Version 2.0 – Effective Date 10/9/2020

PORTE™ CALIFORNIA PRIVACY POLICY

The State of California requires that we provide privacy information for individuals that are residents of California. If you are not a resident of California, you can disregard this document.

For California residents, here is a summary of what you will learn from this privacy policy:

  1. Personal Information We Collect
    1. What Personal Information Does Not Include
    2. Categories of Personal Information Collected
    3. How We Obtain Your Personal Information
    4. How We Use Your Personal Information
    5. How We Share Your Personal Information
    6. Sale of Personal Information
  2. Your Rights Under the California Consumer Privacy Act of 2018
    1. Right to Know
    2. Right to Delete
    3. Right to Opt-Out
    4. Right to Non-Discrimination
  3. Submitting a Request to Know or Request to Delete
    1. How to Submit a Request
    2. Authorized Agents
    3. Response Timing and Delivery Method
  4. MetaBank®, National Association and Netspend Corporation
  5. Do Not Track Signals/Global Privacy Controls
  6. Social Media
  7. Changes to this California Privacy Policy
  8. How to Contact Us

Below is the legal information we are required to share:

This California Privacy Policy, a copy of which can be found at www.portebanking.com, supplements the MetaBank privacy policy, which is the principal privacy policy governing your Porte card program and can also be found at www.portebanking.com, and applies solely to visitors, users, and others who are residents of the State of California ("consumers" or "you"). We adopt this privacy policy to comply with the California Consumer Privacy Act of 2018 ("CCPA") and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this privacy policy.

  1. PERSONAL INFORMATION WE COLLECT

    We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer ("personal information").

    1. What Personal Information Does Not Include

      Personal information does not include:

      • Publicly available information from government records
      • De-identified or aggregated consumer information
      • Information excluded from the CCPA, including:
        • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the California Confidentiality of Medical Information Act ("CMIA") or clinical trial data;
        • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act ("FCRA"), the Gramm-Leach-Bliley Act ("GLBA") or California Financial Information Privacy Act ("FIPA"), and the Driver's Privacy Protection Act of 1994 ("DPPA").
    2. Categories of Personal Information We Collect

      In the last 12 months, we collected the following categories of personal information:

      • "Identifiers" such as such as name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account number, Social Security number, driver’s license number, government identification number, passport number, or other similar identifiers;
      • "Other Personal Information" such as name, signature, Social Security number or taxpayer identification number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, bankruptcy status, bank account number, credit card number, debit card number, or any other financial information, or medical information. Some personal information included in this category may overlap with other categories;
      • "Protected Characteristics" under California or federal law for classifications such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status;
      • "Commercial Information" such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
      • "Internet or Network Activity" such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement;
      • "Biometric Information" such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, or gait;
      • "Geolocation Data" such as physical location or movements;
      • "Sensory Data" such as audio, electronic, or visual information;
      • "Professional or Employment Related Information" such as current or past job history or performance evaluations; and
      • "Inferences" such as a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    3. How We Obtain Your Personal Information:
      Directly from you

      You enter or provide us with information online, in our mobile application, by email, by phone, or by document upload

      Directly and indirectly from you based on activity on our website or mobile application For example, from submissions through our website or mobile application or website or mobile application usage details collected automatically

      From service providers or third parties that interact with us in connection with the products and services we provide

      Also, from businesses for whom we are a service provider

      For example, from third-party lead generation relationships, who share customer information obtained from publicly available sources or from customers who have opted-in to sharing information; from third parties who verify addresses or aid us in determining whether to use a lead; and from third parties that assist us in verifying your identity and information you provide to us or in protecting you from fraud and identity theft
    4. How We Use Your Personal Information:

      We may collect, use, or disclose the personal information we collect for one or more of the following purposes:

      1. Performing services on behalf of us or our service provider, including maintaining or servicing accounts, providing customer service, processing transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of us or our service providers. This includes:
        1. to fulfill or meet the reason for which the information is provided;
        2. to provide you with information, products, or services that you request from us;
        3. to provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you; and
        4. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
      2. Undertaking internal research for technological development and demonstration;
      3. Debugging to identify and repair errors that impair existing intended functionality;
      4. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
      5. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
      6. Undertaking activities to verify or maintain the quality or safety or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business;
      7. For short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise to alter your experience outside the current interaction, including, but not limited to, the contextual customization of advertisements shown as part of the same interaction; and
      8. To comply with our legal or regulatory obligations.

