Effective: July, 2020
Maintaining the highest standards of transparency and client trust while handling your personal information is our promise to you.
What this policy covers
What this policy does not cover
HOW DOES DATAFACTION COLLECT ONLINE INFORMATION?
We collect information in a variety of contexts. For example, we may collect information:
· Directly from you. We collect information directly from you, such as when you apply or register for our products and services, use our online services, communicate with us, respond to surveys, provide feedback, or enter contests or promotions.
· Automatically when you use our Online Services. We and others on our behalf may collect Device Data, Online/Mobile Activity Data, and other information automatically when you interact with us online. A description of our use of online tracking technologies is described here.
WHAT INFORMATION DOES DATAFACTION COLLECT
Depending on how you interact online with us, we may collect various types of information. For example, when you sign up for or use a financial product or service online, we may collect:
· Contact or identity data, such as your name, mailing address, email address, phone number, date of birth, government-issued identifier (e.g., Social Security number, tax ID number, driver’s license, or other government ID), citizenship, username and password, profile picture, and other information that directly identifies you.
· Account-related data, such as account number, credit/debit card number, account history, account balances, loan details, vehicle or property information, information about beneficiaries and joint account holders, business-related information (e.g., business name, address, revenue, and industry type), and other information related to your Datafaction accounts.
· Transaction data, such as payment or transaction history, transaction details contained in your Datafaction accounts, and third-party billing information or statements.
· Credit report information, such as your credit score, credit history, and other information that we receive from credit reporting agencies.
· Demographic data, such as gender, marital status, age, household size/composition, education level, income, occupation, and employment status.
When you browse our website we may also collect:
· Device data, such as your device type, web browser type and version, operating system type and version, display/screen settings, language preferences, photos (e.g., to deposit checks), internet protocol address, mobile network information, general location (e.g., city, state, or country), precise location, cookie IDs, device IDs, mobile advertising IDs (e.g., Apple’s IDFA or Google’s Advertising ID), and likely connections among different browsers and devices that you use (collectively, “Device Data”).
· Online/mobile activity data, such as login data, search history, information about how you use and interact with our Online Services or advertising (including content viewed, links clicked, and features used), when and how often you use our Online Services, the webpage from which you clicked a link to come to our Online Services (e.g., the referrer URL), and crash reports (collectively, “Online/Mobile Activity Data”).
· Marketing data, such as your marketing preferences, information about products or services we think you might like, and inferences based on your interactions with us or our partners (e.g., Online/ Mobile Activity Data used for targeted advertising).
· Communications data, such as your communication preferences and details or the content of your communications with us (e.g., chat messages).
· Survey and research data, such as your responses to questionnaires, surveys, requests for feedback, and research activities.
If you inquire about or apply for a job at Datafaction, we may also collect:
· Employment application data, such as professional, employment-related, and education history collected through the Online Services about job applicants, employees, associates, or contractors.
HOW DOES DATAFACTION SHARE INFORMATION
We share information in a variety of contexts. For example, we may share your information with:
· Affiliates. We may share your information with companies within the City National Bank family of companies.
· Business partners. We may share your information with companies that we have partnered with to offer or enhance products and services for Datafaction customers or prospective customers.
· Service providers. We use other companies to provide services on our behalf and to help us run our business. We may share information with these service providers, or they may collect information on our behalf, for various business purposes. For example, we use service providers for hosting and securing our information systems, servicing customer accounts, detecting and preventing fraud, assisting with human resources activities, communicating with our customers, analyzing and improving our Online Services, and targeting our advertising.
· Third parties with whom you authorize or direct us to share your information. We share information with your consent or at your direction.
· Government entities and others with whom we share information for legal or necessary purposes. We share information with government entities and others for legal and necessary purposes, such as:
· To respond to requests from our regulators or to respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order, or other legal process.
· For other legal purposes, such as to enforce our terms and conditions, exercise or defend legal claims, or if we determine that disclosure is necessary or appropriate to protect the life, safety, or property of our customers, ourselves, or others.
· Recipients of aggregated and de-identified information. We may share aggregated and de-identified information (such as aggregated statistics regarding the use of our financial products and services) with third parties for any purpose.
WHAT ONLINE TRACKING TECHNOLOGY DOES DATAFACTION USE?
We and third-party providers acting on our behalf use a variety of online tools and technologies to collect information when you visit or use the Online Services, including Device Data and Mobile/Online Activity Data. For example, we use these tools to collect information for debugging, fraud prevention, session management, and other necessary purposes. We also use these to conduct personalization, analytics, and targeted advertising on or through the Online Services. We may associate this tracking data with your account (if you have one).
These tools include:
· Server logs. Server logs automatically record information and details about your online interactions with us. For example, server logs may record information about your visit to our website on a particular time and day.
· Pixel tags. A pixel tag (also known as a web beacon, clear GIF, pixel, or tag) is an image or a small string of code that may be placed in a website, advertisement, or email. It allows companies to set or read cookies or transfer information to their servers when you load a webpage or interact with online content. For example, we or our service providers may use pixel tags to determine whether you have interacted with a specific part of our website, viewed a particular advertisement, or opened a specific email.
· Third-party plugins. Our Online Services may include plugins from other companies, including social media companies (e.g., the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins are governed by the privacy policies and terms of the companies that created them.
YOUR PRIVACY RIGHTS
UPDATE YOUR ACCOUNT INFORMATION
Review your account information by logging on to your Datafaction account and confirming all your personal information is updated and accurate.
OPT OUT OF TARGETED ADVERTISING
You can opt out of certain targeted advertising in web browsers by visiting the Digital Advertising Alliance (DAA) WebChoices Tool (DAA) WebChoices Tool (for DAA participating companies) and the NAI Opt Out Page (for NAI member companies).
You can opt out of certain targeted advertising in mobile apps by adjusting privacy settings available on your mobile device (e.g., “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android), or using the DAA's AppChoices App or the TRUSTe Privacy App for participating companies.
UNSUBSCRIBE FROM EMAIL MARKETING
You may opt-out of receiving email marketing at any time by emailing CompliancePrivacy2@cnb.com. Additionally, our marketing emails also contain instructions on how to opt-out of future email marketing. Any email opt-outs received by Datafaction will be honored within 10 business days of receipt.
EXERCISE OTHER PRIVACY RIGHTS
You may have additional right under applicable laws, such as the California Consumer Privacy Act for California residents. You can review our California Consumer Privacy Act Disclosure here.
PROTECTION OF CHILDREN’s Online Privacy
We do not knowingly collect information from children under the age of 13 without parental consent. Our website is not directed or intended to individuals under the age of 13 and should not be used by them. In no event should individuals under the age of 13, provide any personal information through our website. More information about the Children’s Privacy Protection Act (COPPA) may be found at www.ftc.gov.
CHANGES TO POLICY
This policy is subject to change at any time. Please review this policy regularly for changes. The effective date of this policy is indicated above and shows the last time this policy was revised or materially changed. Checking the effective date above allows you to determine whether there have been changes since the last time you reviewed this policy.