‍Privacy Policy The policy statement immediately below is posted on the company’s website. Because the Graham Leach Bliley Act has a standard disclosure to be used during loan origination and because this standard form is generally required by lenders and is available in a form accepted as both compliant and for use during origination, the privacy statement disclosed to prospective borrowers differs in form from the privacy policy stated below; but is substantially the same with respect to substance. 

‍First American Home Loans’ Posted Privacy Policy This privacy policy governs the use of information by First American Home Loans as collected on www.fahl1.com ("Website"). The example of the company’s web-based privacy notice applies to information collected by the company’s web site. First American Home Loans is committed to security and privacy of the personal information. This privacy policy applies to that information that you submit via this website, and that First American Home Loans receives via this website. It does not apply to the practices of businesses and people with which we have no affiliation or control. While using this site, you may click a link which brings you to a site not controlled nor owned by First American Home Loans. In this case, you should review the policies of that site. This First American Home Loans policy should not be taken to apply outside of www.fahl1.com 

‍Information Collection, Use, and Sharing First American Home Loans collects personal information ("Information") from you through e-mail, forms, and other methods located on our website. This Information is collected only if you choose to submit it, and in submitting it you agree to have the Information handled in accord with this policy. This Information may include names, social security numbers, e-mail addresses, phone numbers, home data including pricing and outstanding loans, and other data as requested or provided. 

First American Home Loans takes the privacy of your information seriously. We will share your information only among our company and its affiliates and/or commonly owned companies, and may do so for any business reason. We do not sell or transfer your information to any unrelated third party, except as provided for herein. ‍First American Home Loans will use your Information in order to fulfill your request. As such, information may be shared as necessary with third parties including: • Appraisal companies • Credit agencies • Mortgage insurance companies • Title and escrow companies or Hazard Insurance Companies • Lenders First American Home Loans will not otherwise share the Information which you have provided. 
Your Access to and Control of Information You may opt out of any future contacts from us, or change the information we have on file for you, at any time. You can do the following at any time by contacting us via the mailing address, email address or phone number given on our website: • See what data we have about you, if any. • Change/correct any data we have about you. • Have us delete any data we have about you. • Express any concern you have about our use of your data or its security We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as a social security number), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. The computers and servers in which we store personally identifiable information are kept in a secure environment. If you feel that we are not abiding by this privacy policy, you should contact us immediately at the address, telephone number or email address below. 

‍Browsing the Website As you browse the Website, we may record certain data about your visit. This data does not include any personally identifiable information, and cannot be traced back to you unless you choose to identify yourself and/or your access history. Data collected may include your IP address, operating system, browser type, time, date, and page visits, where you came from, and other such non-personal information. We may also place "cookies" on your computer. These help us in tracking your use of the Website, and do not collect any personally identifiable data about you. If you choose to reject these cookies, certain functions of the Website may be unable to operate. 

Mobile Phone Numbers No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

‍Legal Requirements First American Home Loans may disclose any and all information as required by law or legal action. First American Home Loans may also do so in the good-faith belief that disclosure is necessary or required by law or legal process. ‍

‍This Policy May Change This privacy policy may change at any time, for any reason, and without notice. It is your responsibility to check this policy often to ensure that you are aware of our latest policies. First American Home Loans, Inc. 1748 W. Katella Ave, #204, Orange, CA 92867 (714) 744-2000 x2360

‍How First American Home Loans uses and deals with customer and staff information The company does not sell or share, other than to facilitate originating the requested loan a customer’s information. All information is retained in either electronic or hard copy format and is protected electronically in password, limited access environments with signed understandings from the company’s staff about the individual and collective responsibility to safeguard information. The company protects the privacy and confidentially of our customers and staff information at all times it is in our custody. That includes during and after employment if a staff member and during and after the loan application, approval, and closing process for our prospects and customers. Customer information is not shared with or sold to any third parties for marketing or any other purpose. Information we collect from the loan application or during the loan application process is only re-disclosed as required to complete the loan transaction. Employees sign, as part of their employment manual, a commitment to fully comply with the Privacy of Consumer Financial Information Act and the Federal Trade Commission’s implementation regulation there under, 16 CFR Part 313. Each customer is provided with the following information at application, in the form of a standard disclosure as provided by our loan origination software. The disclosure states: ⮚ First American Home Loans fully complies with the Privacy of Consumer Financial Information Act and the Federal Trade Commission’s implementation regulation thereunder, 16 CFR Part 313, 314 and 682. 

⮚ First American Home Loans collects non-public personal information about you from the following sources: 

o Information we receive from you on applications or other forms. 

o Information about your transactions with us, our affiliates, or others and Information we receive from a consumer reporting agency. 

⮚ We do not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law. 

⮚ We restrict access to nonpublic personal information about you to those employees who need to know that information to provide the requested loan origination services to you. 

