Effective March 22, 2022
UNION is owned and operated by UNION CO., a Delaware limited liability company, having a businessaddress at Office address: 2001 Ross Ave Suite #700-197 Dallas, TX 75201 ("we", "us", and "our").
This Policy enters into force on the effective date indicated at the top of the Policy and remains valid until terminated or updated by us. The Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. If we have your email address, we will send you a notification about the changes. Also, we encourage you to review our Policy regularly to stay informed. For significant material changes in the Policy or, where required by the applicable law, we may seek your consent.
Our Role as a Data Controller and a Data Processor
We act in the capacity of a data controller and a data processor with regard to the personal data processed through the Platform in terms of the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:
- Data controller. We are responsible for the collection and use of your personal data through the Platform and we make decisions about the types of personal data that should be collected from you and purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through the Platform (e.g., when you send us an inquiry or conclude a service contract). We comply with data controller’s obligations set forth in the applicable laws.
- Data processor. We act in the capacity of a data processor in situations when you submitinformation, client lists, files or generate data through the Platform for processing ("Your Data") and Your Data contains your or other individuals’ personal data. We do not own, control, or make decisions about Your Data. We process Your Data only in accordance with the instructions issued by a respective data controller.
Personal Data We Collect
We collect your personal data in various ways when you use our Platform. We respect data minimization principles. Thus, we collect only a minimal amount of personal data through the Platform that is necessary to ensure the proper provision of the Platform as described below. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Policy. We do not use your personal data for any purposes that are different from the purposes for which it was provided. We use your personal data to, among other things, provide you with the requested services, provide the functionality and improve the quality of our Platform and personalize your experience. Also, when processing personal data, we make sure that we do so by relying on one of the available legal bases. You can find more information about the legal bases below.
- Name and contact information. Your first and last name, email address, postal address, phone number, and other similar contact information.
- Identifiers. Government-issued identifiers, such as a social security number or driver’s license number, and other state-issued identification numbers, as well as other unique identifiers such as those associated with your device.
- Demographic information. Information about you such as your age, gender, country, and preferred language.
- Financial information. Information about your financial accounts, such as outstanding balances, bank holdings, loan history, bill payment history, and insurance information. In some cases, this includes corresponding account numbers. This information is generally collected in our applicable affiliate’s capacity as a credit reporting agency under the FCRA, and, in those instances, our collection, use, and sharing of this information is regulated by the FCRA. We are also provided with this information when acting as a service provider to financial institutions, in which cases our use ofthe data is regulated by the Gramm-Leach-Bliley Act ("GLBA").
- Commercial information. Information regarding products or services you have purchased or considered purchasing, or other purchasing or spending histories or tendencies.
- Internet or other similar network activity. Information regarding your browsing history, search history, and information about how you interact with our websites, applications, advertisements, or emails.
- Device information. Information about the devices you use to access our websites, applications, or advertisements, such as browser, operating system type, device ID, and IP address. Your IP address may be used to identify the general geographic location of your device.
- Professional or employment-related information. Information regarding your employment status, history, and compensation. This is typically provided by your employer or its payroll, or otherwise collected through a credit reporting agency under the FCRA.
- Support information. Information you provide when you contact us for support, such as the content of your communications with us, and the products or services related to your inquiry. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
- Education information. Information regarding your education history, including degrees earned and student loan financial information.
- Inferences drawn from personal data. Profiles or scores developed using your personal data which reflect your preferences, characteristics, or consumer spending profile.
- Public records information. Information about you lawfully made available by federal, state, or local governments. This includes information about legal proceedings in court records and business ownership and affiliation information included in secretaries of state filings.
- Payment Data. When you make or request a payment, you will be asked to provide your payment details like your name, credit or debit card number, expiration date, security code, billing address. Please note that we do not process payments - it is done by our third-party payment processors. Your payment data is used to process your payments and maintain our business records. The legal bases onwhich we rely are 'performing a contract', 'pursuing our legitimate business interests' (i.e.,administer our business), and 'complying with our legal obligations'. We do not store credit or debit card numbers or any other payment method. Our third-party payment processors store such data for the time period required by the applicable law.
We may also obtain information from other sources, such as third-party websites, applications, and services (each, a “Third-Party Platform”), through which you connect with our Platform and combine that with information we collect on our Platform. Please note that you may adjust the settings of the Third-Party Platform to control what personal data is shared with us. We use such personal data for the purposes it is provided. For example, if you choose a Third-Party Platform to sign-up on the Platform, we will use the personal data received from the Third-Party Platform to register and maintain your user account and provide you with the requested services as described above.
When you visit our Platform, some information is automatically collected. For example, we may automatically collect your location, computer operating system, Internet Protocol (IP) address, access times, browser type and language, and the website you visited before our Platform. In most cases, such information is not considered to be personal data (except for your IP address), unless it is combined with your personal data. We use such information to analyze the technical aspects of your use of the Platform, prevent fraud and abuse of the Platform, ensure the security of the Platform, tailor the Platform for your location and preferences, understand you and your preferences, to enhance, personalize, and customize your experience and enjoyment using our Platform, products, and services. The legal basis on which we rely when processing such analytics data is ‘pursuing our legitimate business interests’ (i.e., to analyze and protect the Platform).
We also collect information about your usage and activity on our Platform using certain technologies, such as:
- Essential technical cookies that are strictly necessary to ensure the correct functioning of the Platform and provide the services requested by you;
- Marketing cookies that allow us to create, implement, and examine our marketing campaigns. Such cookies allow us to reach the right customers, analyze the productivity of our marketing campaigns, and offer you personalized advertisement; and
- Statistics cookies that allow us to generate statistical reports about how you use the Platform.
