40.13—Exception to opt out requirements for service providers and joint marketing.
(a) General rule.
(1)
The opt out requirements in §§ 40.7 and 40.10 do not apply when a bank provides nonpublic personal information to a nonaffiliated third party to perform services for the bank or functions on the bank's behalf, if the bank:
(ii)
Enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the bank disclosed the information, including use under an exception in § 40.14 or 40.15 in the ordinary course of business to carry out those purposes.
(2) Example.
If a bank discloses nonpublic personal information under this section to a financial institution with which the bank performs joint marketing, the bank's contractual agreement with that institution meets the requirements of paragraph (a)(1)(ii) of this section if it prohibits the institution from disclosing or using the nonpublic personal information except as necessary to carry out the joint marketing or under an exception in §§ 40.14 or 40.15 in the ordinary course of business to carry out that joint marketing.
(b) Service may include joint marketing.
The services a nonaffiliated third party performs for a bank under paragraph (a) of this section may include marketing of the bank's own products or services or marketing of financial products or services offered pursuant to joint agreements between the bank and one or more financial institutions.
(c) Definition of joint agreement.
For purposes of this section, joint agreement means a written contract pursuant to which a bank and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service.