Effective as of March 31, 2020
1. WHAT INFORMATION DO WE COLLECT?
The categories of information we collect include:
Information you provide to us directly. We may collect personal information, such as your name, phone number, location, email address, business information, payment and bank account information, social security number, wire transfer information, employment and income information and additional information to verify your identity when you register for our Service, apply for a loan or to be an investor, or otherwise communicate with us.
Information we receive from third parties. We may receive information about you or your employer from third parties, including information we request from credit reporting agencies such as TransUnion, Equifax, and/or Experian, and from other partners.
In the past 12 months, we have collected the following categories of personal information:
Identifiers.This may include a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
Personal information described in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)).This may include a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Commercial information.This may include records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity.This may include browsing history, search history, or information on a consumer's interaction with a website, application, or advertisement.
Geolocation data.This may include physical location or movements.
Professional or employment-related information.This may include current or past job history or performance evaluations.
Inferences drawn from other personal information.This may include information, data, assumptions, or conclusions derived from facts, evidence, or another source of information or data reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
In addition, in the past 12 months, we have collected personal information from consumers, data analytics providers and other service providers.
2. HOW WE USE INFORMATION
To process your transaction. If you register as a borrower, we will use information about you to facilitate your loan request. For example, we may use such information to create your borrower profile and account, process your loan application or transaction, and enable payments and fund transfers with financial institutions. Certain personal information must be supplied during the borrower registration processes in order to meet our legal obligations, verify your identity, determine eligibility for credit, protect against fraud and complete your transaction.
To maintain and improve our Service. We use the information to operate, maintain, improve and provide to you the features and functionality of the Service.
To communicate with you. We use the information to communicate directly with you, such as to send you direct mail and email marketing messages subject to your communication preferences. We may also send you Service-related emails or messages (e.g., account verification, change or updates to features of the Service, technical and security notices).
For example, we may collect your personal information for the following business or commercial purposes:
Account Services: We use personal information to offer our account services, including: (1) establishing, maintaining, supporting, and servicing an account you may have opened with us and for which you provided the information or that you may have applied for or established with us; (2) providing services, products, or information you may have requested from us; and (3) performing services such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services on our own behalf or on the service provider’s behalf.
Security and Fraud Detection: We use personal information for our security and fraud detection services including: detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity.
Debugging: We us e personal information to engage in debugging to identify and repair errors that impair existing intended functionality.
Improvement of Products and Services: We use personal information to verify, maintain, and improve our products and services.
Internal Research: We use personal information for our internal research related to technological development and demonstration.
Advertising and Marketing Services: We use personal information to provide advertising or marketing services on our own behalf.
Legal Obligations: We use personal information to comply with legal obligations.
Audits: We use personal information to audit current interactions with you and related transactions (e.g., counting and verifying ad impressions, auditing compliance).
Merger/Acquisition/Bankruptcy, etc.: We may use your personal information as part of a merger, acquisition, bankruptcy, or other transaction where a third party assumes control of us.
Commercial/Economic Interests: We use personal information to advance our commercial or economic interest.
We and our third-party partners automatically collect certain types of usage information when you visit our Service, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, which could include cookies, web beacons, Flash cookies (locally stored objects), embedded scripts, location-identifying technologies, and similar technology (collectively, “tracking technologies”). These tracking technologies collect information about how you use the Service (e.g., the pages you view, the links you click, and other actions you take on the Service), information about your browser and online usage patterns (e.g., IP address, browser type, browser language, referring / exit pages and URLs, pages viewed, whether you opened an email, links clicked), and information about the device(s) you use to access the Service (e.g., mobile device identifier, mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and depending on your mobile device settings, your geographical location data (which could include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device), or we may be able to approximate a device’s location by analyzing other information, like an IP address. We, or our third-party partners, may link your various devices so that content you see on one device can result in relevant advertising and content displayed on another device, and so that we may recognize and contact you on the various devices you may use. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service.
We use or may use the data collected through tracking technologies to (a) remember information so that you will not have to reenter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) recognize and contact you across multiple devices; (d) provide and monitor the effectiveness of our Service; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our Service.
If you would prefer not to accept cookies, most browsers will allow you to adjust your browser settings to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Blocking or deleting cookies may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
4. SHARING OF INFORMATION
We may share personal information about you in the instances described below. For further information on your choices regarding information about you, see the “Control Over Information” section below.
We may share personal information about you with the following third parties (the “Third Parties”):
Affiliates of Quid which includes companies owned by or under common ownership as Quid, as well as our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use information about you in the same way as we can under this Policy;
Third-party vendors and other service providers that perform services on our behalf. We work with a number of service providers who support our operations, including but not limited to electronic payment service providers. We share information with these third parties to process the transactions you initiate or to perform other specific services on our behalf, such as collections or identity verification, or creating and providing targeted advertisements. Our service providers are legally required to keep personal information private and secure and adhere to applicable state and federal laws and regulations;
Third parties at your request;
Banks that process your loan;
Credit bureaus. We may share personal information about you with credit bureaus to meet our credit reporting obligations;
Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings; and
We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
We may disclose your personal information to service providers and third parties in order to carry out specific business or commercial purposes. In the preceding 12 months, we have disclosed the following categories of consumer personal information for business or commercial purposes to the categories of Third Parties set forth above:
Personal information described in the California Customer Records Statute.
