FI Connect Privacy Policy

    Last updated and effective as of November 15, 2023.

    We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changesto this Notice, we will post the updated Notice on our website and update the Notice’s effective date.

    Our Commitment to Your Privacy

    Protecting your privacy is important to us. FI Connect maintains this Privacy Policy to help you understand our commitment to safeguard the privacy of your personal information. We want you to understand how we collect, use, disclose and protect your information received through our website, online services, third-party providers, or through applications submitted by our customers (collectively, “Information Channels”).

    This Privacy Policy describes:

    • How we safeguard your
    • How, what, and why we collect certain information about
    • How we use your information and with whom we share
    • How you can access and update this
    • The choices you can make about how we collect, use, and share your

    Contact Us

    If you have any questions regarding this Privacy Policy or our information collection and use practices, please contact us at [email protected] OR (866) 918-2898 OR by mail at 5680 Greenwood Plaza Blvd, Suite 400S, Greenwood Village, CO 80111.

    Safeguards

    FI Connect maintains industry safeguards, in accordance with applicable federal and state laws and regulations, to keep your personal information safe and secure. When we provide personal information to financial entities, our affiliates, or third-party service providers, we require that those parties agree to process and keep the information in compliance with applicable privacy laws. The use of your information by our business partners may be subject to that party’s own privacy notice. Unless we are permitted by law, we will not disclose the information we collect about you from consumer or credit reporting agencies, without your consent. For certain online features or services, such as those that may include personal information, we require the use of username/password and/or encryption technologies for the protection of your personal information. You are responsible for protecting your username, password, and other user account information from disclosure to third parties, and you are restricted from circumventing the use of required encryption technologies. You agree to: (a) immediately notify us at [email protected] OR call us at 866-918-2898 of any unauthorized use of your username, password, and/or user account information, and/or any other breach of security; and (b) make sure that you log out from your user account at the end of each session. While we may provide certain safeguards to protect your confidential information, we do not and cannot guarantee or warrant that any information transmitted through the Internet is secure, or that such transmissions are free from delay, interruption, interception or error.

    Your Consent to this Privacy Notice

    You consent to the collection and use of your information by FI Connect in compliance with this Privacy Policy by submitting your personal information to FI Connect, or by using our services, unless you inform usotherwise, as allowable by law. Your available information choices are set forth below.

    Browsing Information

    Like most online services, we collect standard technical, information when you use our Services, including, but not limited to unique device identifiers, internet protocol (IP) addresses, browser types, internet serviceproviders (ISPs), the number and duration of page visits and the number of clicks. We may use cookies, which are small pieces of data stored on your device which include an anonymous unique identifier, for session purposes. We may use tracking systems for certain systems, and we recognize Do Not Track requests from internet browsers or similar devices with regard to consumers, but not for Financial Institution employees acting within the scope of their employment.

    Types of Information We Collect and Sources

    We may collect certain information from you, and third parties we engage may also collect such information for the purpose of, administering and processing your transaction. We do not use your personal or sensitiveinformation for additional purposes that are incompatible with the disclosed purpose for which the information wascollected without providing you notice. We do not retain your personal information longer than is reasonablynecessary to complete these services.

    Information we may collect about you may be collected by from the following sources:

    • Applications or other forms we receive from you or your authorized representative (such as name, address, employment information)
    • Correspondence you or others send to us
    • Information such as account or loan numbers we receive through our Information Channels, i.e. financial institutions, third-party providers.
    • Information from consumer or other credit reporting agencies and public records maintained by government entities that we obtain directly from those entities, including your credit worthiness and credit history
    • Information we receive from other sources, as permitted by applicable, laws, and regulations

    We do not share your personal information with third parties other than as set forth in this Privacy Policy.

    Sensitive Information

    We may collect certain sensitive information from you solely for the purpose of administering and processingyour transaction, or to verify a request from you under the California Consumer Privacy Act. We do not sell orshare your sensitive personal information. The sensitive information we may collect from you may include:

    • Social Security Number
    • Driver’s License
    • State identification

    FI Connect does not collect or process sensitive personal information with the purpose of inferring characteristics about a consumer, nor use or disclose sensitive personal information to service providers, contractors or third parties other than to perform the services for which it was obtained.

    Use of Collected Information

    The information we collect from you is used for one or more of the following business purposes:

    • To provide products and services to you or any financial entity or other third party who is obtaining services on your behalf, or in connection with a transaction involving you
    • To communicate with you regarding your transaction or our products and services
    • To improve our products and services
    • To personalize your user experience regarding our information channels
    • To verify your identity or determine your creditworthiness
    • To respond to law enforcement requests, court orders, or governmental regulations

    FI Connect has collected consumer personal information in these categories within the last 12 months.

