EOS privacy policy and practices

Introduction

EOS USA has prepared this privacy policy to inform you of its practices regarding the collection, use and disclosure of personal information about identifiable individuals. We take measures to safeguard the privacy and confidentiality of personal and confidential information. Adherence to strict confidentiality and privacy guidelines as outlined in the Fair Debt Collection Practices Act (FDCPA), the Federal Information Security Management Act (FISMA), the Fair Credit Reporting Act (FCRA), The Gramm-Leach-Bliley Act (GLBA) and the various state regulations is the cornerstone of our commitment to protecting the privacy of our employees, clients and their customers.

Scope

This policy applies to the operations of EOS USA and its subsidiaries across the U.S. and across all business units. [1]

Personal information means any information, recorded in any form, about an identifiable individual. Personal information does not include anonymous or aggregated information. Anonymous or aggregated information is information that cannot be associated with or traced back to an identifiable individual.

Consent

Except where permitted or required by law, EOS USA will endeavor to obtain the consent of each individual and/or company providing personal information to EOS USA for the collection, use or disclosure of such personal information by EOS USA.

Corporate responsibility

EOS USA is a privately-owned company specializing in providing its clients with various customer service and receivables management services.

Therefore, EOS USA owes a duty of care to its clients and, by extension, to our clients’ customers. The information to which EOS USA is granted access by its clients is of a highly confidential nature, as is the information that is acquired during the conduct of its business activities. For these reasons, EOS USA has developed and applied specific privacy and confidentiality policies in order to manage and safeguard this information.

Our employees’ responsibilities

Each of our employees is responsible for maintaining the confidentiality of all personal information to which he/she is granted access. When they join EOS USA, employees are informed of their responsibilities with regard to privacy and required to sign a confidentiality agreement binding them to these responsibilities. In addition, all employees are required to review and confirm their understanding of the Fair Debt Collection Practices Act (FDCPA), the Federal Information Security Management Act (FISMA), the Fair Credit Reporting Act (FCRA), The Gramm-Leach-Bliley Act (GLBA) and applicable state regulations and other regulatory guidelines.

EOS USA continually coaches and trains our employees with respect to ongoing compliance and developing issues in the realm of privacy and confidentiality. As a condition of employment, EOS USA employees are required to conform to these policies and procedures.

Privacy principles regarding the collection, use and disclosure activities of EOS USA

EOS USA

• gains access, through its clients, to sensitive information, which is required for EOS USA to provide debt collection services to its clients;
• limits the amount and type of personal information it collects. EOS USA will only collect the information required for its business operations;
• will use information only for the reasons it was collected and will not willfully disclose this information to third parties unless duly authorized to do so or as required by law;
• will store all information in its care in a secured fashion, whether electronically or on paper. EOS USA will restrict access to those employees who specifically and lawfully require the information for the purpose of performing their duties;
• will maintain personal information for as long as EOS USA believes it is necessary to fulfil the purpose for which it was collected and as required by applicable laws. EOS USA will proceed to securely dispose of any information that is no longer of value to EOS USA in the completion of its business activities;
• will take all reasonable steps so that client/customer information is accurately maintained, complete and up to date as is necessary to fulfill the purposes for which this information is to be used;
• will take reasonable measures to protect client/customer information by means of appropriate security safeguards as required by the sensitivity level of the information maintained;
• will not sell any client/customer information;
• will be receptive and open to client concerns regarding our policies and procedures that apply to the management of the client/customer information;
• customers may, upon written request, have access to their personal information maintained by EOS USA. The written request must contain sufficient detail to enable EOS USA, with reasonable effort, to identify the information for which the written request is made;
• customers may challenge EOS USA’s compliance with the privacy policy. At the written request of the customer, we will undertake to investigate and respond in writing to any customer complaint.

In summary

EOS USA considers privacy and the protection of confidential information to be a cornerstone of its business practices. EOS USA will continue to develop, review and monitor its policies and procedures to ensure compliance with all applicable legislation, customer requirements and general common sense, and commits to treating the individuals whose information has been entrusted to EOS USA with care and dignity.

[1] Any reference to EOS USA is to include all business units and subsidiary operations. Any reference to customers means EOS USA’s customers and/or our clients’ customers.

 

PRIVACY POLICY

Introduction

EOS USA, Inc (“EOS”) respects your privacy and is committed to protecting it through our compliance with this website privacy policy (“Policy”). Maintaining protection of the information entrusted to our care is of the utmost importance to EOS.

