Privacy Policy

Privacy Notice
Posh Technologies Inc. and its subsidiary CU Posh Technologies LLC (together, “Posh”) hold privacy as a core tenet of its business and are committed to protecting your data.  This privacy notice applies to: (a) individuals who use Posh services implemented by one of our clients (collectively, the “Services,”) (b) individuals who access Posh’s digital properties (such as our website or social media pages), (c) individuals who register and/or attend Posh in-person or digital events; (d) individuals who apply for a job with Posh or who are otherwise identified as job candidates.This privacy notice does not apply to Posh’s processing of the personal data of its personnel, such as employees and contractors.Posh may update this privacy notice from time to time.

1. The personal data we collect
‍
‍We may collect personal data directly from individuals and the parties with which we do business. These may include:parties that interact with us directly (such as individuals who visit our website or job applicants),parties to which we provide goods or services (such as clients) (collectively, “clients”),prospective clients,end users of our clients who interact with our Services (collectively, “consumers”) parties that provide services to us (such as vendors) (collectively, “service providers”), andother parties to whom we offer or provide products and services (such as credit union organizations, system integrators, referral partners, or reseller partners) (collectively, “partners”).
We may collect information from these parties in a variety of contexts, such as when completing one of our online forms, contacting us regarding one of our products or services, interacting with us on social media, or corresponding with us. The types of information we obtain in these contexts include: Contact information of the business entity and its personnel who interact with us, such as name, job title, address, telephone number, and email address Account information, such as business email address and usage data, of client personnel who use our Services  Feedback and correspondence, such as information you provide when you request information from us, receive customer support, or otherwise correspond with us, including by interacting with our pages on social networking online sites or servicesInformation related to an end user’s account or relationship with a client  Voice based biometric identifier and information necessary for authenticating end users, if such feature is elected and implemented by a client, subject to any applicable opt-in mechanism as required by the clientMarketing information, such as your preferences for receiving marketing communications and details about how you engage with our marketing communicationsUsage information regarding your use of the Services, which may include use of session logging software to track user behavior and performance as well as information that the user chooses to input or submit through the services via web, voice, or video, depending on the particular product in use Other information such as job applicant data used when reviewing candidate profiles for job openings, etc.

Information that we collect about individuals who do not interact with us directly

‍We may receive personal data about individuals who do not interact with us directly. For example, our clients, service providers, and partners may provide us with information about individuals other than themselves when using our products or services. If you are providing us with the personal data of another individual, please ensure you have brought this Privacy Notice to their attention. The types of information we receive about third parties includes:

• Information about the personnel of our clients, service providers, or partners, such as the business contact information that our clients, service providers, or partners provide to us in the context of our contractual relationships with them

• Information about potential job candidates, such as when a recruiter contacts us about an individual who may become a candidate for a job at Posh

•Information about end users of our clients that our clients send to us or allow us to collect in the context of the services that Posh performs, such as information related to financial transactions initiated by the customer, account registrations, and in some cases information needed to verify a customer’s identity and details of products or services purchased.  This may include, depending on the product used, digital and/or text-based input, video input, and/or audio input.  Where our technology is incorporated into a client’s mobile application or website, we also may automatically collect certain information of the types described in the section below titled “Information collected via automated means.”

Information collected via automated means

‍When you access the Services, we and our service providers automatically collect information about you, your computer or mobile device, and activity on our websites or mobile applications. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address if you are interacting with us digitally, phone number if you are interacting with us via phone, the website you visited before browsing to our website, general location information such as geographic area; and information about your use of and actions on or in our websites, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.  For clients who have opted in to voice-based biometric authentication for its customers, we will also collect voice samples. This information is used for authenticating end users using the  Services through our clients.

For our corporate website and social media pages: Our service providers and business partners may collect this type of information over time and across third-party websites. This information is collected via various mechanisms, such as via cookies, pixels, tags, web beacons, embedded scripts, through our mobile applications, and similar technologies. This type of information may also be collected when you read our emails. You can choose to disable cookies or to opt out of the use of your browsing behavior for purposes of targeted advertising. For opt out instructions, access your web browser’s privacy settings.

