COVIANCE CONSUMER PRIVACY POLICY
It is important that you read and understand this Privacy Policy (“Policy”) as it applies to the Website. Coviance, Inc. provides you access to the Website on behalf of your Financial Institution. Your Financial Institution uses the information you enter into the Website to make lending or credit decisions. By or using the Website, you consent to the collection, use, and disclosure of the information you provide. If you do not agree to this Policy, do not use the Website.
If you are using the Website to apply jointly with another person for a loan or other financial services product, you and your co-applicant may be required to provide information using a single application or you may have the option to use multiple individual account(s). When using a single application, the joint applicants will have access to all information supplied by each other to complete that application. Such joint applicants will have the ability to view, print, transmit, save, and/or edit the information. Access may continue for as long as the joint applicants utilize the single account in connection with the application process. While Coviance takes reasonable efforts to keep Personal Information separate between joint applicants, all types of joint applicants should expect that certain Personal Information may be disclosed between both applicants. The type of personal information disclosed between joint applicants may depend on the practices of your Financial Institution.
Key Terms
It would be helpful to start by explaining some key terms used in this policy:
| We, Us, Our | Coviance, Inc. |
| You, Your | Any individual(s) who accesses or uses the Website on your behalf, including any authorized signers, co-applicants, and/or other authorized users. |
| Financial Institution | Bank or Credit Union you have a relationship with |
| Personal Information | Any information relating to an identified or identifiable individual |
| Website | www.coviance.com and all sub-domains, including secure.coviance.com & any Coviance Platform |
Personal Information We Collect About You
We may collect and use the following Personal Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
| Categories of Personal Information |
|---|
| Identifiers (e.g., a real name, alias, postal address, unique Personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, social security number, driver’s license number, passport number, or other similar identifiers) |
| Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. |
| Characteristics of protected classifications under state or federal law. |
| Commercial information (e.g., records of Personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies) |
| Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, geolocation data, or advertisement) |
| Geolocation data |
| Professional or employment-related information |
| Any additional information needed to complete a loan application |
This Personal Information is required to provide services to you. If you do not provide Personal Information we ask for, it may delay or prevent us from providing services to you.
How Your Personal Information is Collected
We collect most of this Personal Information directly from you or through your Financial Institution — by telephone, text, email and/or via our Website. However, we may also collect information:
- From publicly accessible sources (e.g., property records);
- Directly from a third party (e.g., sanctions screening providers, credit reporting agencies, or customer due diligence providers);
- From a third party with your consent;
- From cookies on our Website—for more information on our use of cookies, please see our Cookies and Other Electronic Technologies section below
- Via our IT systems, e.g.,:
- Door entry systems and reception logs;
- Automated monitoring of our websites and other technical systems, such as our computer networks and connections;
- Communications systems
How and Why We Use Your Personal Information
Under data protection law, we can only use your Personal Information if we have a proper reason for doing so, e.g.,:
- To comply with our legal and regulatory obligations;
- For the performance of contracted services or before entering into a contract as required by the contracting parties;
- For our legitimate interests or those of a third party, as described above; or
- Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
| What we use your Personal Information for | Our reasons |
|---|---|
| To provide services | For the performance of our contract with your Financial Institution |
| To prevent and detect fraud | For our legitimate interests or those of a third party, i.e., to minimize fraud that could be damaging for us and for you |
Conducting checks to identify our customers and verify their identity | To comply with our legal and regulatory obligations |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | To comply with our legal and regulatory obligations |
| Ensuring business policies are adhered to, e.g., policies covering security and internet use | For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service |
| Operational reasons, such as improving efficiency, training and quality control | For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service |
| Ensuring the confidentiality of commercially sensitive information | For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable information |
| Statistical analysis to help us manage our business, e.g., in relation to Improve content of the Website, Respond to inquiry | For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service |
| Preventing unauthorized access and modifications to systems | For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you |
| Updating and enhancing customer records | For the performance of our contract with your Financial Institution |
| Statutory returns | To comply with our legal and regulatory obligations |
| Ensuring safe working practices, staff administration and assessments | To comply with our legal and regulatory obligations |
Marketing our services to: | For our legitimate interests or those of a third party |
| External audits and quality checks, e.g., audit of our accounts | For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards |
Who We Share Your Personal Information With
We routinely share Personal Information with:
- Your Financial Institution
- Service providers we use to help deliver our services to you;
- Other third parties we use to help us run our business;
- Third parties approved by you;
We only allow our service providers to handle your Personal Information if we are satisfied they take appropriate measures to protect your Personal Information. We also impose contractual obligations on service providers ensuring they can only use your Personal Information to provide services to us and to you. We may also share Personal Information with external auditors, e.g., in relation to SOC certification and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We will not share your Personal Information with any other third party.
