Applicant and Employee Privacy Notice

 

Effective Date: November 2025

This Applicant and Employee Privacy Notice ("Notice") describes how Comerica Bank, its parent company, Comerica Incorporated, and its subsidiaries and affiliates (“Comerica”, “Company”, "us", "our", or "we") collect and process personal information about our applicants and employees. The purpose of this Notice is to provide you with a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing and retention of personal information. You may have certain rights with respect to your personal information and this Notice describes your rights and how you can exercise those rights.

This Notice applies to our current and former applicants and employees and covers our collection and use of your personal information in an employment context and supplements the information contained in our Online Privacy Practices and Privacy Notice.

This Notice does not apply to our collection and use of personal information in a consumer or business-to-business capacity. For more information on our collection and use of consumer personal information see our Consumer Financial Privacy Notice(PDF, 312 KB) and California Consumer Privacy Rights Statement.
 

Personal Information We Collect

We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee, applicant, or household (“Personal Information”). Personal information does not include:

• Publicly available information, including from government records, through widely distributed media, or that the employee or applicant made publicly available without restricting it to a specific audience.
• Lawfully obtained, truthful information that is a matter of public concern.
• De-identified or aggregated employee or applicant information. 

The following table identifies which categories of personal information we may have collected from our employees and applicants within the last 12 months. 

Categories of PI Collected	Examples
A. Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers, and similar information for your dependents and beneficiaries.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, signature, Social Security number, physical characteristics or description, photograph, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, membership in professional organizations, professional licenses and certifications, bank account number, credit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision-making, veteran or military status, genetic information (including familial genetic information).
D. Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information	Physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, and voiceprints, keystroke patterns.
F. Internet or other similar network activity	All activity on our information systems (such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames, and passwords) and all activity on the Company’s communications systems (such as phone calls, call logs, voicemails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information about an employee’s use of Company-issued devices).
G. Geolocation data	Physical location or movements, such as the time and physical location related to use of an internet website, application, or device.
H. Sensory data	Audio, electronic, visual, or similar information and call monitoring and video surveillance.
I. Professional or employment-related information	Current or past job history or performance evaluations, such as employment application information (work history, academic and professional qualifications, educational records, references, and interview notes, background check, drug testing results, work authorization, performance and disciplinary records, salary, bonus, commission, and other similar compensation data, benefit plan enrollment, participation, and claims information, leave of absence information including religious, military and family obligations, health data concerning employee and their family members).
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
L. Sensitive Personal Information	Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership, contents of a consumer’s mail, email or text messages not directed to the Company; biometric information; health; sex life or sexual orientation.

 

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you, such as from the forms or information you input into our career website or application systems, throughout the application process
• Indirectly from you, such as from your interactions with our website or computer systems
• From our service providers, such as
  • Benefit providers
  • Payroll providers
  • Background check providers
  • Fraud monitoring services    
• Government entities, such as for background check purposes and/or licensing purposes
• From other employees, such as from performance reviews or other observations and interactions
• Licensing organizations, as applicable
• Social networks (e.g., LinkedIn)
   

How We Use Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes: 

• To recruit and evaluate you as a job applicant and a candidate for employment;
• Conduct background checks and verify employment eligibility;
• Manage your employment relationship with us, including for:
  • Onboarding processes;
  • Timekeeping, payroll and expense report administration;
  • The design and administration of health wellness programs, employee benefits plans and programs, including for leaves of absence;
  • Employee training and talent development;
  • The provision of human capital management and employee data maintenance and support services;
  • Reaching you, your emergency contacts, and plan beneficiaries when needed, such as when you are not reachable or are injured or ill;
  • Workers’ compensation claims management;
  • Improving employee productivity and our efficiency, logistics, and supply chain management;
  • Employee job performance, including goals and performance reviews, promotions, discipline and termination; and
  • Maintain personnel records and comply with record retention requirements.
• Manage and monitor employee access to and prevent unauthorized access to or use of our property, including its facilities, equipment and systems;
• Design, implement, and promote our inclusion programs;
• Ensuring compliance with our information systems policies and procedures;
• Conduct workplace investigations;
• Engage in corporate transactions requiring review of employee records, such as for evaluating potential Company mergers and acquisitions;
• Perform workforce analytics, data analytics and benchmarking;
• As necessary or appropriate to protect the legal rights, property or safety of us, our clients or others;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
• To detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and to prosecute those responsible for that activity;
• For debugging to identify and repair errors with our services;
• To improve our websites, present its contents to you, and for short-term, transient use, such as contextual customization of ads;
• For auditing relating to interactions, transactions and other compliance activities;
• To comply with applicable laws, rules and regulations.
   

