Effective: October 15, 2019
WE ARE KASASA
Kasasa (also “us” and “we”) provides retail banking products, enabling technologies, and professional services that help community Financial Institutions better serve Consumers and their communities. Kasasa respects privacy and is committed to protecting it though compliance with this Policy.
Applicable Law requires us to disclose what personal information we collect, and how we collect, share, and protect any personal information we receive from Financial Institutions or Consumers interacting with the Services or our website or personnel.
PLEASE READ THIS NOTICE CAREFULLY, AS IT IS INTENDED TO DISCLOSE OUR INFORMATION COLLECTION PRACTICES FOR BOTH FINANCIAL INSTITUTIONS AND CONSUMERS.
PLEASE READ THIS POLICY IN ITS ENTIRETY BEFORE USING ANY OF KASASA'S SERVICES.
BY USING ANY SERVICES THAT WE PROVIDE TO A FINANCIAL INSTITUTION OR CONSUMER, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTAND THIS POLICY AND THAT YOU AGREE TO BE BOUND BY ITS TERMS.
IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS POLICY, SIMPLY EXIT WITHOUT ACCESSING OR USING OUR WEBSITE OR ANY OF OUR SERVICES.
This Policy applies to any and all interactions with Kasasa (including employment related), any of the Services it provides, and Kasasa Events in which we participate, unless a different policy is posted or is made available and by its terms supplant this Policy.
Other privacy policies, such as those of Third Parties that we contract with for specific services and functionality, may also apply in addition to this Policy.
Kasasa will not share Personal Information (defined herein) with any person or organization except (i) to perform the Services, (ii) for the business purposes described in this Policy, (iii) as authorized by the Consumer, (iv) with the Financial Institution used by the Consumer, (v) with Third Parties delivering contracted services, (vi) as may be required Applicable Law, or (vii) as otherwise set forth herein.
Kasasa does not sell Personal Information.
This Policy describes the types of information we may collect through any of the Services or Kasasa Events in which we participate, as well as, and our practices for collecting, using, maintaining, protecting and disclosing the information.
INFORMATION WE COLLECT
The information we collect and share depends on the Services utilized, which websites that are powered by Kasasa (“Kasasa Powered Websites”) are visited, or Kasasa Event(s) in which you participate.
In the past twelve (12) months, the “Personal Information” we have collected includes:
Identifiers. Information which identifies the Consumer (e.g. real name, aliases, postal address, unique personal identifier, online identifier, Internet Protocol address, income, age, age range, date of birth, email address, account name, Social Security Number, photograph, driver’s license number, passport number, or other similar information).
Personally Identifiable Information. In addition to the information listed above in ‘Identifiers,’ any other specific information which identifies the Consumer (e.g. signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, or medical information or health insurance information). Some Personal Information included in this category may overlap with other categories.
Legally Protected Characteristics. Information regarding a Consumer’s characteristics that are protected by law (e.g. age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, disability, sex (including gender, gender identity, gender expression, pregnancy, maternity, childbirth, and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).
Commercial Information. Information regarding a Consumer’s purchasing or selling activity (e.g. records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Internet or Network Activity. Information regarding a Consumer’s Internet activity (e.g. browsing history, search history, information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, or other similar information).
Geolocation. Information regarding a Consumer’s physical location and/or movements.
Inferences from Above Used to Profile. Any profile drawn from a Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Information does not include:
We do not knowingly collect information from or about persons under the age of 16 years old (“Child”) on Kasasa Powered Websites or at Kasasa Events. If you are a Child, do not use or provide any information to us via the Kasasa Powered Websites or attend Kasasa Events. If we learn that we have collected or received unauthorized Personal Information from a Child, we will delete that information. If you believe that we have information from or about a Child, please contact email@example.com.
