(Effective as of January 01, 2021)
1. Introduction. This Privacy Policy describes the types of “Personal Information” (information that is identifiable to a particular person) that is collected (directly or through service providers) in connection with the CardControl downloadable application (“App”) and related services (collectively, the “Service”) offered by your financial institution (“we” or “us”). This Privacy Policy is intended to supplement the disclosures in any Privacy Policy that you may have already been presented by us in connection with online banking or other services.
2. Eligibility. The Service is offered only to individual residents of the United States, excluding its territories, who can form legally binding contracts under applicable law. Without limiting the foregoing, the Service is not offered to minors. Other restrictions and eligibility requirements for the Service apply as described in the CardControl Terms of Use. We do not knowingly collect any Personal Information from or about individuals under 18 years of age. Please do not submit such information to us, and as a parent or legal guardian, please do not allow your children to submit Personal Information without your permission. By using the App or the Service, you represent that you meet these requirements and that you agree to the terms of this Privacy Policy.
3. What Types of Personal Information We May Collect. We may collect Personal Information about you, which may include: name, postal address, zip code, e-mail address, telephone number, account numbers, payment card expiration date, payment card identification or verification numbers, social security number, mobile device location, and other information that we can use to contact you, verify your identity, provide the functionality available through use of the App and the Service, and manage risks, such as information maintained about you by identity verification services and consumer reporting agencies, including credit bureaus, and payment and other transaction information, and history for payments and other transactions in which you participate through the Service, and any Personal Information that you may enter into information blocks present in the App interface or made available through the Service. We may collect information regarding your mobile device such as device settings, unique device identifiers, information about your location, and analytical information that may assist with diagnostics and performance. For your convenience, you may be asked to grant permission for access to your mobile device’s geolocation data. This information may be collected when you use certain services that are dependent on your mobile device’s location (such as the location of an ATM or in store transactions).
4. How We May Collect Personal Information About You. We may collect Personal Information about you from the following sources:
5. How We May Share Personal Information About You. We share Personal Information about you only as permitted by law. For Personal Information that is nonpublic and that we collect in connection with a financial service, U. S. federal law permits us to share such information only for the purposes shown in the following table:
Reasons we can share Personal Information about you |
Do we share? |
Can you limit this sharing? |
For our everyday business purposes – such as to process your transactions, respond to court orders and legal investigations, and report to credit bureaus; |
Yes |
No |
For our marketing purposes – to offer our products and services to you; |
Yes |
No |
For Joint Marketing with other financial companies; |
No |
We Do Not Share |
For our Affiliates’ everyday business purposes (information about your transactions and experiences); |
Yes |
No |
For our Affiliates’ everyday business purposes (information about your creditworthiness); |
No |
We Do Not Share |
For our Affiliates to market to you; |
No |
We Do Not Share |
For Nonaffiliates to market to you |
No |
We Do Not Share |
6. How We May Use Personal Information About You. We use Personal Information about you only as permitted by law, including but not limited to the following purposes:
7. Other Important Information.
Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our Affiliates, unless the law allows. We will not share information about your credit worthiness with our Affiliates except with your consent, but we may share information about our transactions or experiences with you with our Affiliates without your consent.
California: Under California law, we will not share information we collect about you with Nonaffiliates, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our Affiliates to the extent required by California law.
8. Definitions.
9. How We Protect Personal Information About You. To protect Personal Information about you from unauthorized access and use, we maintain physical, electronic, and procedural safeguards, including but not limited to security measures that comply with applicable federal and state laws. We also require our service providers and business partners to whom we disclose the information to do the same. When you enter sensitive information (such as a debit or credit card number) into the App, we encrypt the transmission of that information using secure socket layer technology (SSL). We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
10. Data Retention. We will retain, protect, use and share Personal Information about you as long as it is reasonably required for the purposes described in this Privacy Policy, and as required by law, including but not limited to for risk management, regulatory compliance, and audit purposes.
11. Amendments. We may amend this policy at any time by posting a revised version in the App. The revised version will be effective immediately at the time it is posted unless a delayed effective date is expressly stated therein. You may (in our discretion) also be provided with an email notification of such amendments. If we make any change in how we use your Personal Information, we will notify you by email or by means of a notice in the App prior to the change becoming effective. You may (in our discretion) be required to affirmatively acknowledge or accept the revised Privacy Policy in order to continue using the App and the Service. Any use of the App or the Service after a notice of change will constitute your express agreement to such changes.