CCPA

In the last twelve months, we have collected the following categories of personal information about you:

  1. Identifiers: Name, alias, postal address, unique personal identifier, Internet Protocol (IP) address and email address;
  2. Customer records information: Name, signature, address and telephone number;
  3. Commercial information: Products and services purchased, obtained, and/or considered, and other purchasing or consuming histories or tendencies;
  4. Internet or other electronic network activity information: Browsing history and search history; and information regarding a consumer’s interaction with our website, application, and advertisements; and
  5. Geo-location data.

In the last twelve months, we have disclosed for a business purpose your name to merchant processors if you use our PromisePay feature.

In the last twelve months, we have not sold any of your personal information to third parties.  If you do not wish to have your personal information sold in the future by us to third parties, please click the link below entitled “Do Not Sell My Personal Information”.

The California Consumer Privacy Act of 2018 (“CCPA”) provides you with certain rights, as follows:

 

  • Right to Request Personal Information. We must inform you, at or before the time that the same is collected, of the categories of personal information we collect about you and the purposes for which we use each such category of information.  You have the right to request information from us regarding the personal information we have collected about you, as well as the sale or disclosure of such personal information for business purposes.  If you contact us requesting such information, we have 45 days from the receipt of such request to respond to you. Upon the receipt of a verifiable request from you, we must disclose to you the categories of (1) personal information collected; (2) personal information sold; (3) third parties to whom the information was sold; and (4) personal information disclosed for a business purpose.

 

  • Right to Delete Personal Information. You have the right to request that we delete personal information we have collected from you.  When we receive a verifiable request from you, we must delete your personal information and direct any service providers to do so.  However, the CCPA provides certain exceptions when we are not required to comply with your request to delete your personal information, including when we must maintain the information to complete a transaction; to detect security incidents; to exercise free speech; to enable internal uses reasonably aligned with your expectations; or to comply with our legal obligations.

 

  • Private Right of Action. The CCPA permits you to institute a limited civil cause of action when your non-encrypted or non-redacted personal information is subject to unauthorized access, exfiltration, theft or disclose due to our failure to implement and maintain reasonable security procedures.  This limited civil cause of action applies even if we would otherwise be exempt from the CCPA’s requirements through a statutory carve-out of information collected under certain sector-specific laws.  For purposes of the limited civil cause of action, “personal information” is narrowly defined to match California’s data breach law.  Remedies available include injunctive relief, declaratory relief and monetary damages in the form of statutory damages between $100 and $750 per incident, or actual damages, whichever is greater.  However, prior to initiating a limited cause of action for statutory damages, you must provide us with 30 days’ notice and an opportunity to cure the violations.

 

  • Non-Discrimination. We are prohibited from discriminating against you for exercising your rights granted under the CCPA.

 

Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once each calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately preceding calendar year.

To obtain this information, please send an e-mail message to privacy@corp.updatepromise.com with “Request for California Privacy Information” in the subject line and in the body of your message. We will provide in response the requested information to you at your e-mail address.  Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only required information will be included in our response.