VeriFacts, LLC’s Privacy Policy

Last Updated: May 12, 2022

I. Introduction

VeriFacts, LLC (“VeriFacts”) is a company located in Sterling, Illinois, U.S.A., that is engaged in the business of providing the financial services industry with high quality, guaranteed consumer location information. Our business uses sophisticated methods for locating individuals.

This Privacy Policy applies to VeriFacts’ online and offline information gathering and dissemination practices in connection with this website (collectively, the “Site”) and personal information collected or received through other means. We do not knowingly attempt to solicit or receive information from children or from persons residing outside the U.S.A.

If you have arrived at this Privacy Policy by “clicking” on an authorized link directing you to a Site operated by VeriFacts, then this Privacy Policy applies to you and such Site. This Privacy Policy does not apply to any website owned and/or operated by or on behalf of any third party, even if we provide a link to such website on our Site.

Use of our Site is strictly limited to persons who are of legal age in the jurisdictions in which they reside. You must be at least eighteen (18) years of age to use our Site. If you are not at least 18 years of age, please do not use or provide any information through this Site.

This Privacy Policy describes VeriFacts’ policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.

Any questions regarding this Privacy Policy may be directed to VeriFacts using the contact information provided below.

II. What Personal Information Do We Collect, From Where, and Why?

The following is a description of: (i) the categories of Personal Information we may have collected in the preceding 12 months; (ii) the sources from which we may have collected it; and (iii) the purposes for which we may have collected it.

VeriFacts does not knowingly collect Personal Information of minors under 18 years of age.

A. Information that You provide to us directly.

We do not collect information from you when you use this Site, unless you voluntarily provide it to us.

Should you voluntarily choose to submit or otherwise disclose Personal Information to us, including information submitted or disclosed by mail, e-mail, telephone, fax, or electronically, it is governed by this Privacy Policy.

If you initiate contact or correspond with us, we may keep a record of your contact information and correspondence, and we reserve the right to use your contact information, and any other information that you provide to us in your message, for the purpose of responding to you and to optimize customer service and resolve your inquiry or concern. If you wish to change or correct any information voluntarily submitted to us, please do so by contacting us in the manner described below.

Individuals registering for job notifications or applying for an open position with VeriFacts may provide information through links located on this Site, but those links take the user to third party sites that are outside of this Privacy Policy and are instead governed by that Site’s own separate privacy policy.

B. Information from Third Parties acting on your behalf.

We may receive Personal Information contained in communications with parties other than a consumer, such as a consumer’s spouse, parent or guardian if the consumer is a minor child, power of attorney, attorney or other authorized representative.

C. Information we receive from the Clients we service.

We receive Personal Information about consumers from our clients that are requesting location services for those consumers. This information typically may include the consumer’s full name, residential address and phone number, employer name, address, and phone number, consumer’s date of birth and social security number, and the client’s account number associated with the consumer. We use this information to attempt to verify a location – residential or employment – associated with the consumer in order to fulfill our responsibilities to our clients.

D. Service Providers

We may receive Personal Information about consumers from our Service Providers. Service Providers are persons or entities that we contract with to provide a material service in connection with our attempt to verify a location associated with a consumer – residential or employment – in order to fulfill our responsibilities to our client. This information typically includes information such as a consumer’s full name, residential address and phone number, employer name, address and phone number, social security number and date of birth.

E. Information we receive from Credit Reporting Bureaus.

In our capacity as a limited agent of our clients, we receive Personal Information provided by one or more of the major Credit Reporting Bureaus in response to a soft credit bureau inquiry. A soft credit bureau inquiry does NOT affect a consumer’s credit score in any way nor is it visible to anyone but the consumer. This information usually includes the consumer’s full name, residential address and phone number, employer name, address and phone number, social security number and date of birth. We use this information to attempt to verify a location – residential or employment – associated with the consumer in order to fulfill our responsibilities to our clients, who already do business with the consumer.

F. Information we receive from Employers.

We may receive Personal Information about consumers from the consumer’s employer. We use this information to attempt to verify an employment location or status associated with the consumer in order to fulfill our responsibilities to our clients.

G. Information collected by use of this Site.

VeriFacts has disabled on its Site the option to collect and store the user’s information, such as internet protocol (IP) addresses, the region or general location where the user’s computer or device is accessing the internet, browser type, operating system and other usage information such as a history of the pages the user views.

(i) Cookies, Pixel Tags, and Web Beacons

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). We use limited cookies to optimize Site functionality and give users the best possible experience. Most or all browsers permit you to disable or reject cookies. You can do this by adjusting your preferences in the browser.

