Introduction
EOS USA has prepared this privacy policy to inform you of
its practices regarding the collection, use and disclosure of personal information about identifiable
individuals. We take measures to safeguard the privacy and confidentiality of personal and confidential
information. Adherence to strict confidentiality and privacy guidelines as outlined in the Fair Debt Collection
Practices Act (FDCPA), the Federal Information Security Management Act (FISMA), the Fair Credit Reporting Act
(FCRA), The Gramm-Leach-Bliley Act (GLBA) and the various state regulations is the cornerstone of our commitment
to protecting the privacy of our employees, clients and their customers.
Scope
This policy applies to the operations of EOS USA and its
subsidiaries across the U.S. and across all business units. [1]
Personal information means any information, recorded in
any form, about an identifiable individual. Personal information does not include anonymous or aggregated
information. Anonymous or aggregated information is information that cannot be associated with or traced back to
an identifiable individual.
Consent
Except where permitted or required by law, EOS USA will
endeavor to obtain the consent of each individual and/or company providing personal information to EOS USA for
the collection, use or disclosure of such personal information by EOS USA.
Corporate responsibility
EOS USA is a privately-owned company specializing in
providing its clients with various customer service and receivables management services.
Therefore, EOS USA owes a duty of care to its clients
and, by extension, to our clients’ customers. The information to which EOS USA is granted access by its
clients is of a highly confidential nature, as is the information that is acquired during the conduct of its
business activities. For these reasons, EOS USA has developed and applied specific privacy and confidentiality
policies in order to manage and safeguard this information.
Our employees’ responsibilities
Each of our employees is responsible for maintaining the
confidentiality of all personal information to which he/she is granted access. When they join EOS USA, employees
are informed of their responsibilities with regard to privacy and required to sign a confidentiality agreement
binding them to these responsibilities. In addition, all employees are required to review and confirm their
understanding of the Fair Debt Collection Practices Act (FDCPA), the Federal Information Security Management Act
(FISMA), the Fair Credit Reporting Act (FCRA), The Gramm-Leach-Bliley Act (GLBA) and applicable state
regulations and other regulatory guidelines.
EOS USA continually coaches and trains our employees with
respect to ongoing compliance and developing issues in the realm of privacy and confidentiality. As a condition
of employment, EOS USA employees are required to conform to these policies and procedures.
Privacy principles regarding the collection, use and disclosure activities of EOS USA
EOS USA
- gains access, through its clients, to sensitive
information, which is required for EOS USA to provide debt collection services to its clients;
- limits the
amount and type of personal information it collects. EOS USA will only collect the information required
for its business operations;
- will use information only for the reasons it was
collected and will not willfully disclose this information to third parties unless duly authorized to do
so or as required by law;
- will store all information in its care in a
secured fashion, whether electronically or on paper. EOS USA will restrict access to those employees who
specifically and lawfully require the information for the purpose of performing their duties;
- will maintain personal information for as long
as EOS USA believes it is necessary to fulfil the purpose for which it was collected and as required by
applicable laws. EOS USA will proceed to securely dispose of any information that is no longer of value
to EOS USA in the completion of its business activities;
- will take all reasonable steps so that
client/customer information is accurately maintained, complete and up to date as is necessary to fulfill
the purposes for which this information is to be used;
- will take reasonable measures to protect
client/customer information by means of appropriate security safeguards as required by the sensitivity
level of the information maintained;
- will not
sell any client/customer information;
- will be receptive and open to client concerns
regarding our policies and procedures that apply to the management of the client/customer
information;
- customers may, upon written request, have access
to their personal information maintained by EOS USA. The written request must contain sufficient detail
to enable EOS USA, with reasonable effort, to identify the information for which the written request is
made;
- customers may challenge EOS USA’s
compliance with the privacy policy. At the written request of the customer, we will undertake to
investigate and respond in writing to any customer complaint.
In summary
EOS USA considers privacy and the protection of
confidential information to be a cornerstone of its business practices. EOS USA will continue to develop, review
and monitor its policies and procedures to ensure compliance with all applicable legislation, customer
requirements and general common sense, and commits to treating the individuals whose information has been
entrusted to EOS USA with care and dignity.
