California Disclosures and Privacy Policy
The state of California requires that we provide privacy information for individuals that reside in California. If you do not reside in California, you can skip this document.
For California residents, here is a summary of what you will learn from these California Disclosures and Privacy Policy:
1 .Personal Information We Collect
1.1 Personal information does not include
1.2 How we obtain your personal information
1.3 Categories of personal information we collect
1.4 How we may use your personal information
1.5 How long we retain your personal information
1.6 How we may disclose your personal information
1.7 Sale of personal information
1.8 Sharing of personal information
2. Your rights under the CCPA
2.1 Right to Know
2.2 Right to Delete
2.3 Right to Correct
2.4 Right to Limit the Use of Sensitive Personal Information
2.5 Right to Opt-Out
2.6 Right to Non-Discrimination
3. Submitting a Request to Know, Request to Delete, or Request to Correct
3.1 How to submit a request
3.2 Authorized agents
3.3 Response timing and delivery method
5. Changes to our California Disclosures and Privacy Policy
6. Social Media
7. How to contact us
Below is the legal information we are required to share:
These CALIFORNIA DISCLOSURES AND PRIVACY POLICY supplement the information contained in the Privacy Policy of RiseCredit.com and Capital Community Bank, member FDIC, FinWise Bank, member FDIC, LLC, RISE Credit of Alabama, LLC, RISE Credit of California, LLC, RISE Credit of Delaware, LLC, RISE Credit of Georgia, LLC, RISE Credit of Idaho, LLC, RISE Credit of Illinois, LLC, RISE Credit of Kansas, LLC, RISE Credit of Mississippi, LLC, RISE Credit of Missouri, LLC, RISE Credit of North Dakota, LLC, RISE Credit of South Carolina, LLC, RISE Credit of Tennessee, LLC, RISE Credit of Utah, LLC, RISE Financial, LLC (collectively, “we,”; “us,”; or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers”; or “you”). We adopt this policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (collectively "CCPA"), and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this policy.
1. PERSONAL INFORMATION WE COLLECT
We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).
1.1 Personal Information Does Not Include:
- Publicly available information from government records
- De-identified or aggregated consumer information
- Information excluded from the CPRA, such as personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting (FCRA), the Gramm-Leach-Bliley ACT (GLBA) and California Financial Information Privacy Act (FIPA).
AS A COURTESY, THE FOLLOWING DISCLOSURES INCLUDE INFORMATION THAT IS EXEMPT FROM CCPA. THE COURTESY DISCLOSURES ARE MADE WITH A RESERVATION OF ALL RIGHTS THAT WE HAVE UNDER CCPA.
1.2. How We Obtain Your Personal Information:
Directly from you. | You enter or provide us with information, whether online or by email, phone or document upload. For example, your contact information that you provide, your application for a loan, or documents you provide to verify your identity. |
---|---|
Directly and indirectly from you based on activity on our website. | For example, from submissions through our website or website usage details collected automatically. |
From service providers, vendors and third-parties that interact with us in connection with the services we perform. | For example, companies that work with us to market our products to you, lending partners and affiliates to provide the financial product you request, credit reporting agencies from which we check your credit in connection with a submitted application, or other service providers, and vendors that provide data we use in underwriting or in protecting you and our products from fraud and identity theft. |
1.3. Categories of Personal Information We Collect
In the last 12 months, we collected the following categories of personal information:
- "Sensitive Personal Information" such as Social Security numbers (SSNs), Driver's license, financial account or card numbers, Precise geolocation, Racial and ethnic characteristics, Religious and philosophical beliefs, Union membership, Contents of mail, email and text messages, Genetic and biometric data.
- “Identifiers” such as name, alias, address, unique identifier, internet protocol address, email address, account number, Social Security Number, or government identification number;
- “Other Personal Information” such as name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information;
- “Protected Classification Characteristics” such as age (40 years or older), date of birth, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information;
- “Commercial Information” such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- “Internet or Network Activity” such as browsing history, search history, information on a consumer's interaction with a website, application, or advertisement;
- "Biometric Information" such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or gait;
- “Geolocation Data” such as physical location or movements;
- “Sensory Data” such as audio, electronic, visual, thermal, olfactory, or similar information;
- “Professional and Employment Related Information” such as current or past job history or performance evaluations; and
- "Inferences" such as profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
1.4. How We Use Your Personal Information:
We may collect, use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason for which the information is provided.