To protect Personal Information, we (i) require Third Parties to treat Personal Information in accordance with Applicable Law; (ii) only allow Third Parties to use Personal Information for specified purposes as contracted for; and (iii) use security measures (i.e., physical, technical, and procedural safeguards) that comply with federal law and industry best practices. We perform data encryption (at rest and in transit) via AES-256 encryption. Although we do our best to protect Personal Information, we cannot guarantee the security of exchanged Personal Information. Any exchange of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.
HOW WE COLLECT PERSONAL INFORMATION
We receive Personal Information from the following sources:
HOW WE USE PERSONAL INFORMATION
We may collect, use, disclose or share Personal Information for our business purposes, including:
We will not collect additional categories of Personal Information or use Personal Information we collect for materially different, unrelated, or incompatible purposes without providing notice to the Consumer.
You do not have to provide any information to view some Kasasa Powered Websites and you are permitted to browse some Kasasa Powered Websites anonymously. By viewing or browsing any Kasasa Powered Websites, you are agreeing to this Policy. Certain features of some of the Services, however, are only available to registered Financial Institutions, Consumers or to those who have not disabled certain tracking capabilities.
SHARING PERSONAL INFORMATION
We may disclose Personal Information to a Third Party for the business purposes stated in this Policy and subject to a written agreement with the Third Party that describes the purpose and requires the recipient to (i) keep such Personal Information confidential; and (ii) not use it for any purpose other than performing as contracted for. Such Third Parties may include, but are not limited to, service providers, data brokers, data aggregators, advertisers, Affiliates, Non-Affiliates, partners, social media companies or internet cookie information recipients.
We may share the information we collect from and about Consumers with Affiliates and Non-Affiliates for the following purposes:
Under certain circumstances, Consumers have the rights set forth below regarding the Personal Information we may have collected about them in the previous 12 months:
Access and Disclosure of Information. Upon receipt and confirmation of a Verifiable Consumer Request, we will disclose, by mail or in electronic format, to the Consumer the following information: (i) the categories of personal information collected about that Consumer, (ii) the categories of sources for the personal information collected about that Consumer, (iii) the business or commercial purpose for collecting that Consumer’s Personal Information, (iv) categories of Third Parties with whom we share or sell that Consumer’s Personal Information, and (iv) the specific Personal Information collected about that Consumer.
Delete Information. Up to twice per year, upon receipt and confirmation of a Verifiable Consumer Request or Verifiable Financial Institution Request, we will delete (and direct our service providers to delete) that Consumer’s Personal Information from our records, unless the information is necessary for us or our service providers to:
Disable Use of Features and/or Discontinue Use of Services, Consumer have the right to disable Cookies and Flash Objects from their browsers; however, some functionality on some Kasasa Powered websites may be impaired if these items are disabled. Consumers have the right to contact their Financial Institution and close their account and/or discontinue the use of Services, websites, or digital applications powered by Kasasa.
Opt-Out of Collection. Consumer may opt-out of any continuing marketing or promotional program by executing the opt-out option included within such marketing or promotional communication. We do not sell Personal Information, but as a safeguard, a Consumer may also opt-out of having their information sold to third-parties by submitting the request to firstname.lastname@example.org.
Consumers can exercise their rights to opt out of some information collection and sharing activities, but not all. For example, Consumers cannot opt out of aggregated information and Personal Information if shared with Non-Affiliates to: (i) market the Financial Institution’s own products or services; (ii) market financial products and services offered by the Financial Institution and another financial institution (Joint Marketing); (iii) process and service transactions the Consumer requests or authorizes; (iv) protect against potential fraud or unauthorized transactions; (v) respond to judicial process; (vi) comply with Applicable Law.
In the event that an account is deleted and/or closed at the Financial Institution or the Financial Institution terminates the use of the Services, any Personal Information will no longer be used and will be destroyed or deleted from operational Kasasa systems in accordance with Kasasa’s then-current internal policies, procedures, and timeframes.
There is not a fee for a verified Consumer to exercise any of the other rights regarding Personal Information. However, we may charge a reasonable fee or refuse to comply if a request is clearly unfounded, excessive, or trolling.
