Privacy Policy

Valid from May 2nd, 2024

Privacy Policy:

Effective Date May 1, 2024


Woodforest Acceptance Solutions (“we” or “us or “our”) is committed to protecting the privacy of our users.  This Privacy Policy outlines what data we process, how we do that, how it is used, how we safeguard it, and what your rights are. This Privacy Policy applies to the data we obtain from you when you use the Site and when you use the products, services, tools, and functionality offered or made available by us, whether online (including the Site), in person, or when you otherwise interact with us (herein collectively referred to as the “Services”). The “Site” shall mean all websites, devices, and applications that we operate, the pages within each such websites, devices and applications, and equivalent, mirror, replacement, substitute or backup such websites, devices and applications, and pages that are associated with each such websites, devices, and applications.


scope and consent


By signing up for, accessing, or using our Services or by accessing our Site, you accept this Privacy Policy and consent to our collection, use, and disclosure of your Personal Data as described in this Privacy Policy. This Privacy Policy only covers our data collection, maintenance, and processing. 


We collect two types of information from you, Personal Data and Technical Data (as defined below). Although we do not normally use Technical Data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with Personal Data. In such situations, Technical Data can also be considered to be Personal Data under applicable laws, and we will treat the combined data as Personal Data. We may collect and process, for example, the following Personal Data: (i) name and contact details; (ii) e-mail address; (iii) phone number; (iv) date of birth (v) Social Security Number, (vi) invoicing and billing information; (vii) business and financial data, including but not limited to credit histories, credit scores, transaction history, and credit rates; and (viii) other Personal Data that you provide to us. The specific kind of Personal Data collected will depend on how you use the Services. Some of the Personal Data is received directly from you during your use of the Site or at the point of registration for the Services or otherwise at the beginning of and during your use of the Services, and the rest is based on the data you provide to us that is processed.


The Services use several web analytics services to compile Technical Data and reports on visitor usage and to help us improve our Services (“Technical Data”). Technical Data we gather in connection with the use of our Services may include, for example, the following data: (a) your IP address; (b) browser type and version; (c) preferred language; (d) geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; (e) operating system and computer platform; (f) the full Uniform Resource Locator (URL) clickstream to, through, and from our Services, including date and time; (g) products or services you viewed or searched for while using our Services; (h) areas of our Services you have visited; and (i) historical data regarding your use of our Services. We use various technologies to collect and store Technical Data and other information when you use the Services, including cookies. Cookies allow us to calculate the aggregate number of people use the Services and monitor the use of the Services. This helps us to improve our Services and better serve you. For more information on our use of cookies, Please see our Cookie Policy. Please note that some parts of our Services may not function properly if use of cookies are refused. If you wish to op-out of cookies, you can use Clym.io tool located at https://clym.io/blog/introducing-widget-layouts-for-website-compliance. Further, our Services may not respond to Do-Not-Track requests or headers from some or all browsers. We may also collect information from third parties, including from third party providers.


The Privacy Policy does not address, and we are not responsible for, the privacy practices of any third parties. We disclaims all responsibility for the collection, maintenance, and processing carried out by third parties, also in cases where the Services include hyperlinks to third parties’ websites.


Persons Under the Age of 18


Our Site is not directed at persons under the age of 18. Further, we do not knowingly collect or maintain personal information of persons under 18 years of age. If we learn we have collected such information, we will delete such information. To notify us that we might have any information from or about a person under the age of 18, please contact us at support@woodforestpay.com


Purpose for collecting and Use of Personal Data


There are several purposes for our collection, maintenance, and processing of Personal Data. We collect, maintain and process Personal Data to perform our contractual obligations to you and to comply with any legal obligations. Furthermore, we collect, maintain, and process Personal Data to run, maintain, and develop our business. We also use or process Personal Data and Technical Data for some or all of the following purposes:


  1. Quality of Services:

We may process information regarding the use of the Services to improve the quality of our Services (e.g. by analyzing any trends in the use of our Services). When possible, we will do this using only aggregated, non-personally identifiable data. Personal Data may also be used for research and analysis purposes in order to improve our Services.

  1. Provide Services:

We collect, maintain and process Personal Data in the first place to be able to offer the Services to you and to run, maintain, and develop our business, including providing Personal Data to affiliates and third party providers necessary to provide the Services. In some cases, Personal Data may be collected, maintained, and processed in order to carry out our contractual obligations to you. Further, if you contact our customer service, we will use the information that you provide for answering questions and solving possible issues.

  1. Communication:

We may collect, maintain and process Personal Data for the purpose of contacting you regarding our Services and to inform you of changes in our Services.

  1. Functionality of Services:

Provided the following are done in full compliance with this Privacy Policy, applicable laws, rules, and regulations, we may (a) process, analyze, and manage data to provide the Services to you; and (b) use data to analyze, develop, and improve the Services.  

  1. Share Information:

We may share information with third parties that is not personally identifying, such as aggregated or anonymized data that does not identify you or our third parties, in our discretion, where not prohibited by law.