[1] Any reference to EOS USA is to include all business units and subsidiary
operations. Any reference to customers means EOS USA’s customers and/or our clients’
customers.
PRIVACY POLICY
Introduction
EOS USA,
Inc (“EOS”) respects your privacy and is
committed to protecting it through our compliance with this website privacy policy
(“Policy”). Maintaining protection of the information entrusted to our care is
of the utmost importance to EOS.
This
Policy describes the types of information we may
collect from you or that you may provide when you visit our website and our
practices for collecting, using, protecting, and disclosing that information.
This
Policy applies to information we collect or you
submit to us through the EOS website. This Policy does not apply to
information collected by or through websites, applications, or content operated
by any third party.
This
Policy outlines our policies and practices
regarding your information and how we will treat it. If you do not agree with
our policies and practices, you should not use our website. By accessing or
using our website, you agree to this Policy. This Policy may change from time
to time (see Changes to Our Privacy Policy section below). Your continued use
of our website after we make changes is deemed to be acceptance of those
changes, so please check the Policy periodically for updates.
Information We Collect About You And How We
Collect It
We
collect several types of information from and about
users of our website, including information:
·
by which you may
be personally identified, including your name, e-mail address, or telephone
number (“personal information”);
·
that is about you
but individually does not identify you; and/or
·
about your
internet connection, the equipment you use to access our website, and website usage
details.
We
collect this information:
·
Directly from you
when you provide it to us.
·
Automatically as
you navigate through the website. Information collected automatically may
include, for example, usage details and IP addresses.
·
From third
parties we contract with to provide services on our behalf.
Important Privacy Information for Consumers
You have
the right to control whether we share some of
your personal information. Please read the following information carefully.
We will
collect the IP Address for internal security
and other proprietary purposes. We will do so even if you have included a Do
Not Track request. We do not release this data outside of our corporate
environment nor utilize this data other than for internal purposes.
Important Information Regarding the Fair Debt Collection
Practices Act
We do not
disclose information to any party in
violation of the Fair Debt Collection Practices Act.
Requesting Access or Changes to Your Information
You can
make changes to personally identifiable
information we collect from you by one of the following methods:
·
Calling us at 1-877-395-5997
·
Emailing us at CAPrivacyRequest@eos-usa.com
Information You Provide To Us
We
collect information you provide to us on or through
our website including:
·
Information that
you provide by filling in forms on our website.
·
Records and
copies of your correspondence (including e-mail addresses), if you contact us.
Usage Details, IP Addresses, Cookies, And Other
Technologies
As you
navigate through and interact with our website,
we may automatically collect certain information about your equipment, browsing
actions and patterns, including:
·
Details of your
visits to our website, including traffic data, location data, logs and other
communication data and the resources that you access and use on our website.
·
Information about
your computer and internet connection, including your IP address, operating
system and browser type.
The
information we collect automatically is statistical
data, and does not identify any individual.
There may
be features that are developed in the future
that may result in the collection of additional new information.
We do not
allow third parties to collect personally
identifiable information about a user’s online activities, over time and across
different sites, services, and applications, when that user uses our site or
service.
How We Use Your Information
We use
information that we collect about you or that
you provide to us, including any personal information:
·
To present our
website and its contents to you.
·
To provide you
with information or services that you request from us.
·
To offer and
fulfill our core business purposes.
·
To fulfill any
other purpose for which you provide it.
·
To carry out our
obligations and enforce our rights arising from any contracts entered into
between you and us or an owner or previous owner of an applicable account,
including for billing and collection.
·
To notify you
about changes to our website or any products or services we offer or provide
though it.
·
To allow you to
participate in interactive features on our website.
·
In any other way
we may describe when you provide the information.
·
For any other
purpose with your consent.
Disclosure Of Your Information
We may
disclose aggregated information about our users,
and information that does not identify any individual, without restriction.
We may
disclose personal information that we collect as
described in this Policy:
·
To contractors,
service providers, and other third parties we use to support our business, such
as clients, insurers, information source vendors, and payment processors, who
are bound by contractual obligations to keep personal information confidential
and use it only for the purposes for which we disclose it to them.
·
To fulfill the
purpose for which you provide it.
