Here at INAMO, we are committed to protecting the privacy and the security of your personal data or your personal information (“Personal data”). In this Privacy Statement we will tell you what this protection means to you, how your Personal data is collected, how is it used and how do we handle it the proper matter. We believe that you should exactly know what we do with the Personal data you make available to us, why we collect it and what it means for you. We have designed our policies and practices in order to comply with applicable privacy laws, including but not limited to the Gramm-Leach-Bliley Act (“GLBA”) or corresponding State privacy laws as applicable. GLBA means, collectively, the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801, et. seq., the PrivacyRegulations, and the standards for safeguarding customer information set forth in 12 C.F.R. Part 1016 and 16 C.F.R. Part 314 or such corresponding regulations as applicable. If you believe that you are at risk of fraud or identity theft, please report to us immediately at firstname.lastname@example.org.
What is considered Personal data?
Personal data means any information whether factual or subjective, recorded or not that relates to an identified or identifiable individual. For example, Personal Data may include information in any form pertaining to age, name, ID numbers (SIN), residential address, location data, an Internet Protocol (IP) address, a cookie ID, the advertising identifier of your phone. This means that if different elements of information, collected together, can be used to identify particular person, then such elements of information constitute Personal data. Personal data that had been de-identified or stripped from strict identifiers, encrypted or pseudonymized but can still be used to re-identify an individual also constitutes Personal data.
Personal data that has purposefully been rendered anonymous to the extent that an individual cannot or no longer be identifiable is not considered Personal data. What is not consideredPersonal data may therefore include: anonymized data; business contact information; a business registration number; a business email address; public telephone directory information; professional and business directories available to the public.
INAMO is responsible for all Personal data in its possession or control, including any Personal data thatis provided to us by our agents or transferred to third parties for processing, storage or other purposes. We respect the privacy rights of INAMO’ employees, customers, clients, business partners and other individuals whose Personal data we have and use. We will protect your Personal data by implementing appropriate technical and organizational measures with our data processing operations. We commit to obtain personal data fairly and only use it for legitimate business purposes. We will therefore hold ourselves accountable for demonstrating compliance with applicable legal and regulatory requirements. INAMO identifies and explains the purpose(s) for which your Personal data is collected at the time of collection. We do this explicitly or by implication where the purpose of using such information is reasonably apparent to you by virtue of its nature or the context in which it is being collected.
We will obtain your consent prior to collecting, using or disclosing your Personal data. The method of obtaining consent will be appropriate to the type of Personal data being collected, used and disclosed. INAMO will make reasonable efforts to ensure that you understand what Personal data is being collected and how your Personal data will be used and disclosed. INAMO will obtain your express consent (verbal, written or electronic) when the Personal data is sensitive or its collection, use or disclosure is outside of the reasonable expectations of you providing it, or that creates a meaningful risk of significant harm that is not otherwise mitigated. We will rely on your implied consent to collect, use or disclose your Personal data where one or more of the following apply:
We already have a customer relationship;
You previously gave us your express consent for the same or similar use of your Personal data;
The purpose of using your Personal data is reasonably obvious from the context in which it is obtained, considering that you provide the information voluntarily.
In limited circumstances will we collect, use and disclose your Personal data without your consent, including: (i) If permitted or required by law; (ii) In an emergency situation that threatens an individual’s life, health or personal security; (iii) If there is a reason to suspect that you may be a victim of fraud or abuse and we need to disclose the Personal data to a government institution or authorized representative for investigation and follow-up;(iv) In connection with an investigation or proceeding by us or a law enforcement organization and (vi) If certain information is publicly available.
Withdrawal of Consent
You may withdraw your consent to any collection, use or disclosure of your Personal data including from direct marketing at any time on reasonable written notice, subject to permitted or required exceptions under applicable privacy laws. If you have consented that your data be used to carry out a financial transaction, the right to withdraw does not exist. We may be obliged to retain data concerning financial transactions for several years in accordance with federal law for the purpose of preventing, detecting, and investigating, possible money laundering of terrorist financing.