      We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

    5. How We Share Your Personal Information:

      We may disclose your personal information to a business for whom we are a service provider, our service providers or a third party for a business or commercial purpose. When we disclose personal information to a service provider, we enter into a contract that describes the purpose and requires the service provider to both keep the personal information confidential and not use it for any purpose except performing the services described in the contract or as provided for in the CCPA. Examples of who we share personal information with include:

      • Businesses for whom we are a service provider;
      • Our service providers; and
      • Third parties:
        • With our affiliates we share personal information of the following categories: Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Geolocation Data, Sensory Data, Professional or Employment Related Information, and Inferences.
        • With our banking relationships we share personal information of the following categories: Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Geolocation Data, Sensory Data, Professional or Employment Related Information, and Inferences.
        • With government entities we share personal information of the following categories: Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Geolocation Data, Sensory Data, Professional or Employment Related Information, and Inferences.
        • With our program processors/servicers, we share personal information of the following categories: Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Geolocation Data, Sensory Data, Professional or Employment Related Information, and Inferences.
        • With advisors such as lawyers, accountants, banks, and insurers, we share personal information of the following categories: Identifiers, Other Personal Information, Protected Characteristics, Commercial Information, Internet or Network Activity, Geolocation Data, Sensory Data, Professional or Employment Related Information, and Inferences.
    6. Sale of Personal Information:

      We do not sell your personal information. We do not sell the personal information of minors under 16 years of age without affirmative authorization.

  2. YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018

    The CCPA provides consumers (California residents) with specific rights regarding their personal information—the Right to Know, the Right to Delete, the Right to Opt-Out, and the Right to Non-Discrimination. This section describes your CCPA rights and explains how to exercise those rights, if applicable.

    1. Right to Know:

      You have the right to request ("Request to Know") that we disclose certain information to you about our collection, use, and disclosure of your personal information over the past 12 months ("Right to Know"). Once we receive and verify your request, we will disclose to you:

      • For requests for Categories of Personal Information Collected and Shared
        • The categories of personal information we collected about you.
        • The categories of sources for the personal information we collected about you.
        • Our business or commercial purpose for collecting that personal information.
        • The categories of third parties with whom we share that personal information.
        • If we disclosed your personal information for a business purpose, the categories of personal information shared with each category of third-party recipients.
      • For requests for Specific Information
        • The specific pieces of personal information we collected about you.

      We may deny your Request to Know if we are unable to verify your identity or have reason to believe that the request is fraudulent. We may also deny your Request to Know if the personal information is subject to an exemption under the FCRA, the GLBA, the FIPA, or the DPPA.

    2. Right to Delete:

      You have the right to request ("Request to Delete") that we delete any of your personal information that we collected and retained, subject to certain exceptions ("Right to Delete"). Once we receive and verify your request, we will delete, de-identify, or aggregate your personal information (and direct our service providers to do the same), unless an exception applies.

      We may deny your Request to Delete if retaining the personal information is necessary for us or our service providers to:

      • complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business's ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
      • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
      • debug to identify and repair errors that impair existing intended functionality;
      • exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
      • comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
      • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses' deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
      • enable solely internal uses that are reasonably aligned with your expectations based on our relationship with you;
      • comply with legal or regulatory obligations; or
      • otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

      We may also deny your Request to Delete if the personal information is subject to an exemption under the FCRA, the GLBA, the FIPA, or the DPPA.

      Additionally, we may deny your Request to Delete if we are unable to verify your identity or have reason to believe that the request is fraudulent.

    3. Right to Opt-Out:

      Under the CCPA, you have the right to opt-out of the sale of your personal information ("Right to Opt-Out"). However, we do not sell your personal information. Further, we do not sell the personal information of minors under 16 years of age without affirmative authorization.

