REGIONAL FINANCE ONLINE PRIVACY POLICY

Effective Date: July 22^nd, 2023

Last Updated Date: August 18^th, 2025

Introduction

Regional Management Corp. and its subsidiaries and affiliates (collectively, “Regional Finance,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard the information you provide to us in using the websites on which this policy appears (collectively, “Sites”) and any of our online and, where required, offline services (collectively, “Services”). For investment information, including information regarding our business and results of operations, please visit our investor website at RegionalManagement.com.

If you have a consumer financial product or service with us, we will use and share any information that we collect from or about you in accordance with our U.S. Consumer Privacy Notice, which offers you certain choices with respect to the use and sharing of your personal information.

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage with a new “last updated” date. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

1. Information We Collect Online.
2. How We Use Your Information.
3. How We Share Your Information.
4. Third Party Processors.
5. Opt-Out Preference Signals.
6. Security.
7. Third Party Links.
8. Children’s Privacy.
9. Notice to California Residents.
10. Biometric Authentication.
11. Accessibility.
12. How to Contact Us.

 

 

1.        Information We Collect Online

We collect Personally Identifiable Information from you through your use of the Sites and Services. “Personally Identifiable Information” is individually identifiable information about an individual consumer that we collect online and that we maintain in an accessible form. We collect the following types of Personally Identifiable Information:

Information You Provide

We may collect the following Personally Identifiable Information that you voluntarily provide to us in using our Sites and Services:

• Get Prequalified. To get prequalified online, we will collect your first and last name, email address, phone number, date of birth, Social Security number, home address, and income information. We may use this information to do a “soft” credit pull with Equifax our third-party processor. We also may contact you via email or text message using other third-party service processors such as for example Twilio or Sendgrid, to provide you with information about your loan request.

• Apply for a Loan. In addition to the information collected to prequalify, when you apply for a loan online, we will. request that you share bank account transaction history through our third-party partner Plaid and use that information to validate your income history. We also share your information with Socure, another third-party processor to validate your residency, your identity and to protect against fraud. Upon successful validation with your approval, we also share your information again with Equifax our third-party processor to do a “hard pull” to complete your loan application. If you are approved for an online loan, you will be asked to identify the bank account where you want to receive your proceeds via an ACH transfer and to sign loan documents hosted at DocuSign, another of our third-party processors. For more information, please see the “Third Party Processors” section below.

• Manage Your Account Online. To register for online access to your account, we will collect your first and last name, last four digits of your Social Security number, date of birth, and we may require you to provide an email address or phone number for validation purposes. We may also collect the payment information that you provide us with to enable payments in use of your online account. You may use your account to access, correct, or view certain Personally Identifiable Information we have collected and which is associated with your account.
• Sign Up for Our Newsletter. If you sign up for our newsletter, you will provide us with your email address. To unsubscribe from our marketing emails, please click the unsubscribe link included in the footer of our emails. You also may submit a request to us here.
• Sign Up for Text Messaging. If you sign up for text messaging, you will provide us with your phone number. Your subscriber information is collected for the sole purpose of sending you messages related to transactional and/or marketing content and will not be sold, rented, or otherwise shared except where applicable by law. Message and data rates may apply. Reply STOP to opt-out of transactional and/or marketing messages at any time.

• Apply for a Job with Us. If you submit an application in response to a job posting, we will collect your first and last name, email address, phone number, home address, employment history, military or veteran status, and any Personally Identifiable Information that you choose to provide, including your gender, race/ethnicity, or other information contained in your cover letter or resume.

• Partner with Us. If you are a merchant, you can log in to your online dealer account with your company ID number, dealer ID number, username, and password. If you choose to contact us through the portal, we will collect your first and last name, email address, phone number, and any Personally Identifiable Information that you choose to provide in your message.

• Contact Us. If you choose to contact us by completing our online form or by email, you will provide us with your name, email address, home address, phone number, and any Personally Identifiable Information that you choose to provide in your message. We maintain record of your correspondence.

Information as You Navigate Our Sites

We automatically collect certain Personally Identifiable Information through your use of the Sites and our use of cookies and other tracking technologies, such as the following:

• Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
• Device Information. For example, hardware model, operating system, application version number, and browser.
• Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
• Location Information. Location information from Site visitors on a city-regional basis.

To learn more about how we use cookies and your choices regarding our use of cookies, please see our Cookie Policy.

Information Collected from Other Sources

We may receive certain Personally Identifiable Information about you from third parties. For example, we may receive information about your credit history from a credit reporting agency or income information from your employer.