We will do our best to provide reasonable alternative arrangements. However, in some situations, withdrawal of consent may also deprive you of a benefit or service. To change your consent to collection, use or disclosure of your Personal data about you, please don’t hesitate to contact us.
We will only collect Personal data that is required to provide you with the products and services you request, and only by reasonable and lawful means.We will explain to you the specific purpose for collection of your PersonalData.
Limited use and disclosure
We use and disclose your Personal data only for the purposes for which it was collected unless permitted by law. We will not usePersonal data for any additional purpose unless we seek your express consent todo so. We do not sell or rent Personal data to any organization or person for any reason.
In those defined instances where INAMO would store or transfer personal information outside the US, INAMO understands that robust procedures and safeguarding measures must apply to secure, encrypt and maintain the integrity of the data. INAMO will complete continual reviews of the countries with sufficient adequacy decisions, such as the Privacy Shield in the US, and provisions for binding corporate rules, standard data protection clauses or approved codes of conduct. INAMO will perfect the performance of due diligence checks with all recipients of personal data to assess and verify that they have appropriate controls in place to protect the information. Therefore, INAMO undertakes that it shall not transfer Personal data outside of the US unless the adequate conditions are fulfilled, including providing INAMO customer as a data subject enforceable rights and effective legal remedies. At any time, upon customer written direction will INAMO delete or return personal data, unless it is required by law to retain thePersonal data. Where INAMO might be required to transfer personal data to the European Union, INAMO will only send such Personal data to third-party sub-contractors that meet the minimum requirements reasonably applicable for the transfer of personal data to processors established inEurope.
We keep your Personal data only as long as it is required for our business relationship or as required by applicable laws.Subject to any requirements to retain information, INAMO will ensure thatPersonal data that is no longer required will be destroyed, erased or made anonymous in a secure manner.
We keep your Personal data up to date, accurate and relevant for its intended use for as long as it is required to fulfill the purpose for which it was collected. In order to achieve this, you can assist us by updating your Personal data (e.g. change of address or telephone number) with us.
We are committed to protecting your Personal data in our possession or controlling it from loss, theft, alteration and misuse. We use a variety of security measures to protect your Personal data including: (i) restricted access facilities and locked filing cabinets; (ii) shredding of documents containing Personal data; (iii) electronic safety measures such as password protection, database encryption and personal identification numbers; (iv) organizational processes such as limiting access to your Personal data to a selected group of individuals; and requiring third parties given access to your Personal data to protect and secure your Personal data.The safeguards we employ to protect your Personal data depend on the sensitivity, amount, distribution, format and storage. In addition to the steps we take to safeguard your Personal data, we believe you should take these steps as well to protect yourself. We recommend that you not share any personal or financial information with others unless you clearly understand why and confirmed who you are dealing with. It is also best not to give significant personal or financial information via email or voicemail. We use monitoring systems and controls to detect and prevent fraudulent activity. We have fraud prevention measures build into our due diligence processes and we will regularly update our fraud detection/prevention methods. While we take the right precautions to protect your Personal data from loss, theft, alteration, or misuse, no system or security measure is completely secure. Any transmission of your personal data is at your own risk and we expect that you will use appropriate measures to protect your Personal data as well.
We will make our policies and procedures about how we manage Personal data readily available to you and in a form that is understandable in plain, simple language. Most information on Personal data is available on our Website. You can also obtain a copy of our Personal data protection policy from any of our office locations orby contacting us directly.
Access rights asa data subject
You can request access to your Personal data we keep by making a request at any time. Customers who wish to contact us should refer to contact section. You may request any of the following:
A copy of the information that we hold, how we use it and to whom it may have been disclosed:
To rectify or correct right to correct data that we hold that is inaccurate or incomplete.
To ask INAMO to be erased from our records, except for data relating to accounts or cards which cannot be deleted due to applicable laws associated with the prevention of fraud, money laundering, counter terrorist financing or misuse of services of crime.