This Policy describes the types of information we may collect from you or that you may provide when you visit our website and our practices for collecting, using, protecting, and disclosing that information.

This Policy applies to information we collect or you submit to us through the EOS website.  This Policy does not apply to information collected by or through websites, applications, or content operated by any third party.

This Policy outlines our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use our website. By accessing or using our website, you agree to this Policy. This Policy may change from time to time (see Changes to Our Privacy Policy section below). Your continued use of our website after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

Information We Collect About You And How We Collect It

We collect several types of information from and about users of our website, including information:

·               by which you may be personally identified, including your name, e-mail address, or telephone number (“personal information”);

·               that is about you but individually does not identify you; and/or

·               about your internet connection, the equipment you use to access our website, and website usage details.

We collect this information:

·               Directly from you when you provide it to us.

·               Automatically as you navigate through the website. Information collected automatically may include, for example, usage details and IP addresses.

·               From third parties we contract with to provide services on our behalf.

Important Privacy Information for Consumers

You have the right to control whether we share some of your personal information. Please read the following information carefully.

We will collect the IP Address for internal security and other proprietary purposes. We will do so even if you have included a Do Not Track request. We do not release this data outside of our corporate environment nor utilize this data other than for internal purposes.

Important Information Regarding the Fair Debt Collection Practices Act

We do not disclose information to any party in violation of the Fair Debt Collection Practices Act.

Requesting Access or Changes to Your Information

You can make changes to personally identifiable information we collect from you by one of the following methods:

·      Calling us at 1-877-395-5997

·      Emailing us at CAPrivacyRequest@eos-usa.com

 

Information You Provide To Us

We collect information you provide to us on or through our website including:

·               Information that you provide by filling in forms on our website.

·               Records and copies of your correspondence (including e-mail addresses), if you contact us.

Usage Details, IP Addresses, Cookies, And Other Technologies

As you navigate through and interact with our website, we may automatically collect certain information about your equipment, browsing actions and patterns, including:

·               Details of your visits to our website, including traffic data, location data, logs and other communication data and the resources that you access and use on our website.

·               Information about your computer and internet connection, including your IP address, operating system and browser type.

The information we collect automatically is statistical data, and does not identify any individual.

There may be features that are developed in the future that may result in the collection of additional new information.

We do not allow third parties to collect personally identifiable information about a user’s online activities, over time and across different sites, services, and applications, when that user uses our site or service. 

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

·               To present our website and its contents to you.

·               To provide you with information or services that you request from us.

·               To offer and fulfill our core business purposes.

·               To fulfill any other purpose for which you provide it.

·               To carry out our obligations and enforce our rights arising from any contracts entered into between you and us or an owner or previous owner of an applicable account, including for billing and collection.

·               To notify you about changes to our website or any products or services we offer or provide though it.

·               To allow you to participate in interactive features on our website.

·               In any other way we may describe when you provide the information.

·               For any other purpose with your consent.

Disclosure Of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect as described in this Policy:

·               To contractors, service providers, and other third parties we use to support our business, such as clients, insurers, information source vendors, and payment processors, who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

·               To fulfill the purpose for which you provide it.

·               For any other purpose disclosed by us when you provide the information.

·               With your consent.

We may also disclose your personal information:

·               To comply with any court order, law or legal process, including to respond to any government or regulatory request.

·               Pursuant to a merger, acquisition, or sale of all or a portion of EOS’s assets.

·               If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of EOS or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. EOS has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized or unlawful release of or access to personal information, including any social security numbers.  To further safeguard this information, access to sensitive information such as social security numbers is limited, and our employees must abide by standards of conduct and confidentiality agreements.

Changes To Our Privacy Policy

EOS may change, add, modify or remove portions of this Policy at any time, which shall become effective immediately upon posting on this page. The date the Policy was last revised is identified at the bottom of the page. It is your responsibility to review this Policy for any changes. By continuing to use our website, you agree to any changes in the Policy.

Contact Information

If you have any questions about our privacy protection practices or believe we have not adhered to this Policy, please contact us on our main phone number at 1-877-395-5997.

Changes of Ownership or Control of EOS

 

We may transfer, combine, merge, or sell all or part of our business to another entity or entities.  If such an event occurs, personal information EOS has collected or maintained may be transferred to a new controlling party or parties, who will be permitted to use your personal information under the terms of this Policy for the purposes for which you supplied it. 