Sensitive Personal Information Use and Disclosure Purposes

We may use or disclose sensitive personal information for the following statutorily approved reasons (Permitted Purposes) such as:

• Performing actions that are necessary for our employment relationship and that an average employee in an employment relationship with us would reasonably expect, including for many of the purposes listed in the prior section, How We Use Personal Information.
• Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
• Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company.
• Ensuring physical safety.
• Short-term, transient use, such as non-personalized advertising shown as part of an employee’s current employment with us, if we do not:
  • disclose the sensitive personal information to another third party; or
  • use it to build a profile about the employee or otherwise alter the employee’s experience outside their current employment with the Company.
• Services performed for the Company, including maintaining or servicing accounts, providing human resources and employee benefits administration, processing or fulfilling transactions, verifying employee information, processing payments, or analytic services, storage, or similar services for the Company.
• Activities required to:
  • verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; and
  • improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.

We do not use or disclose sensitive personal information for purposes other than for permitted purposes.  As a result, we do not offer a right to limit our use or disclosure of these categories of sensitive personal information. 

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. 

We may collect, process, and disclose aggregated or deidentified information about our employees and applicants for any purpose, without restriction.
 

Disclosing Personal Information

We may disclose your personal information we collect to others for the business purposes described in How We Use Personal Information section and the table below. When we disclose personal information for a business purpose (except as may be required or permitted by law), we enter into a contract that describes the purpose, requires the recipient keep the personal information confidential, and prohibit using the information for any purpose except performing the contract.

We disclose your personal information for a business purpose to the following categories of third parties:

• Our affiliates
• Service providers
• Government entities
• Licensing organizations
• Third parties to whom you or your agents authorize us to disclose your personal information in connection with your application or employment purposes

The chart below identifies the categories of entities to whom we have disclosed our applicants’ or employees’ personal information for a business purpose over the past 12 months, along with the personal information categories disclosed and the disclosure’s business purposes.
 

Category of Entities	PI Categories Disclosed	Sensitive PI Categories Disclosed	Business Purpose Disclosures
Our Affiliates	A. Identifiers B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) C. Protected classification characteristics under California or federal law D. Commercial information E. Biometric information F. Internet or other similar network activity G. Geolocation data H. Sensory data I. Professional or employment-related information J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) K. Inferences drawn from other personal information	·    Government identifiers ·    Complete account access credentials ·    Precise geolocation ·    Racial or ethnic origin ·    Citizenship or immigration status ·    Religious or philosophical beliefs ·    Union membership ·    Mail, email, or text messages contents not directed to the Company ·    Unique identifying biometric information ·    Health information ·    Sex life or sexual orientation information	As described in How We Use Personal Information section
Service Providers	A. Identifiers B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) C. Protected classification characteristics under California or federal law D. Commercial information E. Biometric information F. Internet or other similar network activity G. Geolocation data H. Sensory data I. Professional or employment-related information J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) K. Inferences drawn from other personal information	·    Government identifiers ·    Complete account access credentials ·    Precise geolocation ·    Racial or ethnic origin ·    Citizenship or immigration status ·    Religious or philosophical beliefs ·    Union membership ·    Mail, email, or text messages contents not directed to the Company ·    Unique identifying biometric information ·    Health information ·    Sex life or sexual orientation information	As described in How We Use Personal Information section
Government entities	A. Identifiers B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) C. Protected classification characteristics under California or federal law E. Biometric information F. Internet or other similar network activity G. Geolocation data I. Professional or employment-related information J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	·    Government identifiers ·    Precise geolocation ·    Racial or ethnic origin ·    Citizenship or immigration status ·    Biometrics	Background check and licensing purposes; Ensuring compliance with our information systems policies and procedures; Compliance with laws, rules and regulations
Licensing organizations	A. Identifiers B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) C. Protected classification characteristics under California or federal law G. Geolocation data I. Professional or employment-related information J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	·    Government identifiers ·    Precise geolocation ·    Racial or ethnic origin ·    Citizenship or immigration status	Background check and licensing purposes; Work opportunity tax credit purposes; Compliance with laws, rules and regulations

 

Selling and Sharing of Personal Information

In the preceding twelve (12) month period, we have not sold personal information for monetary consideration. When you visit our website, we may use tracking technologies such as cookies for a variety of purposes, including to understand how visitors interact with our websites, and to provide personalized advertisements. The use of these technologies may constitute a “sale” or “share” of personal information under certain state privacy laws.

