Varo Money, Inc.
Updated March 27, 2019
This Online Privacy Notice ("Privacy Notice") describes the policies and procedures of Varo Money, Inc. ("Company," "we," "our," or "us") with respect to the collection, use, disclosure, and protection of personal information and other information received or generated by Company ("Information") with regard to individuals who have signed up for, access, and use the Services (collectively, "Users"), with each such User individually referred to herein as "you" and "your." As used herein, "Services" means collectively, the website, applications and/or technology platform and associated websites, and social media channels used to monitor each individual's banking, lending and related financial transactions in order to provide guidance, advice, and tools to each such User. By using or accessing the Services and/or by submitting or authorizing collection of your Information to Company in connection with any Services, you are consenting to the terms of this Privacy Notice.
This Privacy Notice may be updated or modified from time to time. By using or accessing the Services after such update or modification you are accepting such changes to the terms of this Privacy Notice. In addition to this Privacy Notice you are also subject to the Company's User Agreement (the "User Agreement"). The applicable terms and conditions of the User Agreement shall apply to this Privacy Notice and any disputes relating to privacy and use or protection of Information hereunder.
What Information Do We Collect?
We collect, receive, generate and store the following types of information:
How Is Your Information Used?
Company may use the Information submitted, collected, received or generated from and/or about you and your contacts for any of the following purposes (subject to the special rules regarding financial transactions data from your banking and other financial accounts, including for example and without limitation, transaction dates, the merchants involved, the transaction types and the amounts (collectively "Transaction Data") below):
When is Information Shared with or Disclosed to Others or the Public?
Information provided by or collected from our Users is an important part of our business. Company will share and disclose Information submitted, collected, received, or generated from and/or about you only as compatible with the purposes described above, when we have permission or consent (as may be provided by you from time to time through your use of the Services or otherwise), or as described in this section as follows:
The Services may include or require operation with applications, services, features, or functionalities provided by third parties. In connection with such third-party applications, services, features, or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities with us. The use, storage and disclosure of such information by these third parties is subject to their own privacy and information security policies. Company shall require these third parties to adhere to Company's privacy and information security policies in connection with the Services being provided, including enforcement of contractual provisions that provide for sanctions and damages for such use, storage and disclosure by such third parties. For further information on how your Personally Identifiable Information may be shared and how you may be able to limit certain types of sharing, please see the Varo Money U.S. Consumer Privacy Notice on our website at www.varomoney.com.
Security and Protection of Your Information
We are very concerned with safeguarding your information and protecting the security of your Personally Identifiable Information, Personal Non-Identifying Data and Transaction Data. We use appropriate, industry-typical security measures and technology to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction of, User Information covered by this Privacy Notice. In this regard, we employ administrative, physical, and electronic measures designed to protect personal information from unauthorized access and disclosure and to safeguard such information against loss, theft, alteration and destruction. However, no method of security is 100% secure.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored "personal data" (as defined in applicable statutes on security breach notification) to you by email or conspicuous posting on or through the Services in an expedient manner and without unreasonable delay, insofar as these are consistent with (i) applicable law and the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the Company's data system.
We use device reputation services provided by a third party for fraud prevention and authentication purposes. The services help us decide whether to accept transactions from personal computers, mobile phones, or other devices by checking whether these devices have been identified with fraudulent or abusive transactions in the past, such as reported instances of identity theft, account takeovers, or malware attacks. The services also help verify your identity by registering and remembering devices associated with your access to your Services. For these purposes, a cookie file, flash storage token, or other code file may be placed on your device to identify it in the future when you visit our website or connect with our applications. On connection with our site or Services, we will transmit the device identification code to the third-party's server, along with data concerning certain technical attributes of your device such as the model, operating system, and browser version, as well as the IP address, all of which are used to confirm device identification. The third-party's server responds with code recommending that the device be granted or denied access and the transactions be accepted, denied, or reviewed, according to settings we have selected. We also report to the third-party if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us. If you set your browser or device to reject these cookies or tokens, we may not be able to authenticate your device or conclude some transactions through our website or application. We share with the third-party referenced above only information about the device you are using, which may also have been used or appropriated by others, and do not identify you or reveal the details of your transaction to the third-party. If your requested transaction is declined, or if you have questions about our use of an authentication or device reputation service, please contact Customer Service at firstname.lastname@example.org. To authenticate your device, you may be required to input a one-time confirmation code into your device. By using our Services, you agree that we, or anyone else on our behalf, may send you such confirmation codes by email or text message. Your wireless carrier may charge standard text message and/or other data rates for such messages.