·
For any other
purpose disclosed by us when you provide the information.
·
With your
consent.
We may
also disclose your personal information:
·
To comply with
any court order, law or legal process, including to respond to any government
or regulatory request.
·
Pursuant to a
merger, acquisition, or sale of all or a portion of EOS’s assets.
·
If we believe
disclosure is necessary or appropriate to protect the rights, property, or
safety of EOS or others. This includes exchanging information with other
companies and organizations for the purposes of fraud protection and credit
risk reduction. EOS has implemented physical,
electronic, and procedural security safeguards to protect against the
unauthorized or unlawful release of or access to personal information,
including any social security numbers. To further safeguard this information, access to sensitive information such as social security
numbers is limited, and our employees must abide by standards of conduct
and confidentiality agreements.
Changes To Our Privacy Policy
EOS may
change, add, modify or remove portions of this
Policy at any time, which shall become effective immediately upon posting on
this page. The date the Policy was last revised is identified at the bottom of
the page. It is your responsibility to review this Policy for any changes. By
continuing to use our website, you agree to any changes in the Policy.
Contact Information
If you
have any questions about our privacy protection
practices or believe we have not adhered to this Policy, please contact us on
our main phone number at 1-877-395-5997.
Changes of Ownership
or
Control of EOS
We may transfer, combine, merge,
or sell all or part of our business to another entity or entities. If such an
event occurs, personal information EOS has collected or maintained may be
transferred to a new controlling party or parties, who will be permitted to use
your personal information under the terms of this Policy for the purposes for
which you supplied it.
CALIFORNIA RESIDENTS: PRIVACY POLICY NOTICE
This Privacy Policy Notice is intended for California
residents pursuant to the California Consumer Privacy Act of 2018 and
California Privacy Rights Act of 2020 (collectively “CPRA”), and supplements
the information contained in the above Privacy Policy. Any terms defined in
the CPRA and applicable California regulations have the same meaning as used in
this Privacy Policy Notice. If you have a disability and want this Privacy
Policy Notice provided in an alternative format, please call us as 1-877-395-5997
or write us at 700 Longwater
Dr. Norwell, MA 02061. If you have questions about our Privacy Policy
or practices, please call 1-877-395-5997.
We may collect
and use personal information that identifies, relates to, describes, is
reasonably capable of being associated with, or could reasonably be directly or
indirectly linked, with a consumer, device, or household (“personal
information”).
Personal
Information does not include:
·
Publicly available information from government records.
·
Deidentified or aggregated consumer information.
·
Information excluded from the CPRA’s scope, such as (but not
limited to) information governed by the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical
Information Act (“CMIA”), the Fair Credit Reporting Act (“FCRA”), the
Gramm-Leach-Bliley Act (“GLBA”), California Financial Information Privacy Act
(“FIPA”), and the Driver’s Privacy Protection Act of 1994 (“DPPA”).
We regularly
collect (and have collected in the past 12 months) several types of personal
information about individuals regarding accounts we service or purchase,
including:
Category
|
Examples
|
Identifiers
|
Name, postal address, Internet Protocol address, email address,
account number, Social Security number, or other similar identifiers
|
Categories listed in the California Customer Records
statute, Cal. Civ. Code § 1798.80(e)
|
Name, signature, Social Security number, address,
telephone number, education, employment, bank account number, credit card
number, debit card number, or other financial information, medical
information, or insurance information
|
Protected classifications under California or federal law
|
Age, gender, medical condition, disability, veteran or
military status
|
Commercial information
|
Records of products or services purchased, obtained
|
Internet or other similar network activity
|
Information on a consumer's interaction with our
website(s) or application(s)
|
Audio, electronic, visual or similar data
|
Call recordings
|
Professional or employment-related information
|
Current or past job history
|
Non-public education information (per Family Educational
Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))
|
Student financial information
|
Inferences drawn from personal information
|
To create a profile reflecting the consumer’s preferences,
characteristics, aptitudes, or behavior
|
Sensitive personal information
|
A
consumer's social security number, driver's license,
state identification card, or passport number; a consumer's account log-in in
combination with any required security or access code, password, or
credentials allowing access to the account
|
2.
