Privacy Policy

If you are a California resident, please see the below or click here for HOVG, LLC dba Bay Area Credit Service’s California Supplemental Privacy Statement listed below.

REVISED: July

HOVG, LLC DBA BAY AREA CREDIT SERVICE ("Company")

This Privacy Policy defines Company objectives for securing and protecting personally identifiable information and other information.

The types of personal data includes names, addresses, phone numbers, birthdates, social security numbers, tax identification numbers, national insurance numbers and financial account numbers.

How BACS Receives Your Information

BACS may receive your personal information through a number of ways, including:

• As information you provided directly in a response to a call we have placed to you or a letter we mailed to you.
• From your service providers / our clients, (such as a healthcare provider, state agency or commercial business) during the course of our contracted business relationship with them.
• As information you provided as a visitor to The Company's website or chose to send to us in connection with an inquiry or request.
• From our vendors, (such as a credit reporting agency or enrichment vendor) during the course of our contracted business relationship with them.

The types of personal information we receive may include:

• Contact information and other identifiers, such as name, address, phone number, email address, government-assigned identifier, or bank account and or credit or debit card number and information, as required to provide our services
• Demographic information, such as date of birth, gender, and marital status.

POLICY/PROCEDURE

I. OBJECTIVES

The Company adheres to Federal, State and Local regulatory and customer privacy requirements.

In connection with services we provide, the Company may collect the following types of information:

• Personally Identifiable Information. Names, addresses, email addresses, phone numbers, birthdates, social security, tax identification, financial account, national insurance numbers and company information.
• User Communications. When an email or other communication is sent to the Company, these communications may be retained in order to process inquiries, respond to requests, and improve overall services.
• Affiliated Websites. Personal information that a visitor may provide to websites affiliated with the Company may be sent to the Company in order to respond to correspondence or requests (like the Consumer Financial Protection Bureau, Better Business Bureau or Credit Reporting Agencies) or other entities affiliated with the Company. The Company processes such information in accordance with this Policy.

The Company reserves the right to collect and process personal information in the course of providing services to our clients without the knowledge of individuals involved. Where The Company collects personal information from individuals within California, upon request, The Company will inform them about the types of personal information collected from them, the purposes for which it was collected, and uses of the information, and the types, of non-agent third parties to which The Company discloses that information where applicable.

As a general rule, The Company will not disclose personally identifiable information except when The Company is required or permitted per customer agreement, law (including pursuant to national security of law enforcement requirements) or otherwise, such as when The Company believes in good faith that the law requires disclosure or other circumstances outlined in this Privacy Policy require or permit disclosure.

The Company may share information with governmental agencies or other companies assisting in fraud prevention or investigation. The Company may do so when: (1) permitted or required by law; (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions, or, (3) investigating fraud which has already taken place. This information however, is not provided to these companies for marketing purposes.

Permitted transfers of information, either to third parties or within The Company, include the transfer of information from one jurisdiction to another, including transfers to the United States from other countries Subject to the applicable legal requirements, including UDAP and the FDCPA, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the personal information is collected or accessed.

The Company takes reasonable steps to protect personally identifiable information. To prevent unauthorized access or disclosure of personally identifiable information, maintain data accuracy, and support the appropriate use and confidentiality of personally identifiable information, either for its own purposes or on behalf of our clients, The Company has put in place appropriate physical, technical, and managerial procedures to safeguard and secure the personally identifiable information and data The Company possesses.

The Company collects and maintains personally identifiable information in a manner that is compatible with the purpose for which it was collected and maintained, or as subsequently authorized by an individual or client. To the extent necessary for such purposes, The Company takes reasonable steps to confirm that personal information is accurate and complete with regard to its intended use.

Whenever The Company is processing personal data, it will take reasonable steps to keep personal data accurate and up-to-date for the purposes for which they were collected. It will provide data subjects with the ability to exercise the following rights under the conditions and within the limits set forth in the law.

