ONLINE PRIVACY NOTICE
Varo Money, Inc.
Updated January 1, 2020
This Online Privacy Notice (“Privacy Notice”) describes the policies and procedures of Varo Money, Inc. (“Company,” “we,” “our,” or “us”) with respect to the collection, use, disclosure, and protection of personal information and other information received or generated by Company (“Information”) with regard to individuals who have signed up for, access, and use the Services (collectively, “Users”), with each such User individually referred to herein as “you” and “your.” As used herein, “Services” means collectively, the website, applications and/or technology platform and associated websites, and social media channels used to monitor each individual’s banking, lending and related financial transactions in order to provide guidance, advice, and tools to each such User. By using or accessing the Services and/or by submitting or authorizing collection of your Information to Company in connection with any Services, you are consenting to the terms of this Privacy Notice.
This Privacy Notice may be updated or modified from time to time. By using or accessing the Services after such update or modification you are accepting such changes to the terms of this Privacy Notice. In addition to this Privacy Notice you are also subject to the Company’s User Agreement (the “User Agreement”). The applicable terms and conditions of the User Agreement shall apply to this Privacy Notice and any disputes relating to privacy and use or protection of Information hereunder.
What Information Do We Collect?
We collect, receive, generate and store the following types of Information:
- Personally Identifiable Information: Personally Identifiable Information is information that can be used to identify or contact an individual, including but not limited to the individual’s name, physical address, email address, birthdate, telephone number, card numbers and account numbers and identifiers. We collect, receive and store Personally Identifiable Information when you sign up or register for any of the Services or when you complete forms or questionnaires or complete your profile through the Services or when you otherwise correspond with us or directly provide such information to us.
- Personal Non-Identifying Data: Personal Non-Identifying Data is information about an individual and the individual’s characteristics, activities or behavior which cannot be used to identify or contact such individual or which has been stripped of any Personally Identifiable Information. This type of information includes for example, and without limitation, an individual’s gender, city or state of residence, age, industry, financial profile, demographic profile and other non-identifying characteristics. We may collect, receive and store Personal Non-Identifying Data when you directly provide it to us through the Services, when you give us access to such information retained in your computer or accounts or when we collect such information from available public and third-party sources.
- Information We Collect or Generate About You, Your Contacts and/or the Use of Our Services; User Content: We collect, generate and store certain types of information whenever you use the Services or otherwise interact with us. For example, we may automatically track or record your use of and activity on our website with respect to our Services, the time and date of your activities, the location of your device, your device’s ID, Internet Protocol (IP) address, browser type, Internet Service Provider, page views, domains, operating system and similar information. Also, we may automatically send and receive information to and from a computer, mobile phone or other device in connection with your use of the Services. Like many websites and online services, we may also use “cookies” (see below), log files, web beacon technologies and other automated tools to obtain certain types of information when a web browser, mobile application or other application accesses our Services. Finally, we may receive reports and data from third party analytics providers and other third-party services, which we may combine with the Personally Identifiable Information and other information we collect from you or that you may choose to upload to us (“User Content”). User Content is information, data, text, files, software, graphics, music, audio, photographs, video, messages, communications or other materials (other than Personally Identifiable Information or Personal Non-Identifying Data) that you upload or submit to us.
How Is Your Information Used?
Company may use the Information submitted, collected, received or generated from and/or about you and your contacts for any of the following purposes (subject to the special rules regarding financial transactions data from your banking and other financial accounts, including for example and without limitation, transaction dates, the merchants involved, the transaction types and the amounts (collectively “Transaction Data”) below):
- To operate, provide, administer, develop, and improve our Services, and to operate and support Company’s related business operations.
- To better understand how Users access and use our Services on an aggregated and individualized basis, to track and monitor usage, to conduct quality control, to fix technical and other errors or problems, to conduct market research, and to respond to User desires and preferences.
- To analyze, compile, publish, sell, and otherwise commercialize information (other than Personally Identifiable Information and other than individual, non-aggregated Personal Non-Identifying Data), including without limitation, derivative information, and analyses relating to usage and Users of the Services, and Information collected through the Services. The foregoing includes, for example, the distribution or sale by Company of aggregated or de-identified data and information.
