CALIFORNIA RESIDENTS: PRIVACY POLICY NOTICE
This Privacy Policy Notice is intended for California
residents pursuant to the California Consumer Privacy Act of 2018 and
California Privacy Rights Act of 2020 (collectively “CPRA”), and supplements
the information contained in the above Privacy Policy. Any terms defined in
the CPRA and applicable California regulations have the same meaning as used in
this Privacy Policy Notice. If you have a disability and want this Privacy
Policy Notice provided in an alternative format, please call us as 1-877-395-5997
or write us at 700 Longwater
Dr. Norwell, MA 02061. If you have questions about our Privacy Policy
or practices, please call 1-877-395-5997.
We may collect
and use personal information that identifies, relates to, describes, is
reasonably capable of being associated with, or could reasonably be directly or
indirectly linked, with a consumer, device, or household (“personal
information”).
Personal
Information does not include:
·
Publicly available information from government records.
·
Deidentified or aggregated consumer information.
·
Information excluded from the CPRA’s scope, such as (but not
limited to) information governed by the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical
Information Act (“CMIA”), the Fair Credit Reporting Act (“FCRA”), the
Gramm-Leach-Bliley Act (“GLBA”), California Financial Information Privacy Act
(“FIPA”), and the Driver’s Privacy Protection Act of 1994 (“DPPA”).
We regularly
collect (and have collected in the past 12 months) several types of personal
information about individuals regarding accounts we service or purchase,
including:
|
Category
|
Examples
|
|
Identifiers
|
Name, postal address, Internet Protocol address, email address,
account number, Social Security number, or other similar identifiers
|
|
Categories listed in the California Customer Records
statute, Cal. Civ. Code § 1798.80(e)
|
Name, signature, Social Security number, address,
telephone number, education, employment, bank account number, credit card
number, debit card number, or other financial information, medical
information, or insurance information
|
|
Protected classifications under California or federal law
|
Age, gender, medical condition, disability, veteran or
military status
|
|
Commercial information
|
Records of products or services purchased, obtained
|
|
Internet or other similar network activity
|
Information on a consumer's interaction with our
website(s) or application(s)
|
|
Audio, electronic, visual or similar data
|
Call recordings
|
|
Professional or employment-related information
|
Current or past job history
|
|
Non-public education information (per Family Educational
Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))
|
Student financial information
|
|
Inferences drawn from personal information
|
To create a profile reflecting the consumer’s preferences,
characteristics, aptitudes, or behavior
|
|
Sensitive personal information
|
A consumer's social security number, driver's license,
state identification card, or passport number; a consumer's account log-in in
combination with any required security or access code, password, or
credentials allowing access to the account
|
2.
How Your Personal Information is Collected
We collect most
of this personal information from our creditor clients or from you or your
authorized representative by telephone or written communications. However, we
may also collect information:
·
From publicly accessible sources (e.g., property or other government
records);
·
From our service providers (e.g., call analytics, information
source, skip-tracing, collections, payment processing, mailing, and other
vendors)
3.
Why We Use or Disclose Your Personal Information
We regularly
use or disclose personal information for one or more of the following business
purposes:
·
Fulfill the reason you provided the information. For example, if
you share your personal information to make a payment, we will use that
information to process your payment.
·
Perform services on behalf of a business or service provider,
including maintaining or servicing accounts, providing customer service,
processing transactions, verifying customer information, processing payments,
providing analytic services, or providing similar services on behalf of the
business or service provider
·
Provide you with information or services that you request from us
·
Auditing related to consumer interactions
·
Detecting security incidents, protecting against malicious,
deceptive, fraudulent, or illegal activity, and prosecuting those responsible
for that activity
·
Debugging to identify and repair errors that impair existing
intended functionality
·
Short-term, transient use, where the personal information is not
disclosed to another third party and is not used to build a profile about a
consumer or otherwise alter an individual consumer’s experience outside the
current interaction
·
Undertaking activities to verify or maintain the quality of a
service or device that is owned, made by or for, or controlled by us, and to
improve, upgrade, or enhance the service or device that is owned, made by or
for, or controlled by us
·
Respond to law enforcement requests and as required by applicable
law or court order
·
As appropriate to protect the rights, property, or safety of us,
our clients, or others
·
As described to you when collecting your personal information or
as otherwise set forth in the CPRA.
We will not collect additional categories of personal information
or use the personal information we collected for materially different purposes
without providing you notice.
We regularly disclose (and have disclosed in the past 12 months) the
above listed categories of personal information for business purposes to one or
more of the following categories of third parties: our creditor clients, our
service providers (payment processing, mailing, collection, call analytics and
other vendors), credit reporting agencies, regulatory and law enforcement
agencies.
We do not sell or share your personal
information under the CPRA.
We do not use or disclose
sensitive personal information for purposes other than those necessary to perform services reasonably
expected by an average consumer; to help ensure
security and integrity where use of the information is reasonably necessary and
proportionate for this purpose; for short-term,
transient use; for performing services, including maintaining or servicing
accounts, providing customer service, processing or fulfilling transactions,
verifying customer information, processing payments, or providing similar
services; for undertaking activities to verify or maintain the quality of our services,
and to improve, upgrade, or enhance our services.