Information we collect from private and publicly accessible sources

‍We and our service providers may collect information that is publicly available, including by searching publicly available information, by searching public records databases (such as company registries), and by searching media and the internet.For job applicants, we and or our third party verification providers may also collect information from private or commercially available sources, such as by requesting reports or information from credit reference agencies.

We may also maintain pages for our company and our products and services on a variety of third-party platforms, such as LinkedIn, Facebook, Twitter, YouTube, Instagram, and other social networking services. When you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the third-party platform provides us with information about our pages on those platforms or your interactions with them (e.g. for lead generation purposes), we will treat that information in accordance with this Privacy Notice.

Sensitive personal data

On behalf of our clients, we may process financial data of end users using the Services.  This may include information such as:Bank account balances and history Loan balances and payment history Identifiers selected by the client solely for the purpose of enabling client log-in such as member audio PIN, account number, and/or social security number In case of specific clients who opt in to perform voice based authentication for its customers, Posh integrates with third party service providers to collect and use voice-based biometric information.

In the context of processing employment applications, we may also request sensitive information on a voluntary-only basis, such as racial or ethnic origin or information about disability, where required or permitted by law of the jurisdiction in which you are applying for employment.

Outside of these contexts or otherwise as we specifically request, we ask that you not provide us with any sensitive personal data (meaning information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic, health, or biometric information, information about sex life or sexual orientation, or criminal convictions or offenses) and in the event provided, you are solely responsible for any sensitive information provided through our Services, our website or otherwise to us.

2. How we use your personal data

‍We use your personal data for the purposes of:

‍Providing our products and services, which includes: Operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services Authenticating end users of our clients, which may include using voice-based biometric information if the applicable clients elects to implement such authentication feature, subject to any applicable opt-in mechanism as required by the client,Fulfilling a banking transaction initiated by you with one of our clients;  Managing our relationship with you or your company Carrying out our obligations, and exercising our rights, under our agreement with you or your companyCommunicating with you regarding your status as a client with us, which may include sending you service-related emails or messages (e.g., messages regarding changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages) Personalizing the manner in which we provide our products and services

 Administering and protecting our business

• Providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback

• We do not knowingly sell any Personal information which we collect

For research and development

‍We may anonymize and/or aggregate the information we collect for our own research and development purposes, which include: Developing or improving our products and services Developing and creating analytics and related reporting,

Marketing

‍For individuals accessing our digital marketing properties (such as our corporate website or social media pages) or for our clients, we may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you. We may contact you with marketing communications using the personal data you have provided to us if you have actively expressed your interest in making a purchase or have made a purchase from us and, in any case, you have not opted out of receiving that marketing, to the extent permitted by applicable law; or if you are an existing client.

‍Managing our recruiting and processing employment applications

‍For job applicants and/or candidates: We process personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

‍Complying with law and regulations

‍We use your personal data as we believe necessary or appropriate to comply with applicable laws and regulations, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

‍Compliance, fraud prevention and safety

‍We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

‍For any other purposes with your consent

‍In some jurisdictions, applicable law may require us to request your consent to use your personal data in certain contexts, such as when we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third party partners, you may withdraw your consent by contacting those partners directly.

Please note that in relation to the Services, our clients are responsible for obtaining and maintaining any consent as may be required by law from end users in order to collect and process their personal data, which may include, if implemented by a client, voice-based biometric information.

To create anonymous data

‍We may create anonymous, de-identified, or aggregate data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, de-identified, or aggregate data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes. We may disclose aggregated information and information that does not identify any individual, without restriction.

3. How we may share information collected

‍Service providers

‍We may use third party companies and individuals to administer and provide services on our behalf (such as companies that provide customer support, companies that we engage to host, manage, maintain, and develop our website, our Services, and IT systems). Please see our subprocessor list for third-party service providers that may process personal data in connection with our provision of the Services.