Internet or other similar network activity.
Professional or employment-related information.
Inferences drawn from other personal information.
In the preceding twelve (12) months, Quid has not sold and does not sell consumer personal information to third parties for a business or commercial purpose. In addition, Quid does not sell the personal information of minors under 16 years of age.
5. CONTROL OVER INFORMATION
Modifying or deleting information about you: You can update your password (if applicable), email address, physical address, phone number, and bank account information at any time by emailing us at email@example.com. We will respond to your request within a reasonable timeframe. We may not be able to modify or delete information in all circumstances. We may also be required to maintain information about you for at least seven years to be in compliance with applicable federal and state laws regarding recordkeeping, reporting, and audits.
How to control your communications preferences: You can update your email preferences and stop receiving promotional email communications from us by clicking on the “Unsubscribe” link provided in such communications or e-mailing us at firstname.lastname@example.org. We make every effort to process all unsubscribe requests within a reasonable amount of time. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).
6. THIRD-PARTY TRACKING AND ONLINE ADVERTISING
Interest Based Advertising. We may participate in interest-based advertising and use third-party advertising companies to serve you targeted advertisements based on your browsing history. We may share, or we may permit third-party online advertising networks, social media companies and other third-party services, to collect, information about your use of our website over time so that they may play or display ads on our Service, on other devices you may use, and on other websites, apps or services. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the site and other information. We and our third-party partners may combine this information with information collected offline or from other sources. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.
Cross-Device Linking. We, or our third-party partners, may link your various devices so that content you see on one device can result in relevant advertising on another device. We do this by collecting information about each device you use when you are logged in to our Service. We may also work with third-party partners who employ tracking technologies, or the application of statistical modeling tools, to determine if two or more devices are linked to a single user or household. We may share a common account identifier (such as an email address or user ID) with third-party advertising partners to help recognize you across devices. We, and our partners, can use this cross-device linkage to serve interest-based advertising and other personalized content to you across your devices, to perform analytics and to measure the performance of our advertising campaigns.
Interest-based advertising. To learn about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative (NAI) online resources, at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance (DAA) resources at http://www.aboutads.info/choices.
Cross-device linking. Please note that opting-out of receiving interest-based advertising through the NAI’s and DAA’s online resources will only opt-out a user from receiving interest-based ads on that specific browser or device, but the user may still receive interest-based ads on his or her other devices. You must perform the opt-out on each browser or device you use.
Mobile advertising. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest based ads” (Android). You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.
Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you will need to opt-out again.
Google Analytics and Advertising.We may use Google Analytics to recognize you and link the devices you use when you visit our website or Service on your browser or mobile device, login to your account on our Service, or otherwise engage with us. We may share a unique identifier, like a user ID or hashed email address, with Google to facilitate the Service. Google Analytics allows us to better understand how our users interact with our Service and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's site “How Google uses data when you use our partners' sites or apps” located at https://www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Service. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences or by vising NAI’s online resources at http://www.networkadvertising.org/choices.
7. HOW WE PROTECT AND STORE INFORMATION ABOUT YOU
We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. While neither we, nor any other organization, can guarantee the security of information processed online, we do have appropriate security measures in place to protect your personal information. For example, we store the personal information you provide on computer systems with limited access.
We also periodically review and adjust security safeguards as the threat landscape evolves. Ultimately no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, our policy is to take reasonable steps to investigate the situation and, where appropriate, communicate with affected individuals.
We will comply with all applicable data privacy laws, including the Gramm-Leach-Bliley Act, California Civil Code § 1785.20.2 (if applicable), and all applicable laws relating to data security, international communications, communications decency, and the importation and exportation of materials and data.
8. CHILDREN’S PRIVACY
We do not knowingly collect or solicit any information from anyone under the age of 13 on this Service. In the event that we learn that we have inadvertently collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us at email@example.com.
9. LINKS TO OTHER WEBSITES AND SERVICES
The Service may contain links to and from third-party websites of our business partners, advertisers, and social media sites and our users may post links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on third-party websites.
10. YOUR CALIFORNIA PRIVACY RIGHTS
California law provides consumers who are California residents with specific rights regarding their personal information. This section is for California Residents only and supplements the Privacy Notice. This section describes rights provided by the California Consumer Privacy Act (“CCPA”) to California Residents (“consumers” or “you”) regarding their personal information, and explains how consumers can exercise those rights.
What is Personal Information?
We may collect, use, or share your personal information. Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“personal information”). “Personal information” does not include: (1) publicly available information, such as information that is lawfully made available from federal, state, or local records, and (2) de-identified or aggregate consumer information.
Certain personal information covered by or collected under industry-specific federal and state privacy laws including, but not limited to, the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver's Privacy Protection Act of 1994.
