REGIONAL FINANCE ONLINE PRIVACY POLICY

Last updated August 2nd, 2022

Introduction

Regional Management Corp. and its subsidiaries and affiliates (“Regional Finance,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use and safeguard the information you provide to us in using the websites on which this policy appears (“Sites”) and the services provided through our Sites (“Services”). For investment information, including information regarding our business and results of operations, please visit our investor website at RegionalManagement.com.

If you have a consumer financial product or service with us, we will use and share any information that we collect from or about you in accordance with our U.S. Consumer Privacy Notice, which offers you certain choices with respect to the use and sharing of your personal information.

From time to time, we may change this Privacy Policy.  If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

  1. Collecting and Using Information
  2. Cookies and Other Tracking Technologies
  3. Third Party Processors
  4. “Do Not Track” Signals
  5. Choices About Your Personally Identifiable Information
  6. Security
  7. Third Party Links
  8. Children’s Privacy
  9. Notice to California Residents
  10. Accessibility
  11. How to Contact Us

 

1.     Collecting and Using Information

Personally Identifiable Information We Collect Online

We collect Personally Identifiable Information from you through your use of the Sites and Services. “Personally Identifiable Information” is individually identifiable information about an individual consumer that we collect online and that we maintain in an accessible form. We collect the following types of Personally Identifiable Information:

Information You Provide

We may collect the following Personally Identifiable Information that you voluntarily provide to us:

  • Get Prequalified. To get prequalified online, we will collect your first and last name, email address, phone number, date of birth, Social Security number, home address, and income information. We may use this information to do a “soft” credit pull with Equifax our third-party processor. We also may contact you via email or text message using other third-party service processors such as for example Twilio or Sendgrid, to provide you with information about your loan request.

 

  • Apply for a Loan. In addition to the information collected to prequalify, when you apply for a loan online we will. request that you share bank account transaction history through our third-party partner Plaid and use that information to validate your income history. We also share your information with Socure, another third-party processor to validate your residency, your identity and to protect against fraud. Upon successful validation with your approval, we also share your information again with Equifax our third-party processor to do a “hard pull” to complete your loan application. If you are approved for an online loan, you will be asked to identify the bank account where you want to receive your proceeds via an ACH transfer and to sign loan documents hosted at DocuSign, another of our third-party processors. For more information, please see the “Third Party Processors” section below.

 

  • Manage Your Account Online. To register for online access to your account, we will collect your first and last name, last four digits of your Social Security number, date of birth, and we may require you to provide an email address or phone number for validation purposes. We may also collect the payment information that you provide us with to enable payments in use of your online account.

 

  • Apply for a Job with Us. If you submit an application in response to a job posting, we will collect your first and last name, email address, phone number, home address, employment history, military or veteran status, and any Personally Identifiable Information that you choose to provide, including your gender, race/ethnicity, or other information contained in your cover letter or resume.

 

  • Partner with Us. If you are a merchant, you can log in to your online dealer account with your company ID number, dealer ID number, username, and password. If you choose to contact us through the portal, we will collect your first and last name, email address, phone number, and any Personally Identifiable Information that you choose to provide in your message.

 

  • Contact Us. If you choose to contact us by completing our online form or by email, you will provide us with your name, email address, phone number, and any Personally Identifiable Information that you choose to provide in your message. We maintain record of your correspondence.

Information as You Navigate Our Sites

We automatically collect certain Personally Identifiable Information through your use of the Sites and Services, such as the following:

  • Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  • Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

Information Collected from Other Sources

We may receive certain Personally Identifiable Information about you from third parties. For example, we may receive information about your credit history from a credit reporting agency or income information from your employer.

Third Party Information

In some cases, we may receive certain Personally Identifiable Information from you about a third party. For example, when you fill out our online forms you may provide the contact information of another individual. If you submit any Personally Identifiable Information about another individual to us, you are responsible for making sure that you have the authority to do so and to allow us to use their Personally Identifiable Information in accordance with this Privacy Policy.

How We Use Your Personally Identifiable Information

We use the Personally Identifiable Information we collect to provide the Services to you, to improve our Services and Sites, and to protect our legal rights. In addition, we may use the Personally Identifiable Information we collect to:

  • Process your online account registration;
  • Process your prequalification application;
  • Underwrite your prequalification application;
  • Verify your identity and prevent fraud;
  • Communicate with you about your account and transactions;
  • Process your job application;
  • Contact you regarding our products and services that we feel may be of interest to you;
  • Communicate with you about our Sites or Services or to inform you of any changes to our Sites or Services;
  • Contact you regarding surveys or to review your experience with our products or services;
  • Provide support;
  • Maintain and improve our Sites and Services;
  • Defend our legal rights and the rights of others;
  • Efficiently maintain our business; and
  • Comply with applicable law.

