California Consumer Privacy Act (CCPA) Statement
Personal information that is collected, processed, sold, or disclosed pursuant to the Gramm-Leach Bliley Act (GLBA) is exempt from the California Consumer Privacy Act (CCPA). GLBA is a federal law that regulates the use and disclosure of personal information by financial institutions. Personal information obtained by FormFree from financial institutions is regulated by GLBA. Consumers grant FormFree authorization to collect their personal information from financial institutions and share it for specific purposes described in FormFree’s Terms of Service Agreement, which is presented to end users in the AccountChek® application.
FormFree has implemented and maintains data security measures designed to ensure that personal information is secure and encrypted at rest or in transit.
AccountChek® By FormFree
Automated Asset Verification
Effective Date: 8/21/2018
AccountChek® is an automated, web-based service that allows lenders to verify and monitor a potential borrower’s asset accounts during the credit application and approval process. AccountChek® eliminates a borrower’s need to engage in the time-consuming process of locating, copying and transmitting important financial documents to their lender, often through insecure channels. Our service eliminates issues, like missing pages and lost or misplaced documents, that slow down the review and approval process. Because we obtain the asset information directly from the borrower’s financial institution or brokerage, our service also eliminates transcription errors and intentional alterations that are sometimes made to make sure a borrower’s credit request is approved. This means that lenders are sure that they are basing their decisions on accurate information. Our service saves time for everyone involved in the transaction and reduces lender losses, which makes credit less expensive and more available to more customers.
We understand the importance of protecting individuals’ sensitive financial information. We designed this Privacy Statement to help you understand how the AccountChek® service will collect, use and disclose borrowers’ financial data.
Special note on children’s privacy: AccountChek® is not designed or intended to attract or be accessible to minors (children under age 18). We will not knowingly collect personal information from minors.
This policy covers the following topics:
- Information we collect about borrowers and how we use it;
- Who we share borrowers’ information with; and
- How we protect borrowers’ personal information.
Information Collection and Use
We collect personal and non-personal information from borrowers who give us express permission to do so. We are acting as an intermediary on behalf of the borrower’s lender when we do so. We must collect this information in order to provide the AccountChek® service and to improve our services.
Information We Collect from Borrowers
Information to Verify Asset Accounts: The AccountChek® service allows lenders to verify a borrower’s assets through direct access to a borrower’s financial account data. Borrowers must expressly agree to allow AccountChek® to serve as the lender’s intermediary, and to provide his/her identifying credentials for the accounts that need to be verified. The borrower’s credentials may include username, password and answers to challenge questions. While the accounts are being verified and lenders are able to update that information (the refresh period; usually 30 to 90 days) the credentials are stored in a secure hardware-encrypted repository that is inaccessible to humans managed by AccountChek®’s designated data access vendor. the vendor may retain credentials and refresh account information for up to 3 years after order closure for FCRA compliance. Consumers can opt out of this refresh by sending a support ticket that includes his/her name, lender name, and email address to email@example.com.
Log information: Our servers automatically collect log information from site visitors. This information may include the Web page request, Internet Protocol (IP) address, browser type, browser language, the date and time of the request, and one or more cookies that may uniquely identify the visitor’s browser. We collect log information so that we can properly administer our system and gather aggregate information about how our site is being used, including the pages visitors are viewing.
Cookies: We use session cookie technology to keep track of visitors as they navigate from one page to the next on the site. When the session is ended and the visitor closes his/her browser, the session cookies are automatically deleted.
Browser software can be set to reject all cookies or to accept cookies only from our site. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. Rejecting cookies will prevent further use of the AccountChek® service.
Information We Collect from Others
We collect information about borrowers from the lender who orders the account verification and from the financial institution(s) that provide the account verification data.
The information provided by the lender includes the borrower’s name, e-mail address, telephone number, the last four digits of his/her Social Security Number (for identity authentication), the name of the borrower’s employer(s), the amount of the borrower’s net paycheck, the amount of required reserve funds, the loan number, and the names of financial institutions and accounts that are to be verified through the online service.