To have the data we hold transferred to another organization.
To object to certain types of possessing such as direct marketing as well as automated processing, including profiling. INAMO may reserve it’s right to decline to make a requested correction but we will append a notation to the record of your requested alternative information; and we will update your Personal data. We may not be able to satisfy your request subject to applicable exceptions under applicable privacy laws, whereas: (i) your request would divulge confidential competitive business information of INAMO; (ii) the data is not readily retrievable and the burden or cost of providing access is disproportionate to the nature of the request; and where access could interfere with or prejudice an investigation or proceeding by INAMO or law enforcement agencies.
Your request must be made in writing and provide us with sufficient detail to enable us, with reasonable effort, to identify you and your Personal data. We will inform you within thirty days what Personal data we have, how we collected it, how we used it, and to whom it has been disclosed. If we need to extend the time, or we must refuse your request, we will tell you why, subject to any legal restrictions, and will notify you of the new deadline, reason for the extension and of your right to contact the federal or provincial privacy commissioner applicable in your jurisdiction.
Collection,Use and Disclosure of your Personal data
What type of Personal data do we collect?
This will depend on the typeof product or service that you have requested from INAMO. We may collect data from you such as: information establishing your identity (for example, name, residential address, phone number, email address, date of birth, gender, SIN (for identification and/or tax reporting purposes) and if applicable, account numbers), and other personal information such as security questions, userID.
How do we obtain your Personal data?
The data we collect about you is received from you directly. We may also collect information from third parties outside INAMO, including:
Persons authorized to act on your behalf under a power of attorney or other legal authority;
Service providers, agents and other organizations with whom you or we conduct business;
Government agencies and public registries.
The decision to provide us with your Personal data always rests with you. We may however, be limited in our ability to provide you with certain products and services, if you decline to provide us with information essential to fulfill your request.
Why do we use your Personal data?
We collect your Personal data to manage our relationship with you and to consistently deliver high quality products and services. Why we use your Personal data may include:
(i) to verify your identity;
(ii) to evaluate and process your application for an account;
(iv) to communicate with you about your deposits;
(v) to accept deposits; (to process and keeping track of transactions and report back to you;
(vi) to protect you and us against theft, fraud and error;
(vi) to analyze information to determine that relevant services are offered to you;
(vii) to provide you with products and services requested by you and that INAMO believes may be of interest to you and provide value to you;
(viii) to inform you about new business initiatives including contacting you to obtain your views and to encourage you to express your views about them;
(ix) to offer you the opportunity to participate in contests, giveaways or other promotions;
(x) to conduct research and generate statistics related to our business, products and services;
(xi) for business purposes, such as data analysis, audits, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
(xii) to help manage and assess our risks, operations and relationship with you;
(xiii) to comply with legal and governmental requirements; and
(xiv) to fulfill any other purpose for which you provide it or with your consent.
Who do we share your Personal data with?
We share it with other INAMO Companies and respective affiliates to assist us with offering the best services to you. Authorized employees may have access to personal, confidential information as they perform their duties. Employees that are likely to have access to Personal data must sign a confidentiality agreement under which they commit to maintaining the confidentiality of such information.
Third Party Product and Service Providers
With your consent we may disclose Personal data to certain third-party product and service providers retained by us to assist in providing you with services or to perform certain specialized services to assist us in our business. Prior to releasing any Personal data, we require third party providers to respect the confidentiality of Personal data and all legal requirements under applicable privacy laws, and to agree to contractual requirements that are consistent with our own obligations. We only disclose the specific information required to perform the services. Each of our suppliers must undertake to use client information solely for the purpose of carrying out the services it has been retained to provide and must agree to safeguard the information.
In certain instances, we may be compelled to disclose data in response to a legally valid demand, enquiry, proceeding or other order. We reserve the right to comply with any third-party demand issued under federal or state legislation, or any court order we receive, in request of your accounts. You agree that we will not be liable to you in any way for complying with any such third party demands or court orders issued on or against your accounts or products. In these cases, we take steps to ensure the request is valid and we only disclose the specific information necessary to satisfy the enquiry or order.
