Last updated: April 29, 2021
PERSONAL INFORMATION WE MAY COLLECT AND WHERE IT COMES FROM
Information you provide to Finicity. When you connect your account from your relevant bank, financial institution, payroll provider, or other entity that provides your financial account ("Financial Account") through the Services or when you request the Services directly from us, you may provide (and we may collect) the following categories of Personal Information:
- Authentication information, such as credentials, username, password, security questions and responses, Personal Identification Numbers (PINs), multi-factor authentication responses, security tokens, and/or other information required to authenticate you to connect your Financial Account(s) through the Services.
- Product and service information, such as registration and payment information, first name, last name, email, phone number, date of birth, social security number.
- Professional information, including information about your employer and income, in cases where you’ve provided us with your pay stub or W2 information.
Information we collect from your Financial Account. After you have successfully connected your Financial Account(s) through the Services, we will access and collect information from your Financial Account on your behalf. The information we will collect from your Financial Account will vary depending on the specific third-party services you are using (e.g., income verification or financial management applications), the information available from the Financial Account, and other factors. We will collect the following categories of Personal Information from your Financial Account, which includes information from all accounts accessible through a single set of credentials to a Financial Account (e.g., checking, savings, and credit card):
- Account identifying information, including, account name, financial institution name, payroll provider name, account type, account ownership, branch number, account number, and routing number;
- Balance information, including current and available Financial Account balance;
- Revolving credit account information, including balance owed, due date, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
- Payroll account information, including employer details, employment description, W2 and tax related information, income amount and dates paid, and amounts withheld for taxes, benefits, and insurance;
- Loan account information, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
- Investment account information, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
- Identifying information about the account owner(s), including name, email address, phone number, date of birth, and address information; and
- Transaction information, including merchant, amount, date, payee, type, quantity, price, location, involved securities, and a memo or description of the transaction.
Information we receive about you from other sources. When you use the Services in connection with a Service Provider Application or in the process of connecting your Financial Accounts to our financial institution partners, we may receive identifiers and commercial information about you directly from a Service Provider Application, our financial institution partners, or other third parties including our service providers and identity verification services. For instance, Service Provider Applications (e.g., lenders or payment processors) may provide information to Finicity such as your full name, social security number, date of birth, email address, phone number, or information about your financial accounts and account transactions, and our financial institution partners or service providers may provide information such as the status of a transaction you have initiated.
HOW WE DISCLOSE AND USE INFORMATION
- To provide, maintain, improve, and enhance our Services;
- To verify your identity, which is required to give you access to our Services;
- To verify your accounts and establish the requested Service with the service provider(s) of your choice, including financial institutions, brokerage houses, technology providers, payment providers and credit card companies;
- To provide you with certain information that we derive from your Personal Information, such as your income based on your pay checks;
- If you subscribe to a Service requiring payment, to process the initial payment and all subsequent payments;
- To help us improve and personalize the content and functionality of our Services;
- To help us understand your usage of the Services to improve the Services;
- To communicate with you regarding customer service matters, questions and other various comments you may send to us;
- To inform you about products, services, offers, and events we offer or sponsor, and to provide news and other information we believe may interest you;
- To communicate various technical and administrative messages regarding the Services, including notices of technology updates;
- To generate de-identified and/or aggregated data that we may use for any lawful purpose;
- To offer you the option to participate in contests or surveys regarding the Services;
- Auditing related to a current interaction with the consumer and concurrent transactions;
- Debugging to identify and repair errors that impair existing intended functionality;
- Undertaking internal research for technological development and demonstration;
- To maintain legal and regulatory compliance;
- To enforce compliance with our Terms and Conditions and Policies; and
- For any other purpose disclosed to you at the time we collect or receive the Personal Information, or otherwise with your consent.