- To provide you with information, products or services that you request from us.
- To provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of you, us or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
1.5. How Long We Retain Your Personal Information:
Absent contractual requirements in our role as service provider and/or legal requirements to the contrary, such as a legal hold, personal information is maintained for a specified period of time, as required by legal, regulatory, or industry requirements, as well as for business purposes.
- Sensitive Personal Information - 10 years.
- Identifiers - 10 years.
- Other Personal Information - 10 years.
- Protected Characteristics - 10 years.
- Commercial Information - 10 years.
- Internet or Network Activity - 10 years.
- Geolocation Data - 10 years.
- Sensory Data - 3 years.
- Professional or Employment Related Information - 6 years.
- Inferences - 7 years.
1.6. How We May Disclose Your Personal Information:
We may disclose your personal information to a service provider, contractor, or third party. When we disclose personal information to a service provider or contractor, we enter a contract that describes the purpose and requires the service provider to both keep that personal information confidential and not use it for any purpose except performing the contract or as otherwise permitted under the CCPA/CPRA. We disclose personal information to third parties as follows:
- Businesses for whom we are a service provider.
- Service providers or contractors, such as vendors- that provide data we use in underwriting or in protecting you and our products from fraud and identity theft.
- Third parties, including those to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you:
- With our media buyers and marketing vendors we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Professional and Employment Related Information, Inferences.
- With our document destruction vendor we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Internet or Network Activity, Biometric Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With our affiliates we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Biometric Data, Geolocation Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With our bank/lending relationships we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Internet or Network Activity, Biometric Data, Geolocation Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With loan servicing vendors, including platform providers and payment processors, we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Internet or Network Activity, Biometric Data, Geolocation Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With credit reporting agencies and credit dispute vendors we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Professional and Employment Related Information Inferences;
- With our advisors such as lawyers, banks, and insurers we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Internet or Network Activity, Biometric Data, Geolocation Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With governmental and regulatory agencies we share Sensitive Personal Information, Identifiers, Other Personal Information, Protected Characteristics, Commercial information, Internet or Network Activity, Biometric Data, Geolocation Data, Sensory Data, Professional and Employment Related Information, Inferences;
- With our data analytics and web hosting providers we share Identifiers, Other Personal Information, Protected Characteristics, Internet or Network Activity, Geolocation Data.
1.7. Sale of Personal Information:
We do not sell your personal information. We do not sell the Personal Information of minors under 16 years of age without affirmative authorization.
1.8. Sharing of Personal Information:
We do not sell your personal information.
Our site is not intended for or directed to minors. We do not knowingly share the personal information of minors under 16 years of age.
2. YOUR RIGHTS UNDER THE CCPA
The CCPA provides (California residents) with specific rights regarding their personal information- the Right to Know, the Right to Delete, the Right to Correct, the Right to Opt-Out of the Sale of Personal Information or the Sharing of Personal Information, The Right to Limit the Use of Sensitive Personal Information, and the Right to Non-Discrimination. This section describes your CCPA rights and explains how to exercise those rights, if applicable.
2.1. Right to Know:
You have the right to request that we disclose certain information to you about our collection, use, and disclosure of your personal information over the past 12 months (“Request to Know”). Once we receive and verify your Request to Know, we will disclose to you either:
- Categories of Personal Information Collected, Disclosed, Sold, and/or Shared
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- If we disclosed your personal information to third parties, the corresponding categories of personal information.
- If we sold or shared your personal information for cross-contextual behavioral advertising, the categories of personal information sold or shared.
- Specific Information
- The specific pieces of personal information we collected about you.
2.2. Right to Delete:
You have the right to request that we delete your personal information (“Request to Delete”). Once we receive and verify your Request to Delete, we will delete your personal information from our records, unless an exemption or exception applies.
We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business's ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses' deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business.
