REGIONAL FINANCE ONLINE PRIVACY POLICY

Effective Date: December 9th, 2022

Last Updated November 2nd, 2022

 

Introduction

Regional Management Corp. and its subsidiaries and affiliates (“Regional Finance,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use and safeguard the information you provide to us in using the websites on which this policy appears (“Sites”) and the services provided through our Sites (“Services”). For investment information, including information regarding our business and results of operations, please visit our investor website at RegionalManagement.com.

If you have a consumer financial product or service with us, we will use and share any information that we collect from or about you in accordance with our U.S. Consumer Privacy Notice, which offers you certain choices with respect to the use and sharing of your personal information.

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

  1. Information We Collect Online
  2. How We Use Your Personal Information
  3. How We Share Your Personal Information
  4. Cookies and Other Tracking Technologies
  5. Third Party Processors
  6. “Do Not Track” Signals
  7. Choices About Your Personally Identifiable Information
  8. Security
  9. Third Party Links
  10. Children’s Privacy
  11. Notice to California Residents
  12. Accessibility
  13. How to Contact Us

 

  1. Information We Collect Online

We collect Personally Identifiable Information from you through your use of the Sites and Services. “Personally Identifiable Information” is individually identifiable information about an individual consumer that we collect online and that we maintain in an accessible form. We collect the following types of Personally Identifiable Information:

Information You Provide

We may collect the following Personally Identifiable Information that you voluntarily provide to us in using our Sites and Services:

  • Get Prequalified. To get prequalified online, we will collect your first and last name, email address, phone number, date of birth, Social Security number, home address, and income information. We may use this information to do a “soft” credit pull with Equifax our third-party processor. We also may contact you via email or text message using other third-party service processors such as for example Twilio or Sendgrid, to provide you with information about your loan request.
  • Apply for a Loan. In addition to the information collected to prequalify, when you apply for a loan online we will. request that you share bank account transaction history through our third-party partner Plaid and use that information to validate your income history. We also share your information with Socure, another third-party processor to validate your residency, your identity and to protect against fraud. Upon successful validation with your approval, we also share your information again with Equifax our third-party processor to do a “hard pull” to complete your loan application. If you are approved for an online loan, you will be asked to identify the bank account where you want to receive your proceeds via an ACH transfer and to sign loan documents hosted at DocuSign, another of our third-party processors. For more information, please see the “Third Party Processors” section below.
  • Manage Your Account Online. To register for online access to your account, we will collect your first and last name, last four digits of your Social Security number, date of birth, and we may require you to provide an email address or phone number for validation purposes. We may also collect the payment information that you provide us with to enable payments in use of your online account.
  • Apply for a Job with Us. If you submit an application in response to a job posting, we will collect your first and last name, email address, phone number, home address, employment history, military or veteran status, and any Personally Identifiable Information that you choose to provide, including your gender, race/ethnicity, or other information contained in your cover letter or resume.
  • Partner with Us. If you are a merchant, you can log in to your online dealer account with your company ID number, dealer ID number, username, and password. If you choose to contact us through the portal, we will collect your first and last name, email address, phone number, and any Personally Identifiable Information that you choose to provide in your message.
  • Contact Us. If you choose to contact us by completing our online form or by email, you will provide us with your name, email address, phone number, and any Personally Identifiable Information that you choose to provide in your message. We maintain record of your correspondence.

Information as You Navigate Our Sites

We automatically collect certain Personally Identifiable Information through your use of the Sites and Services, such as the following:

  • Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  • Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

Information Collected from Other Sources

We may receive certain Personally Identifiable Information about you from third parties. For example, we may receive information about your credit history from a credit reporting agency or income information from your employer.

Third Party Information

In some cases, we may receive certain Personally Identifiable Information from you about a third party. For example, when you fill out our online forms you may provide the contact information of another individual. If you submit any Personally Identifiable Information about another individual to us, you are responsible for making sure that you have the authority to do so and to allow us to use their Personally Identifiable Information in accordance with this Privacy Policy.

 

  1. How We Use Your Information

We use the Personally Identifiable Information we collect to provide the Services to you, to improve our Sites and Services, and to protect our legal rights. In addition, we may use the Personally Identifiable Information we collect to:

  • Process your online account registration;
  • Process your prequalification application;
  • Underwrite your prequalification application;
  • Verify your identity and prevent fraud;
  • Communicate with you about your account and transactions;
  • Process your job application;
  • Contact you regarding our products and services that we feel may be of interest to you;
  • Communicate with you about our Sites or Services or to inform you of any changes to our Sites or Services;
  • Contact you regarding surveys or to review your experience with our products or services;
  • Provide support;
  • Maintain and improve our Sites and Services;
  • Protect the security and integrity of our Site[s] and Services;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use, and to otherwise fulfill our legal obligations;
  • Monitor compliance with and enforce this Privacy Policy and any other applicable agreements and policies;
  • Defend our legal rights and the rights of others;
  • Fulfill any other purposes for which you provide it, or any other purpose we deem necessary or appropriate;
  • Efficiently maintain our business; and
  • Comply with applicable law.