  1. Compliance:

We may share Personal Data in response to a subpoena or similar investigative demand, court order, requests for cooperation from a law enforcement agency, self-regulatory body, or other governmental agency to establish or exercise our legal rights, to defend against legal claims, or as we reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.  

  1. Prevent Illegal Activities:

We may share Personal Data when we believe that disclosure is appropriate in order to investigate, prevent, or take action regarding any actual or suspected illegal activity or other wrongdoing, to protect and defend the rights, property, or safety of our business, our users, our employees, or others or to enforce any of our agreements or policies.


Recipients


We do not share Personal Data with third parties outside of our organization other than in connection with the performance of the Services, including, without limitation, with third party providers for the Services, unless one of the following circumstances applies:


  1. Consent:

We may share Personal Data with third parties outside of our organization when we have your explicit consent to do so. You have the right to withdraw this consent at all times.

  1. Necessity:

To the extent that third parties need access to Personal Data to perform the Services, we have taken appropriate contractual and organizational measures to ensure that Personal Data is maintained and processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

  1. Service Providers:

We may share Personal Data to authorized service providers who perform services for us (including data storage, sales, marketing and customer support services). Our agreements with our service providers include commitments that the service providers agree to limit their use of Personal Data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy. Please bear in mind that if you provide Personal Data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.

  1. Legal:

We may share Personal Data with third parties outside of our organization if we have a good-faith belief that access to and use of the Personal Data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of our customers or the public in accordance with the law. When possible, we will you about such transfer and processing.

  1. Any Other Legitimate Reason:

If we are involved in a merger, acquisition or asset sale, we may transfer Personal Data to the third party involved; however, we will continue to ensure the confidentiality of all Personal Data. We will give notice to you when your Personal Data is transferred or becomes subject to a different privacy policy as soon as reasonably possible.


Your Rights


We will handle your requests and rights in accordance with applicable law. This means there may be legal reasons why we cannot fulfill all requests. We may need to request specific information from you to help confirm your identify and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response time.


  1. Withdraw Consent:

In case the collection, maintenance, or processing of Personal Data is based on your consent, you may withdraw your consent at any time. Withdrawing your consent may lead to fewer possibilities to use the Services or the complete termination of our Services.

  1. Correction:

You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary Personal Data we have stored about you corrected or completed.

  1. Objection:

You may object to certain use of Personal Data if such information is collected, maintained, or processed for other purposes than purposes necessary for the performance of our Services to you or for compliance with a legal obligation. You may also object to any further collection, maintenance, or processing of Personal Data after previously giving consent. If you object to the further collection, maintenance, or processing of Personal Data, this may lead to fewer possibilities to use the Services or the complete termination of our Services.

  1. Access:

We offer you access to your Personal Data that we maintained or processed. This means that you may contact us, and we will inform you what Personal Data we maintain and the purposes such Personal Data is used for.

  1. Portability:

You have the right to receive your Personal Data from us in a structured and commonly used format and to independently transmit that information to a third party.

  1. Deletion:

You may also ask us to delete your Personal Data from our systems. We will comply with such request, unless we have a legitimate ground to not delete the information. We may not immediately be able to delete all residual copies from our servers and backup systems after the active Personal Data has been deleted. Such copies shall be deleted as soon as reasonably possible.

  1. Restriction:

You may request us to restrict certain maintenance or processing of Personal Data, but this may however lead to fewer possibilities to use our Services or the complete termination of our Services.


The above-mentioned rights may be used by sending a letter or an e-mail to us at the addresses set out below, including the following information: the full name, company name (if applicable), address, e-mail address, and a phone number. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded. If you consider our collection, maintenance, or processing of Personal Data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.


Storage Period


We do not store Personal Data longer than is legally permitted and necessary for the purposes of providing the Services or the relevant parts thereof. The storage period depends on the nature of the information and the purposes for collecting it. The maximum period may therefore vary per use. Typically, we will store your Personal Data for as long as you are a registered user of our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or reasonably necessary for internal reporting and reconciliation purposes. In general, your Personal Data is deleted within a reasonable time after you no longer use any part of the Services or when you make a request regarding deletion of your Personal Data.


Security


We will take all reasonable and appropriate security measures to protect the Personal Data we store and process from unauthorized access or unauthorized alteration, disclosure or destruction. We maintain all Personal Data collected through industry standard safe mechanisms. We use administrative, organizational, technical, and physical safeguards to protect the Personal Data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. If a security breach occurs despite our security measures that is likely to have negative effects to your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as reasonably possible. We use appropriate security measures to keep your Personal Data safe; however, we cannot guarantee that your Personal Data will always remain secure. We encourage you to disclose any suspected security vulnerabilities or bugs to us at support@woodforestpay.com.