    When Information is Disclosed

    We are permitted by law to disclose your personal information to various companies and individuals, without obtaining your permission. Certain laws do not allow you to

    restrict these disclosures. In the section below entitled, “Your Information Choices,” we share with you how to limit certain disclosures of your personal information.

    We may disclose personal information to service providers, unaffiliated third parties for a business purpose, and to government agencies and regulatory authorities. FI Connect does not share or sell your personal information to any entity.

    When we disclose personal information to a service provider or third party for a business purpose, we enter acontract that describes the purpose and requires the recipient to both keep that personal information confidentialand not use it for any purpose except performing the services required. We disclose personal information forbusiness purposes to the following categories:

    • Our affiliates
    • Service providers, such as business process outsourcers
    • Governmental agencies and regulatory authorities
    • Third parties such as credit unions or other finance companies

    FI Connect has disclosed consumer personal information with these entities within the last 12 months for the business purposes noted herein.

    Your Information Choices

    FI Connect may use your personal information for the following purposes, which such use cannot be limited by you:

    • For our everyday business purposes – to process your transactions, respond to law enforcement orother government authorities regarding an investigation, and subpoenas or court orders
    • For our own marketing purposes
    • For our affiliates’ everyday business purposes, we may share information about your transaction and experiences.

    We do not disclose or use your personal information in the following circumstances:

    • For our affiliates’ everyday business purposes – information about your credit worthiness
    • For joint marketing with financial companies
    • For our affiliates and non-affiliates to market to you

    Updates and Corrections

    If you wish to correct or update your personal information in our possession, you may do so by using themethods provided under the “Contact Us” section as specified at the beginning of this Privacy Policy.

    California Privacy Policy and Notice at Collection

    This section of the Privacy Policy and Notice applies to California residents under the California Consumer PrivacyAct of 2018 (“CCPA”), which gives California residents certain rights over their personal information as detailed below.

    Right to Know about the personal information a business collects about them, how it is used or shared.  If we receive a verified request, you have not made this request more than twice in a 12-month period, and the information is subject to the CCPA, we will disclose to you:

    • The categories of personal information we collected about you in the last 12 months.
    • The categories of sources from which your personal information was collected.
    • Our business or commercial purpose for collecting, using or disclosing your personal information.
    • If we disclosed your personal information for a business purpose, the categories of personal information disclosed in the last 12 months.
    • The categories of third parties with whom we disclose your personal information in the last 12 months.
    • The specific pieces of personal information we collected about you (also called a data portability request).
    • If we sold your personal information, the categories of personal information sold and the categories of third parties to whom personal information was sold.

    FI Connect does not and has not, within the preceding 12 months, “sold” or “shared” consumer’s personal information to “third parties,” as such terms are defined in the CCPA, for a business or commercial purpose.

    We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us, or the security of our systems or networks.

    Information We Collect. Information that FI Connect may collect includes, but is not limited to, the following categories of personal information or sensitive information within the last 12 months:
    Category
    Examples
    Collected
    A. Identifiers.
    A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license
    Yes
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
    A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
    Yes
    C. Protected classification characteristics under California or federal law.
    Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
    Yes
    D. Commercial information.
    Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    Yes
    E. Biometric information.
    Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
    No
    F. Internet or other similar network activity.
    Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
    Yes
    G. Geolocation data.
    Physical location or movements.
    Yes
    H. Sensory data.
    Audio, electronic, visual, thermal, olfactory, or similar information.
    No
    I. Professional or employment-related information.
    Current or past job history or performance evaluations. Information collected about you through your employment application or employment with us.
    Yes
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
    Performance management information such as employment status (full-time or part-time, regular or temporary), work schedule, job assignments, hours worked, accomplishments and awards, training and development, performance evaluation, employment termination.
    Yes
    K. Inferences drawn from other personal information.
    Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    No
    L. Sensitive personal information
    Personal information that reveals a person’s social security, driver’s license, state identification card, passport number; an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a person’s genetic data; and/or biometric data processed for the purpose of uniquely identifying a person.
    Yes

    Sources of Personal or Sensitive Information. We obtain the categories of personal information listed above from the following categories of sources:

    • Directly from you or your agents to provide you with services you have requested.
    • Indirectly from our clients or their agents. For example, through information we collect from our clients, in the course of providing services to them.
    • Directly and indirectly from activity on our systems and/or websites. For example, from submissions through our website portals or website usage details collected automatically.
    • From third-parties that interact with us in connection with the services we perform.