 

  1. How We Share Your Information

We may share the information that we collect about you in the following ways:

  • With our corporate family, such as with subsidiaries, joint ventures, and affiliates;
  • With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
  • With vendors to prepare, deploy and analyze advertising content;
  • For identity verification and fraud prevention;
  • With consumer reporting agencies (e.g., the status of your account);
  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
  • With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personally Identifiable Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personally Identifiable Information;
  • With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
  • With any other person or entity where you consent to the disclosure; and
  • For any other purpose disclosed by us when you provide the Personally Identifiable Information or for any other purpose we deem necessary, including to protect the health or safety of others.

 

  1. Cookies and Other Tracking Technologies

Like many other companies, we use cookies and other tracking technologies (such as pixels and web beacons). To learn more about how we use cookies and your choices regarding our use of cookies, please see our Cookie Policy.

 

  1. Third Party Processors

To ensure that your Personally Identifiable Information receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share it with to ensure that it is treated consistent with applicable data security and privacy laws.

For example, to facilitate your loan request and to service your loan, you may provide us your financial information by linking your bank account(s) with Plaid. To link your bank account, you will provide your bank account information, including but not limited to, the financial institution name, your bank account username and password, account type, account number, and routing number. We use Plaid to enable us to offer this service. For more information regarding Plaid’s collection of this personal information, please see Plaid’s Privacy Policy.

Also, if you use the Dealer Login feature on rmcretail.com, you will be directed to a third-party website operated by MeridianLink, Inc. For more information regarding MeridianLink’s collection of this personal information, please see MeridianLink’s Privacy Policy.

 

  1. “Do Not Track” Signals

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Sites does not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

 

  1. Choices About Your Personally Identifiable Information

Review and Request Changes to Your Personally Identifiable Information

You may use your account to access, correct, or view certain Personally Identifiable Information we have collected and which is associated with your account. To review or request changes to any of your Personally Identifiable Information, please contact us as provided in the “How to Contact Us” section below.

Marketing Communications

To unsubscribe from our marketing emails, please click the unsubscribe link included in the footer of our emails. You also may submit a request to us at customerservice@regionalmanagement.com.

 

  1. Security

We maintain commercially reasonable security measures to protect the Personally Identifiable Information we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personally Identifiable Information, we cannot guarantee absolute security.

 

  1. Third Party Links

The Sites and Services may contain links that will let you leave them and access another website. Linked websites are not under our control. Except as stated below, this Privacy Policy applies solely to Personally Identifiable Information that is acquired by us on the Sites and Services. We accept no responsibility or liability for these other websites.

 

  1. Children’s Privacy

The Sites and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13.

 

  1. Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

The CCPA’s privacy rights described below do not apply to Personal Information that we collect, process, sell, or disclose subject to the federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. Because we are subject to those laws and regulations, much of the Personal Information that we collect is exempt from the CCPA. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

The CCPA’s privacy-related rights also do not apply to certain types of Personal Information subject to the Federal Credit Reporting Act (FCRA). Some of our services are subject to the FCRA and, therefore, exempt from the CCPA on that basis.

If you are California resident and a current or former employee, job applicant, or independent contractor of ours, please see our privacy notice available here [hyperlink] for more information on our collection and use of your Personal Information in that capacity.

Notice of Collection of Personal Information

We currently collect and, in the 12 months prior to the Last Updated Date of this Privacy Policy, have collected the following categories of Personal Information:

  • Identifiers (name, alias, home address, postal address, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, Individual Tax-payer Identification Number (ITIN), state or national ID)
  • Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
  • Date of birth
  • Telephone number
  • Signature
  • Bank account number
  • Credit and debit card number
  • Insurance policy number
  • Vehicle Identification Number (VIN)
  • Medical information
  • Insurance policy number or subscriber identification number
  • Any unique identifier used by health insurer to identify consumer
  • Income amount, type(s), source(s) and other income related information
  • Employer phone number
  • Any information in the consumer’s application and claims history, including appeals records, if information is linked or reasonably linkable to consumer or household, including via device, by business or service provider
  • Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
  • Geolocation data
  • Commercial information (records of personal property, products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies)
  • Education information
  • Professional or employment-related information (including employment history)
  • Third party references
  • Credit Bureau attributes
  • Characteristics of protected classifications under California or federal law (race, color, sex/gender, gender identity/expression, age (40 and older), national origin, disability (mental and physical including HIV/AIDS, cancer, and genetic characteristics), citizenship status, genetic information, marital status, medical condition (genetic characteristics, cancer or a record or history of cancer), military or veteran status)
  • Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
  • Sensitive Personal Information. Personal Information that reveals a consumer’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; genetic data; or the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication. The processing of biometric information for the purpose of uniquely identifying a consumer. Personal information collected and analyzed concerning a consumer’s health. Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