- For advertising, marketing, and promotional purposes (excluding the provision to third parties of, or the publication of, any Personally Identifiable Information).
- To provide personalized experiences and recommendations, personalized help and instructions, or other customized responses to Users of our Services.
- To provide User support and handle User inquiries.
- To communicate with or contact Users concerning the usage of or participation in the Services, and for other customer service; this could include use of e-mail addresses to send messages and notices for the purposes described above and below.
- To provide news and newsletters, special offers, promotions, and targeted advertising (which excludes the provision to third parties of, or the publication of, any Personally Identifiable Information).
- To comply with applicable laws, rules, and regulations or court orders.
- To enforce our User Agreement and other applicable agreements, rights, and remedies.
- To protect the safety of any person, to address fraud, security, or technical issues, or to protect Company’s rights or property.
- To use in any other manner, or for any other purpose, for which you have given express permission or consent to Company.
When is Information Shared with or Disclosed to Others or the Public?
Information provided by or collected from our Users is an important part of our business. Company will share and disclose Information submitted, collected, received, or generated from and/or about you only as compatible with the purposes described above, when we have permission or consent (as may be provided by you from time to time through your use of the Services or otherwise), or as described in this section as follows:
- Aggregated Data and Anonymous Data: Company may publish and otherwise disclose (a) on an aggregated basis, information (including derivative information and analyses) relating to usage and Users of the Services and the contact and network information collected through the Services, and (b) information that does not contain Personally Identifiable Information (or any individual, non-aggregated Transaction Data) or is de-identified and not connected to the name of an individual or entity nor connected to similar information that would allow one to be specifically identified or contacted.
- Disclosures In Connection with Permitted Uses: Company may disclose your Personal Identifying Information and Personal Non-Identifying Data to third parties in connection with the purposes described in the previous section such as, for example, to commercialize non- identifying information relating to use by and Users of the Services or to implement advertising, marketing, or promotional activities or transactions.
- Company Affiliates: We may share any or all of your Information with our subsidiaries and other affiliates, but only if those entities are either subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.
- Public Forum: Any User Content or other User Information, content or materials submitted, posted, shared, transmitted, or otherwise provided to public portions of the Services may be shared with the public without restriction. Company also reserves the right to publish or make publicly available any Information that is already publicly available prior to the time first provided to or collected by Company, or information that becomes publicly available without any action or omission on the part of Company.
- Contractors, Collaborators and Agents: We may employ other companies, vendors, service providers and individuals to perform functions or services for Company or otherwise act on our behalf. Examples include resolving service problems, hosting websites or software, correcting errors related to the execution of the Services, sending postal mail and e-mail, analyzing data, providing marketing assistance (including data concerning marketing and promotional programs), developing websites and software, providing customer service, assisting Company with providing, administering, developing or improving the Services, and/or for other purposes within the ordinary course of business. These third parties may have access to Personally Identifiable Information and other information needed to perform their functions on our behalf. We use reasonable efforts to require these companies to (1) provide adequate protections for Personally Identifiable Information that are no less protective than those set out in this Privacy Notice and our information security policies and procedures, and (2) use Personally Identifiable Information only for the purposes for which the third party has been engaged by us. We are not liable for the acts or omissions of these third parties, except as provided by applicable law or regulation.
- Joint Marketing Agreements: As we develop our Services, we may enter into joint marketing agreements with other nonaffiliated companies that together with us may market products or services to you. Our joint marketing partners may include companies such as banks and financial service providers and new product offerings may include loan products, credit cards, overdraft protection, payment and deposit products among others.
- Business Transfers and Collaborations: As we continue to develop our business, we might sell the Company and/or its business or assets and/or sell or buy applications websites, services, subsidiaries, or other businesses; or we might collaborate or partner with other companies in strategic transactions, business arrangements, or licenses. In such transactions, User Information and information regarding use of the Services (including without limitation Personally Identifiable Information, Transaction Data and Personal Non-Identifying Data) generally would be one of the transferred business assets or otherwise one of the components of, or involved in, the transaction, and we may therefore share this information in connection with such transactions or arrangements.