How We Share Your Personally Identifiable Information

We may share the information that we collect about you in the following ways:

  • With our corporate family, such as with subsidiaries, joint ventures, and affiliates;
  • With service providers who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
  • To service providers to prepare, deploy and analyze advertising content;
  • For identity verification and fraud prevention;
  • With consumer reporting agencies (e.g., the status of your account);
  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our legal rights, including providing information to others for the purposes of fraud prevention;
  • To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personally Identifiable Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personally Identifiable Information;
  • To any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition or in preparation for any of these events; and
  • To any other person or entity where you consent to the disclosure.

2.     Cookies and Other Tracking Technologies

Like many other companies, we use cookies and other tracking technologies (such as pixels and web beacons). To learn more about how we use cookies and your choices regarding our use of cookies, please see our Cookie Policy.

3.     Third Party Processors

To ensure that your Personally Identifiable Information receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share it with to ensure that it is treated consistent with applicable data security and privacy laws.

For example, to facilitate your loan request and to service your loan, you may provide us your financial information by linking your bank account(s) with Plaid. To link your bank account, you will provide your bank account information, including but not limited to, the financial institution name, your bank account username and password, account type, account number, and routing number. We use Plaid to enable us to offer this service. For more information regarding Plaid’s collection of this personal information, please see Plaid’s Privacy Policy.

Also, if you use the Dealer Login feature on rmcretail.com, you will be directed to a third-party website operated by MeridianLink, Inc. For more information regarding MeridianLink’s collection of this personal information, please see MeridianLink’s Privacy Policy.

4.      “Do Not Track” Signals

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Sites does not currently interpret, respond to or alter their practices when they receive “Do Not Track” signals.

5.     Choices About Your Personally Identifiable Information

Review and Request Changes to Your Personally Identifiable Information

You may use your account to access, correct, or view certain Personally Identifiable Information we have collected and which is associated with your account. To review or request changes to any of your Personally Identifiable Information, please contact us as provided in the “How to Contact Us” section below.

Marketing Communications

To unsubscribe from our marketing emails, please click the unsubscribe link included in the footer of our emails. You also may submit a request to us at customerservice@regionalmanagement.com.

6.     Security

We maintain commercially reasonable security measures to protect the Personally Identifiable Information we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your Personally Identifiable Information, we cannot guarantee absolute security.

7.     Third Party Links

The Sites and Services may contain links that will let you leave them and access another website. Linked websites are not under our control. Except as stated below, this Privacy Policy applies solely to Personally Identifiable Information that is acquired by us on the Sites and Services. We accept no responsibility or liability for these other websites.

8.     Children’s Privacy

The Sites and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13.

9.     Notice to California Residents

The California Consumer Privacy Act (CCPA) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

The CCPA’s privacy rights described below do not apply to Personal Information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. Because we are subject to those laws and regulations, much of the Personal Information that we collect is exempt from the CCPA. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

The CCPA’s privacy-related rights also do not apply to certain types of Personal Information that is subject to the Federal Credit Reporting Act (FCRA). Some of our services are subject to the FCRA and, therefore, exempt from the CCPA on that basis.

Right to Know About Personal Information Collected, Disclosed, or Sold

If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request. This right includes the right to request any or all of the following:

  • Specific pieces of Personal Information that we have collected about you;
  • Categories of Personal Information that we have collected about you;
  • Categories of sources from which the Personal Information was collected;
  • Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
  • Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
  • The business or commercial purpose for collecting or, if applicable, selling Personal Information.

Collection of Personal Information

We currently collect and, in the 12 months prior to the Last Updated date of this Privacy Policy, have collected the following categories of Personal Information:

  • Identifiers (name, alias, home address, postal address, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, Individual Tax-payer Identification Number (ITIN), state or national ID)
  • Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device)
  • Date of birth
  • Telephone number
  • Signature
  • Bank account number
  • Credit and debit card number
  • Insurance policy number
  • Vehicle Identification Number (VIN)
  • Medical information
  • Insurance policy number or subscriber identification number
  • Any unique identifier used by health insurer to identify consumer
  • Income amount, type(s), source(s) and other income related information
  • Employer phone number
  • Any information in the consumer’s application and claims history, including appeals records, if information is linked or reasonably linkable to consumer or household, including via device, by business or service provider
  • Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
  • Geolocation data
  • Commercial information (records of personal property, products or services purchased, obtained or considered; other purchasing or consuming histories or tendencies)
  • Education information
  • Professional or employment-related information (including employment history)
  • Third party references
  • Credit Bureau attributes
  • Characteristics of protected classifications under California or federal law (race, color, sex/gender, gender identity/expression, age (40 and older), national origin, disability (mental and physical including HIV/AIDS, cancer, and genetic characteristics), citizenship status, genetic information, marital status, medical condition (genetic characteristics, cancer or a record or history of cancer), military or veteran status)
  • Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

The Personal Information is collected from California residents directly and from credit reporting agencies, credit bureaus, employers, medical providers, advertising networks, internet service providers, data analytics providers, and government entities. Not all categories of Personal Information are collected from each source.

