PRIVACY POLICY

Here at Coviance, we take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your Personal Information. It also explains your rights in relation to your Personal Information and how to contact us or supervisory authorities in the event you have a complaint.

Key Terms

It would be helpful to start by explaining some key terms used in this policy:
We, Us, Our
Coviance, Inc.
Personal Information
Any information relating to an identified or identifiable individual
Website
www.coviance.com and all sub-domains, including app.coviance.com & Coviance Borrower Portal
Customer
Any person or entitythat is registered with Coviance to use Coviance’s services

Personal Information We Collect About You

We may collect and use the following Personal Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

Personal Information We Collect About You

Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, social security number, driver’s license number, passport number, or other similar identifiers)
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.
Characteristics of protected  classifications under California or federal law.
Commercial information(e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, geolocation data, or advertisement)
Geolocation
Professional or employment-related information
This Personal Information is required to provide services to you. If you do not provide Personal Information we ask for, it may delay or prevent us from providing services to you.

How Your Personal Information is Collected

We collect most of this Personal Information directly from you or through your financial institution — by telephone, text or email and/or via our website. However, we may also collect information:
●    From publicly accessible sources(e.g., property records);
●    Directly from a third party (e.g., sanctions screening providers, credit reporting agencies, or customer due diligence providers);
●    From a third party with your consent (e.g., your credit union/bank);
●    From cookies on our website—for more information on our use of cookies, please see our Cookies/Web Beacons section below
●    Via our IT systems, e.g.,:
○    Door entry systems and reception logs;
○    Automated monitoring of our websites and other technical systems, such as our computer networks and connections;
○    Communications systems

How and Why We Use Your Personal Information

Under data protection law, we can only use your Personal Information if we have a proper reason for doing so, e.g.,:
●    To comply with our legal and regulatory obligations;
●    For the performance of contracted services or before entering into a contract as required by the contracting parties;
●    For our legitimate interests or those of a third party, as described above; or
●    From cookies on our website—for more information on our use of cookies, please see our Cookies/Web Beacons section below
●    Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. The table below explains what we use (process) your Personal Information for and our reasons for doing so:
What we use your Personal Information for
Our reasons
To provide services
For the performance  of our contract or to take steps at your request before entering into a  contract
To prevent and detect fraud
For our legitimate  interests or those of a third party, i.e., to minimize fraud that could be  damaging for us and for you
Conducting checks to identify our customers and verify their identity

Screening for financial andother sanctions or embargoes

Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator
To comply with our  legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
To comply with our  legal and regulatory obligations
Ensuring business policies are adhered to, e.g., policies covering security and internet use
For our legitimate  interests or those of a third party, i.e., to make sure we are following our  own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information
For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable information

To comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, e.g., in relation to Improve content of the Website, Respond to inquiry
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
Preventing  unauthorized access and modifications to systems
For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you

To comply with our legal and regulatory obligations.
Updating and enhancing customer records
For the performance of our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products.
Statutory returns
To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments
To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.
Marketing our services to:
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.
For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers
External audits and quality checks, e.g., audit of our accounts
For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Who We Share Your Personal Information With

We routinely share Personal Information with:
●    Service providers we use to help deliver our services to you;
●    Other third parties we use to help us run our business;
●    Third parties approved by you;
We only allow our service providers to handle your Personal Information if we are satisfied they take appropriate measures to protect your Personal Information. We also impose contractual obligations on service providers ensuring they can only use your Personal Information to provide services to us and to you. We may also share Personal Information with external auditors, e.g., in relation to SOC certification and the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We will not share your Personal Information with any other third party.

Personal Information We Sold or Disclosed for a Business Purpose

In the preceding 12 months, we have not sold any Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

 Where Your Personal Information is Held

Information may be held at our offices and those of our third party vendors, service providers, representatives and agents as described above (see above: “Who we share your Personal Information with”).

How Long Your Personal Information Will Be Kept

We will keep your Personal Information while we are providing services to you. Thereafter, we will keep your Personal Information for as long as is necessary:
●    To respond to any questions,complaints or claims made by you or on your behalf;
●    To show that we treated you fairly;
●    To keep records required by law.
We will not retain your Personal Information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Information.