A “Verifiable Consumer Request” must: (i) be made by the Consumer requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority; (iii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; (iv) identify a preferred format for requested Personal Information; and (v) any other information that we may request in order to verify the requestor’s identity. We will not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
You will not be required to create an account with us in order to make a verifiable request. However, we do consider requests made through your password protected account sufficiently verified. We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request. You may make a Verifiable Consumer Request for access to applicable personal information twice within a 12-month period.
A “Verifiable Financial Institution Request” must: (i) be made by the Financial Institution who received a Verifiable Consumer Request requesting their Personal Information or an authorized representative; (ii) provide sufficient information to verify identity or authority of the requesting Consumer, (iii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it, and (iv) identify a preferred format for requested Personal Information. We will not be able to respond to request or provide any Personal Information if we cannot verify the Financial Institution’s identify; the Consumer’s identity or authority to make the request and confirm the Personal Information relates to the Consumer making the verifiable request.
We may provide web links to websites unaffiliated with Kasasa, such as credit bureaus, service providers or merchants. If you follow web links to websites not affiliated or controlled by Kasasa, you should review their privacy and security policies and other terms and conditions, as they may be different from those on our websites. Kasasa does not guarantee, and is not responsible for, the privacy or security of these websites, including the accuracy, completeness, or reliability of their information.
We will enforce this Policy, and if you violate any of its terms, we may prevent you from using any of the Services.
The following definitions applies to your interaction with Kasasa or any of the Services, unless a different policy is posted or is made available and by its terms supplants this Policy.
Affiliates: Companies related by common ownership or control, both financial and non-financial entities.
“Applicable law” means, as applicable, (i) court orders; and (ii) federal, state, and local laws, rules, regulations, and requirements of any governmental authority or other administrative or regulatory organization which is applicable to Kasasa and the Services.
Consumers: Any current or prospective customers or members of Financial Institutions or Kasasa that currently use the Services, or may use them in the future.
Clear GIFs (aka Web Beacons/Web Bugs, Pixel Tags): Clear GIFs are tiny graphics with a unique identifier, similar in function to Cookies, and are used to track the online movements of web users. In contrast to Cookies, which are stored on the computer’s hard drive, Clear GIFs are embedded invisibly on web pages.
Financial Institutions: Banks and/or credit unions that contract for the Services.
Flash Objects (or Local Shared Objects): These objects help us determine and recognize the browser type and version of Adobe Flash so that one can view “moving content” such as online demonstrations and tutorials on the device when logged onto or return to a website.
IP Address: A number that is automatically assigned to the device used by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever someone visits a website, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many websites. We use IP Addresses for purposes such as calculating website usage levels, helping diagnose server problems, compliance and security, and administering our Services.
Joint Marketing: A formal agreement between non-affiliated financial companies, or Third Parties that together market financial products or services to Consumers.
Kasasa Event: Any event Kasasa, LTD organizes to educate and raise the general public’s awareness that, as a whole, Financial Institutions offer financial products and services that are competitive with their larger regional and national counterparts.
Non-Affiliates: Entities not related by common ownership or control, both financial and non-financial entities.
Services: Collectively refers to any and all of Kasasa’s products, services, applications and/or websites that Kasasa powers independently or on behalf of Financial Institutions.
Third Parties: Any agents, vendors, subcontractor, licensor, or other representatives that Kasasa engages to develop, deliver or support the Services or capabilities.
CHANGES TO THIS POLICY
We reserve the right to modify this Policy at any time without notice, so review it frequently. If we make changes to this Policy, we will post these changes on this website and if applicable on digital application; and the changes will be deemed effective immediately upon the date of such posting. The most current version of the Policy will always appear on this website and the most recent version shall supersede any and all other versions of this Policy. Continued use of the Services following the posting of these changes or modifications will constitute acceptance of such changes or modifications.
If you have any questions regarding this Policy, please contact us at:
4516 Seton Center Parkway;
Austin, TX 78759