SPRING EQ PRIVACY POLICY

 

Policy Statement

 

Spring EQ and its subsidiaries (collectively, Spring EQ) customers consistently rate privacy as one of their most important concerns. We recognize and respect this interest in privacy. It is our policy to keep confidential the information we believe our customers consider personal (Sensitive Personal Information) and to prevent others from inappropriately retrieving Sensitive Personal Information. It is the duty of all Spring EQ employees to comply with this Privacy Policy and failure to adhere to the requirements of the Privacy Policy may lead to disciplinary action.

 

Consumer Choice and Preference Tracking

 

In situations where consumers are provided an opportunity to opt out from or must provide affirmative consent prior to certain information sharing or use practices, consumers will be permitted to exercise such choices and consumer choices will be honored and tracked by Spring EQ.

 

Further, while we may use a variety of companies to serve advertisements on the website, you may wish to visit http://www.networkadvertising.org/choices, which provides information regarding this practice by Network Advertising Initiative (“NAI”) members, and your choices regarding having this information used by these companies, including the “opt-out” procedures of NAI members. Opting out of one or more NAI members only means that those NAI members no longer will be allowed under their own rules to deliver targeted content and/or ads to you, which will affect this and other sites, but does not mean you will no longer receive any targeted content and/or ads. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different device or change web browsers, your NAI opt-out may not, or may no longer, be effective. Additional information is available on the NAI’s website accessible by the above link. You may also be able to opt-out of receiving third-party behavioral ads by visiting the DAA website at http://www.aboutads.info/choices. Similar limitations may apply to the DAA opt-out We are not responsible for effectiveness of or compliance with any third-parties’ opt-out options.

 

Privacy Laws and Regulations

 

Several federal and state laws directly affect the privacy of information relating to individuals.

 

The Right to Financial Privacy Act (REPA)

 

The RFPA requires the federal government to follow specified procedures when it requests information about our customers. In general, the federal government may obtain customer records in one of five ways:

 

1. Specific customer authorization.
2. Administrative subpoena or summons. (This method is usually used if customer authorization has not been obtained.)
3. Search warrant.
4. Judicial subpoena.
5. Formal written request (available only to government agencies that do not have the authority to issue an administrative subpoena or summons).

  1.  

(Certain influential government agencies, such as the Internal Revenue Service and the Drug Enforcement Agency, have their own special means of obtaining customer information. Agencies pursuing their regulatory functions, such as a banking agency preparing to do an examination, are not required to comply with the RFPA because the RFPA focuses on requests for information about specific customers.)

 

Government requests for information initially should be handled just like other requests for customer information. You should immediately contact the Compliance Department for instructions. The Compliance Department should consult with the Legal Department prior to the production of customer information. As the RFPA mandates, we will then require the government representative to provide a certificate of compliance with the RFPA before we provide any information about a specific customer.

 

The Gramm-Leach-Bliley Act (GLBA)

 

The privacy protection provisions of the GLBA require us to provide a privacy notice in the form of Exhibit A to each of our customers. Our practice is to provide this notice after an application has been taken or prior to Spring EQ sharing Sensitive Personal Information with non-affiliated third parties, unless one of the exemptions outlined in GLBA applies. The Spring EQ Privacy Notice is also posted on our website. If two or more persons jointly apply, we only need to provide one copy of the notice to one of the applicants.

 

As of the date of this policy, consumer information is not shared by Spring EQ in a manner that requires a consumer opt-out offer. If Spring EQ’s sharing protocols change and an opt-out is required, Spring EQ will draft the appropriate procedures.

 

Our employees must be careful not to disclose customer account numbers to anyone, unless the disclosure is made by employees in charge of reporting information to consumer reporting agencies or by employees specifically authorized to do so in connection with certain marketing programs.

 

State Privacy Laws

 

GLBA permits states to enact more stringent requirements for the sharing by financial institutions of nonpublic personal information with unaffiliated third parties. Some states have enacted such requirements. Notice of such state privacy restrictions is included in the Spring EQ Privacy Notice, and such state privacy restrictions are further described in state-specific privacy policy addenda.