Personal information that we collect about you when you are acting as our job applicant, employee, owner, director, officer, medical staff member, or contractor to the extent that we collect and use your personal information solely within the context of that role. This also includes your emergency contact information and personal information that is necessary for us to retain to administer benefits for you. However, you will still receive a notice at the time of collection, which outlines the categories of personal information we collect and the purposes for which we collect the categories of personal information.
Personal information we receive from you reflecting a communication or transaction between us and another business when you are acting as an employee, owner, director, officer, or contractor of such company, partnership, sole proprietorship, nonprofit, or government agency and you are seeking a product or service from us for the company, partnership, sole proprietorship, nonprofit, or government agency (“Business Consumer”). We have outlined the limited rights afforded to Business Consumers below.
Personal Information We Collect, Use, or Share
Your Rights under the CCPA
As described in more detail below, the CCPA provides you with certain rights regarding the collection, use, and disclosure of your personal information.
The Right to Know About Personal Information Collected, Used, or Disclosed
You have the right to request that we provide you with certain information about the personal information we collect, use, or disclose about you as well as the categories and specific pieces of information that we have collected about you in the 12 months before your submission of a verifiable consumer request. Specifically, you have the right to request the following information:
The pieces of personal information we have about you.
The categories of personal information we have collected about you, including:
The categories of personal information we have collected about you in the past 12 months.
The categories of sources from which the personal information about you was collected.
Our business or commercial purpose for collecting your personal information.
If we shared your personal information:
The categories of personal information that we disclosed about you for a business purpose in the past 12 months and, for each category identified, the categories of third parties to which it disclosed that particular category of personal information; and
The categories of third parties that we share personal information.
A household may request to know aggregate household personal information by submitting a verifiable consumer request. Also, unless the household has a password-protected account, if all consumers in a household jointly request access to specific pieces of information for the household, we can individually verify the identity of all the members of the household, and we can verify that each member is a current member of the household, then we will comply with the request.
However, there is certain information that we will not disclose to you. This information includes but is not limited to your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answer, or unique biometric data generated from measurements or technical analysis of human characteristics.
This right does not apply to Business Consumers.
The Right to Request Deletion of Personal Information
You have the right to request that we delete any personal information that we have collected from you and maintained about you. Once we receive and confirm your verifiable consumer request, if we determine that we must comply with a deletion request and delete your personal information from our records, we will also direct any service providers we work with to also delete your personal information from their records. If we store any of your personal information in our archived or back-up systems, we will delete your information once the systems are accessed, restored, and/or used unless an applicable exception applies.
A household may request the deletion of aggregate household personal information by submitting a verifiable consumer request. In addition, unless the household has a password-protected account, if all consumers in a household jointly request deletion of household personal information, we can individually verify the identity of all the members of the household, and we can verify that each member is a current member of the household, then we will comply with the request.
Please note that we may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
This right does not apply to Business Consumers.
Exercising Your Rights under the CCPA
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Verifying Your Request:
Non-Account Holders: Once you submit your verifiable consumer request, we will verify your identity by matching the information you provided us with information in our systems. If you submit a request to know specific pieces of personal information or a request to delete certain information, in addition to verifying your identity with information we have on file, you also may be required to submit a signed declaration under penalty of perjury stating that the requestor is the consumer whose personal information is the subject of the request. If we are unable to respond to your request for specific pieces of information, we will evaluate your request as if it is a request to know the categories of personal information that we have collected about you.
Password-Protected Accounts: If you have a password-protected account with us, we may verify your identity through our existing authentication practices for your account and we will also require you to re-authenticate yourself before we disclose your personal information. If we suspect fraudulent or malicious activity on or from your account, we will not comply with your request until we perform further verification to determine whether your request is authentic and you are the person about whom we have collected the personal information.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by the CCPA.
Generally, if we are unable to verify your identity, we will deny your request and inform you of our inability to verify your identity and explain why we were unable to do so.
Please note that we are only required to respond to your request for access to your personal information twice within a 12-month period.
Response Timing and Format
Once we receive your verifiable consumer request, we will confirm our receipt of your request within 10 business days and provide you with additional information about how we will process the request. We endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time (up to 90 calendar days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We will not charge you to verify your identity. In addition, we do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Authorized Agent for Requests
You may designate an authorized agent to make a request on your behalf. Unless you have a power of attorney, if you would like to use an authorized agent, which is an individual or business registered with the Secretary of State that you have authorized to act on your behalf, to submit a request, you must provide the authorized agent with written and signed permission to do so, verify your own identity directly with us, and directly confirm that you provided the authorized agent with permission to submit the request. We may deny a request from an authorized agent that does not submit proof that they are authorized to act on your behalf.
We will not discriminate against you for exercising any of your privacy rights. For example, unless otherwise permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you with a different level or quality of goods or services.
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Shine the Light
Under California’s “Shine the Light” law (Civil Code Section § 1798.83), a California resident who provides personal information to us may request and obtain from us once per year, free of charge, a list of third parties with whom we have shared personal information for the third parties’ direct marketing purposes (if any) during the preceding calendar year and a list of the categories of personal information we have disclosed to such third parties. To make such a request, please send an email firstname.lastname@example.org.
11. HOW TO CONTACT US