Flexia Payments, LLC
Flexia shares information for its own marketing purposes and for joint marketing with other financial companies such as the Issuing Bank and Program Manager for Flexia’s prepaid card program. In addition, Flexia may also share U.S. consumers’ personal information with its affiliates or nonaffiliates for marketing purposes. Flexia does not share information with affiliates about consumers’ transactions and experiences and creditworthiness for everyday business purposes as part of providing financial services with its affiliates.
Flexia is committed to maintaining the privacy and confidentiality of its consumers’ personal information. In the course of offering and providing services, Flexia collects and maintains certain personal information including non-public personal information (“NPI”). This Policy explains what personal information is collected and the manner in which Flexia may use and share such personal information. It also sets forth the options available to consumers if they seek to limit the use and sharing of their NPI.
Roles and Responsibilities
Flexia has created a Commission responsible for the safeguarding and proper handling of consumer NPI. The Company has appointed the Compliance Officer to oversee the policy and procedures, ensuring that this policy is properly adopted, implemented, and updated as often as required. This Commission will coordinate with Operations, Consumer Service, IT, and any other areas as deemed necessary to ensure that all departments are aware of and have taken the necessary steps to implement this policy.
This Policy governs the Company’s operations in the U.S., and thus applies to:
• All Flexia U.S. consumers;
• All employees, both full time and temporary;
• All contract or self-employed workers; and
• Third party service providers.
Non-Public Personal Information
"Non-public personal information" or “NPI” refers to personally identifiable financial information; and any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.
"Personally identifiable information" is information that consumers provide to Flexia in connection with obtaining a financial product or service or information that is obtained about consumers in connection with providing them with a financial service or product. It does not include information that is available from public sources, such as telephone directories or government records. Flexia collects, retains, and uses such information in order to administer its business, provide consumers with products and services, process their transactions, and to properly identify, and validate their identity.
Collection, Use and Retention of Non-Public Personal Information
Flexia may collect NPI about consumers from the following sources:
· Information, (such as name, address, telephone number, email address, gender, occupation, nationality, identification type and number, social security number, and date of birth), we obtain from consumers to register an account on our website or to conduct a transaction in person.
· Information about consumer transactions with us, providers, payers or distribution partners (such as card balances, transfer history, payment history, parties to transactions, and card usage, etc.).
· Information collected through our Internet web site "cookies," and
· Information we receive from other lawful sources.
Disclosure of Information
To the extent that Flexia collects certain NPI about consumers in the course of offering and facilitating services rendered, Flexia shall not disclose NPI to any unauthorized individual or entity, except as permitted by 16 CFR §§ 313.14 and 313.15 of the Privacy regulation.
16 CFR § 313.14 exceptions apply to various types of information-sharing that are necessary for processing transactions at the consumer’s request or for administering or enforcing a financial transaction requested or authorized by the consumer. This includes disclosing NPI to service providers and partners who perform other administrative activities for a consumer's account, to process or complete a transaction requested, maintain the consumer’s account, or to otherwise enforce a transaction and ensure payment is made to the appropriate beneficiaries.
16 CFR § 313.15 exceptions apply to certain types of information-sharing, including disclosures for purposes of preventing fraud, responding to judicial process or a subpoena, or complying with federal, state, or local laws.
The following are examples of appropriate information disclosures under this exception, among others:
· To protect the confidentiality or security of records pertaining to the consumer, service, product, or transaction;
· To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;
· For required institutional risk control or for resolving consumer disputes or inquiries;
· To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681et seq.), or from a consumer report reported by a consumer reporting agency;
· To comply with Federal, State, or local laws, rules and other applicable legal requirements;
· to comply with legal processes such as subpoenas or court orders;
· To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or
· To respond to judicial process or government regulatory authorities having jurisdiction over you for examination, compliance, or other purposes as authorized by law.
Consumers have no right to opt out of the above listed disclosures of NPI. The only instances in which a consumer has the right to opt-out are those disclosures from Flexia regarding a consumer’s credit worthiness to affiliates, or for affiliates and nonaffiliates to market to consumers.
Flexia shares information about consumer transactions and experiences with its bank partners and program managers of its prepaid program. This type of personal information sharing is addressed in the contracts Flexia has established with these partners and is disclosed to consumers in Flexia’s Privacy Notice.
In addition, Flexia may disclose the personal information it collects, as described above, to its financial distribution partners (e.g., bank partners, payment processors, card issuers) or other companies that perform marketing services on its behalf. These third parties sign agreements with Flexia that contain confidentiality and non-disclosure provisions.
Delivery of Privacy Notice
Flexia’s privacy notice is posted in a clear and conspicuous manner on a page on its website, without requiring a login or similar steps or conditions to access the notice. The privacy notice contains the Company’s contact information for the consumer to inquire about the Company’s policy.
Changes to Privacy Notice
Safeguards Rule & Information Security Program
Flexia restricts access to non-public personal information (“NPI”) about consumers to its employees and partners who have a business reason to know such information (e.g., to process transactions or provide services). The Company maintains physical, electronic, and procedural safeguards that comply with federal standards to guard consumer information to ensure access to consumers’ non-personal financial information is provided to only those employees who need to know such information in order to provide products or services to consumers;
To the extent possible, Flexia will limit access to its offices where confidential information could be observed or overheard by individuals that do not need to know such information;
Ensure company issued electronic devices used in the course of business such as computers, laptops, cell phones and tablet devices are password protected;
Instruct employees to use care when handling documents containing confidential information to ensure they are not seen or read by unauthorized persons and store such documents in secure locations (i.e. locked files) when they are not in use;
Consumer records, and any other records that may contain non-public financial information, shall be kept in drawers and file cabinets in a secure area. They shall be removed only when needed to service the consumers’ account and shall be kept in secured areas;
Flexia shall require all non-affiliated organizations that come into contact with non-public confidential information (lawyers, accountants, consultants, regulators, etc.) to conform to Flexia’s privacy standards and will require them to keep the provided information confidential and used as requested;
When documents containing non-public financial information are to be disposed of, they shall be destroyed by shredding or some other secure manner that can prevent readable copies from being used;
All employees will be made aware of the Company’s policies and procedures regarding its Privacy program upon hire and at least annually thereafter.