How We Share Your Information
We provide services to or utilize third-party services that may have access to your Personal Information for a variety of business purposes. We only provide your Personal Information to a third party after such third party has a signed a confidentiality contract with us, and we provide your Personal Information to such third parties only for our business purposes. The Personal Information you provide to us will be shared in the following circumstances:
- With your consent and at your discretion;
- With Service Provider Applications or our approved partners with whom you have enrolled for services;
- With third-party service providers that we employ to provide marketing, security, development, or other business processes, or to provide services on our behalf;
- With other entities within the Mastercard group;
- When we reasonably believe such disclosure is required to comply with the law, an investigation, or other legal process, such as a court order or a subpoena; or
- To service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
We may use, share, or publicly disclose or otherwise process your information that has been de-identified, anonymized and/or, aggregated (so that it does not identify you personally) for any purpose permitted under applicable law, including for research and the development of new products.
How We Handle / Secure Your Information
Because we are trusted with your Personal Information, we have implemented administrative, technical, and physical security controls that are designed to safeguard your Personal Information. We maintain physical, electronic, and procedural safeguards that comply with applicable state and federal standards to guard your Personal Information held by us relative to the Services.
Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your Personal Information when you are on the internet and when you communicate with us and with other parties through the internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us or our partners is no longer secure, please let us know immediately by contacting us as indicated in the Contact Us section below.
By using our Services, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security breach involving your Personal Information, we may attempt to notify you electronically by sending an email to you. If you have any questions about the security of your Personal Information, please email us at email@example.com
Our Legal Basis for Handling Your Information
Some jurisdictions require us to disclose the legal basis on which we rely to use or disclose your Personal Information. To the extent those laws apply, our legal bases are as follows:
- Consent: Where required by law, and in some other instances, we handle your Personal Information on the basis of your consent.
- Our contractual obligations to you: Our handling of your Personal Information is to meet our contractual obligations to you, or to take steps at your request in anticipation of entering into a contract with you. Our contractual obligations to you may include the creation of your account and the provision of the Services to you.
- We have a legal obligation to use your Personal Information: For example, we may use your Personal Information to comply with tax and accounting obligations, or with a court order.
- Legitimate Business Interest: We handle your Personal Information to provide you with our Services and to accomplish our legitimate business purposes (e.g., to improve our Services and for product development purposes). We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
Our Services are hosted in the United States. If you choose to use the Services from or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Also, we may transfer your Personal Information from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services.
If you are located in the European Economic Area, Switzerland or the United Kingdom ("Europe"), we will comply with applicable data protection laws when transferring your Personal Information outside of your jurisdiction. Specifically, we may transfer your Personal Information to countries which have been found to provide adequate protection according to the competent authorities (such as the European Commission), rely on Binding Corporate Rules ("BCRs") or use contractual protections for the transfer of Personal Information. For more information about how we transfer Personal Information outside of Europe, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us as specified below.
YOUR RIGHTS AND CHOICES
You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionalities of our Services. Where required by applicable law, we will indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. Depending on your country or state, you may have the right or choice to access, amend, or delete any Personal Information we hold about you, opt out of, object to, or restrict some uses of your Personal Information, and withdraw any consent provided. To exercise these rights, you may contact us using the contact details at the end of this Policy.
If you are located in Europe, you may have the rights described below:
- You may request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Information to another company. You may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.
- You may withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time, and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
Do Not Track
Some browsers have a "do not track" feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to browser "do not track" signals.
You must be at least 18 years old to use our Services. We do not knowingly direct our Services to individuals under 18 years old ("Minors"), nor do we knowingly collect, use, or disclose Personal Information about Minors who use our Services. If you use our Services, you represent that you are at least the age of majority under the laws of the jurisdiction of your place of residence. If you believe a Minor has provided us with Personal Information, please alert us at firstname.lastname@example.org. If we learn that we have collected Personal Information from a Minor, we will promptly take steps to delete such information.
We will retain your Personal Information for as long as necessary for the business or commercial reason(s) for which it was obtained or as specified by any ongoing retention requirements found in the law. The manner in which we review our retention requirements for our customers is: (i) the length of time and type of service with our client and provide the Services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
434 West Ascension Way, Suite 200
Salt Lake City, UT 84123