The information we receive from the borrower’s financial institution(s) includes the summary and transactional information from the accounts the borrower allows us to verify.
When we receive information from third parties, we treat the acquired information as if we had collected it ourselves. We will share this information in individually identifiable form only in accordance with this statement and our policies. We may share aggregated, non-personal information as described in this statement. This may include information we obtained from third parties in a form that does not permit the borrower to be identified.
FormFree ensures the borrower information is accurate, complete and current by pulling information directly from the borrower’s financial institution via online banking credentials. Data is refreshed by the lender as needed to fulfill underwriting obligations for up to 90 days.
How We Use the Information We Collect
AccountChek® uses the information we collect to provide verification and analysis of a borrower’s asset accounts to the requesting lender, to administer our web site, and to improve our service. AccountChek® does not sell, share, license or transmit borrower information with or to third parties without the express authorization of the borrower.
Who Sees the Information We Collect?
We will not disclose this information except as described in this policy.
Verification Service delivery: We will disclose the information we receive from the borrower’s financial institutions to the requesting lender, as well as to any other parties that the borrower authorizes us to provide such information, to deliver the Verification of Deposit and Asset service.
Disclosure for legal reasons: We may release personal information to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order; or (2) in special cases, such as a physical threat to the borrower or others, a threat to homeland security, a threat to our system or network, or cases in which we believe it is reasonably necessary to investigate or prevent harm, fraud, abuse, or illegal conduct. If we are legally compelled to disclose your personal information to a third party, we will make reasonable efforts to notify the borrower unless doing so would violate the law or court order.
Agents and contractors: Contractors who assist in operating our business and providing products or services sometimes have access to borrowers’ personal information. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of our site. Access to borrowers’ personal information by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function. Contractors have an obligation under their contracts with us to keep borrower information confidential and to comply with our privacy and security policies.
Direct Employees of FormFree: Employees are NOT authorized to download information that is not directly related to their work. Prior to downloading any software tools, all employees are advised to notify an Operations staff member of this intention. If help is needed, the local system administrator will provide support. Employees are NOT authorized to download data from any production, stage, or QA system without prior written approval. Prior to downloading any data, all employees must follow the Data Privacy Download Procedures. This includes any and all data that is confidential, sensitive or legally protected, including log files. Employees are not allowed to enter Server Rooms unless accompanied by a member of the Operations team.
How We Safeguard Personal Information
We are committed to protecting the security of borrowers’ private information through procedures and technology designed for this purpose. This includes, but is not limited to:
- Limiting access to personal information to only those employees who have a reasonable need to access this information in order to provide our products and services. Employees who misuse information are subject to disciplinary action, including termination;
- Utilizing physical, technical and procedural safeguards to help protect borrowers’ personal information; and
- Using secure transport layer security (TLS) to help protect this information while it is in transit between our servers and others’ computers and hardware encryption devices. We use AES-256 encryption while it is being stored on our servers.
What Borrowers Can Do to Help Keep Personal Information Secure
Borrowers also have a role in protecting the security of their private information, including:
- Keeping the Personal Access Code secure: Borrowers should not share the Personal Access Code with anyone.
- Log out and close the browser: Closing the browser at the end of a session erases any information it may have temporarily stored on your computer.
- Install antivirus software and spyware protection: Installing up-to-date antivirus software and running it often will help thwart viruses and other unwanted programs that can capture the contents of a borrower’s system, including passwords.
Changes to this Policy
Privacy Incident of Breach
In the event that FFHC suspects that borrower information has been compromised, FFHC will make every effort to contact and inform borrowers per its incident management policy. This will include phone call, email or mail.
To request a copy of your consumer data supplied by FormFree Corporation or an amendment to that information please email firstname.lastname@example.org, call (800) 225-9498 or contact your lender directly.