We do not knowingly sell or share personal information of employees or applicants under 16 years of age.

 

CALIFORNIA PRIVACY RIGHTS

 

If you are a California applicant or employee, you have the following rights under the California Consumer Privacy Act (CCPA) regarding your personal information.
 

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information (“right to know), including specific pieces of personal information we have collected about you (“data portability”).  Once we have received your request and confirmed your identity, we will disclose to you:

• the categories of personal information we collected about you
• the categories of sources from which collected your personal information
• the business or commercial purpose for collecting your personal information and, if applicable, selling or sharing with third parties for cross context behavioral advertising (e.g., targeted advertising)
• the categories of third parties to whom we disclose personal information
• when specifically requested, a copy of your personal information subject to any permitted redactions.
   

Right to Request Correction of Inaccurate Personal Information

You have the right to request correction of inaccurate personal information maintained by us. We may request documentation from you to determine the accuracy of the information.
 

Right to Request Deletion of Your Personal Information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations. 
 

Right to Opt-Out of Sell or Share 

You have the right to opt out of having your personal information sold or shared for specific purposes related to CCPA.  In the event of a merger, acquisition, or similar event, we will preserve your opt-out preferences regarding the sale or sharing of personal information. 
 

Right to Non-Discrimination for the Exercise of a Privacy Right 

We will not discriminate against you for exercising any of your privacy rights. 
 

How to Exercise Your Rights 

To exercise the right to know, data portability, correct, or delete please submit a verifiable request to us by either:

• Calling us toll free at 1-800-522-2265; or
• Visit our online CPRA Request Page

You or your authorized agent may only submit a request to know or for data portability twice within a 12-month period.  Any disclosures we provide will only cover the 12-month period preceding receipt of your request, but you may request an expanded time period as permitted by law.  We will honor that expanded request unless doing so would involve a disproportionate effort. 
 

Opt-Out Rights 

Our use of tracking technologies may be considered a sale or share for targeted advertising under applicable state law. To opt out of the sale or sharing of your personal information you may submit a request to us through our online CPRA Request Page and selecting Opt-Out Request or by calling us toll free at 1-800-522-2265.

You may also opt out by activating a user-enabled global privacy control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicates or signals your choice to opt-out of the sale and sharing of personal information. This option does not stop all sales or sharing of your information because we cannot match your device’s identification or internet protocol address with your personally identifiable information like your name, phone number, email address or ZIP Code. If you delete cookies on your browser, any prior do not sell or do not share signal is also deleted and you should make sure that your user-enabled setting is always activated.

You do not need to tell us to limit processing of Sensitive Personal Information because we already limit such processing.
 

Verification Process and Authorized Agents

Only you, a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request to know, delete or correct your personal information. You may also make a verifiable request on behalf of your minor child. 

We cannot respond to your request to know, delete or correct if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor's identity or authority to make the request.
 

Responding to Your Requests 

We will acknowledge receipt of your request to know, correct, or delete within 10 business days and will endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to a total of 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.  Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.  We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For requests that we not sell or share your information we will comply with your request as soon as feasibly possible.  Once we receive your request, we will wait at least 12 months before asking you to reauthorize personal information sales or sharing.
 

Changes to Our Privacy Notice

We reserve the right to amend this Notice at our discretion and at any time. Any changes made to this Notice will be available on our website.  We encourage you to check our website to review the current Notice in effect. 
 

Security

We safeguard any information our employees or applicants share with us according to strict standards of security and confidentiality. View security information at your convenience at our Security Commitment page. 
 

Retention Periods

We retain your Personal Information for as long as we are required to do so under applicable law or other legal obligations, or if we otherwise have a legitimate business need to do so. We will ensure secure disposal of personal information when it is no longer necessary or relevant for our identified business need, in accordance with established record retention guidelines.
 

Contact for More Information

If you have any questions or comments about this Notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please call 1-800-522-2265.