Transfers of Business
Collection, Use and Disclosure of Non-Personal data
Non-personal data is any information that does not reveal your identity or directly relates to you as a person. Some examples of non-personal data we may collect from you are demographic information, such as occupation, language, interests, the first three digits of your postal code, unique device identifier, and transactional data. Non-personal data may also include data we have de-identified or aggregated to the point where it no longer identifies a particular individual. Data relating to business customers may also include your business name, address, phone number, email address, industry type, financial status and details on the owners, operators and directors.
INAMO may also make certain aggregated non-personal information available to strategic partners and third-party service providers that work with INAMO, to provide or support our or their products and services or that help INAMO or its strategic partners and third-party service providers to conduct data analysis, to develop and improve products and services, and determine the effectiveness of promotional campaigns. We reserve the right to use and share any such non-personal information with third parties for any lawful purpose.
If it happens that we combine non-personal information with any Personal data, we will obtain your consent and treat it as Personal data is treated under this policy.
To ensure that you are the only person accessing your Personal data, we restrict access to your online account by requiring that you enter your customer number or user ID and password to login. Only you know your password. Our employees do not have access to your password, and they will not ask you to reveal it. If someone does ask you to provide your password to them, we ask that you refuse to do so and contact us immediately.
Our system offers many functions, such as transfers between accounts. These transactions are all logged to ensure that your accounts are debited or credited appropriately, and a history of each transaction is available to verify your account.
To create a secure channel between your browser and our server, we use the highest level of encryption available. Your data is secured whether at rest or in transmission, using PCI recommended encryption techniques and protocols. We provide secure online application forms. These forms capture personally identifiable information that we use to provide you with the products and services that you have requested. This information is processed in a fashion similar to that of application forms received through our other channels.The information contained in the application may be archived or stored, as governed by existing law or policy.
However, despite these measures, our systems could be compromised by parties seeking unauthorized access to our data or users’ data, by a technological malfunction or in error by an employee, vendor or contractor. In addition, the transmission of information via the Internet or mobile data networks could be intercepted by third parties. As a result, our efforts to protect our data and users’ data from unauthorized access may be unsuccessful and we cannot assure you that the security measures we have adopted will provide absolute certainty. Any transmission by you is at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the contact section. If we learn of a security systems breach, we will inform you and the appropriate authorities of the occurrence of the breach in accordance with applicable law.
Website and statistics
To continually improve our Website and our online services, we may collect information about how our customers are using it.These usage statistics are only viewed in the aggregate – and are never tied to an individual. We use this information for purposes such as improving the pages where our customers are having difficulties and ensuring that we have the appropriate infrastructure in place to service future needs. The information collected may include your location, your IP address, your browser type and your operating system, as well as data that is passively generated as you browse, such as the number and types of pages visited, and the length of time spent per page and on the Website overall.
A persistent cookie may or may not expire on a given date. We use a session cookie to maintain the integrity of your internet session. With each page that you visit, the cookie is passed back and forth between our server and your browser. We use the cookie to distinguish your session from the many others that may be happening at the same time. Our session cookies never store any Personal data such as your name, or date of birth, or financial information, such as your accounts and balances. Recent browser versions allow the user to set some level of control over which cookies are accepted and how your browser uses them. Browsers will allow you to accept cookies from only known, reliable sites that you select such as the INAMO Website. If you are concerned about cookies, we encourage you to upgrade your browser to a recent version and review the Help section of your browser to learn more about its specific control features.
To make sure that someone cannot access your Personal data, please always exit your online account using the logout button located at the top of every page. When you exit using the logout button, we delete your session cookie so that your session cannot be resumed unless your customer number and password are re-entered.
In the event that you leave your computer without logging out, the online prepaid card account site has been designed to end your session automatically if our system detects that you haven’t provided any instructions or used the browser buttons to navigate for several minutes. To restart the session, you will need to provide your password again.