 

Fair Credit Reporting Act (FCRA)

 

We provide financial information about a consumer to another entity only in circumstances in which such sharing is allowed by FCRA. Circumstances under which credit information may be shared include:

 

• Transactions and experiences with a consumer. Transaction and experience information is not considered a “consumer report,” and, therefore, may be shared with affiliated and nonaffiliated third parties, subject to the limitations of the privacy laws such as the federal Gramm-Leach-Bliley Act and similar state laws. Additional restrictions apply if an affiliate of Spring EQ uses information it obtains from us for marketing purposes.


      • • Sharing to facilitate a transaction. Sharing information with another party that is involved in the same transaction is not viewed as sharing with a “third party” within the meaning of FCRA, and, therefore, we may share such information without itself becoming a consumer reporting agency. Examples of sharing that is generally permissible under FCRA include providing information to potential portfolio purchasers, current investors, and FHA or private mortgage insurance companies.

    •  

    Can-Spam Act

     

    The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the CAN-SPAM Act) imposes requirements on the use of unsolicited commercial electronic mail messages (spam). In enacting the CAN-SPAM Act, Congress made the following determinations of public policy: (1) there is a substantial government interest in the regulation of commercial electronic mail on a nationwide basis; (2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source. The term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet Web site operated for a commercial purpose).

     

    In compliance with the CAN-SPAM Act, if we originate spam we:

     

    • Clearly and conspicuously label the message as an advertisement or solicitation

  • • Include clear and conspicuous opt-out instructions with reference to a functioning return e-mail address or other Internet-based mechanism for opting out of future spam
  •  
  • • Include our postal address
  •  
  • • Do not use false or misleading header (source, destination, and routing) information
  •  
  • • Do not use deceptive subject headings
  •  
  • • Do not transmit spam after objection (including transferring or releasing an email address after an objection)
  •  
  • • Take steps to ensure that any person we hire to promote our services does not violate the CAN-SPAM Act
    •  

    Security Guidelines

  •  
  •  

    We have implemented comprehensive written information security programs that include administrative, technical, and physical safeguards regarding the safeguarding of information about our customers. Our information security programs are found in the Data Security Policy issued by the Spring EQ IT Department.

  •  
  •  

    Limitations on Access to and Use of Sensitive Personal Information and Data Minimization

  •  
  •  

    As part of our compliance with applicable privacy requirements, access to Sensitive Personal Information will be provided only to employees requiring such information for the performance of their employment functions. Sensitive Personal Information must be used only for purposes permitted by applicable law, company policies, the Spring EQ Privacy Notice and appropriate customer choices. To the extent feasible, only information required for functions performed by Spring EQ should be collected or acquired and information should be retained only as long as such information is needed to perform functions or to comply with legal or contractual requirements.

  •  
  •  

    Prohibited Storage, and Retention, and use of Company Information

  •  

    1.  
    2. 1. Employees are prohibited from transferring, retaining or storing any corporate or confidential information (including, but not limited to loan files or customer lists), to personal email account(s), mobile devices, Personal Cloud accounts (Drop Box, Microsoft Cloud, Business Cloud or similarly named personal data storage retention areas). 

  •  
    1. 2. Employees are expressly prohibited from conducting any Spring EQ business using a personal email account. All Spring EQ communications must be sent and received using a Spring EQ email account assigned by the IT Department.

    2.  
    3. 3. Any employee who violates the prohibitions set forth in this paragraph may be subject to disciplinary action up to and including termination.

    4.  

    Consumer Choice and Preference Tracking

  •  
  •  

    In situations where consumers are provided an opportunity to opt out from or must provide affirmative consent prior to certain information sharing or use practices, consumers will be permitted to exercise such choices and consumer choices will be honored and tracked by Spring EQ.



     

California Residents:

This Privacy Notice and Disclosure for California Residents applies solely to those who reside in the State of California (“consumers” or “you”).

The purpose of this privacy notice and disclosure is to inform California residents, at or before the time of collection of personal information and to inform you as part of our privacy policies:

 

• Your “Right to Know” about personal information collected, used, and disclosed including:

• The categories of personal information we collect from you and the purpose for its collection,

• How we use those categories of personal information, and

• How we share the personal information you entrust to us.