    Business Purpose for Disclosing Personal or Sensitive Information. Disclosure of your personal information may be made (or may have been made in the preceding 12 months) to these categories of our affiliates, and non-affiliated third parties for a business purpose, unless otherwise restricted by applicable law:

    • To third parties to provide you with services you have requested, and to enable us to detect or prevent fraud, misrepresentation, or criminal activity.
    • To contracted third parties that provide services on our behalf and use the information only in connection with such services.
    • To law enforcement or other government authorities in connection with an investigation, civil or criminal subpoena, or court order.
    • To other third parties with whom you have given us written, including electronic authorization to disclose your personal information.
    • To investigate potential unauthorized use of our Information Channel.
    • To share and use, for any purpose, the personal information if it is in an aggregated, anonymized form, so that you are not identified (collectively, “De-Identified Data”)
    • In connection with a sale, transfer or other disposition of all or part of FI Connect’s business/assets, or in the event of bankruptcy, reorganization, receivership, insolvency, or assignment for the benefit of creditors.
    • For any purpose disclosed by us to you when you provide the information, and as directed by you, or with your permission.(i) to understand and analyze trends and preferences; (ii) to monitor and analyze our services’ effectiveness; (iii) to improve our services and develop new products, services, features, and functionality; (iv) to personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our services, and (v) to provide customized content and information.

    In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

    • Category A: Identifiers
    • Category B: California Customer Records personal information categories
    • Category C: Protected classification characteristics under California or federal law
    • Category D: Commercial information
    • Category G: Geolocation data
    • Category I: Professional or employment-related information
    • Category J: Non-public education information
    • Category L: Sensitive personal information

    To the extent that you are a current or former employee or applicant, FI Connect may use your personal or sensitive personal information for the following purposes:

    • To collect equality and diversity information, such as minority, veteran and disability status, through voluntary self-disclosure and other means to implement the Company’s diversity programs and comply with applicable laws.
    • To administer and provide compensation, benefits, and other work- related allowances, as applicable.
    • To manage our information technology (, computers, phones, company systems, and applications) and information security, including the helpdesk, corporate directory, IT support, fraud prevention, and information security.

    Right to Delete personal information collected about them, subject to certain exceptions. Once we receive a verified consumer request, we will erase your personal information from our records, unless an exception applies, or if we have de-identified or aggregated the personal information.

    There may be instances where applicable law and regulatory requirements allow or require us to retain personal information. We may deny a deletion request if it is necessary for us or our service providers to maintain your personal information for any of the reasons set forth in the CCPA.

    Most of the personal information FI Connect obtains is subject to the CCPA exemptions for personal information subject to the Gramm-Leach-Bliley Act (“GLBA”) and the Fair Credit Reporting Act (“FCRA”).

    Right to opt-out of the sale or sharing of their personal information.  FI Connect does not “sell” or “share” consumer personal information.

    Right of Non-Discrimination for exercising their CCPA rights.  We will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws.

    Right to Correct inaccurate personal information. To update or correct your personal information in our possession, please refer to the “How to Contact Us” section at the beginning of this Privacy Policy.

    Right to Limit use of sensitive personal information collected about them. FI Connect does not use or disclose sensitive personal information for purposes other than those expressed herein or otherwise permitted by applicable law.

    Data Retention. Our retention periods are based upon business needs and legal requirements. We retain information for as long as is necessary for the purpose(s) for which the information was collected, and any other permissible related purpose.

    Information From Children. We do not intentionally collect information from children who are under the age of 16, and neither our website nor our services are directed to children under the age of 16.

    Exercising Your Rights. To exercise your rights for personal information that we collect, use and process for our business purposes, please submit a verifiable consumer request to us.  You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

    A verifiable consumer request must:

    • Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
    • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

    You may submit your request using any of these following methods:

    • By email: [email protected]
    • By toll free number: (866) 918-2898
    • By mail: 5680 Greenwood Plaza Blvd, Suite 400S, Greenwood Village, CO 80111

    Consumers with disabilities may contact us using any of the contact information provided below to receive this notice in an accessible format.

    When using an Authorized Agent. You may designate an authorized agent to make a request under the CCPA on your behalf.  You will need to provide the authorized agent written permission to make requests on your behalf, and the agent will need to verify their own identity. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.