Changing or Deleting Your Information
Company shall provide mechanisms for you to directly review, edit or delete the personal profile portions of your Personally Identifiable Information on or stored through the Services, provided that all such information is subject to any applicable record retention policies that we may have in place as well as any legal or regulatory requirements to retain such information. If you wish to request the deletion of other Personally Identifiable Information in our system, please contact us at email@example.com. Subject to any legal or regulatory obligation to retain this information, we will endeavor to accommodate your request in a timely manner. We may decline to process requests because such requests are unreasonably repetitive or relate to information that is incorporated into other databases or Services as permitted by this Privacy Notice, jeopardize the privacy of others, or would be impractical (for instance, requests concerning information residing on backup tapes or derivative information that is not separable). Because of the way we maintain certain Services, we may choose to limit access to Personally Identifiable Information rather than delete it from our active servers and back-up systems.
Cookies and Other Files
Your browser automatically reports log file information each time you access a web page. When you use the Services, our servers record certain information that your web browser sends whenever you visit any website or utilize any other services or applications. These server logs include information such as your web request, IP address, browser type, referring / exit pages and Uniform Resource Locators ("URLs"), number of clicks, domain names, landing pages, pages viewed, and other information. When you use the Services, we employ clear GIFs (also known as web beacons) or similar mechanisms that are used to anonymously track your online usage patterns. We also use clear GIFs in HTML-based emails sent to Users to track which emails are opened by recipients and those links which Users click. In addition, we employ similar tracking technologies for mobile devices to collect and store information with respect to any mobile application portions of our Services.
Hosting of Services
Our Services are hosted in the United States. Your information will not be transferred or hosted outside of the United States without your consent. If you use the Services from the European Union, Asia, or any other country outside the United States with laws or regulations governing personal data collection, use, and disclosure that differ from the laws and regulations of the United States, please be advised that through the continued use of such Services, you are transferring information to the United States and you consent to that transfer. Your information may be transferred to – and maintained on – computers located in such state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us or use the Services in such jurisdiction, you are consenting and agreeing to such transfer and the processing of the information in such jurisdiction which may subject you to the laws of such jurisdiction with respect to your information.
Your California Privacy Rights
California law permits residents of California to request certain details about what personal information a company shares with third parties for the third parties' direct marketing purposes. We do not share your Personally Identifiable Information with third parties for the third parties' own and independent direct marketing purposes unless we receive your permission.
Our Policy Toward Children
In order to use our Services you must represent and warrant that you are over the age of 18 in the signup process. Children under the age of 18 are not eligible to use the Services and must not attempt to sign-up with the Services and/or submit any personal information to us. We do not knowingly collect personal information from any person who is under the age of 18 or allow them to sign-up. If it comes to our attention that we have collected personal data from a person under the age of 18, we will delete or suppress this information as quickly as possible.
We have enabled the following Google Analytics Advertising Features:
All information we and our third-party vendors collect using first-party cookies (such as the Google Analytics cookie) or other first-party identifiers and third-party cookies (such as Google advertising cookies) or other third-party identifiers together will be used for marketing purposes.
In order to opt out from this collection through Google products and manage the data collected through Google, you can do the following:
If you want to learn more about how Google Analytics collects and uses your information, go here (link: https://support.google.com/analytics/answer/6004245). If you want to learn more about how Google analytics is commonly used by Google partners or how to control the information you send to Google, go here (https://www.google.com/intl/en/policies/privacy/partners).
Links to Other Services and Applications
Our Services contain links to, interoperate with, and allow you to share content to and from third party services, websites, and applications. The fact that we link to a website, service, or application or allow you to share content through these third parties is not an endorsement, authorization, or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. Other websites, services, and applications follow different rules regarding the collection, use, storage, or disclosure of personal and other information. We encourage you to read the privacy policies or statements of the other websites, services, and applications you use.
Limitation of Liability
Even though Company has taken reasonable commercial steps and efforts to prevent Personally Identifiable Information and other information covered by this Privacy Notice from being accessed, used, intercepted, or disclosed by unauthorized individuals in violation of this Privacy Notice, you should know, and you acknowledge that Company cannot fully eliminate security risks associated with your information. You expressly acknowledge and agree that uploading, posting, providing, storing, using, analyzing, transmitting, sharing and/or allowing access to Personally Identifiable Information and other information on, through, in, or to the Services, and the use of all such Services, are all done at your risk and responsibility. You expressly acknowledge that Company is not liable for (i) any special, indirect, consequential, incidental or punitive damages, costs, or liabilities whatsoever arising out of or resulting from your use of the Services, including from uploading, posting, providing, storing, using, analyzing, transmitting, sharing, and/or allowing access to Personally Identifiable Information and other information; or (ii) any loss, disclosure or use of your Personally Identifiable Information or other information.
If you have any questions about this Privacy Notice, please contact us at firstname.lastname@example.org.