Personal Information We Sold or Disclosed for a Business Purpose
In the preceding 12 months, we have not sold any Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
In the preceding 12 months, we have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
- Identifiers (e.g., a real name, alias, postal address, unique Personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, social security number, driver’s license number, passport number, or other similar identifiers);
- Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.;
- Characteristics of protected classifications under state or federal law;
- Commercial information (e.g., records of Personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
- Geolocation data;
- Professional or employment-related information;
- Any additional information needed to complete a loan application.
How Long Your Personal Information Will Be Kept
We will keep your Personal Information while we are providing services to you on your Financial Institution behalf. Thereafter, we will keep your Personal Information for as long as is necessary:
- To respond to any questions, complaints or claims made by you or on your behalf;
- To show that we treated you fairly;
- To keep records required by law.
We will not retain your Personal Information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Information.
We may keep an anonymized form of your Personal Information, which will no longer refer to you, to the extent that we have a legitimate and lawful interest in doing so.
Cookies and Other Electronic Technologies
The Website uses “cookie” technology to measure Website activity and to collect information such as browser type, time spent on the Website, pages visited and other information about your visit to the Website. Cookies are also used to prefill information previously entered into forms and to customize information to your Personal tastes. A cookie is an element of data that an internet site can send to your browser. Cookies are stored on your computer. We may share information about you that we collect through a cookie with third-parties who help us analyze Website data.
If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to: https://www.allaboutcookies.org. If, however, you do not accept our cookies, you may experience some inconvenience in your use of the Website.
We may also include small graphic images called web beacons, also known as “Internet tags” or “clear gifs,” in our web pages and email messages. We may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to the Website, to monitor how users navigate the Website, and to count how many emails that we sent were actually opened or how many particular articles or links were actually viewed.
We may also use embedded scripts on the Website. An embedded script is programming code that is designed to collect information about your interactions with the Website. It is temporarily downloaded onto your computer from our web server or a third party with whom we work, is active only while you are connected to the Website, and is deleted or deactivated thereafter.
Automatically-collected information about you, such as how you interact with the Website, may be combined with your Personal Information. If we associate any such automatically-collected information with Personal Information about you, we will treat the combined information as Personal Information.
When you visit or log in to our Website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these emails. You may opt out of receiving this advertising by visiting https://app.retention.com/optout .
The Website may use third party analytics, such as Google Analytics, to help us understand how you use the Website so we can improve its design and functionality. The information collected through the use of analytics may include: your IP address, the website from which you visited us, the type of device you used, what pages of the Website you visited, and which elements of the Website you interacted with. We use this information to help us analyze how you use the Website, improving and developing the Website, and monitoring and analyzing use of the Website. You can opt out from the use of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add On.
Compliance with Privacy Laws
Coviance complies with the data protection and privacy laws to which it is subject. You should familiarize yourself with those laws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time. Except to the extent expressly stated otherwise in this Privacy Policy, Coviance accepts no obligations with respect to the handling of Personal Information other than those mandated by law.
State-Specific Privacy Rights (States Other Than California)
Pursuant to certain state privacy laws in the US, individuals residing in certain US states may have additional rights regarding Our collection, use, and sharing of their Personal Information. This Section applies to residents of states including Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia and provides additional information in accordance with the privacy laws (current or forthcoming) in those states (collectively, the “State Privacy Laws”).
Subject to certain exceptions, if you are an eligible resident of one of these states, you have certain privacy rights which may include, depending on your state of residency:
- Right to Access: You have the right to confirm whether We process your Personal Information and access such Personal Information. You also have the right to obtain your Personal Information in a portable, and to the extent reasonably feasible, readily usable format that you can transmit without hindrance.
- Right to Delete: You have the right to request that We delete the Personal Information you have provided to us or that We have otherwise obtained about you.
- Right to Correct: You have the right to request that We correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
- Right to Opt Out: You have the right to opt out of the processing of your Personal Information for the purposes of (i) targeted advertising, (ii) the sale of your Personal Information and (iii) profiling in furtherance of decisions, including, for eligible residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects.