We may keep an anonymized form of your Personal Information, which will no longer refer to you, to the extent that we have a legitimate and lawful interest in doing so.

Cookies/Web Beacons

The Website uses “cookie” technology to measure Website activity and to collect information such as browser type, time spent on the Website, pages visited and other information about your visit to the Website. Cookies are also used to prefill information previously entered into forms and to customize information to your personal tastes. A cookie is an element of data that an internet site can send to your browser. Cookies are stored on your computer. We may share information about you that we collect through a cookie with third-parties who help us analyze Website data.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to: https://www.allaboutcookies.org .If, however, you do not accept our cookies, you may experience some inconvenience in your use of the Website.

We may also include small graphic images called web beacons, also known as “Internet tags” or “clear gifs,” in our webpages and email messages. We may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to the Website, to monitor how users navigate the Website, and to count how many emails that we sent were actually opened or how many particular articles or links were actually viewed.

We may also use embedded scripts on the Website. An embedded script is programming code that is designed to collect information about your interactions with the Website. It is temporarily downloaded onto your computer from our web server or a third party with whom we work, is active only while you are connected to the Website, and is deleted or deactivated thereafter.
Automatically-collected information about you, such as how you interact with the Website, may be combined with your Personal Information. If we associate any such automatically-collected information with Personal Information about you, we will treat the combined information as Personal Information

Our Services may use third party analytics and advertising cookies, for example, to help create reports and statistics on the performance of the services and to be able to present you with content tailored to your interests.  The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used.  You can opt out from the use of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add On.

Compliance with Privacy Laws

Coviance complies with the data protection and privacy laws to which it is subject. You should familiarize yourself with those laws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time. Except to the extent expressly stated otherwise in this Privacy Policy,Coviance accepts no obligations with respect to the handling of Personal Information other than those mandated by law.

Compliance with Privacy Laws

Coviance complies with the data protection and privacy laws to which it is subject. You should familiarize yourself with thoselaws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time. Except to the extent expressly stated otherwise in this Privacy Policy, Coviance accepts no obligations with respect to the handling of Personal Information other than those mandated by law.

California Privacy Rights

The California Consumer Privacy Act (“CCPA”)provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Customers with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of thatsale. Finally, a business cannot discriminate against you for exercising a CCPA right.

When offering services to its Customers,Coviance acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Customers in order for us to provide services. Please direct any requests foraccess or deletion of your Personal Information under the CCPA to the business with whom you have a direct relationship. If you are unsure what business you have a direct relationship with, you may follow up to ask who the business is.There may be instances where we may not be able to provide that information. To contact us about CCPA requests, see Contact information listed below.

Keeping Your Personal Information Secure

We have appropriate security measures in placeto prevent Personal Information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your Personal Information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We employ encryption technologies to protect Personal Information and maintain a current data flow diagram identifying the flow of Personal Information.

Third Party Websites

There may be hyperlinks on the Website to other websites or locations that are operated and controlled by third parties(“Third Party Websites”). These Third-Party Websites may solicit Personal Information from you. We make no representations regarding the policies or business practices of such Third Party Websites and encourage you to familiarize yourself with their privacy policies before providing them with your Personal Information.

Children’s Online Privacy

Our Website is not intended for children under the age of 13. We do not intentionally or knowingly collect Personal Information from children under the age of 13 and we request that individuals under the age of 13 do not submit any Personal Information on the Website. If we learn that we have received identifying information from a user under the age of 13, we will delete this information.

Changes to this Statement

Coviance may from time to time and without prior notice revise this Privacy Policy. Any changes will be effective immediately when the revised Policy is posted on the Website unless stated otherwise. We will not, however, use your Personal Information in a manner materially different than what was stated in the Privacy Policy posted on the Website at the time your Personal Information was collected unless we receive your consent.

Contacting Us

If you have any questions about this Privacy Policy, our practices, or your dealings with the Website, you can contact us by mail or email:
Coviance
3001 Westown Parkway,Suite 200
West Des Moines IA 50266
privacy@coviance.com

Date Last Updated: 1/9/23