2.        How We Use Your Information

We use the Personally Identifiable Information we collect to provide the Services to you, to improve our Sites and Services, and to protect our legal rights. In addition, we may use the Personally Identifiable Information we collect to:

• Process your online account registration;
• Process your prequalification application;
• Underwrite your prequalification application;
• Verify your identity and prevent fraud;
• Communicate with you about your account and transactions;
• Process your job application;
• Contact you regarding our products and services that we feel may be of interest to you;
• Communicate with you about our Sites or Services or to inform you of any changes to our Sites or Services;
• Contact you regarding surveys or to review your experience with our products or services;
• Provide support;
• Maintain and improve our Sites and Services;

• Protect the security and integrity of our Sites and Services;

• Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use, and to otherwise fulfill our legal obligations;
• Monitor compliance with and enforce this Privacy Policy and any other applicable agreements and policies;
• Defend our legal rights and the rights of others;

• Fulfill any other purposes for which you provide it, or any other purpose we deem necessary or appropriate;

• Efficiently maintain our business; and
• Comply with applicable law.

 

3.        How We Share Your Information

We may share the information that we collect about you in the following ways:

• With our corporate family, such as with subsidiaries, joint ventures, and affiliates;
• With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
• With vendors to prepare, deploy and analyze advertising content;
• For identity verification and fraud prevention;
• With consumer reporting agencies (e.g., the status of your account);
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
• With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personally Identifiable Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personally Identifiable Information;
• With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events and that person or entity may use your Personally Identifiable Information for their own purposes;
• With any other person or entity where you consent to the disclosure; and
• For any other purpose disclosed by us when you provide the Personally Identifiable Information or for any other purpose we deem necessary, including to protect the health or safety of others.

4.        Third Party Processors

To ensure that your Personally Identifiable Information receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share it with to ensure that it is treated consistent with applicable data security and privacy laws.

For example, to facilitate your loan request and to service your loan, you may provide us your financial information by linking your bank account(s) with Plaid. To link your bank account, you will provide your bank account information, including but not limited to, the financial institution name, your bank account username and password, account type, account number, and routing number. We use Plaid to enable us to offer this service. For more information regarding Plaid’s collection of this personal information, please see Plaid’s Privacy Policy.

 

5.        Opt-Out Preference Signals

Our Sites recognize the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Sites do not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

6.        Security

We maintain commercially reasonable security measures to protect the Personally Identifiable Information we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personally Identifiable Information, we cannot guarantee absolute security.

7.        Third Party Links

The Sites and Services may contain links that will let you leave them and access another website. Linked websites are not under our control. We accept no responsibility or liability for these other websites.

8.        Children’s Privacy

The Sites and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13.

9.        Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

The CCPA’s privacy rights described below do not apply to Personal Information that we collect, process, sell, or disclose subject to the federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. Because we are subject to those laws and regulations, much of the Personal Information that we collect is exempt from the CCPA. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

The CCPA’s privacy rights also do not apply to certain types of Personal Information subject to the federal Fair Credit Reporting Act (“FCRA”). Some of our services are subject to the FCRA and, therefore, exempt from the CCPA on that basis.

If you are California resident and a current or former employee, job applicant, or independent contractor of ours, please see our privacy notice available here for more information on our collection and use of your Personal Information in that capacity.

Notice at Collection of Personal Information

We currently collect and, in the 12 months prior to the Last Updated Date of this Privacy Policy, have collected the following categories of Personal Information:

• Identifiers (name, alias, home address, postal address, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, Individual Tax-payer Identification Number (ITIN), state or national ID)
• Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
• Date of birth
• Telephone number
• Signature
• Bank account number
• Credit and debit card number
• Insurance policy number
• Vehicle Identification Number (VIN)
• Medical information
• Insurance policy number or subscriber identification number
• Any unique identifier used by health insurer to identify consumer
• Income amount, type(s), source(s) and other income related information
• Employer phone number
• Any information in the consumer’s application and claims history, including appeals records, if information is linked or reasonably linkable to consumer or household, including via device, by business or service provider
• Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
• Geolocation data
• Commercial information (records of personal property, products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies)
• Education information
• Professional or employment-related information (including employment history)
• Third party references
• Credit Bureau attributes
• Characteristics of protected classifications under California or federal law (race, color, sex/gender, gender identity/expression, age (40 and older), national origin, disability (mental and physical including HIV/AIDS, cancer, and genetic characteristics), citizenship status, genetic information, marital status, medical condition (genetic characteristics, cancer or a record or history of cancer), military or veteran status)

• Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
• Sensitive Personal Information (Personal Information that reveals a consumer’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin; Personal Information collected and analyzed concerning a consumer’s health)

We collect Personal Information directly from California residents and from credit reporting agencies, credit bureaus, employers, medical providers, advertising networks, internet service providers, data analytics providers, and government entities. We do not collect all categories of Personal Information from each source.