(ii) Analytics Information

The web servers that serve the Site may gather certain navigational information about where visitors go on our Site and information about the technical efficiencies of our Site and services. In the process of gathering navigational information, anonymous information may be collected by the web servers which will provide information regarding a visitor’s use of our Site. Anonymous information means information that does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples of anonymous information may include information about a consumer’s internet browser, domain type, service provider and IP address information collected through tracking technologies and aggregated or de-identified data. We use this information to operate, maintain, and provide to consumers the features and functionality of the Site.

III. When and What Personal Information Do We Share With Others?

A. We Do Not Sell Your Personal Information to Third Parties

VeriFacts does not, and will not, sell to third parties for their own use any of your Personal Information. There have been no sales of Personal Information to Third Parties for their own use or further disclosure in the past 12 months.

VeriFacts does not knowingly sell Personal Information of minors under 18 years of age, and would not sell the personal information of a minor under 16 years of age without first obtaining affirmative authorization.

B. Sharing Personal Information with Clients Pursuant to a Written Contract Through Which We Serve as a Service Provider

We may provide your Personal Information to our clients in the financial services industry that engage us as a Service Provider, through a written contract, for the purpose of attempting to confirm and provide verified location information for you. The types of Personal Information we may share with our clients are full name, date of birth and social security number, residential address and phone number, current employer name, address, and phone number, and current employment status.

C. Sharing Personal Information with Service Providers That Help Us Perform Our Business Purposes.

We may provide your Personal Information to other persons or entities that we contract with, referred to as Service Providers, to provide a material service in connection with our attempt to verify a location associated with you – residential or employment – in order to fulfill our responsibilities to our client. We include within this category, credit bureaus.

Our Service Providers may receive or have access to your Personal Information only to fulfill a specific business purpose authorized in their contract with us, such as:

Assisting us to fulfill our responsibilities to our clients by providing data regarding a potential consumer location – residential or employment;
Hosting or maintaining our website;
Providing data processing or data security services; or
Providing operational or technical support.

We restrict our Service Providers from accessing or using your Personal Information for any purpose other than as reasonably necessary to perform a business purpose that VeriFacts authorizes in the contract, and your Personal Information will not be further used by our Service Providers or disclosed to any Third Party.

D. Sharing Personal Information with Employers.

We may provide your Personal Information to an entity that has been identified as your employer. This information is disclosed in connection with our attempt to verify an employment location associated with you in order to fulfill our responsibilities to our client, to whom we act as a Service Provider.

E. Sharing Personal Information at Your Request

We may share your Personal Information with third parties upon your request or direction to do so, and after receiving your written authorization (or that of your authorized agent).

F. Sale of our Company or Company Assets.

In the event of a sale, assignment or transfer of our assets or of any portion of our business, we reserve the right to transfer any and all information, including Personal Information, collected from individuals and other sources, or that we otherwise collect in connection with the Site, to unaffiliated third party purchasers.

G. Monitoring, Enforcement and Legal Requests.

VeriFacts reserves the right, at all times, to monitor, review, retain and/or disclose any collected Personal information, as necessary, to satisfy any applicable law, regulation, legal process or governmental request or to cooperate with law enforcement and other authorities in investigating a claim of illegal activity.

H. Internal Use and Research.

VeriFacts reserves the full and unrestricted right to use and disclose de-identified information; anonymized information; aggregated information or publicly available information that has not been combined with nonpublic Personal Information for purposes including, but not limited to, VeriFacts’ own internal use, data mining, and research.

IV. Other Sites/Third Party Links.

Our Site may include links to third party websites that have different and separate privacy policies. We have no control over the content of those linked sites, and no liability for their content, business practices, or treatment of your information.

Please be aware that when you click on links and visit third party websites, this Privacy Policy does not apply. This Privacy Policy only addresses our use and disclosure of information that we collect. To the extent that you disclose personal or non-personal information to other sites, you are subject to the privacy policies and practices of those sites.

V. How Do We Protect Your Personal Information?

VeriFacts takes reasonable security measures and implements policies and procedures designed to protect your Personal information in our possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

We maintain physical, electronic and procedural safeguards designed to protect against the unauthorized disclosure of Personal Information, and Personal Information is disposed of properly and securely utilizing industry standards. VeriFacts’ employees receive privacy and security training upon hire and yearly thereafter and are strictly prohibited from unlawfully disclosing or using Personal Information. Our data security and privacy policies and procedures are periodically reviewed and modified as necessary.

VI. Your Consent and Changes to our Privacy Policy

By using our Site, you consent to our Privacy Policy and the use of your information in the manner specified in this Privacy Policy. This Privacy Policy may change periodically, so please check back from time to time. If we decide to change our Privacy Policy, we will post those changes on the Site, and update the Privacy Policy modification date. By your continued use of the Site, you consent to the terms of the revised policy.