In addition to the purposes stated above in the section “Collecting and Using Information” we currently collect and have collected and sold the above categories of Personal Information for the following business or commercial purposes:

  • Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Debugging to identify and repair errors that impair existing intended functionality
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services
  • Undertaking activities to verify or maintain the quality or safety of our Services and to improve, upgrade, or enhance same
  • Commercial purposes, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Disclosure or Sale of Personal Information

The following table identifies the categories of Personal Information that we disclosed for a business purpose to service providers or sold to third parties in the 12 months preceding the Last Updated date of this Privacy Policy and, for each category, the category of service providers or third parties to whom the Personal Information was sold or disclosed:

Category of Personal Information Category of Service Providers Category of Third Parties
Name Printing and mailing providers, Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), State regulators (Wisconsin only), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Alias Department of Justice (e.g., to determine whether subject to certain active service member protections)
Social Security number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Email address Email service provider, Fraud detection provider Credit, bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Postal/home address Printing and mailing providers, Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), State regulators (Wisconsin only), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Telephone number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Government agencies, Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Date of birth Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member, Insurance claim provider protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Government-issued identification number Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider, Retailers (for retail loans)
Age (40 and older) Printing and mailing providers Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Debt sellers, Insurance claim provider, Retailers (for retail loans)
Sex/gender Insurance claim provider
Gender identity/expression Insurance claim provider
Citizenship or immigration status Printing and mailing providers Insurance claim provider
Disability Insurance claim provider
Military or veteran status Department of Justice (e.g., to determine whether subject to certain active service member protections), Vehicle history provider, Collections, Insurance claim provider
Medical information (e.g., application and claims history, medical provider, death certificates) Insurance claim provider
Medical condition Insurance claim provider
Income Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans), Bank partners
Records of personal property Fraud detection provider Credit bureaus, Department of Justice (e.g., to determine whether subject to certain active service member protections), Collections, Insurance claim provider, Retailers (for retail loans)
Loan Data State regulators (Wisconsin only)
Marital status State regulators (Wisconsin only), Vehicle history provider, Collections, Insurance claim provider
Bank account number Fraud detection provider Credit bureaus, Collections, Retailers (for retail loans)
Debit card number Fraud detection provider Credit bureaus, Collections, Retailers (for retail loans)
Insurance policy number Fraud detection provider Credit bureaus, Collections, Insurance claim provider
Financial account login credentials Credit bureaus, Collections
Professional or employment-related information Printing and mailing providers Credit bureaus, Debt sellers, Insurance claim provider, Retailers (for retail loans), Bank partners
IP address Data analytics provider, Email service provider, marketing agency, Fraud detection provider Credit bureaus, Advertising networks, Vehicle history provider, Collections
Cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology Data analytics provider, Email service providers, Fraud detection provider Advertising networks
Information regarding consumer’s interaction with website, application or advertisement Data analytics provider Advertising networks
Records of products or services purchased, obtained or considered Credit bureaus, Retailers (for retail loans)
Inferences drawn from the above Advertising networks

 

We do not knowingly sell the Personal Information of minors under 16 years of age.

Right to Request Deletion of Personal Information

If you are a California resident, you have the right to request that we delete the Personal Information about you that we have collected.  However, per the CCPA, we are not required to comply with a request to delete if it is necessary for us to maintain the Personal Information in order to, for example, complete a transaction, detect security incidents, comply with a legal obligation, or otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

How to Submit a Request to Know or Delete

You may submit a request to know or delete by calling us toll-free at (833) 708-4357 or by completing our webform, available here.

As mentioned above, if you are a California resident who has a financial product or service with us, much of the Personal Information that we collect is exempt from the CCPA and, therefore, is not subject to the rights discussed in this “Notice to California Residents” section. Your choices and rights with respect to our use and sharing of that information are subject to our U.S. Consumer Privacy Notice.

Our Process for Verifying a Request to Know or Delete

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure or deletion as applicable.

For requests to access categories of Personal Information and for requests to delete Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.

For requests to access specific pieces of Personal Information or for requests to delete Personal Information that is sensitive and poses a risk of harm by unauthorized deletion, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you will be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

Right to Opt-Out of Sale of Personal Information

If you are a California resident, you have the right to direct a business to stop selling your Personal Information.

The CCPA defines “sell” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s Personal Information to another business or a third party for monetary or other valuable consideration.

We do not sell personal information as defined under the CCPA.

Right to Non-Discrimination for the Exercise of a California Resident’s Privacy Rights

We will not discriminate against California residents if they exercise any of the rights provided in the CCPA as described in this section “Notice to California Residents.”

Authorized Agents

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

10.  Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities.  If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

11.  How to Contact Us

To contact us for questions or concerns about our privacy policies or practices please email us at customerservice@regionalmanagement.com.

Regional Management Corp.

979 Batesville Road,

Suite B

Greer, SC 29651
(864) 448-7003