To communicate with us electronically, we strongly recommend that you use our “Contact” feature. This feature provides a secure channel for sending us comments, questions or instructions. Email is not secure since it passes through many points on its route from you to us. If you are using general email to communicate with us, we strongly recommend that you do not include personal financial information (such as account numbers) within the email as we cannot guarantee its confidentiality as it comes to us. When you email us your comments, questions or instructions, you provide us your email address and we use it to correspond with you. We will not provide your email address to anyone outside of INAMO. We may use your email address to send you information about products or services that we think may be of interest to you. If you do not want us to contact you with product information by email, you may tell us so at any time by using the “Contact” feature. We will discontinue the practice. If you have asked us to provide you with in formation on a regular basis, or if we email you information about our products or services, you may ask us to remove you from the list at any time. We will include instructions to unsubscribe from the list in every mailing, and on the site where you originally subscribed to the list.
Where do we store your Personal data?
Your CCPA Rights and How to Exercise Them
If you are a California resident, you have certain rights, pursuant to the California Consumer Privacy Protection Act (“CCPA”). These CCPA rights may only apply in certain circumstances and are subject to certain exemptions. Please see the information below for a summary of your rights, how to exercise your rights and the information we require in order to respond to your requests. Please note that we may ask for certain information to verify the request in accordance with applicable law.
Right to Know. You have the right to request that we disclose what Personal Information we collect, use, disclose and/or sell about you. To exercise your right to know, please contact us at email@example.com to submit your request. You will be required to provide certain information which we will use to verify you and your request.
Right to Delete. You have the right to delete Personal Information that we collect or maintain about you. To request deletion of your information, please contact us to submit your request. You will be required to provide certain information which we will use to verify you and your request. Please note that certain exceptions apply to this right, such as when we retain your information to comply with law, or to complete the transaction for which the Personal Information was collected, or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. We will notify you of any such exceptions as applicable to your request.
Right to Opt-Out of Sale. We do not presently sell Personal Information within the meaning of the CCPA, and so do not offer a mechanism to opt-out or ask us not to sell your Personal Information.
Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of any of your CCPA rights. However, we may offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to request deletion, or right to opt-out of sale in accordance with applicable law.
Right to an Authorized Agent. You can exercise your CCPA rights yourself or you can designate an authorized agent to make a request on your behalf. Your authorized agent must be able to demonstrate authority to act on your behalf as further instructed when submitting a verifiable request.
Disclosure or Sale of Personal Information
In the last 12 months, we have disclosed or sold personal information to third parties as follows:
INAMO does not intend to “sell” Personal Information going forward, but INAMO is required to tell California residents that in the past 12 months, we sold the categories of Personal Information shown in the chart under “PERSONAL INFORMATION WE COLLECT AND HOW” when we shared it with our service providers because of how broadly “sell” is defined under the CCPA.
The same categories of Personal Information were also disclosed to our service providers in the past twelve (12) months for the business or commercial purposes described in “HOW WE USE PERSONAL INFORMATION” above.
Under the CCPA, a “sale” means providing to a third party Personal Information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of Personal Information. We work to identify whether any of our data sharing arrangements would constitute a “sale” under the CCPA; however, due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA.
Third-Party Marketing Disclosure
Under California Civil Code Section 1798.83 (the “Shine the Light” law), California residents with whom we have a business relationship can request certain information regarding what types of personal information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom the business has shared such information in the immediately preceding 12 months. You may request this information by contacting us using the contact information at the top of this “NOTICE TO CALIFORNIA RESIDENTS” section or contact us at firstname.lastname@example.org.
How to contact us
If you have any questions, concerns or complaints about our privacy policies or are uncomfortable about any information or requests you receive from INAMO via phone, fax or email, we encourage you to contact us immediately on the INAMO Mobile App or INAMO.com. In most cases, any questions or concerns that you have can be resolved by discussing it with us.