California Consumer Privacy Act

This Privacy Policy Notice is intended for California residents pursuant to the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively “CCPA”), and supplements the information contained in the above Privacy Policy.  Any terms defined in the CCPA and applicable California regulations have the same meaning as used in this Privacy Policy Notice.  If you have a disability and want this Privacy Policy Notice provided in an alternative format, please call us as [toll-free number] or write us at [Address].  If you have questions about our Privacy Policy or practices, please call [phone number]. 

Information We Collect About You

We may collect and use personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked, with a consumer, device, or household (“personal information”).

Personal Information does not include:

Publicly available information from government records.

Deidentified or aggregated consumer information.

Information excluded from the CCPA’s scope, such as (but not limited to) information governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical Information Act (“CMIA”), the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994 (“DPPA”). 

We regularly collect (and have collected in the past 12 months) several types of personal information about individuals regarding accounts we service or purchase, including: 

Category Examples

Identifiers Name, postal address, Internet Protocol address, email address, account number, Social Security number, or other similar identifiers

Categories listed in the California Customer Records statute, Cal. Civ. Code § 1798.80(e) Name, signature, Social Security number, address, telephone number, education, employment, bank account number, credit card number, debit card number, or other financial information, medical information, or insurance information

Protected classifications under California or federal law Age, gender, medical condition, disability, veteran or military status

Commercial information Records of products or services purchased, obtained

Internet or other similar network activity Information on a consumer’s interaction with our website(s) or  application(s)

Audio, electronic, visual or similar data Call recordings

Professional or employment-related information Current or past job history

Non-public education information (per Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)) Student financial information 

Inferences drawn from personal information To create a profile reflecting the consumer’s preferences, characteristics, aptitudes, or behavior

Sensitive personal information A consumer’s social security number, driver’s license, state identification card, or passport number; a consumer’s account log-in in combination with any required security or access code, password, or credentials allowing access to the account

 How Your Personal Information is Collected

We collect most of this personal information from our creditor clients or from you or your authorized representative by telephone or written communications.  However, we may also collect information:

From publicly accessible sources (e.g., property or other government records);

From our service providers (e.g., call analytics, information source, skip-tracing, collections, payment processing, mailing, and other vendors)

Why We Use or Disclose Your Personal Information 

We regularly use or disclose personal information for one or more of the following business purposes:

Fulfill the reason you provided the information. For example, if you share your personal information to make a payment, we will use that information to process your payment.

Perform services on behalf of a business or service provider, including maintaining or servicing accounts, providing customer service, processing transactions, verifying customer information, processing payments, providing analytic services, or providing similar services on behalf of the business or service provider

Provide you with information or services that you request from us

Auditing related to consumer interactions 

Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity

Debugging to identify and repair errors that impair existing intended functionality

Short-term, transient use, where the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction

Undertaking activities to verify or maintain the quality of a service or device that is owned, made by or for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, made by or for, or controlled by us

Respond to law enforcement requests and as required by applicable law or court order 

As appropriate to protect the rights, property, or safety of us, our clients, or others

As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different purposes without providing you notice.

We regularly disclose (and have disclosed in the past 12 months) the above listed categories of personal information for business purposes to one or more of the following categories of third parties: our creditor clients, our service providers (payment processing, mailing, collection, call analytics and other vendors), credit reporting agencies, regulatory and law enforcement agencies. 

We do not sell or share your personal information under the CCPA.  

We do not use or disclose sensitive personal information for purposes other than those necessary to perform services reasonably expected by an average consumer; to help ensure security and integrity where use of the information is reasonably necessary and proportionate for this purpose; for short-term, transient use; for performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, or providing similar services; for undertaking activities to verify or maintain the quality of our services, and to improve, upgrade, or enhance our services.

We retain each category of personal information or sensitive personal information no longer than is reasonably necessary for the purposes for which it was collected as stated in this privacy policy, unless extending the retention period is otherwise required or permitted by law.  Subject to this limitation, the retention period of each category of personal information or sensitive personal information is determined by considering the following: the time required to retain the information to fulfill our business purposes; the time applicable to maintaining corresponding transaction and business records; the time necessary to respond to consumer queries, complaints or lawsuits; data retention requirements of applicable laws or contracts; and applicable data retention policies as may be in place from time to time.

Verifiable Consumer Requests for Information

Upon verification of identity, California residents may in some cases request that a business:

Disclose the categories of personal information the business collected about the consumer; 

Disclose the categories of sources from which the personal information is collected

Disclose the categories of personal information that the business sold about the consumer; 

Disclose the categories of personal information that the business disclosed about the consumer for a business purpose;

Disclose the categories of third parties with whom the business shares personal information

Disclose specific pieces of personal information the business has collected about the consumer

Disclose any financial incentives offered by the business for collection, sale, or deletion of personal information 

You have a right not to receive discriminatory treatment by a business for your exercise of CCPA privacy rights.  A business may charge a different price or rate, or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to you by your personal information.

For applicable personal information access and portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

Please note that we are not required to:

Carry out information access requests we receive from you if acting as a service provider or contractor to another entity regarding such information   

Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;

Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; 

Provide the requested information disclosure to you more than twice in a 12-month period.

Provide the requested information disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf; or

Provide the requested information disclosure if a CCPA or applicable exception applies.

Right to Request Deletion of Personal Information

Upon verification of identity, California residents may in some cases request that a business delete personal information about you that the business collected from you and retained, subject to certain exceptions. 

We may deny your deletion request if we are acting in the role of a service provider to another business regarding the applicable personal information.  If we deny your request on that basis, we will generally refer you to the relevant business.  In addition, we may deny your deletion request if retaining the information is necessary for us or our service providers to:

Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

Debug to identify and repair errors that impair existing intended functionality.

Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.

Comply with the California Electronic Communications Privacy Act.

Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.

Comply with a legal obligation; or

If another CCPA or applicable exception applies. 

6. Right to Request Correction of Inaccurate Personal Information

Upon verification of identity, California residents may in some cases request a business that maintains inaccurate personal information about you correct that inaccurate personal information. We will use commercially reasonable efforts to correct the inaccurate personal information.

California residents may make verifiable requests to disclose, delete, or correct pursuant to the CCPA or obtain more information by calling us at 1-800-234-1472, visiting us at www.generalrevenue.com, mailing us at 4660 Duke Drive, Suite 200, Mason, Ohio 45040, or emailing us at GRCInfo@generalrevenue.com. 

7. Verifying Your Identity If You Submit CCPA Requests

If you choose to contact us directly via the designated methods described above to exercise your CCPA rights, you will need to:

Provide enough information to reasonably identify you (e.g., your full name, account number if applicable, and potentially other identifying information); and

Describe your request with sufficient detail to allow us to properly process and respond to your request. 

If seeking to make a verifiable request under the CCPA on behalf of someone else, we require enough information to reasonably identify the subject of the request (including name and other identifying information) and the subject’s written consent to make the CCPA request on his or her behalf, as consistent with applicable law.

We are not obligated to make an information disclosure or carry out a deletion request pursuant to the CCPA if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any personal information we collect from you in order to verify your identity in connection with your CCPA request will be used solely for the purposes of verification.

COLORADO, CONNECTICUT, UTAH AND VIRGINIA RESIDENTS: 

PRIVACY POLICY NOTICE

This Privacy Policy Notice is intended for Colorado, Connecticut, Utah and Virginia residents pursuant to the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act and the Virginia Consumer Data Protection Act, respectively. This policy supplements the information contained in the above Privacy Policy.  Any terms defined in these laws and related regulations have the same meaning as used in this Privacy Policy Notice.  

1.   Personal Data We Collect About You

We may process personal data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked, with a consumer, device, or household (“personal data”).

Personal data does not include:

Publicly available information from government records.

Deidentified or aggregated consumer information.

Information excluded from the scope of the above privacy laws, such as (but not limited to) information governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Fair Credit Reporting Act (“FCRA”), and the Gramm-Leach-Bliley Act (“GLBA”). 

We regularly process (and have processed in the past 12 months) several types of personal data about individuals regarding accounts we service or purchase, including: 

Category Examples

Identifiers Name, signature, postal address, Internet Protocol address, email address, telephone number, account number, Social Security number, or other similar identifiers

Financial information Bank account number, credit card number, debit card number, or other financial information; medical insurance information

Protected classifications Age, gender, medical condition, disability, veteran or military status

Commercial information Records of products or services purchased, obtained

Internet or other similar network activity Information on a consumer’s interaction with our website(s) or  application(s)

Audio, electronic, visual or similar data Call recordings

Professional, or employment-related information Current or past job history

Non-public education information Student financial information 

Inferences drawn from personal information To create a profile reflecting the consumer’s preferences, characteristics, aptitudes, or behavior

Personal information A consumer’s social security number, driver’s license, state identification card, or passport number; a consumer’s account log-in in combination with any required security or access code, password, or credentials allowing access to the account

2.  Why We Process Your Personal Data 

We regularly process personal data for one or more of the following business purposes:

Fulfill the reason you provided the information. For example, if you share your personal data to make a payment, we will use that information to process your payment.

Perform services on behalf of a business or service provider, including maintaining or servicing accounts, providing customer service, processing transactions, verifying customer information, processing payments, providing analytic services, or providing similar services on behalf of the business or service provider.

Provide you with information or services that you request from us

Auditing related to consumer interactions. 

Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

Debugging to identify and repair errors that impair existing intended functionality.

Short-term, transient use, where the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction.

Undertaking activities to verify or maintain the quality of a service or device that is owned, made by or for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, made by or for, or controlled by us.

Respond to law enforcement requests and as required by applicable law or court order.

As appropriate to protect the rights, property, or safety of us, our clients, or others.

As described to you when collecting your personal information or as otherwise permitted by law. 

We will not collect additional categories of personal data or use the personal data we collected for materially different purposes without providing you notice.

3. Third Parties To Whom We Disclose Personal Data

We regularly disclose (and have disclosed in the past 12 months) the above listed categories of personal data for business purposes to one or more of the following categories of third parties: our creditor clients, our service providers (payment processing, mailing, collection, call analytics and other vendors), credit reporting agencies, regulatory and law enforcement agencies. 

4. We Do Not Sell Personal Data Or Engage In Targeted Advertising Or Profiling

We do not sell your personal data, process your personal data for targeted advertising, or process your personal data for automated decision-making including profiling in furtherance of decisions that produce legal or similarly significant effect on you. 

5. How To Request To Exercise Your Rights

Upon our verification of identity through commercially reasonable means, Colorado, Connecticut, Utah and Virginia residents may request to exercise one or more of the following rights:

To confirm whether or not we are processing your personal data and to access such personal data;

To delete personal data provided by or obtained about you;

To obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another company without hindrance, where the processing is carried out by automated means.

Additionally, upon our verification of identity through commercially reasonable means, Colorado, Connecticut, and Virginia residents may request to exercise the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for processing the data.

You may request to exercise these rights by one of the following methods:

Calling us at 1-800-234-1472

Emailing us at GRCInfo@generalrevenue.com

Mailing us at 4660 Duke Drive, Suite 200, Mason, OH 45040

Colorado, Connecticut, and Virginia residents may appeal our decision concerning your request by contacting us using any of the above methods, within 45 days of your receipt of our decision on your request, to advise of your appeal.