure that they have processed the correction.

Limitations on Employee Access to Information
At Bloomfield State Bank, employee access to personally identifiable customer information is limited to those with a business reason to know such information, either to assist you in the completion of transactions, maintenance of your records or in the sale of additional financial services. Because of the importance of these issues, all Bloomfield State Bank employees are responsible for maintaining the confidentiality of customer information and are periodically reminded of these standards during training sessions at least once during each calendar year. Executive management will take all steps necessary to ensure that only employees with a legitimate business reason for knowing your personally identifiable customer information shall have access to such information. Willful violation of this element of this policy will result in disciplinary action against the offending individual. Inadvertent violations will be dealt with in a manner to ensure that such violations are not repeated.
To the extent practicable, access will be limited by computer access codes and granting limited access to areas in which sensitive customer information is retained.
 

Protection of Information via Established Security Procedures
At Bloomfield State Bank, we are committed to the security of your financial and personal information. All of our operational and data processing systems are in a secure environment that protects your account information from being accessed by third parties. We safeguard information according to established security standards and procedures to prevent unauthorized access to customer information. Such procedures should prevent access by not only unauthorized employees, but others as well. Such others include but are not limited to, all non-employees with otherwise legitimate reasons for being on bank premises, computer "hackers", and any intruders on bank premises.

Restrictions on the Disclosure of Account Information
The bank will not, except in cases allowed or required under the law, reveal specific information about customer accounts or other personally identifiable data to any non-affiliated third parties for their independent use. Exceptions include for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information or in the performance of bona fide corporate due diligence or business matter, unless

• the information is provided to help complete a customer initiated transaction;
• the customer requests or permits it;
• the disclosure is required by or allowed by law (e.g. subpoena, investigation of fraudulent activity, request by regulator, etc.); or
• the customer has been informed about the possibility of disclosure for marketing or similar purposes through a prior communication and given the    opportunity to decline or "opt out".

Maintaining Customer Privacy in Business Relationships with Third Parties
If the bank is requested to provide personally identifiable information to a third party and that request is in all respects consistent with other elements of this policy, the bank will require such third parties to adhere to similar privacy principles, no less stringent than set forth in this policy, that provide for keeping such information confidential.

Disclosure of Privacy Principles to Customers
At Bloomfield State Bank, we recognize and respect the privacy expectations of our customers. We want you to understand our commitment to privacy in our use of customer information. As a result of our commitment, we have developed this Privacy Policy which is made readily available to our customers. Disclosure of the Privacy Notice shall be provided to customers initially and then annually thereafter.
A notice of the right to "opt out" will accompany each Privacy Notice, unless our bank shares non-public personal information only within the three categories of exceptions, listed below. If our bank does share non-public personal information only within the three categories of exceptions, a simplified privacy notice will be provided to customers. The notice may be delivered by hand, by mail, or electronically, as specified in the pertinent banking regulation. If the notice is provided electronically, the consumer must be required to acknowledge receipt as a necessary condition for obtaining a financial product or service.

Exceptions to the Opt Out Requirements for Service Providers and Joint Marketing
The opt out requirements do not apply if our bank chooses to provide non-public personal information about a consumer to a non-affiliated third party to perform services for the bank or functions on the bank's behalf, if our bank provides the initial notice as required and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of the information to at least the same extent that the bank must maintain that confidentiality and limits the third party's use of the information solely to the purposes for which it is disclosed or as otherwise permitted.

Exceptions to the Opt Out Requirements for Processing and Servicing Transactions
The requirements for initial notice, for opt out, and for service providers and joint marketing do not apply if the bank discloses non-public personal information:
• As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer.
• To service or process a financial product or service requested or authorized by the consumer.
• To maintain or service the consumer's account with the bank, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity.
• In connection with a proposed or actual securitization, secondary market sale (including sales of servicing rights) or similar transaction related to a transaction of the consumer.

Other Exceptions to Notice and Opt Out Requirements
There are additional exceptions to the opt out requirements. The requirements for initial notice, for opt out, and for service providers and joint marketing do not apply when a bank discloses non-public personal information in the following circumstances:
• With the consent or direction of the consumer, provided that the consumer has not revoked the consent or direction.
• For the following protective or legal situations:
• To protect the confidentiality or security of the bank's records pertaining to the consumer, service, product, or transaction.
• To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.
• For required institutional risk control or for resolving consumer disputes or inquiries.
• To persons holding a legal or beneficial interest relating to the consumer.
• To persons acting in a fiduciary or representative capacity on behalf of the Consumer.
• To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating the bank, persons that are assessing the bank's compliance with industry standards, and the bank's attorneys, accountants, and auditors.
• To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 USC 3401), to law enforcement agencies (including government regulators), self-regulatory organizations, or for an investigation on a matter related to public safety.
• To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 USC1681) or from a consumer report reported by a consumer reporting agency.
• In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of non-public personal information concerns solely consumers of that business or unit.
• To comply with federal, state, or local laws, rules, and other applicable legal requirements -specifically:
• To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities; or
• To respond to judicial process or government regulatory authorities having jurisdiction over the bank for examination, compliance, or other purposes as authorized by law.

Employee Education and Training
Executive management will provide a copy of this policy to all bank employees. After any amendments or modifications to this policy have been duly adopted, a copy of the amended policy will also be given to each employee.
At least once during each calendar year, the bank will conduct a meeting of all employees during which matters affecting customers' rights to privacy will be discussed. Such meetings will include discussions on the following:
• The proper use of customer information.
• Procedures for maintaining security of information.
• The importance of confidentiality and customer privacy.
• Any incidents, or patterns of behavior, which are covered under this policy.

Record Keeping and Reporting
Executive management will maintain a separate file for the purpose of retaining any customer complaints which relate to this policy: The information regarding any complaint should include the exact nature of the complaint, describe the corrective actions taken, and confirm that the corrective actions resolved the complaint.
Executive management will make an annual report to the Board concerning customer complaints, which shall include the frequency and nature of such complaints and corrective actions taken. Complaints of a nature sufficient to present a risk of regulatory enforcement action and/or civil money penalties are required to be reported if and when they occur.

Review of Policy
The Board of Directors will make a review of this policy at least once each year and make any revisions and amendments it deems appropriate. Executive management will be responsible for suggesting more frequent revisions as situations or changes in laws or regulations dictate.

Customers who have questions about these Privacy Principles or have a question about the privacy of their customer information should call the Bloomfield State Bank at 1-800-319-6110; write to us at Bloomfield State Bank, Attention Betty Apple Rush, Sr. Auditor, 48 North Washington Street, Bloomfield, IN 47441; or e-mail us at info@bloombank.com. Please include your name, address and social security number.