Effective Date: January 1, 2023

Rights for California Residents

This statement makes additional disclosures to California residents (i.e., “consumers”), and describes rights they may have, under the California Privacy Rights Act (the “CPRA”) which is the extension of the California Consumer Privacy Act. You will see references to our parent company VCI (VeriCheck) because their compliance team oversees ACHWorks as well.

This statement and the consumer rights described do not cover certain collection and handling of personal information that is regulated under federal laws regarding financial services or credit reporting.

You can learn more about the CPRA here: https://oag.ca.gov/privacy/ccpa

For more information, please read our CPRA Disclosure.

Collection Of Personal Information

The following table describes which categories of personal information we collected about consumers within the past 12 months. For each category, we collected one or more of the examples listed.

Category Examples

Identifiers real name, signature, alias, address, telephone number, email address, Internet Protocol address, device identifier, browser cookies, web beacon, pixel tag, mobile ad identifier, other unique personal identifier, online identifier, account name, Social Security number, driver’s license or state ID number, passport number, insurance policy number, physical characteristics or description, or other similar identifiers.
Financial Information bank account number, credit card number, debit card number, or any other financial information.
Medical or Health Insurance Information medical conditions, medical treatment, medical history, or any other medical or health insurance information.
Protected Classification Information age (40 years or older) race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Commercial Information records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information Fingerprints, facial recognition, voice recordings; keystroke patterns and rhythms.
Internet Activity. browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Geolocation Data Physical location or movements
Sensory data Audio recording (for recorded phone lines only pursuant to regulatory requirement), electronic, visual information, thermal, olfactory, or similar information.
Professional or Employment-Related Information Current or past job history or performance evaluations.
Non-public education information Educational background (degree, level of education completed,) student financial information.
Inferences Profile created about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, behaviors, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information Social security numbers, account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership.

Sale Or Disclosure Of Personal Information

Under the CPRA, a “sale” of personal information includes transferring, disclosing, or otherwise making personal information available to a third party in exchange for money or something else of value.

In the past 12 months, we have not sold any information subject to the CPRA, including personal information of minors under the age of 16. In addition, the bank with no sell any personal information subject to CPRA.

Your Rights

If you are a California resident, you have the right to make the following requests to covered businesses. The requests may be made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a person authorized by the consumer to act on the consumer’s behalf:

Right To Know About Collection, Disclosure or Sale of Personal Information

You have the right to request that a business disclose to you: (i) the categories and specific pieces of personal information the business has collected about you within the past 12 months, (ii) the categories of sources from which the personal information is collected, (iii) the business or commercial purposes for collecting or selling personal information, and (iv) the categories of third parties with whom the business shares personal information.

If a business sells personal information, or discloses it for a business purpose, you also have the right to request that the business disclose the following with respect to the 12- month period preceding your request: (i) the categories of personal information that the business sold about you and the categories of third parties to whom the personal information was sold, and (ii) the categories of personal information that the business disclosed about you for a business purpose.

This type of request may be referred to as a “Request to Know.” Before we can honor a Request to Know, we need to verify that the person making it is the consumer whose personal information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized disclosure.

Right to Request Deletion of Personal Information

You have the right to request that a business delete any personal information that the business has collected from you. This type of request may be referred to as a “Request to Delete.”

Before we can honor a Request to Delete, we need to verify that the person making the request is the consumer whose personal information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized deletion.

We are not required to delete personal information if we still need it in order to complete the transaction for which the information was collected, provide a good or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, comply with legal obligations, or accomplish any other objective recognized as an exception to the right to deletion under applicable law.

Right to Opt-Out of the Sale of Personal Information

You have the right to direct a business that sells personal information about you to third parties not to sell your personal information. This type of request may be referred to as a “Request to Opt-Out.”

We do not sell personal information. If we decide to sell personal information in the future, we will post an appropriate notice and opt-out method, and we will not sell any personal information previously collected.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by a business for the exercise of your privacy rights under the CCPA.

Right to Request Correction of Personal Information

You have the right to request that a business correct any incorrect personal information that the business has collected from you. This type of request may be referred to as a “Request to Correct.”

Right to Limit the Use and Disclose of Sensitive Personal Information

You have the right to request that a business limit the use and disclose of any sensitive personal information that the business has collected from you. This type of request may be referred to as a “Request to Limit the Use and Disclose of Sensitive Personal Information.”

We limit the use of your sensitive personal information. We collect or use your sensitive personal information with the disclosed purpose to provide banking services to you. We do not collect additional categories of sensitive personal information or use sensitive personal information collected for additional purposes that are incompatible with the disclosed purpose. In addition, we do not sell your sensitive personal information to third parties.

If you are emailing a request on behalf of another consumer as their authorized representative, you must include the foregoing information about the consumer and attach to the email a copy of a power of attorney appointing you as a duly authorized representative under California Probate Code sections 4000 to 4465 or written permission from the consumer to make the request.

If you prefer, you can call this toll-free number to submit your request: (844) 980-4VCI; Option 4.

After confirming receipt of your request, we’ll contact you if we need more information in order to verify it. If we can’t verify a request, we may deny it.

For more information, please follow our CPRA Disclosure.

Contact Us

If you have any questions or concerns about this Policy or our practices, or wish to exercise your rights regarding your personal information under applicable law, please contact us by:

Send regular mail to:

VCI

ATTN: Compliance Department

19752 MacArthur Blvd., Suite 100,

Irvine, CA 92612

Call our toll-free number at (844) 980-4VCI Option 4