How Your Personal Information is Collected
We collect most
of this personal information from our creditor clients or from you or your
authorized representative by telephone or written communications. However, we
may also collect information:
·
From publicly accessible sources (e.g., property or other government
records);
·
From our service providers (e.g., call analytics, information
source, skip-tracing, collections, payment processing, mailing, and other
vendors)
3.
Why We Use or Disclose Your Personal Information
We regularly
use or disclose personal information for one or more of the following business
purposes:
·
Fulfill the reason you provided the information. For example, if
you share your personal information to make a payment, we will use that
information to process your payment.
·
Perform services on behalf of a business or service provider,
including maintaining or servicing accounts, providing customer service,
processing transactions, verifying customer information, processing payments,
providing analytic services, or providing similar services on behalf of the
business or service provider
·
Provide you with information or services that you request from us
·
Auditing related to consumer interactions
·
Detecting security incidents, protecting against malicious,
deceptive, fraudulent, or illegal activity, and prosecuting those responsible
for that activity
·
Debugging to identify and repair errors that impair existing
intended functionality
·
Short-term, transient use, where the personal information is not
disclosed to another third party and is not used to build a profile about a
consumer or otherwise alter an individual consumer’s experience outside the
current interaction
·
Undertaking activities to verify or maintain the quality of a
service or device that is owned, made by or for, or controlled by us, and to
improve, upgrade, or enhance the service or device that is owned, made by or
for, or controlled by us
·
Respond to law enforcement requests and as required by applicable
law or court order
·
As appropriate to protect the rights, property, or safety of us,
our clients, or others
·
As described to you when collecting your personal information or
as otherwise set forth in the CPRA.
We will not
collect additional categories of personal information
or use the personal information we collected for materially different purposes
without providing you notice.
We regularly
disclose (and have disclosed in the past 12 months) the
above listed categories of personal information for business purposes to one or
more of the following categories of third parties: our creditor clients, our
service providers (payment processing, mailing, collection, call analytics and
other vendors), credit reporting agencies, regulatory and law enforcement
agencies.
We do not sell or share your personal
information under the CPRA.
We do not use or disclose
sensitive personal information for purposes other than those necessary to perform services reasonably
expected by an average consumer; to help ensure
security and integrity where use of the information is reasonably necessary and
proportionate for this purpose; for short-term,
transient use; for performing services, including maintaining or servicing
accounts, providing customer service, processing or fulfilling transactions,
verifying customer information, processing payments, or providing similar
services; for undertaking activities to verify or maintain the quality of our services,
and to improve, upgrade, or enhance our services.
We retain
each category of personal information or sensitive personal information no longer
than is reasonably necessary for the purposes for which it was collected as
stated in this privacy policy, unless extending the retention period is
otherwise required or permitted by law. Subject to this limitation, the
retention period of each category of personal information or sensitive personal
information is determined by considering the following: the time required to
retain the information to fulfill our business purposes; the time applicable to
maintaining corresponding transaction and business records; the time necessary
to respond to consumer queries, complaints or lawsuits; data retention
requirements of applicable laws or contracts; and applicable data retention
policies as may be in place from time to time.
4.
Verifiable Consumer Requests for
Information
Upon
verification of identity, California residents may in some cases request that a
business:
· Disclose the categories of personal information the
business collected about the consumer;
· Disclose the categories of sources from which the
personal information is collected
· Disclose the categories of personal information that
the business sold about the consumer;
· Disclose the categories of personal information that
the business disclosed about the consumer for a business purpose;
· Disclose the categories of third parties with whom the
business shares personal information
· Disclose specific pieces of personal information the
business has collected about the consumer
· Disclose any financial incentives offered by the
business for collection, sale, or deletion of personal information
You have a
right not to receive discriminatory treatment by a business for your exercise
of CPRA privacy rights. A business may charge a different price or rate, or
provide a different level or quality of goods or services to you, if that
difference is reasonably related to the value provided to you by your personal
information.
For applicable
personal information access and portability requests, we will select a format
to provide your personal information that is readily useable and should allow
you to transmit the information from one entity to another entity without
hindrance.