VII. Have Questions About This Policy? Need to Contact Us?

If you have any questions or comments about this Privacy Policy or our practices, please contact us as follows:

VeriFacts, LLC

https://vfacts.com

1980 Industrial Dr
Sterling, IL 61081
USA

compliance@vfacts.com

800-542-7434

** THE INFORMATION BELOW APPLIES ONLY TO CALIFORNIA RESIDENTS **

VIII. Your Rights Under The California Consumer Privacy Act.

A. General Overview of CCPA Rights.

The California Consumer Privacy Act (“CCPA”) took effect on January 1, 2020, and grants a new set of privacy rights to California consumers, including:

A consumer right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
A consumer right to access the personal information collected and retained by the business;
A consumer right to require businesses and, by extension, their service providers, to delete personal information, subject to certain exceptions;
A consumer right to opt-out of the sale of personal information by directing a business that sells it to stop selling it. A business cannot sell the personal information of a child under the age of 16 unless he/she first provides affirmative opt-in consent, with a parent or guardian required to provide that consent for a child under the age of 13; and
A consumer right to non-discrimination in terms of pricing or service for choosing to exercise a privacy right under the CCPA.

A business subject to the CCPA that collects a California consumer’s personal information must, at or before the point of collection, inform the consumer as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A service provider that receives or collects the consumer’s personal information on behalf of or at the direction of a business with which it has a qualified written contract, and for the business purpose designated in that contract, may not be required to provide a notice of collection to the consumer, but the service provider may not further disclose the collected personal information or use it for any other purpose, and may not sell it to third parties without first either notifying the consumer and providing right to opt out of the sale, or obtaining proof that the source of the personal information notified the consumer at or before the time of collection.

A covered business must disclose and deliver the personal information the business collected about the consumer in response to a verifiable consumer request.

For purposes of the CCPA, “Personal information” does not include:

Publicly available information from government records;
De-identified or aggregated consumer information; or
Information excluded from the CCPA’s scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

B. Right to Know.

A business subject to the CCPA must disclose in its privacy policy the personal information it has collected, sold, or disclosed for a business purpose in the past 12 months.

Collection: A business that collects personal information must disclose, in response to a verifiable consumer request, the following:

The categories of personal information the business has collected about the consumer;
The categories of sources from which that personal information is collected;
The business or commercial purpose for collecting or selling personal information collected from consumers;
The categories of third parties with which the business shares personal information;
The specific pieces of personal information the business has collected about the consumer making the request;

Sale: A business that sells a consumer’s personal information or discloses a consumer’s personal information for a business purpose must disclose, in response to a verifiable consumer request, the following:

The categories of personal information the business has collected about the individual consumer
The categories of personal information the business has sold about the consumer and categories of third parties to which the personal information was sold by category or categories of personal information for each third party to which the personal information was sold. Or, if the business has not sold any consumer personal information, it must state that fact.
The categories of personal information the business has disclosed about the consumer for a business purpose. Or, if the business has not disclosed any consumer personal information for a business purpose, it must state that fact.

C. Right to Delete.

A California consumer has the right to request that a business delete his/her Personal Information, subject to certain exceptions. Once a request is reasonably verified, the Personal Information requested to be deleted must be removed from the records held by that business, and the business must direct its Service Providers to also delete the information, unless the Personal Information requested to be deleted is subject to an exception.

A request to delete may be denied if retaining the information is necessary for the business or its Service Providers to:

Complete the transaction for which it collected the personal information, provide a good or service requested by the consumer, take action reasonably anticipated within the context of the ongoing business relationship with the consumer, or otherwise perform a contract with the consumer.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business.
Comply with a legal obligation.
Make other internal and lawful uses of the information that are compatible with the context in which the consumer provided it.

D. Right to Non-Discrimination.

A business must not discriminate against a consumer who exercises his or her CCPA rights. A business may charge different prices or provide a different quality of goods or services, but only if the difference is reasonably related to the value provided to the consumer by the consumer’s data. A business may offer financial incentives to a consumer for the collection, sale, or deletion of personal information on a prior, opt-in consent basis.

E. Right to Opt-Out.

A business that sells Personal Information to third parties needs to provide notice to consumers and clearly inform the consumers of the right to opt out of the sale. A business that sells Personal Information must provide a “Do Not Sell My Personal Information” link on its internet homepage that links to a webpage that enables the consumer to opt out of any sale of the consumer’s Personal Information.