- Compliance with Law and Protection of Company and Others: We reserve the right to disclose Personally Identifiable Information and any other information when it is believed disclosure is appropriate to comply with the law, judicial proceeding, court order, subpoena or other legal process; detect, prevent, or otherwise address fraud, security, emergency situations or technical issues; enforce or apply the User Agreement and other agreements, rights and remedies; or protect the rights, property, or safety of Company, our employees and contractors, Users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction purposes.
The Services may include or require operation with applications, services, features, or functionalities provided by third parties. In connection with such third-party applications, services, features, or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities with us. The use, storage and disclosure of such information by these third parties is subject to their own privacy and information security policies. Company shall require these third parties to adhere to Company’s privacy and information security policies in connection with the Services being provided, including enforcement of contractual provisions that provide for sanctions and damages for such use, storage and disclosure by such third parties. For further information on how your Personally Identifiable Information may be shared and how you may be able to limit certain types of sharing, please see the Varo Money U.S. Consumer Privacy Notice on our website at www.varomoney.com.
Security and Protection of Your Information
We are very concerned with safeguarding your information and protecting the security of your Personally Identifiable Information, Personal Non-Identifying Data and Transaction Data. We use appropriate, industry-typical security measures and technology to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction of, User Information covered by this Privacy Notice. In this regard, we employ administrative, physical, and electronic measures designed to protect personal information from unauthorized access and disclosure and to safeguard such information against loss, theft, alteration and destruction. However, no method of security is 100% secure.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored “personal data” (as defined in applicable statutes on security breach notification) to you by email or conspicuous posting on or through the Services in an expedient manner and without unreasonable delay, insofar as these are consistent with (i) applicable law and the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the Company’s data system.
We use device reputation services provided by a third party for fraud prevention and authentication purposes. The services help us decide whether to accept transactions from personal computers, mobile phones, or other devices by checking whether these devices have been identified with fraudulent or abusive transactions in the past, such as reported instances of identity theft, account takeovers, or malware attacks. The services also help verify your identity by registering and remembering devices associated with your access to your Services. For these purposes, a cookie file, flash storage token, or other code file may be placed on your device to identify it in the future when you visit our website or connect with our applications. On connection with our site or Services, we will transmit the device identification code to the third-party’s server, along with data concerning certain technical attributes of your device such as the model, operating system, and browser version, as well as the IP address, all of which are used to confirm device identification. The third-party’s server responds with code recommending that the device be granted or denied access and the transactions be accepted, denied, or reviewed, according to settings we have selected. We also report to the third-party if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us. If you set your browser or device to reject these cookies or tokens, we may not be able to authenticate your device or conclude some transactions through our website or application. We share with the third-party referenced above only information about the device you are using, which may also have been used or appropriated by others, and do not identify you or reveal the details of your transaction to the third-party. If your requested transaction is declined, or if you have questions about our use of an authentication or device reputation service, please contact Customer Service at [email protected]. To authenticate your device, you may be required to input a one-time confirmation code into your device. By using our Services, you agree that we, or anyone else on our behalf, may send you such confirmation codes by email or text message. Your wireless carrier may charge standard text message and/or other data rates for such messages.
Changing or Deleting Your Information
Company shall provide mechanisms for you to directly review, edit or delete the personal profile portions of your Personally Identifiable Information on or stored through the Services, provided that all such information is subject to any applicable record retention policies that we may have in place as well as any legal or regulatory requirements to retain such information. If you wish to request the deletion of other Personally Identifiable Information in our system, please contact us at [email protected]. Subject to any legal or regulatory obligation to retain this information, we will endeavor to accommodate your request in a timely manner. We may decline to process requests because such requests are unreasonably repetitive or relate to information that is incorporated into other databases or Services as permitted by this Privacy Notice, jeopardize the privacy of others, or would be impractical (for instance, requests concerning information residing on backup tapes or derivative information that is not separable). Because of the way we maintain certain Services, we may choose to limit access to Personally Identifiable Information rather than delete it from our active servers and back-up systems.
Cookies and Other Files
Your browser automatically reports log file information each time you access a web page. When you use the Services, our servers record certain information that your web browser sends whenever you visit any website or utilize any other services or applications. These server logs include information such as your web request, IP address, browser type, referring/ exit pages and Uniform Resource Locators (“URLs”), number of clicks, domain names, landing pages, pages viewed, and other information. When you use the Services, we employ clear GIFs (also known as web beacons) or similar mechanisms that are used to anonymously track your online usage patterns. We also use clear GIFs in HTML-based emails sent to Users to track which emails are opened by recipients and those links which Users click. In addition, we employ similar tracking technologies for mobile devices to collect and store information with respect to any mobile application portions of our Services.