 

 

CALIFORNIA RESIDENTS: PRIVACY POLICY NOTICE

 

This Privacy Policy Notice is intended for California residents pursuant to the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively “CPRA”), and supplements the information contained in the above Privacy Policy.  Any terms defined in the CPRA and applicable California regulations have the same meaning as used in this Privacy Policy Notice.  If you have a disability and want this Privacy Policy Notice provided in an alternative format, please call us as 1-877-395-5997 or write us at 700 Longwater Dr. Norwell, MA 02061.  If you have questions about our Privacy Policy or practices, please call 1-877-395-5997.

We may collect and use personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked, with a consumer, device, or household (“personal information”).

 

Personal Information does not include:

 

We regularly collect (and have collected in the past 12 months) several types of personal information about individuals regarding accounts we service or purchase, including:

 

 

Category	Examples
Identifiers	Name, postal address, Internet Protocol address, email address, account number, Social Security number, or other similar identifiers
Categories listed in the California Customer Records statute, Cal. Civ. Code § 1798.80(e)	Name, signature, Social Security number, address, telephone number, education, employment, bank account number, credit card number, debit card number, or other financial information, medical information, or insurance information
Protected classifications under California or federal law	Age, gender, medical condition, disability, veteran or military status
Commercial information	Records of products or services purchased, obtained
Internet or other similar network activity	Information on a consumer's interaction with our website(s) or  application(s)
Audio, electronic, visual or similar data	Call recordings
Professional or employment-related information	Current or past job history
Non-public education information (per Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99))	Student financial information
Inferences drawn from personal information	To create a profile reflecting the consumer’s preferences, characteristics, aptitudes, or behavior
Sensitive personal information	A consumer's social security number, driver's license, state identification card, or passport number; a consumer's account log-in in combination with any required security or access code, password, or credentials allowing access to the account

 

 

 

We collect most of this personal information from our creditor clients or from you or your authorized representative by telephone or written communications.  However, we may also collect information:

 

We regularly use or disclose personal information for one or more of the following business purposes:

We do not sell or share your personal information under the CPRA. 

 

We do not use or disclose sensitive personal information for purposes other than those necessary to perform services reasonably expected by an average consumer; to help ensure security and integrity where use of the information is reasonably necessary and proportionate for this purpose; for short-term, transient use; for performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, or providing similar services; for undertaking activities to verify or maintain the quality of our services, and to improve, upgrade, or enhance our services.

 

We retain each category of personal information or sensitive personal information no longer than is reasonably necessary for the purposes for which it was collected as stated in this privacy policy, unless extending the retention period is otherwise required or permitted by law.  Subject to this limitation, the retention period of each category of personal information or sensitive personal information is determined by considering the following: the time required to retain the information to fulfill our business purposes; the time applicable to maintaining corresponding transaction and business records; the time necessary to respond to consumer queries, complaints or lawsuits; data retention requirements of applicable laws or contracts; and applicable data retention policies as may be in place from time to time.

 

4.     Verifiable Consumer Requests for Information

 

Upon verification of identity, California residents may in some cases request that a business:

·      Disclose the categories of personal information the business collected about the consumer;

·      Disclose the categories of sources from which the personal information is collected

·      Disclose the categories of personal information that the business sold about the consumer;

·      Disclose the categories of personal information that the business disclosed about the consumer for a business purpose;

·      Disclose the categories of third parties with whom the business shares personal information

·      Disclose specific pieces of personal information the business has collected about the consumer

·      Disclose any financial incentives offered by the business for collection, sale, or deletion of personal information

 

You have a right not to receive discriminatory treatment by a business for your exercise of CPRA privacy rights.  A business may charge a different price or rate, or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to you by your personal information.

 

For applicable personal information access and portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

 

Please note that we are not required to:

·      Carry out information access requests we receive from you if acting as a service provider or contractor to another entity regarding such information  

·      Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;

·      Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information;

·      Provide the requested information disclosure to you more than twice in a 12-month period.

·      Provide the requested information disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf; or

·      Provide the requested information disclosure if a CPRA or applicable exception applies.

 

5.     Right to Request Deletion of Personal Information

 

Upon verification of identity, California residents may in some cases request that a business delete personal information about you that the business collected from you and retained, subject to certain exceptions.