• That we do not sell your personal information.

• Your “Right to Request Deletion” of personal information.

• Your “Right to Non-Discrimination” for the exercise of a privacy right.

• How to submit a verified consumer request.

• How to use an authorized agent to submit a verified consumer request.

 

Privacy Notice and Disclosure for California Residents

 

Your Right to Know

You have the right to request that Spring EQ, LLC (“Spring EQ”, “Company” or “we”) disclose what personal information it collects, uses, discloses, and sells. You can do this through a verified consumer request. That process is described below in the section, “Submitting a Verified Consumer Request.”

We collect personal information, which means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). The following is a description of the categories of personal information we collect and that we have collected in the past 12 months, the categories of sources from which the personal information is collected, and the business or commercial purposes for collecting and using the personal information including in the last 12 months.

 

Categories of Personal Information We Collect, Use and Share

 

• Identifiers: For example, a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

• Within the last twelve months, have Identifiers been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Personal Information Categories from Cal. Civ. Code § 1798.80(e): For example, a name, signature, social security number, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other

• Within the last twelve months, have these Personal Information Categories been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Characteristics of CA or Federal Protected Classifications: For example, race , national origin, ethnicity, sex, age, gender, familial status, disability, or veteran status.

• Within the last twelve months, have Characteristics of CA or Federal Protected Classifications been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Internet or Other Similar Network Activity: For example, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

• Within the last twelve months, have Internet or other Similar Network Activities been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

 • Geolocation Data: For example, information that can be used to determine a device’s physical location.

• Within the last twelve months, have Geolocation Data been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Sensory or Surveillance Data: For example, audio, electronic, visual, thermal, olfactory, or similar information that can be linked or associated with a particular consumer or household.

• Within the last twelve months, have Sensory or Surveillance Data been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Professional or Employment-Related Information: For example, compensation, current and past job history and verification of current and past employment.

• Within the last twelve months, have Professional or Employment-Related Information been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

• Profile Data: For example, inferences drawn from personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

• Within the last twelve months, have Profile Data been:

• Collected? Yes

• Sold? No

• Disclosed for a Business Purpose? Yes

 

Categories of Personal Information We Do Not Collect, Use and Share (and have not Collected, Used or Shared within the last twelve months)

• Commercial Information: For example, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Biometric Information: For example, physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

• Education Information (defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)): Education records directly related to a student maintained by an education institution or party acting on its behalf, for example, non-public information that can be used to distinguish or trace an individual’s identity in relation to an educational institution either directly or indirectly through linkages with other information.

The Categories of Sources from which this Information was Collected:

We obtain the personal information listed above from the following categories of sources:

• Directly from you or your authorized agents, including from online forms, e-mail, face-to-face meetings, and via telephone.

• Information from you that you provide passively from your use of sites and services, including from sources such as a web browser, e-mail, app, or smartphone.

• From third party sources including affiliates, credit reporting agencies, marketing partners, and lead

• Information we collect from visual observation, as may be required by HMDA.

• From your current and past employers and the Internal Revenue Service

The Business Purposes for which we Collect, Use or Share your Personal Information

• To fulfill or meet the reason for the information was provided

• For our internal operations purposes

• For auditing relating to consumer transactions, including ad impressions and compliance with regulations

• Fraud and security detection

• Debugging to identify and repair errors

• Short-term data use for the current interaction that is not used to build a profile

• Servicing transactions and accounts (e.g., customer service, maintaining and servicing accounts, customer verification, payment processing) and providing services on behalf of business or service provider (e.g., financing, advertising or marketing, analytics)

• Undertaking internal research for technological development and demonstration

• To share the personal information with service providers to carry out other business purposes

• To provide you with information, products or services that you request from us.

• To comply with all applicable legal requirements.

• To provide to federal and state agencies as part of the loan process or their supervision.

• To protect the rights, property or safety of us, our clients or others.

• To respond to law enforcement requests and as required by applicable law, court order or governmental regulation.