A business is prohibited from selling the Personal Information of a consumer the business knows is less than 16 years of age, unless:

If the child is between 13 and 16 years of age, he or she has affirmatively authorized the sale of his or her Personal Information; or
If the child is less than 13 years of age, his or her parent or guardian has affirmatively authorized the sale of his or her Personal Information.

F. Privacy Policy Requirements.

A business must include in its online privacy policy, or in any California-specific description of consumer privacy rights, the following information, and update the policy no less than every 12 months:

A consumer’s CCPA rights, including the right to opt out of the sale of Personal Information and a separate link to a “Do Not Sell My Personal Information” internet Web page if the business sells personal information;
The method(s) by which a CCPA request can be submitted; and
A list of the categories of Personal Information the business has collected, sold, or disclosed for a business purpose in the preceding 12 months

IX. How Do I Exercise My CCPA Rights?

A. Instructions for Submitting a CCPA Request to VeriFacts.

Should you wish to exercise any of your CCPA rights, such as a Request to Know or a Request to Delete your Personal Information, you may submit your request to VeriFacts using one of the following methods:

Fill out a Form on our Website: https://vfacts.com/privacy/ccpa-requests/

For CCPA Inquiries Only, Call us, Toll-Free, at: 1-844-797-8656

We will confirm receipt of your Request to Know or Request to Delete within 10 days of receiving it. Along with that confirmation, we also will provide a ticket number for your request, information about how VeriFacts will process and attempt to verify your request, and by when you should expect to receive a response.

Please be advised that we are only required to respond to your request to know – for access or data portability – two times in any 12-month period.

We are required to keep records of your CCPA request for at least 24 months, including any assigned ticket number, the request date and nature of the request, the manner in which the request was made, the date and nature of our response, and the basis for the denial of the request if the request is denied in whole or in part.

B. VeriFacts Needs to Verify Your CCPA Request.

VeriFacts needs to be reasonably sure that the person making the request regarding your Personal Information is you, or a representative that you have authorized to make a request on your behalf.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or your authority to make a request regarding another person’s Personal Information. Accordingly, at the time you submit your request, we will request that you provide us certain information, such as your full name, date of birth, and address, that will allow us to attempt to reasonably verify you are either the person about whom we collected personal information or an authorized representative of that person.

To the extent possible, we will not ask you for new personal information for the purpose of verification, but will instead use the verification data you provide to cross-check information available in our existing records. If we are unable to verify your request without requesting new personal information, we will delete that new information as soon as practical after processing your CCPA request, except as may be required to comply with the CCPA’s request record retention requirements.

We will never require you to create an account with us in order to verify your request. We will only use Personal Information you provide to us during the verification process for the purpose of verifying your identify or your authority to make the request for another person.

Please note that certain requests require different levels of verification, depending on the sensitivity of the information at issue. For example, if you request to know the specific pieces of information we hold, and not just the categories, we will require, in addition to matching data points, your submission of a written declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. In addition, certain pieces of information, such as a social security number, driver’s license number or other government-issued identification number or financial account number, will not be disclosed in response to a CCPA request.

If you wish to authorize someone else to act on your behalf in connection with your CCPA rights, we must receive proof that this person is authorized to do so. Proof can be provided by a consumer verifying his/her own identity directly with us and then providing written authority for a designated person to act on the consumer’s behalf, or through receipt of a power of attorney or proof that the person is registered with the California Secretary of State as your designated authorized representative. You may also make a verifiable consumer request on behalf of your minor child.

C. Our Response To Your CCPA Request.

Within 10 days of receipt of your Request to Know or Request to Delete Personal Information, we will provide an initial confirmation of receipt with an assigned ticket number by email or U.S. Mail.

If you submit a Request to Delete, we will re-confirm your choice to delete the specified information after verifying your request.

VeriFacts strives to provide a response to a verifiable consumer request within 45 days of receipt of the request, regardless of the time it takes to verify the request. If we need additional time, we will inform you of the reason and length of the extension period (not to exceed 90 days from receipt of your request, in total).

We will send our response to your request by U.S. mail or email, at your option. Any information we provide will cover only the 12-month period preceding receipt of your request.

If we cannot respond to or comply with your Request to Know or Request to Delete, say because we cannot verify your identity or because an exception applies, we will explain our reasoning and decision in our response.

For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded, and we have informed you in writing of the reasoning behind a charge and its estimated cost. We will provide a cost estimate before completing your request if we determine that a charge is warranted.

X. How Do I Ask Questions or Contact VeriFacts Regarding a Pending CCPA Request?

If you have any questions about VeriFacts’ CCPA compliance practices or a pending CCPA request you have submitted, please contact us as follows, and be prepared to provide your ticket number, if applicable: