Notice to California Residents
California Privacy Policy
This Policy is effective January 1, 2020
This Privacy Policy is applicable for California residents in order to comply with the California Consumer Privacy Act (“CCPA”). Any terms defined in the CCPA have the same meaning used in this policy.
1. Information We Collect About You
We may collect and use the following personal information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer, device, or household (“personal information”). We may have collected the following categories of personal information from consumers within the last 12 months:
| Categories of Personal Information |
Examples of Specific Types of Personal Information Collected |
| A. Identifiers |
Name, alias, postal address, email address, telephone numbers, account numbers, Social Security number, date of birth, or other similar identifiers. |
| B. Personal Information categories listed in California Customer Records Statute (Cal. Civ. Code §1798.80(e)) |
A name, signature, Social Security number, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
| C. Protected classification characteristics under California or Federal law |
Age (40 years or older), marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status. |
| D. Commercial information |
Records of personal property, products or services purchased, obtained, or considered. |
| E. Internet or other electronic network activity information |
Information regarding a consumer’s interaction with our Internet Web site. |
| F. Geolocation data |
Physical location or movements related to address or current residence. |
| G. Professional or employment-related information |
Current or past job history. |
| H. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as student identification codes, student financial information, or student account records. |
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
2. How Your Personal Information is Collected
We collect most of this personal information directly from our clients to whom we provide services, as well as from you by telephone, written correspondence through the mail, email, text and/or provided by you through our website, by viewing your public social media/network pages, or other information available online. We may also collect information from the following sources:
- Publicly accessible sources (e.g., property records or court records);
- Our service providers including, but not limited to, letter vendors, skip tracing vendors, payment processing vendors, call analytics vendors, and/or electronic signature service providers;
- Directly from a third party (e.g., third parties contacted during skip tracing activities pursuant to 16 U.S.C. §1692b);
- From a third party with your consent such as your authorized representative or attorney; and
- From your activity on our website.
3. Why We Use Your Personal Information
We may use or disclose your personal information for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your personal information to make a payment, we will use that information to process your payment.
- Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, verifying customer information, processing payments, or providing similar services on behalf of the business or service provider.
- To provide you with information, or services that you request from us.
- Auditing related to a current interaction.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or that is controlled by the business, and to improve, upgrade, or enhance the service.
- To respond to law enforcement and/or legal requests and as required by applicable law, court order, or governmental regulations.
- As necessary or appropriate to protect the rights, property or safety of us, our clients, or others.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
4. Who We Share Your Personal Information With
We routinely share personal information with:
- Our affiliates, including companies within the EOS group;
- Service providers we use to help deliver our services, such as payment service providers and other we use to run our business;
- Third parties approved by you, including third-party payment providers;
- Credit reporting agencies;
- Our insurers and brokers; and
- Our bank[s].
In the preceding twelve (12) months, we have not sold any personal information. We do not currently sell personal information as contemplated by the CCPA.
5. Your Rights
You have the following rights under the CCPA that may be exercised without charge to you:
- Disclosure of Personal Information We Collect About You
- You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm to the best of our ability your verifiable consumer request, we will disclose to you: The categories of personal information we have collected about you; The categories of sources from which the personal information is collected; Our business or commercial purpose for collecting or selling personal information; The categories of third parties with whom we share personal information, if any; The specific pieces of personal information we have collected about you.
- Please note that we are not required to retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained, re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information, or provide the personal information to you more than twice in a 12-month period.
- Disclosure of Personal Information Sold or Used for a Business Purpose
- If applicable, in connection with any personal information we may sell (at this time EOS does not sell personal information) or disclose to a third party for a business purpose, you have the right to know the categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold and the categories of personal information that we disclosed about you for a business purpose.
- Deletion Request Rights
- You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
- We may deny your deletion request if retaining the information is necessary for us or our service providers to complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity, debug to identify and repair errors that impair existing intended functionality, exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law, comply with the California Electronic Communications Privacy Act, engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent, enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us, comply with an existing legal obligation, otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
- Protection Against Discrimination
- You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things, deny goods or services to you, charge or impose different prices or fees for goods or services, including through the use of discounts or other benefits or imposing penalties, provide a different level or quality of goods or services to you, and/or suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. We may charge a different price or rate or fee, or provide a different level or quality of [goods and/or services] to you, if that difference is reasonably related to the value provided to you by your personal information.
6. How to Exercise Your Rights
To exercise the access, data portability, and deletion rights described herein, please submit a verifiable consumer request to us by either:
Please note that you may only make a data access or data portability disclosure request twice within a 12-month period.
7. Verifying Your Identity (i.e., verifiable consumer request)
If you choose to contact directly by [email/phone/in writing], you will need to provide us with enough information to identify you (e.g., your full name, address and customer account number), proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill), a description of your request with sufficient detail that allows us to properly understand, evaluate and respond to it, and contact information for where you would like us to respond to your request.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
8. Response Timing and Format
We will make reasonable efforts to respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response to the address and/or email you provide to us in your request. If you do not provide us with an email or address, and you have provided sufficient account information for us to verify your identity we will respond to the email and/or address that correspondes to the account information we have on file. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request. If applicable, the response we provide will also explain the reasons we cannot comply with the request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
9. Changes to this Privacy Notice
We reserve the right to amend this privacy policy at our discretion and at any time.