It is the policy of the First National Bank in Frankfort (Bank) that our customers' financial records and business transactions between the Bank and our customers are confidential. A customers business is discussed only when necessary, with only those employees with a need to know.

All Bank employees must understand and abide by this policy and should convey the policy to the customer by treating the customer's business transactions with absolute confidentiality and by explaining this privacy policy in an appropriate fashion.. The Bank will maintain physical, electronic, and procedural safeguards that comply with federal standards to guard the customer's non-public personal information.

This policy is limited to only those customers who obtain a financial product or service from First National Bank in Frankfort that is used primarily for personal, family, or household purposes.

The First National Bank in Frankfort will not disclose, and does not wish to reserve the right to disclose, nonpublic personal information about customers or former customers to affiliates or nonaffiliated third parties, except as permitted by law.

The Bank is permitted by law to disclose certain information to affiliates and nonaffiliated third parties. As a responsible bank, First National Bank in Frankfort:

• " can disclose publicly available information, as defined by law.
  
  
• " shall not reveal specific information about customer accounts or other personally identifiable data to affiliates or unaffiliated third parties unless the information is (1) necessary to complete a transaction initiated or approved by that customer, (2) the customer specifically requests it, (3) or it is in connection with maintaining or servicing the customer's account with the Bank or with another entity as part of a private label credit card program or other extension of credit on behalf of the entity, (4) or it is in connection with a proposed or actual securitization, secondary market sale (including sale of servicing rights), or similar transactions related to a transaction of the customer, (4) to persons holding a legal or beneficial interest relating to the customer, (5) to persons acting in a fiduciary or representative capacity on behalf of the customer, (6) for required information risk control or for resolving customer disputes or inquires, (7) to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

• " shall collect information about individual customers only where it is useful to take care of that customer's business and to provide services or products to that customer. We shall take every step to insure the information we collect is accurate and complete, to protect that information from improper disclosure or tampering and that we will correct any inaccurate information as quickly as we can."

A privacy notice will be created as required by law. The privacy notice will accurately summarize the Bank's privacy principles and practices. The customer privacy notice should parallel the internal operational policies, procedures, and controls of the bank.

At the time a customer establishes a customer relationship with the Bank, the initial customer privacy notice will be provided. The establishment of a customer relationship occurs when the Bank and customer enter into a continuing relationship. The Bank, at that time, will provide the required notice such that the customer can reasonably be expected to receive the actual notice in writing and be able to retain it. The Bank may reasonably expect that a customer has received the privacy notice and can retain it if the privacy notice is handed in printed format to the customer or mailed to the customer's last known address.

Initial notices, under certain circumstances, may be provided within a reasonable time frame after the Bank has established a customer relationship if establishing a customer relationship is not at the customer's election, or providing the notice would substantially delay the customer's transaction and the customer agrees to receive the notice at a later time.

On an annual basis, no less than every 12 months, the Bank will provide to those customers with a continuing customer relationship a customer privacy notice. This notice must be provided in a clear, conspicuous manner to each customer. However, it is acceptable to provide a single notice for joint accountholders. Following the initial privacy notice given to each customer, the bank has chosen to provide the annual customer data privacy notice in June of each year.

This Privacy Policy shall become effective upon adoption by the Board of Directors.

These policies supersede and replace any Privacy Policies previously adopted by the Bank. These policies may be amended, changed, or modified at any time by the Board of Directors. Such amendments, changes, or modifications may be made as attachments to this document. These policies will be reviewed at least annually by the Board of Directors.