Please note
that we are not required to:
· Carry out information access requests we receive from
you if acting as a service provider or contractor to another entity regarding
such information
· Retain any personal information about you that was
collected for a single one-time transaction if, in the ordinary course of
business, that information about you is not retained;
· Reidentify or otherwise link any data that, in the
ordinary course of business, is not maintained in a manner that would be
considered personal information;
· Provide the requested information disclosure to you
more than twice in a 12-month period.
· Provide the requested information disclosure if we
cannot verify that the person making the request is the person about whom we
collected information, or is someone authorized to act on such person’s behalf;
or
· Provide the requested information disclosure if a CPRA
or applicable exception applies.
5.
Right to Request Deletion of Personal
Information
Upon
verification of identity, California residents may in some cases request that a
business delete personal information about you that the business collected from
you and retained, subject to certain exceptions.
We may deny
your deletion request if we are acting in the role of a service provider to
another business regarding the applicable personal information. If we deny
your request on that basis, we will generally refer you to the relevant
business. In addition, we may deny your deletion request if retaining the
information is necessary for us or our service providers to:
· Complete the transaction for which the personal
information was collected, provide a good or service requested by you, or
reasonably anticipated within the context of our ongoing business relationship
with you, or otherwise perform a contract between you and us.
· Detect security incidents, protect against malicious,
deceptive, fraudulent, or illegal activity; or prosecute those responsible for
that activity.
· Debug to identify and repair errors that impair
existing intended functionality.
· Exercise free speech, ensure the right of another
consumer to exercise his or her right of free speech, or exercise another right
provided for by law.
· Comply with the California Electronic Communications
Privacy Act.
· Enable solely internal uses that are reasonably
aligned with your expectations based on your relationship with us.
· Comply with a legal obligation.
· Otherwise use your personal information, internally,
in a lawful manner that is compatible with the context in which you provided
the information; or
· If another CPRA or applicable exception applies.
6. Right to Request Correction of Inaccurate
Personal Information
Upon
verification of identity, California residents may
in some cases request a business that maintains inaccurate personal information
about you correct that inaccurate personal information. We will use
commercially reasonable efforts to correct the inaccurate personal information.
California residents may make verifiable requests to
disclose, delete, or correct pursuant to the CPRA or obtain more information by
contacting us at CAPrivacyRequest@eos-usa.com, calling
us at 1-877-395-5997, or
700
Longwater Dr. Norwell, MA 02061.
7. Verifying Your Identity If You Submit CPRA
Requests
If you choose
to contact us directly via the designated methods described above to exercise
your CPRA rights, you will need to:
· Provide enough information to reasonably identify you
(e.g., your full name, account number if applicable, and potentially other
identifying information); and
· Describe your request with sufficient detail to allow
us to properly process and respond to your request.
If seeking to
make a verifiable request under the CPRA on behalf of someone else, we require
enough information to reasonably identify the subject of the request (including
name and other identifying information) and the subject’s written consent to
make the CPRA request on his or her behalf, as consistent with applicable law.
We are not
obligated to make an information disclosure or carry out a deletion request
pursuant to the CPRA if we cannot verify that the person making the request is
the person about whom we collected information, or is someone authorized to act
on such person’s behalf.
Any personal
information we collect from you in order to verify your identity in connection
with your CPRA request will be used solely for the purposes of verification.
Last
modified: 01/01/2023
VIRGINIA RESIDENTS: PRIVACY POLICY
NOTICE
This Privacy
Policy Notice is intended for Virginia
residents pursuant to the Virginia Consumer Data Protection Act (“VCDPA”), and
supplements the information contained in the above Privacy Policy. Any terms
defined in the VCDPA and applicable Virginia regulations have the same meaning
as used in this Privacy Policy Notice.
1.
Personal Data We Collect About
You
We may process
personal data that identifies, relates
to, describes, is reasonably capable of being associated with, or could reasonably
be directly or indirectly linked, with a consumer, device, or household
(“personal data”).
Personal data does
not include:
·
Publicly available information
from government records.
·
Deidentified or aggregated
consumer information.
·
Information excluded from the
VCDPA’s scope, such as (but not limited to) information governed by the Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Fair Credit
Reporting Act (“FCRA”), and the Gramm-Leach-Bliley Act (“GLBA”).