⮚ We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information. What actions does the company take in the event of a privacy breach? Protection of consumer non-public information is a central element of our consumer protection policy. Technological advances have made it possible for detailed information about our customers to be compiled and shared more easily. These improvements have produced many benefits for individual consumers and for companies. However, the value has not come without increased risk to breach and given more information is maintained in electronic form personal information becomes more accessible. The resulting implication is that each of us must take precautions to protect against the misuse of this information. All non-public, private information (such as date of birth, social security number, account numbers, amounts owing) is privileged information. Every employee and service provider for the company is under a specific lawful duty to protect such information. The company treats this obligation as a serious charge. Therefore, we have established specific actions for events that are determined to indicate a possible or actual breach. Procedures For Handling Policy Violations or Breaches 

‍Privacy Breaches Any individual who suspects that a theft, breach or exposure of company protected or sensitive data has occurred must immediately provide a description of what occurred via e-mail to the owner or the designee. All reported events will be investigated to confirm if a theft, breach or exposure occurred. If a theft, breach or exposure occurred, the owner will determine the specific steps to take based on the nature of the breach. If the incident is a suspected theft, legal counsel shall also be contacted. They will determine whether or not a local law enforcement agency should be contacted based on the location and details of the incident. If the investigation confirms theft, data breach or exposure of protected data or sensitive data, including privileged consumer information: As soon as a theft, data breach or exposure containing company protected data or sensitive data is identified, the process of removing all access to that resource will begin as soon as possible. The owner will direct actions necessary to notify the affected consumers, if the information relates to a customer and/or will decide and direct action to contact appropriate regulatory, insurance or law enforcement based on the nature of the breach. 

‍Oral Reports of Breach Orally reported breaches are taken seriously. Front line staff who receives an oral report of breach should seek to solve the problem immediately, if possible. Ask the caller about the nature of the breach, record, in writing the details, including: 
 Caller Name, Contact information including address, phone and email, 
 Description of the breach, including callers suspected source if any 
 Confirm caller’s relationship with the company and match call to existing records 

If staff cannot solve the problem immediately advise the caller that the issue will be referred to the owner and the owner will contact them within seventy-two (72) hours to review the results of the initial investigation. If the complaint is being made on behalf of the consumer by an advocate it must first be verified that the person has permission to speak for the consumer, especially if confidential information is involved. It is very easy to assume that the advocate has the right or power to act for the consumer when they may not. The company policy requires that the consumer's explicit written permission is provided prior to discussing the complaint with the advocate. After talking the problem through, the owner or the staff member dealing with the complaint should suggest a course of action to resolve the complaint. If this course of action is acceptable then the staff member should clarify the agreement with the caller and agree upon a manner in which the results of the complaint will be communicated to the complainant (i.e. through another meeting or by letter). If the suggested plan of action is not acceptable to the caller, then the owner will require that the caller put their complaint in writing and the owner will become responsible for dealing with the ultimate solution. In all situations the results of the conversation will be documented and filed for a period of not less than three (3) years in both the customer record and in the company breach files. If the complaint is from a customer, details of the inquiry will be recorded in the conversation log of the Loan Origination System. 

‍Written Notice of Breach Breaches reported in writing are treated similarly to oral reports. Either the owner or a designated staff member will respond to the incoming report. If a phone number is available, the initial response to expedite the process will be a phone call. If the phone call does not reach the customer and an email is available, an email acknowledging receipt and requesting a follow up contact will be sent. If no response is received within seventy-two (72) hours, or three business days; a written acknowledgement requesting contact will be mailed to the return address contained on the envelope. Staff will attempt to confirm the address by comparing it to internal records. If an address conflict exists, the written response will be sent to both addresses acknowledging the reported breach but sharing no detail information. The responses will simply instruct the customer that in order to proceed a direct contact enabling identity confirmation will be needed. If no response is received to the phone call or written replies, the item will be filed to thirty (30) calendar days and at the end of that period a written letter will be sent to both address (if a conflict exists) advising the reported breach is being closed unless someone replies. This notice will be retained for no less than three (3) years from the mail date. Copies of the outbound envelopes will be retained in the file. In the event the phone call or email results in a follow up contact; the balance of the actions are the same as those taken for an oral breach report. The designated staff will investigate the claimed breach and attempt to resolve the issue immediately based on the facts presented by the claim. The same details will be recorded and filed: 
 Name, Contact information including address, phone and email, 
 Description of the breach, including callers suspected source if any 
 Confirm caller’s relationship with the company and match call to existing records 

If staff cannot solve the problem immediately advise the caller that the issue will be referred to the owner and the owner will contact them within seventy-two (72) hours to review the results of the initial investigation. If the complaint is being made on behalf of the consumer by an advocate it must first be verified that the person has permission to correspond on behalf of the consumer, especially if confidential information is involved. The company policy requires that the consumer's explicit written permission is provided prior to discussing the complaint with the advocate. The same timeline will be utilized except the acknowledgement will require a written authorization from the customer. If none is received in thethirty (30 calendar day period, the file will be considered closed and dealt with in the same manner as the oral claim. After reaching the customer and discussing the claimed breach, the owner or the staff member dealing with the complaint should suggest a course of action to resolve the complaint. If this course of action is acceptable then the staff member should clarify the agreement with the caller and agree upon a manner in which the results of the complaint will be communicated to the complainant (i.e. through another meeting or by letter). If the suggested plan of action is not acceptable to the caller, then the owner will require that the caller put their complaint in writing and the owner will become responsible for dealing with the ultimate solution. In all situations the results of the conversation will be documented and filed for a period of not less than three (3) years in both the customer record and in the company breach files. In the case of customers, details of the inquiry will be recorded in the conversation log of the Loan Origination System.



‍