We collect Personal Information directly from California residents and from credit reporting agencies, credit bureaus, employers, medical providers, advertising networks, internet service providers, data analytics providers, and government entities. We do not collect all categories of Personal Information from each source.

In addition to the purposes stated above in the Section “How We Use Your Information” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
  • Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
  • Debugging to identify and repair errors that impair existing intended functionality
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services
  • Undertaking activities to verify or maintain the quality or safety of our Services and to improve, upgrade, or enhance same
  • Commercial purposes, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Sale, Sharing, and Disclosure of Personal Information

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the category of recipients to whom we disclosed the Personal Information.

Category of Personal Information Category of Service Providers Category of Third Parties
Name Printing and mailing providers, Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), State regulators (Wisconsin only), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Alias Department of Justice (e.g., to determine whether subject to certain active service member protections)
Social Security number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Email address Email service provider, Fraud detection provider Credit, bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Postal/home address Printing and mailing providers, Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), State regulators (Wisconsin only), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Telephone number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Date of birth Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member, Insurance claim provider protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Government-issued identification number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Age (40 and older) Printing and mailing providers Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Debt sellers, Insurance claim provider, Retailers (for retail loans)
Sex/gender Insurance claim provider
Gender identity/expression Insurance claim provider
Citizenship or immigration status Printing and mailing providers Insurance claim provider
Disability Insurance claim provider
Military or veteran status Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider
Medical information (e.g., application and claims history, medical provider, death certificates) Insurance claim provider
Medical condition Insurance claim provider
Income Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Records of personal property Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans)
Loan Data State regulators (Wisconsin only)
Marital status State regulators (Wisconsin only), Vehicle history provider, Collections, Insurance claim provider
Bank account number Fraud detection provider Credit bureaus, Collections, Retailers (for retail loans)
Debit card number Fraud detection provider Credit bureaus, Collections, Retailers (for retail loans)
Insurance policy number Fraud detection provider Credit bureaus, Collections, Insurance claim provider
Financial account login credentials Credit bureaus, Collections
Professional or employment-related information Printing and mailing providers Credit bureaus, Debt sellers, Insurance claim provider, Retailers (for retail loans), Bank partners
IP address Data analytics provider, Email service provider, marketing agency, Fraud detection provider Credit bureaus, Advertising networks, Vehicle history provider, Collections
Cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology Data analytics provider, Email service providers, Fraud detection provider Advertising networks
Information regarding consumer’s interaction with website, application or advertisement Data analytics provider Advertising networks
Records of products or services purchased, obtained or considered Credit bureaus, Retailers (for retail loans)
Inferences drawn from the above Advertising networks

 

We disclosed Personal Information for the business and commercial purposes identified in the prior section of this policy.

We have not sold or shared Personal Information in the twelve (12) months preceding the Last Updated Date of this Privacy Policy. We do not knowingly sell the Personal Information of minors under 16 years of age. We do not use Sensitive Personal Information for purposes other than those the CCPA and its regulations allow for.

Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your Rights

If you are a California resident, you have the following rights with respect to your Personal Information:

  • The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
  • The right to delete Personal Information that we collected from you, subject to certain exceptions;
  • The right to correct inaccurate Personal Information that we maintain about you;
  • If we sell or share Personal Information, the right to opt out of the sale or sharing;
  • If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
  • The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or collect by calling us toll-free at (833) 708-4357 or by completing our webform, available here.

As mentioned above, if you are a California resident who has a financial product or service with us, much of the Personal Information that we collect is exempt from the CCPA and, therefore, is not subject to the rights discussed in this “Notice to California Residents” section. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable.

For requests to access categories of Personal Information and for requests to delete or correct Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.

For requests to access specific pieces of Personal Information or for requests to delete or correct Personal Information that is sensitive and poses a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information you previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you must submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

 

  1. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

 

  1. How to Contact Us

To contact us for questions or concerns about our privacy policies or practices please email us at customerservice@regionalmanagement.com.

Regional Management Corp.

979 Batesville Road,

Suite B

Greer, SC 29651
(864) 448-7003