If you wish to contact us regarding the use of your personal data or you want to object in whole or in part to the processing of your personal data, please contact us. If you have provided consent, you may withdraw consent. You may also request, subject to confidentiality obligations, to:

1. access your personal data as processed by The Company;
2. ask for correction or erasure of your personal data; and
3. request portability, where applicable, of your personal data, i.e. that the personal data you have provided to The Company, are returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format.

This Privacy Policy shall be reviewed annually and updated as necessary to comply with applicable regulations.

The Company will post any revised Privacy Policy on its website, or a similar website that replaces that website.

Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice provided to the client, any contract or other agreement with the client, and application enforcement laws.

The Company will cooperate with the appropriate regulatory authorities, including local data protection regulatory authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between The Company and an individual.

California Supplemental Privacy Statement for California Residents ONLY

REVISED: July

This Privacy Notice for California Residents ("PNCR") supplements the information contained in HOVG, LLC dba Bay Area Credit Services' ("BACS") Privacy Policy and applies solely to individuals who reside in the State of California ("individuals" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 ("CCPA") and any terms defined in the CCPA have the same meaning when used in this notice.

The purpose of this PNCR is to provide individuals with a description of BACS' online and offline practices regarding the collection, use, disclosure, and sale of personal information and of their rights regarding their personal information.

Categories of Personal Information Collected

The specific categories of personal information we may have collected about you is dependent on a variety of factors including, but not limited to, the circumstances surrounding why we may have been in contact with you. Generally, we collect personal information about individuals who are our employees, job applicants, prospective clients, customers of our clients, individuals who may be able to provide location information for customers of our clients, or individuals who have visited our website(s). Accordingly, in the preceding twelve (12) months, BACS may have collected the following categories of personal information about you, as applicable:

• Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers;
• Personal information, including but not limited to, signature, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information;
• Characteristics of protected classifications under California or federal law;
• Biometric information;
• Geolocation data;
• Professional or employment-related information;
• Education information; and/or

If applicable, BACS collected, utilized, and shared these categories of personal information in accordance with BACS' general Privacy Policy, as described above.

Your Rights Under the CCPA

This section describes your rights under the CCPA and explains how to exercise those rights.

1. Right to Know About Your Personal Information

You have the right to request that we disclose to you certain details about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting that personal information.
• The categories of third parties with whom we share your personal information, if applicable.
• The business or commercial purpose for which we disclosed the category of personal information

2. Right to Delete Your Personal Information

You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform your contract with our client.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code  1546 et. seq.).
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and/or our clients.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Submitting a Request Under the CCPA

To exercise your rights described above, you will need to submit a verifiable consumer request. We offer two (2) methods to submit your request:

Click on this link to submit online form or

Call us toll free at (800) 895-3116

Only you may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will be unable to respond to a request, or provide you with personal information, if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The type of information needed to verify your identity is dependent on the circumstances surrounding why we may have been in contact with you. Generally and for most individuals, however, your name, address, phone number, and your BACS account number will likely be necessary for us to verify your identity.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

We will deliver our written response to you electronically or by mail, at your option.

Our response to a verifiable consumer request will only cover the 12-month period preceding our receipt of your verifiable consumer request.

If we are unable to comply with a request, we will provide a response which explains the reason(s) we are unable to comply with a request, if applicable.

No Sale of Personal Information

BACS does not and will not sell your personal information to third parties, unless you direct us to do so.

No Discrimination

BACS does not discriminate against consumers who exercise their rights provided by the CCPA.

Changes to Our Privacy Notice for California Residents

BACS reserves the right to amend this Privacy Notice for California Residents at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website(s) and update the PNCR's effective date.

Contact us for More Information

If you have questions or concerns about BACS Privacy Policies or practices, or the Privacy Notice for California Residents, you can contact us at: consumerprivacy@bayareacredit.com.