Notice to California Residents


We are required by the California Consumer Privacy Act of 2018 (“CCPS”) to provide this CCPS Notice to California residents to explain how we collect, use, and share their Personal Data, and the rights and choices we offer California residents regarding our handling of their Personal Data. This CCPA Notice applies only to California residents whose interactions with us are limited to:


  1. Visiting our Site;
  2. Signing up for email alerts;
  3. Commenting on or contributing to our blogs;
  4. Establishing an account that does not include financial products or services; or 
  5. Applying for our job openings on our websites (however, note that the CCPA limits some of the privacy rights for job applicants).


This CCPA Notice does not apply to the Personal Data we collect, use, or disclose about consumers who initiate or complete the process of applying for financial products or services. This is because this information is subject is subject to the federal Gramm-Leach-Billey Act (“GLBA”) and implementing regulations of the California Financial Information Privacy Act (“FIPA”), or representatives of businesses that seek to obtain our products or services, or to provide products or services to us. We do not sell personal information. As explained in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising.


How You Interact With Us

  1. Sign up as a user/authorized business representative
  2. Establish an account


Personal Information Collection

  1. Name or Alias
  2. DOB
  3. Contact Information
  4. Device Data
  5. Online Activity Data
  6. Information Derived from device data and online activity data
  7. Any information you voluntarily provide
  8. Professional Information


Business Information Collection

  1. Business Industry
  2. High Ticket
  3. Business Payment Processing Information
  4. Locations, State
  5. EIN and or business credit
  6. Business payment preferences from payment processors
  7. Business corporation information
  8. Years in business
  9. Business contact information


CCPA – Defined Categories

  1. Identifiers
  2. Internet and network information


Sources of Personal Information

  1. You
  2. Communications
  3. Advertising
  4. Research and Development
  5. Payment Processors and Payment Service Companies


Sharing

  1. Shared with Processors
  2. Non-identifying business data is shared at our direction
  3. Collected directly by advertising partners



The below provides California residents the right to know the categories of Personal Data collected and whether we disclosed your Personal Data for business purposes in the proceeding twelve (12) months:


  1. Privacy Practices: 

We do not sell Personal Data. As explained in our Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. Please note that we may also disclose Personal Data as described in this Privacy Policy.


  1. Privacy Rights:  

The CCPA grants individuals the following rights:


  1. Information and Access. 

You can request information about how we have collected, used, and shared your Personal Data during the past 12 months. You can also request a copy of the Personal Data that we maintain about you.


  1. Deletion.  

You can ask us to delete the Personal Data that we collected or maintained about you. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination. To request access to or deletion of Personal Data please contact us at support@woodforestpay.com.  


  1. Opt-Out.  

You may request us to stop sharing your Personal Data (“op-out”, including via a user-enabled global privacy control). We cannot share your Personal Data after we receive your opt-out request unless you later authorize us to do so again. 


  1. Non-discrimination.  

We cannot deny you the Services, charge you a different price, or provide a different level or quality of the Services just because you exercised your rights under the CCPA. However, if you refuse to provide your Personal Data to us or ask us to delete or stop sharing your Personal Data, and that Personal Data or the sharing of the Personal Data is necessary for us to provide you with the Services, we may not be able to complete that portion of the Services or the Services in its entirety. 


  1. Correction.  

You have the right to ask us to correct any inaccurate information that we may have about you.


  1. Limit.  

You can direct us to only use your sensitive Personal Data (i.e. your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the Services.


  1. Identity verification.  

The CCPA requires us to verify the identity of the individual submitting a request to access or delete Personal Data before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.


  1. Authorized Agents.  

California residents can empower an “authorized agent” to submit a request on their behalf. We will require the authorized agent to have a written authorization confirming that authority.


Changes to Privacy Policy


We reserve the right to modify or amend this Privacy Policy at any time and for any reason. If we make any changes, we will notify you by posting it on our Site. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the information we collect. By using our Services, you acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of any modifications. If there are material changes to this Privacy Policy, we will notify you more directly by email or means of a notice on the home page prior to the change becoming effective. We encourage you to review our Privacy Policy periodically to stay informed about our information practices and the ways you can help protect your privacy. Your continued access or use of our website and Services following a change means you consent to the collection, maintenance, use and disclosure of your Personal Data as set out in this Privacy Policy.


Use of Services Outside the United States


Our Services are intended to be provided within the United States. Our Services are governed by the laws of the United States and are intended for your use while connected to the internet from a physical location within the United States only. We make no representation that our Services are governed by, or operated in accordance with, the laws of any other nation.


Legal Disclaimer


Woodforest Acceptance Solutions, LLC is wholly owned subsidiary of Woodforest National Bank, The Woodlands, Tx.  All logos, brands, proprietary product information and materials qualified as trademarks of Woodforest Acceptance Solutions should not be shared or disseminated without the express written permission of Woodforest Acceptance Solutions, LLC.  


Contact Us


If you have any additional questions about this Privacy Policy, or you wish to access or change your Personal Data, please contact us at support@woodforestpay.com.