We retain
each category of personal information or sensitive personal information no longer
than is reasonably necessary for the purposes for which it was collected as
stated in this privacy policy, unless extending the retention period is
otherwise required or permitted by law. Subject to this limitation, the
retention period of each category of personal information or sensitive personal
information is determined by considering the following: the time required to
retain the information to fulfill our business purposes; the time applicable to
maintaining corresponding transaction and business records; the time necessary
to respond to consumer queries, complaints or lawsuits; data retention
requirements of applicable laws or contracts; and applicable data retention
policies as may be in place from time to time.
4. Verifiable Consumer Requests for Information
Upon
verification of identity, California residents may in some cases request that a
business:
· Disclose the categories of personal information the
business collected about the consumer;
· Disclose the categories of sources from which the
personal information is collected
· Disclose the categories of personal information that
the business sold about the consumer;
· Disclose the categories of personal information that
the business disclosed about the consumer for a business purpose;
· Disclose the categories of third parties with whom the
business shares personal information
· Disclose specific pieces of personal information the
business has collected about the consumer
· Disclose any financial incentives offered by the
business for collection, sale, or deletion of personal information
You have a
right not to receive discriminatory treatment by a business for your exercise
of CPRA privacy rights. A business may charge a different price or rate, or
provide a different level or quality of goods or services to you, if that
difference is reasonably related to the value provided to you by your personal
information.
For applicable
personal information access and portability requests, we will select a format
to provide your personal information that is readily useable and should allow
you to transmit the information from one entity to another entity without
hindrance.
Please note
that we are not required to:
· Carry out information access requests we receive from
you if acting as a service provider or contractor to another entity regarding
such information
· Retain any personal information about you that was
collected for a single one-time transaction if, in the ordinary course of
business, that information about you is not retained;
· Reidentify or otherwise link any data that, in the
ordinary course of business, is not maintained in a manner that would be
considered personal information;
· Provide the requested information disclosure to you
more than twice in a 12-month period.
· Provide the requested information disclosure if we
cannot verify that the person making the request is the person about whom we
collected information, or is someone authorized to act on such person’s behalf;
or
· Provide the requested information disclosure if a CPRA
or applicable exception applies.
5. Right to Request Deletion of Personal Information
Upon
verification of identity, California residents may in some cases request that a
business delete personal information about you that the business collected from
you and retained, subject to certain exceptions.
We may deny
your deletion request if we are acting in the role of a service provider to
another business regarding the applicable personal information. If we deny
your request on that basis, we will generally refer you to the relevant
business. In addition, we may deny your deletion request if retaining the
information is necessary for us or our service providers to:
· Complete the transaction for which the personal
information was collected, provide a good or service requested by you, or
reasonably anticipated within the context of our ongoing business relationship
with you, or otherwise perform a contract between you and us.
· Detect security incidents, protect against malicious,
deceptive, fraudulent, or illegal activity; or prosecute those responsible for
that activity.
· Debug to identify and repair errors that impair
existing intended functionality.
· Exercise free speech, ensure the right of another
consumer to exercise his or her right of free speech, or exercise another right
provided for by law.
· Comply with the California Electronic Communications
Privacy Act.
· Enable solely internal uses that are reasonably
aligned with your expectations based on your relationship with us.
· Comply with a legal obligation.
· Otherwise use your personal information, internally,
in a lawful manner that is compatible with the context in which you provided
the information; or
· If another CPRA or applicable exception applies.
6. Right to Request Correction of Inaccurate
Personal Information
Upon
verification of identity, California residents may
in some cases request a business that maintains inaccurate personal information
about you correct that inaccurate personal information. We will use
commercially reasonable efforts to correct the inaccurate personal information.
California residents may make verifiable requests to
disclose, delete, or correct pursuant to the CPRA or obtain more information by
contacting us at CAPrivacyRequest@eos-usa.com, calling
us at 1-877-395-5997, or 700
Longwater Dr. Norwell, MA 02061.
7. Verifying Your Identity If You Submit CPRA
Requests
If you choose
to contact us directly via the designated methods described above to exercise
your CPRA rights, you will need to:
· Provide enough information to reasonably identify you
(e.g., your full name, account number if applicable, and potentially other
identifying information); and
· Describe your request with sufficient detail to allow
us to properly process and respond to your request.
If seeking to
make a verifiable request under the CPRA on behalf of someone else, we require
enough information to reasonably identify the subject of the request (including
name and other identifying information) and the subject’s written consent to
make the CPRA request on his or her behalf, as consistent with applicable law.
We are not
obligated to make an information disclosure or carry out a deletion request
pursuant to the CPRA if we cannot verify that the person making the request is
the person about whom we collected information, or is someone authorized to act
on such person’s behalf.
Any personal
information we collect from you in order to verify your identity in connection
with your CPRA request will be used solely for the purposes of verification.
Last
modified: 01/01/2023