Hosting of Services
Our Services are hosted in the United States. Your information will not be transferred or hosted outside of the United States without your consent. If you use the Services from the European Union, Asia, or any other country outside the United States with laws or regulations governing personal data collection, use, and disclosure that differ from the laws and regulations of the United States, please be advised that through the continued use of such Services, you are transferring information to the United States and you consent to that transfer. Your information may be transferred to – and maintained on – computers located in such state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us or use the Services in such jurisdiction, you are consenting and agreeing to such transfer and the processing of the information in such jurisdiction which may subject you to the laws of such jurisdiction with respect to your information.
Your California Privacy Rights
California law permits residents of California to request certain details about what personal information a company shares with third parties for the third parties’ direct marketing purposes. We do not share your Personally Identifiable Information with third parties for the third parties’ own and independent direct marketing purposes unless we receive your permission.
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) permits consumers who are California residents to:
(a)    ask a covered business which categories and pieces of personal information it collects and how the information is used;
(b)    request deletion of the information;
(c)    opt out of the sale of such information, if applicable.
These provisions of the CCPA do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law.
To contact us with questions about our compliance with the CCPA, call 1-800-827-6526 or email [email protected]
Our Policy Toward Children
In order to use our Services you must represent and warrant that you are over the age of 18 in the signup process. Children under the age of 18 are not eligible to use the Services and must not attempt to sign-up with the Services and/or submit any personal information to us. We do not knowingly collect personal information from any person who is under the age of 18 or allow them to sign-up. If it comes to our attention that we have collected personal data from a person under the age of 18, we will delete or suppress this information as quickly as possible.
We have enabled the following Google Analytics Advertising Features:
- Remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
All information we and our third-party vendors collect using first-party cookies (such as the Google Analytics cookie) or other first-party identifiers and third-party cookies (such as Google advertising cookies) or other third-party identifiers together will be used for marketing purposes.
In order to opt out from this collection through Google products and manage the data collected through Google, you can do the following:
- Go to your Google Ad settings by clicking here (link: https://www.google.com/settings/u/0/ads/authenticated?hl=en) and manage the information you allow to be collected.
- Follow this link and install Google Analytics’ currently available opt-out plugin for the Web (link: https://tools.google.com/dlpage/gaoptout/)
If you want to learn more about how Google Analytics collects and uses your information, go here (link: https://support.google.com/analytics/answer/6004245). If you want to learn more about how Google analytics is commonly used by Google partners or how to control the information you send to Google, go here (https://www.google.com/intl/en/policies/privacy/partners).
Links to Other Services and Applications
Our Services contain links to, interoperate with, and allow you to share content to and from third party services, websites, and applications. The fact that we link to a website, service, or application or allow you to share content through these third parties is not an endorsement, authorization, or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. Other websites, services, and applications follow different rules regarding the collection, use, storage, or disclosure of personal and other information. We encourage you to read the privacy policies or statements of the other websites, services, and applications you use.
Limitation of Liability
Even though Company has taken reasonable commercial steps and efforts to prevent Personally Identifiable Information and other information covered by this Privacy Notice from being accessed, used, intercepted, or disclosed by unauthorized individuals in violation of this Privacy Notice, you should know, and you acknowledge that Company cannot fully eliminate security risks associated with your information. You expressly acknowledge and agree that uploading, posting, providing, storing, using, analyzing, transmitting, sharing and/or allowing access to Personally Identifiable Information and other information on, through, in, or to the Services, and the use of all such Services, are all done at your risk and responsibility. You expressly acknowledge that Company is not liable for (i) any special, indirect, consequential, incidental or punitive damages, costs, or liabilities whatsoever arising out of or resulting from your use of the Services, including from uploading, posting, providing, storing, using, analyzing, transmitting, sharing, and/or allowing access to Personally Identifiable Information and other information; or (ii) any loss, disclosure or use of your Personally Identifiable Information or other information.
If you have any questions about this Privacy Notice, please contact us at [email protected].