- Cookie Consent. When you visit the Platform for the first time, we may ask you to provide us with your consent to our use of all cookies via a cookie consent banner. If you do not provide your opt-in consent, we will not serve you our non-essential cookies. Please note that we may not be able to provide you with the best possible user experience on the Platform if not all cookies are enabled. If you would like to refuse our use of non-essential cookies later, you can do it at any time by declining cookies in your browser or device.
- Web Beacons. We may collect information using web beacons. Web beacons are electronic images that may be used on our Platform or in our emails. We use web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and tell whether you open an email and act upon it. The legal basis on which we rely when processing such data is ‘pursuing our legitimate business interests’ (i.e., to analyze the Platform).
- Do Not Track Signals. We currently do not employ technology that recognizes "do-not-track" signals from your browser. We may engage third parties, such as marketing or analytics partners, who may collect information about your online activities over time and across different websites when you use our Platform.
If we combine your non-personal data with certain elements of your personal data and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal data and make sure that we have a legal basis for processing it. If your personal data is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal data and we may use it for any business purpose.
How We Share Your Personal Data
We use and sell personal data to nonaffiliated third parties for the following commercial purposes:
- Consumer credit reporting. Some of our affiliates collect, use, and sell personal data when acting as a consumer reporting agency, as this activity is regulated by the FCRA. Acting as a consumer reporting agency, these affiliates collect personal data about your creditworthiness, credit standing, credit capacity and mode of living from a variety of data furnishers, share this information with credit providers and other entities when they make decisions to extend credit or enter into transactions with you.
- We may share aggregate statistical data for the improvement of services offered by our Platform.
- We share personal data with third parties who provide services to us, such as data collection, reporting, ad response measurement, and site analytics, as well as assistance with delivery of relevant marketing messages and advertisements. These service providers will use your personal data for the purpose of evaluating your, and other users’ use of the Platform, compiling reports for us on your activity on the Platform and providing other services relating to your activity on the Platform and Internet usage. These third parties may view, edit, or set their own cookies. We and our third-party service providers, advertisers, and/or partners may also place web beacons for these third parties. The use of these technologies by these third parties is subject to their own privacy policies and is not covered by this Policy.
- We may disclose or transfer your personal data to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding.
- We may also share aggregated or de-identified information with third parties in our discretion.
- We cooperate with affiliate third parties that may have access to your personal data, such as your cookie data. We also share your personal information with the Affiliate that you chose during the sign-up process. We will disclose your personal data only if we have a legal basis for doing so (e.g., your consent to non-essential cookies if you are based in the EU).
International Transfers of Personal Data
Some of our data processors are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data. We will not transfer your personal data internationally if no appropriate level of protection can be granted.
Security of Your Personal Data
We take reasonable steps to help protect your personal data in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. Only those employees who need access to your information in order to perform their duties are authorized to have access to your personal data. Our security measures include encryption, access control, secured networks, anonymization of personal data and carefully selected data processors.
Nonetheless, we cannot guarantee that transmissions of your payment information or personal data will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third-party service providers. To the highest extent permitted by the applicable law, we assume no liability for disclosure of your personal data due to errors in transmission, unauthorized third-party access, or other causes beyond our control. You play an important role in keeping your personal data secure. You should not share your user name, password, or other security information for your account with anyone.
When you provide us with any access credentials to third-party software or services for the purpose of using the full functionality of the Platform (for example, when you migrate your client lists and appointments), you have to make sure that those credentials belong to you and you do not breach any applicable laws by disclosing them to us. To the highest extent permitted by the applicable law, we assume no liability for disclosure of your access credentials due to errors in transmission, unauthorized third-party access, or other causes beyond our control.
You have the right to control how your personal data is processed by us by exercising the rights listed below (unless, in very limited cases, the applicable law provides otherwise):
- Right of access: you can get a copy of your personal data that we store in our systems;
- Right to rectification: you can rectify inaccurate personal data that we hold about you;
- Right to erasure ('right to be forgotten'): you can ask us to erase your personal data from our systems;
- Right to restriction: you can ask us to restrict the processing of your personal data;
- Right to object: you can ask us to stop processing your personal data;
- Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
- Right to complaint: you can submit your complaint regarding our processing of your personal data.
If you would like to exercise any of your rights, please contact us by email or by post (you can find our contact details at the end of this Policy) and explain your request in detail. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
We do not discriminate against you if you decide to exercise your rights. It means that we will not: (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with a lower quality service.
If we get a request regarding the personal data included in Your Data, we will forward such a request to the respective controller. This is because we, as a data processor, do not accommodate data subjects’ requests with regard to personal data that we process on behalf of our users.
The Platform is not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly collect minors’ personal data, unless parents or legal guardians decide to provide children’s data to us. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/her personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.
We store your personal data in our systems only for as long as such personal data is required for the purposes described in this Policy or until you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its primary purposes and we do not have another legal basis for storing it, we securely delete your personal data from our systems.
Bank transaction data is not retained, only aggregate income. We will promptly destroy all financial information after the completion of our verification process, in no case longer than 14 months after your submission of the information to us.
We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Policy. For example, we can store it for the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
In certain cases, we are required by law to store your personal data for a certain period of time (e.g., for business records or accountancy purposes). Thus, we keep your personal data for the time period stipulated by the applicable law and securely delete it as soon as the required storage period expires.
For questions about accessing, changing, deleting your personal data or the Policy, please contact our support at: firstname.lastname@example.org
If you wish to send us a letter by post, you can use the following business office address: 2001 Ross Ave Suite #700-197 Dallas, TX 75201