    4. Right to Non-Discrimination:

      You have the right to not be discriminated against for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:

      • deny you goods or services;
      • charge you higher prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
      • provide you a lower level or quality of goods or services; or
      • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  3. SUBMITTING A REQUEST TO KNOW OR REQUEST TO DELETE
    1. How to submit a request:

      To make a Request to Know or Request to Delete, please contact us by either:

      • Calling us at 877-582-1463; or
      • Visiting the "Legal & Privacy" section of the of our website, www.portebanking.com, and clicking on the California Privacy Requests link. A link for the "Legal & Privacy" section of our website can be found in the footer of our homepage.

      Only (1) you, (2) a person authorized by you to act on your behalf, or (3) an entity registered with the California Secretary of State and authorized by you to act on your behalf, may make a Request to Know or Request to Delete related to your personal information. You may also make a request on behalf of your minor child.

      You may only make a Request to Know twice within a 12-month period.

      A Request to Know or Request to Delete must:

      • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized agent. Given the sensitivity of your personal information that we collect and retain, we will need to verify your identity with at least 3 separate pieces of information such as name, address, account number, date of birth, last 4 digits of your Social Security number, phone number, etc.; and
      • describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

      For Requests to Know specific pieces of information (as opposed to categories of personal information), you will need to sign and return a declaration signed under the penalty of perjury stating that you are making the request on behalf of yourself.

    2. Authorized Agents:

      Before we can respond to a Request to Know or Request to Delete submitted by an authorized agent, we need to verify not only that person or entity’s authority to act on your behalf but also verify the identity of the authorized agent.

      If you are authorized to submit a request on behalf of a California resident, please email us at CA_privacy@portebanking.com and provide the following information:

      1. To verify your authorization to request on behalf of a California resident, please attach a copy of one or more of the following to your request email:
        • California Secretary of State authorization,
        • written permission from the California resident, or
        • power of attorney.
      2. To verify your identity, please attach copies of the following to your request email:
        • valid Government Issued ID (not expired) AND
        • a utility bill, bank statement, or similar documentation to verify your name and address.
      3. To verify the identity of the consumer for whom you are submitting the request, please (a) submit the required information by calling us at 877-582-1463 or (b) visit the "Legal & Privacy" section of our website, www.portebanking.com, and clicking on the California Privacy Requests link. A link for the "Legal & Privacy" section of our website can be found in the footer of our homepage.

      We cannot respond to your Request to Know or Request to Delete or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request to verify the requestor's identity or authority to make the request.

    3. Response Timing and Delivery Method:

      We will acknowledge receipt of a Request to Know or Request to Delete within 10 business days of its receipt. We will respond to a request within 45 days of its receipt. If we require more time (up to 45 additional days for a total of 90 days from receipt of the request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, depending on whether or not you include your email with the request submission. Any response to a Request to Know that we provide will only cover the 12-month period preceding our receipt of the request. Responses to any request that we provide will also explain the reasons we cannot comply with a request, if applicable.

      We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  4. METABANK®, NATIONAL ASSOCIATION AND NETSPEND CORPORATION

    PORTE is a deposit account established by MetaBank®, National Association, Member FDIC and serviced by Netspend. As such each of MetaBank and Netspend may have personal information if you have a PORTE deposit account. For more information about your personal information related to your PORTE account, please reach out to MetaBank and Netspend directly. MetaBank’s privacy policy can be found at www.metabank.com/privacy-policy.

  5. DO NOT TRACK SIGNALS / GLOBAL PRIVACY CONTROLS

    Our site does not respond to Do Not Track signals configured in your web browser.

  6. SOCIAL MEDIA

    We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about sharing information from those platforms and networks with us.

  7. CHANGES TO THIS CALIFORNIA PRIVACY POLICY

    We reserve the right to amend this privacy policy at our discretion and at any time. If we make material changes to this privacy policy, we will notify you by email or through a notice on our website homepage, www.portebanking.com.

  8. HOW TO CONTACT US

    If you have any questions or comments about this privacy policy, the ways in which we collect and use your personal information, your rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by:

    Privacy Support E-Mail: CA_privacy@portebanking.com
    Toll-Free Number: 877-582-1463
    Postal Address: Porte Banking
    c/o Populus Financial Group, Inc.
    Attn: Compliance
    300 E John Carpenter Freeway, Suite 900
    Irving, TX 75062