• Race, ethnicity, & sex is collected voluntarily from you as part of the loan application process in according with the Home Mortgage Disclosure Act (HMDA), which may be required to be completed based on our visual observation.

• Age is collected to determine if you have the legal ability to enter into a contract.

• Veteran status may be collected to determine if you are eligible for certain benefit or protections.

• We may place cookies or similar files on your hard drive for security purposes, to facilitate site navigation, and to personalize your experience while visiting our websites.

• We may also use cookies to track responses to advertisements and to track your use of other websites.

• Time zone information may be collected from a device that is used to request information from us in order to facilitate best practices in marketing and communication as well as compliance with applicable laws.

• Voice recordings for quality control and training purposes

 

The Categories of Third Parties with whom we Share your Personal Information

• Cloud storage providers

• Payment processors

• Web analytics providers

• Web hosting service providers

• E-mail distribution service providers

• Help Desk service providers

• Financial and accounting service providers

• Cybersecurity service providers

• Logistics and planning tool providers

• Customer relationship management tool providers

• Business partners used throughout the loan origination process and the servicing of your loan, including real estate appraisers, credit reporting agencies, title insurance companies, auditors, as well as the owner/investor of your loan.

• Federal and state governmental agencies as part of the loan process or their supervision of the Company.

• Federal governmental agencies as required by HMDA.

Please note that Personal Information does not include

• Publicly available information or lawfully obtained, truthful information that is a matter of public concern.

• Deidentified or aggregated consumer information.

Certain information is excluded from the scope of certain requirements of the California Consumer Privacy Act. This includes, without limitation:

• Personal information collected, processed, sold or disclosed subject to industry-specific privacy laws, including the federal Fair Credit Reporting Act (FCRA), the federal Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act.

We will not collect additional categories of personal information or use the personal information for any other undisclosed purpose without providing you notice.

 

Your Right to Opt-Out

 

We do not sell the personal information of anyone, including minors under 16 years of age, without affirmative authorization.

 

 

Your Right to Request Deletion of Your Personal Information

 

You have the right to request that the Company delete any of your personal information collected or maintained by the Company, subject to certain exceptions. You can do this through a verified consumer request. That process is described below in the section, “Submitting a Verified Consumer Request.”

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Your Right to Non-Discrimination for the Exercise of a Privacy Right

 

We will not discriminate against you for exercising any of your CCPA rights. We will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

 

Submitting a Verified Consumer Request

 

California residents have the right to submit verified consumer requests to know or delete information. If you are a California resident, you can make a Request to Know or Request to Delete by:

 

• Contacting us at (888) 978-9978

• Emailing your request to cxo@springeq.com.

 

You may only make a verifiable consumer request to know information twice within a 12-month period. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. We may request additional information to verify your identity prior to fulfilling your request. Once we receive your verifiable request, we will send you an acknowledgement letter within 10 days which will describe our verification process. We will respond to your request within 45 days, if we are able to verify your identity. Requests for deletion will require a separate confirmation that you want your information deleted.

 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

Please note we are unable to disclose or provide you with your Social Security Number, Driver’s License Number, or other government issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.

 

Using an Authorized Agent to Submit a Request

 

Only you, a person registered with the California Secretary of State, or a person you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you use an authorized agent, you may provide a power of attorney executed pursuant to California Probate Code sections 4000 to 4465. If a power of attorney that meets those provisions is not submitted, you will be required to verify your identity directly by submitting a verified consumer request according to the procedures in the section “Submitting a Verified Consumer Request.” If anyone purporting to be an authorized agent for a consumer contacts us, we will require proof that the authorized agent has been authorized to act on the consumer’s behalf.

 

Changes to Our Privacy Notice

The Company reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

 

Contact for More Information

If you have any questions or comments about this notice, the ways in which the Company collects and uses your information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

 

Phone: (888) 978-9978

 

Spring EQ, LLC

100 W. Matsonford Road, Bldg. 5, Ste. 100

Radnor, PA 19087

Attn: Customer Experience Office

 

Last Update: December 1, 2022