In addition to the purposes stated above in the Section “How We Use Your Information” we currently collect and have collected the above categories of Personal Information for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
• Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
• Debugging to identify and repair errors that impair existing intended functionality
• Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services
• Undertaking activities to verify or maintain the quality or safety of our Services and to improve, upgrade, or enhance same
• Commercial purposes, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Sale, Sharing, and Disclosure of Personal Information

The CCPA defines “sale” as the transfer of Personal Information for monetary or other valuable consideration. Although we do not “sell” Personal Information as that term may be commonly interpreted (i.e., for money), we engage in online activities that may constitute a sale or share of Personal Information under California law. This may include showing you advertisements on other websites.

The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the category of third parties to whom we sold or shared the Personal Information.

Category of Personal Information	Category of Third Parties
Device identifier Cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology IP address Information regarding consumer’s interaction with website, application, or advertisement	Data analytics provider, Advertising networks
Inferences drawn from the above	Advertising networks

We sold or shared Personal Information to third parties for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
• Commercial purposes, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the category of recipients to whom we disclosed the Personal Information.

Category of Personal Information	Category of Service Providers	Category of Third Parties
Name Postal/home address	Printing and mailing providers, Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), State regulators (Wisconsin only), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Alias		Department of Justice (e.g., to determine whether subject to certain active service member protections)
Date of birth Government-issued identification number Social Security Number	Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Email Address	Email service provider, Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Telephone Number	Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Age	Printing and mailing providers	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Debt sellers, Insurance claim provider, Retailers (for retail loans)
Sex/gender Identity/expression Citizenship or immigration status Disability Medical information (e.g., application and claims history, medical provider, death certificates)		Insurance claim provider
Military or veteran status		Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider
Medical condition	Fraud detection provider
Income	Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Records of Personal Property	Fraud detection provider	Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans)
Loan Data		State regulators (Wisconsin only)
Marital Status		State regulators (Wisconsin only), Vehicle history provider, Collections, Insurance claim provider
Bank account number Debit card number	Fraud detection provider	Credit bureaus, Collections, Retailers (for retail loans)
Insurance policy number	Fraud detection provider	Credit bureaus, Collections, Insurance claim provider
Financial account login credentials		Credit bureaus, Collections
Professional or employment-related information	Printing and mailing providers	Credit bureaus, Debt sellers, Insurance claim provider, Retailers (for retail loans), Bank partners
IP address	Email service provider, marketing agency, Fraud detection provider	Credit bureaus, Vehicle history provider, Collections
Cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology	Email service providers, Fraud detection provider
Records of products or services purchased, obtained, or considered		Credit bureaus, Retailers (for retail loans)

 

We disclosed Personal Information for the business and commercial purposes identified in the prior section of this Privacy Policy.

We do not knowingly sell or share the Personal Information of minors under 16 years of age. We do not use sensitive Personal Information for purposes other than those the CCPA and its regulations allow for.

Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your Rights

If you are a California resident, you have the following rights with respect to your Personal Information:

• The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
• The right to delete Personal Information that we collected from you, subject to certain exceptions;
• The right to correct inaccurate Personal Information that we maintain about you;
• If we sell or share Personal Information, the right to opt out of the sale or sharing;
• If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
• The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or collect by calling us toll free at (833) 708-4357 or by completing our webform, available here.

As mentioned above, if you are a California resident who has a financial product or service with us, much of the Personal Information that we collect is exempt from the CCPA and, therefore, is not subject to the rights discussed in this “Notice to California Residents” section. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Right to Opt Out of Sale or Sharing of Personal Information

If you are a California resident, you have the right to direct businesses to stop selling or sharing your Personal Information. As mentioned above, although we do not sell your Personal Information in the conventional sense (i.e., for money), our use of cookies and other online tracking technologies may constitute a “sale” or “sharing” under the CCPA.

You may opt out of sales or sharing through our webform, available below:

Cookie Settings

If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out. Please see the “Opt-Out Preference Signals” section above for more information.

10.    Biometric Authentication

If you enable your use of biometric authentication functionality in your device (such as Face ID, Touch ID, or Fingerprint), you understand and agree that any such authentication stored on your device can be used to enable user access to your accounts. You understand and agree that you are responsible for any activities conducted on your account when your account is accessed with biometric authentication. For more information on how the biometric functionality might work for your device, including processing of biometric information, please refer to your device manufacturer’s support resources. We do not collect or process any biometric data when you use biometric authentication.

11.    Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

12.    How to Contact Us

To contact us for questions or concerns about our privacy policies or practices please click here, call us at (864) 448-7003, or write to us at:

Regional Management Corp.
979 Batesville Road,
Suite B
Greer, SC 29651