- Right to Appeal: You have the right to appeal Our decision with regard to your request to exercise any rights described herein.
- Right to Be Free from Discrimination: You have the right to not be discriminated against by Us for exercising any of your rights.
California Privacy Rights
This section of the Policy applies solely to those individuals who reside in the State of California. We are providing this policy in compliance with the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and other applicable California privacy laws. Any terms used in this section that are not defined in the Policy itself have the same definition as used in the CCPA/CPRA, and its implementing regulations.
Our Collection, Use, and Disclosure of Consumer Personal Information
We collect, use, and disclose California consumers’ Personal Information as previously described in this Privacy Policy. Please see “Personal Information We Collect About You”, “How Your Personal Information is Collected”, “How and Why We Use Your Personal Information”, and “Who We Share Your Personal Information With”.
California Consumer Rights
If you are a California resident, you may ask Us to disclose what Personal Information we have about you and what we do with that information, to delete your Personal Information, to direct Us not to sell or share your Personal Information, to correct inaccurate information that we have about you, and to limit our use and disclosure of your sensitive Personal Information:
- Right to know: You can request that we disclose to you: (1) the categories and/or specific pieces of Personal Information we have collected about you, (2) the categories of sources for that Personal Information, (3) the purposes for which we use that information, (4) the categories of third parties with whom we disclose the information, and (5) the categories of information that we sell or disclose to third parties. You can make a request to know up to twice a year, free of charge.
- Right to delete: You can request that we delete Personal Information we collected from you and tell our service providers to do the same, subject to certain exceptions (such as if we are legally required to keep the information).
- Right to opt-out of sale or sharing: You may request that we stop selling or sharing your Personal Information (“opt-out”), including via a user-enabled global privacy control. We cannot sell or share your Personal Information after we receive your opt-out request unless you later authorize us to do so again.
- Right to correct: You may ask us to correct inaccurate information that we have about you.
- Right to limit use and disclosure of sensitive Personal Information: You can direct us to only use your sensitive Personal Information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested.
You also have the right to be notified, before or at the point we collect your Personal Information, of the types of Personal Information we are collecting and what we may do with that information. Generally, we cannot discriminate against you for exercising your rights under the CCPA. We cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.
California’s Shine-the-Light Law
California’s Shine the Light law permits California residents to request and receive, once per calendar year and free of charge, information about our sharing of your Personal Information (if any) with third parties for their own direct marketing use. If you are a California resident and would like to make such a request, please email privacy@coviance.com. In your request, please include your name and attest to the fact that you are a California resident and provide a current California address. We may ask you for additional information to confirm your identity before responding to this request.
How to Exercise Your Rights
If you would like to exercise any of your rights as described in this Privacy Policy, please:
- Call us, toll-free, at 855-525-6730; or
- Email us at privacy@coviance.com.
Please note that you may only make a State Privacy Law data access or data portability disclosure request twice within a 12-month period.
If you choose to contact directly by phone or email, you will need to provide us with:
- Enough information to identify you;
- Proof of your identity and address; and
- A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
Keeping Your Personal Information Secure
We have appropriate security measures in place to prevent Personal Information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your Personal Information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We employ encryption technologies to protect Personal Information and maintain a current data flow diagram identifying the flow of Personal Information.
Third Party Websites
There may be hyperlinks on the Website to other websites or locations that are operated and controlled by third parties (“Third Party Websites”). These Third-Party Websites may solicit Personal Information from you. We make no representations regarding the policies or business practices of such Third Party Websites and encourage you to familiarize yourself with their privacy policies before providing them with your Personal Information.
Children’s Online Privacy
Our Website is not intended for children under the age of 13. We do not intentionally or knowingly collect Personal Information from children under the age of 13 and we request that individuals under the age of 13 do not submit any Personal Information on the Website. If we learn that we have received identifying information from a user under the age of 13, we will delete this information.
Changes to this Statement
Coviance may from time to time and without prior notice revise this Privacy Policy. Any changes will be effective immediately when the revised Policy is posted on the Website unless stated otherwise. We will not, however, use your Personal Information in a manner materially different than what was stated in the Privacy Policy posted on the Website at the time your Personal Information was collected unless we receive your consent.
Contacting Us
If you have any questions about this Privacy Policy, our practices, or your dealings with the Website, you can contact us by mail or email:
Coviance
3001 Westown Parkway #200
West Des Moines IA 50265
Updated: 2/14/2025