We regularly
process (and have processed in the past
12 months) several types of personal data about individuals regarding accounts
we service or purchase, including:
Category
|
Examples
|
Identifiers
|
Name, signature, postal
address, Internet Protocol address, email address, telephone number, account
number, Social Security number, or other similar identifiers
|
Financial information
|
Bank account number, credit
card number, debit card number, or other financial information; medical
insurance information
|
Protected classifications
|
Age, gender, medical
condition, disability, veteran or military status
|
Commercial information
|
Records of products or
services purchased, obtained
|
Internet or other similar
network activity
|
Information on a consumer's
interaction with our website(s) or application(s)
|
Audio, electronic, visual
or similar data
|
Call recordings
|
Professional, or
employment-related information
|
Current or past job history
|
Non-public education
information
|
Student financial
information
|
Inferences drawn from
personal information
|
To create a profile
reflecting the consumer’s preferences, characteristics, aptitudes, or
behavior
|
Personal information
|
A consumer's social security number,
driver's license, state identification card, or passport number; a consumer's
account log-in in combination with any required security or access code,
password, or credentials allowing access to the account
|
2.
Why We
Process Your Personal Data
We regularly
process personal data for one or more of
the following business purposes:
·
Fulfill the reason you provided
the information. For example, if you share your personal data to make a
payment, we will use that information to process your payment.
·
Perform services on behalf of a
business or service provider, including maintaining or servicing accounts,
providing customer service, processing transactions, verifying customer
information, processing payments, providing analytic services, or providing
similar services on behalf of the business or service provider
·
Provide you with information or
services that you request from us
·
Auditing related to consumer
interactions
·
Detecting security incidents,
protecting against malicious, deceptive, fraudulent, or illegal activity, and
prosecuting those responsible for that activity
·
Debugging to identify and repair
errors that impair existing intended functionality
·
Short-term, transient use, where
the personal information is not disclosed to another third party and is not
used to build a profile about a consumer or otherwise alter an individual
consumer’s experience outside the current interaction
·
Undertaking activities to verify
or maintain the quality of a service or device that is owned, made by or for,
or controlled by us, and to improve, upgrade, or enhance the service or device
that is owned, made by or for, or controlled by us
·
Respond to law enforcement
requests and as required by applicable law or court order
·
As appropriate to protect the
rights, property, or safety of us, our clients, or others
·
As described to you when
collecting your personal information or as otherwise set forth in the VCDPA.
We will not collect additional
categories of personal data or use the personal data we collected for
materially different purposes without providing you notice.
3. Third Parties To Whom We
Disclose Personal Data
We regularly disclose (and have
disclosed in the past 12 months) the above listed categories of personal data
for business purposes to one or more of the following categories of third
parties: our creditor clients, our service providers (payment processing,
mailing, collection, call analytics and other vendors), credit reporting
agencies, regulatory and law enforcement agencies.
4. We Do Not Sell Personal
Data Or Engage In Targeted Advertising Or Profiling
We do not
sell your personal data, process your personal data for targeted advertising,
or process your personal data for automated decision-making including profiling
in furtherance of decisions that produce legal or similarly significant effect
on you.
5. How To Request To Exercise Your Rights
Upon our
verification of identity through commercially
reasonable means, Virginia residents may request to exercise one or more of the
following rights:
·
To confirm whether or not we are
processing your personal data and to access such personal data;
·
To correct inaccuracies in your
personal data, taking into account the nature of the personal data and the
purposes for processing the data;
·
To delete personal data provided
by or obtained about you;
·
To obtain a copy of your
personal data that you previously provided to us in a portable and, to the
extent technically feasible, readily usable format that allows you to transmit
the data to another company without hindrance, where the processing is carried
out by automated means.
You may request to
exercise these rights by one of the
following methods:
· Calling us at 1-877-395-5997
· Emailing us at CAPrivacyRequest@eos-usa.com
· Mailing us at 700 Longwater Dr. Norwell, MA
02061
You may appeal our
decision concerning your request by
contacting us using any of the above methods, within 45 days of your receipt of
our decision on your request, to advise of your appeal.
Last modified: 01/01/2023