‍Our clients

‍When we provide the Services to our clients, we may share personal data with those entities. For example, we may collect information about a client’s end users from or on behalf of the client, such as when we process interactions through the Services, and we may provide personal data about those customers back to the client. Each client is considered the “data controller” (or equivalent in the applicable law) and is responsible for its processing of such personal data. 

Compliance with laws and law enforcement; protection and safety

‍Posh may disclose information about you to government or law enforcement officials required by law and may disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our products and services; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

‍To other parties with your permission or to fulfill a contract they have with you

‍Posh may transfer your personal data to any third party who is not otherwise covered by the other listed categories above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfill that contract.

‍Marketing communications

‍Individuals accessing our digital marketing properties (such as our corporate website or our social media pages) or those who register for and/or attend Posh events may ask us to stop sending you marketing messages at any time by clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.

‍Targeted online advertising

‍Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.

‍Do Not Track Signals Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit.  Because there is no established industry standard regarding Do Not Track signals, we currently do not respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Accessing, modifying or deleting your information

‍In some jurisdictions, applicable law may provide a right for individuals to access their personal data, correct inaccurate personal data, or delete their personal data in some circumstances.For individuals accessing our digital marketing properties (such as our corporate website or our social media pages) you may contact us directly at privacy@posh.tech to request access to, or modify or delete your information in accordance with the law in your jurisdiction.For end users of our clients, you should contact the client directly (the financial institution).

‍Complaints

‍If you have a complaint about our handling of your personal data, you may contact privacy@posh.tech.  Please provide details about your concern or complaint so that we can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. You also may have a right to file a complaint with a national or local regulatory agency.

4. How we keep your data safe

‍Posh has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. For data processed through the Services, we ensure privacy data is encrypted at rest and also in transit with commercially reasonable industry standard encryption algorithms. Sensitive personal financial data specifically is subject to the following robust security measures:- Encryption - A limited retention period, after which such data will be deleted - Restricted access to authorized Posh personnel only and subject to internal approvals.- Audit logging and monitoring of access to decrypted data - Limited purpose, for use only for providing support and troubleshooting to our clients.  Posh will not use this data to train models or improve applications.You also acknowledge and agree that the transmission of information via the Internet is inherently not completely secure. Although we have implemented commercially reasonable measures to protect your personal data, we cannot guarantee the security of such information. Any transmission of personal data is at your own risk. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

5. This Website May Link to Other Websites

‍Posh may also link to third-party websites, mobile applications, and other content. We are not responsible for the privacy practices of any third party, and this privacy notice does not apply to such third party’s websites, mobile applications, or other content. We do not guarantee, approve, or endorse any information, material, services, or products contained on or available through any linked third-party website, mobile application, or other content. We are not responsible for any content on third-party properties to which we link. We provide links to third-party properties or content as a convenience, and visiting or using linked third-party properties or content is at your own risk.

You acknowledge and agree that we do not control these service provider and business partner tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible service provider and business partner directly. 

‍6. International Data Transfers

‍Please note that we may transfer your personal data outside of your country of origin as needed to operate our business and/or to provide the Services.  By providing or making available your personal data, you consent to such transfer.We will take steps to ensure that your data is subject to appropriate protections as required under this privacy notice, applicable data protection laws, any applicable contractual obligations to our clients, and any applicable legally required data transfer mechanisms.

‍7. Children

‍Neither the Services nor our digital marketing properties are directed to individuals under 18.  If you are under the age of 18, you may not use the Services or provide any personal information to us without valid parental or legal guardian consent.  We do not knowingly collect personal information from individuals under the age of 18.  

‍8. General

‍We recommend that you review this privacy notice, as we may update it from time to time.  Your continued use of our website, Services, and/or other digital properties is deemed consent to this privacy notice to the maximum extent permitted by law. We are not responsible for nor can we control the privacy practices of our clients.  We encourage you to review the privacy practices of any such clients with which you may interact through the Services.