- Comply with a legal obligation.
- Otherwise use the consumer's personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
Additionally, we may deny your Request to Delete if we are unable to verify your identity or have reason to believe that the request is fraudulent.
2.3. Right to Correct
You have the right to request that we correct your inaccurate personal information ("Request to Correct"). Once we receive and verify your Request to Correct, we will use commercially reasonable efforts to correct your inaccurate personal information in our records.
2.4. Right to Limit the Use of Sensitive Personal Information
You have the right to direct a business that collects your sensitive personal information to limit its use to uses which are necessary to perform the services or provide the goods reasonably expected. However, we only use Sensitive Personal Information to provide the goods and services requested by you; to prevent, detect, and investigate security incidents; to resist malicious, deceptive, fraudulent, or illegal actions and to prosecute those responsible for such actions; to ensure people's physical safety; to perform services on our behalf; to verify or maintain the quality or safety of our products, services, and devices.
2.5. Right to Opt-Out:
The CCPA gives consumers the right to opt-out of 1) the sale of their personal information, 2) the sharing of their personal information for cross-context behavior advertising, or 3) for use in automated decision making. However, we do not sell or share your personal information.
The CCPA gives consumers the right to opt-out of the use of automated decision-making technology in connection with decisions about the consumer's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. However, we do not use automated decision-making technology for personal information that is not covered by FCRA, GLBA, and CalFIPA.
2.6. Right to Non-Discrimination:
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
3. SUBMITTING A REQUEST TO KNOW, REQUEST TO DELETE, OR REQUEST TO CORRECT
3.1. How to Submit a Request:
To make a Request to Know, Request to Delete,or Request to Correct, please contact us by either:
Calling us at 844-200-6413
Visiting Submit a CCPA/CPRA Request
Making a Request to Know, Request to Delete or Request to Correct does not require you to create an account with us. However, if you already have an existing online account, we will require you to log in to submit a request.
Only 1) you, or 2) a person authorized by you to act on your behalf may make a request related to your personal information. You may also make a request on behalf of your minor child.
Requests must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Given the sensitivity of your personal information that we collect and retain, we will need to verify your identity with at least 3 separate pieces of information such as name, address, account number, date of birth, last 4 of your Social Security Number, phone number, etc.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
3.2. Authorized Agents:
Before we can respond to a Request to Know, Request to Delete or Request to Correct submitted by an authorized agent, we need to confirm not only that person or entity’s authority to act on behalf of a consumer and verify the identity of the authorized agent. If you are authorized to submit a request on behalf of a California resident, please email us at privacy@risecredit.com and provide the following information:
- To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
- written permission from the California resident, or
- power of attorney
- To verify your identity, please attach copies of the following to your request email:
- Valid Government Issued ID (not expired) AND
- a Utility Bill, Bank Statement, or similar documentation to verify your name and address
- You will also be required to verify the identity of the consumer for whom you are submitting the request.
3.3. Response Timing and Delivery Method:
We will acknowledge receipt of a Request to Know, Request to Delete, or Request to Correct within 10 business days, and will respond within 45 days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
4. DO NOT TRACK SIGNALS
Do Not Track is a web browser setting that requests websites and applications to disable their tracking of an individual user. Our site does not honor Do Not Track settings in your browser.
5. CHANGES TO OUR CALIFORNIA DISCLOSURES AND PRIVACY POLICY
We reserve the right to amend these California Disclosures and Privacy Policy at our discretion and at any time. When we make material changes to these California Disclosures and Privacy Policy, we will notify you by email or through a notice on our website homepage.
6. SOCIAL MEDIA
We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about sharing information from those platforms and networks with us.
7. HOW TO CONTACT US
If you have any questions or comments about these disclosures and policy, the ways in which we collect, use, or disclose your personal information, your rights regarding your personal information, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Privacy Support Phone: | (844) 200-6413 |
Privacy Support Email: | privacy@risecredit.com |
Website: | www.RISEcredit.com |
Postal Address: | RISE Attn: Privacy P.O. Box 101808 Fort Worth, Texas 76185 |
Version 3.0 – Effective Date 12/13/2022