 

We may deny your deletion request if we are acting in the role of a service provider to another business regarding the applicable personal information.  If we deny your request on that basis, we will generally refer you to the relevant business.  In addition, we may deny your deletion request if retaining the information is necessary for us or our service providers to:

·      Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.

·      Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

·      Debug to identify and repair errors that impair existing intended functionality.

·      Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.

·      Comply with the California Electronic Communications Privacy Act.

·      Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

·      Comply with a legal obligation.

·      Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information; or

·      If another CPRA or applicable exception applies.

 

6.   Right to Request Correction of Inaccurate Personal Information

 

Upon verification of identity, California residents may in some cases request a business that maintains inaccurate personal information about you correct that inaccurate personal information. We will use commercially reasonable efforts to correct the inaccurate personal information.

 

California residents may make verifiable requests to disclose, delete, or correct pursuant to the CPRA or obtain more information by contacting us at CAPrivacyRequest@eos-usa.com, calling us at 1-877-395-5997, or 700 Longwater Dr. Norwell, MA 02061.

 

 

7.   Verifying Your Identity If You Submit CPRA Requests

 

If you choose to contact us directly via the designated methods described above to exercise your CPRA rights, you will need to:

·      Provide enough information to reasonably identify you (e.g., your full name, account number if applicable, and potentially other identifying information); and

·      Describe your request with sufficient detail to allow us to properly process and respond to your request.

 

If seeking to make a verifiable request under the CPRA on behalf of someone else, we require enough information to reasonably identify the subject of the request (including name and other identifying information) and the subject’s written consent to make the CPRA request on his or her behalf, as consistent with applicable law.

 

We are not obligated to make an information disclosure or carry out a deletion request pursuant to the CPRA if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

 

Any personal information we collect from you in order to verify your identity in connection with your CPRA request will be used solely for the purposes of verification.

 

Last modified: 01/01/2023

 

 

 

VIRGINIA RESIDENTS: PRIVACY POLICY NOTICE

 

This Privacy Policy Notice is intended for Virginia residents pursuant to the Virginia Consumer Data Protection Act (“VCDPA”), and supplements the information contained in the above Privacy Policy.  Any terms defined in the VCDPA and applicable Virginia regulations have the same meaning as used in this Privacy Policy Notice. 

We may process personal data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked, with a consumer, device, or household (“personal data”).

 

Personal data does not include:

 

We regularly process (and have processed in the past 12 months) several types of personal data about individuals regarding accounts we service or purchase, including:

 

 

Category	Examples
Identifiers	Name, signature, postal address, Internet Protocol address, email address, telephone number, account number, Social Security number, or other similar identifiers
Financial information	Bank account number, credit card number, debit card number, or other financial information; medical insurance information
Protected classifications	Age, gender, medical condition, disability, veteran or military status
Commercial information	Records of products or services purchased, obtained
Internet or other similar network activity	Information on a consumer's interaction with our website(s) or  application(s)
Audio, electronic, visual or similar data	Call recordings
Professional, or employment-related information	Current or past job history
Non-public education information	Student financial information
Inferences drawn from personal information	To create a profile reflecting the consumer’s preferences, characteristics, aptitudes, or behavior
Personal information	A consumer's social security number, driver's license, state identification card, or passport number; a consumer's account log-in in combination with any required security or access code, password, or credentials allowing access to the account

 

 

 

We regularly process personal data for one or more of the following business purposes:

 

 

We do not sell your personal data, process your personal data for targeted advertising, or process your personal data for automated decision-making including profiling in furtherance of decisions that produce legal or similarly significant effect on you.

 

5.   How To Request To Exercise Your Rights

 

Upon our verification of identity through commercially reasonable means, Virginia residents may request to exercise one or more of the following rights:

 

·      To confirm whether or not we are processing your personal data and to access such personal data;

·      To correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for processing the data;

·      To delete personal data provided by or obtained about you;

·      To obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another company without hindrance, where the processing is carried out by automated means.

 

You may request to exercise these rights by one of the following methods:

 

·      Calling us at 1-877-395-5997

·      Emailing us at CAPrivacyRequest@eos-usa.com

·      Mailing us at 700 Longwater Dr. Norwell, MA 02061

You may appeal our decision concerning your request by contacting us using any of the above methods, within 45 days of your receipt of our decision on your request, to advise of your appeal.

 

 

Last modified: 01/01/2023