Onbe Privacy Policy

Last updated November 2022

PURPOSE

At Onbe (“we”, “our”, “us” or “Onbe”), our mission is to manage and modernize consumer and workforce disbursements, enabling program sponsors (“clients”) to outsource their entire business to individual (B2I) payment operations – relieving them of the cost, complexity and risk that come with orchestrating these payments in-house, and delivering a customer experience that is instant, convenient and simple. In order to do this, we collect, use, and share some of your Personal Information.

When we do so, we process personal data solely to provide services to clients and card or payment issuers; we collect, use and disclose the data only under the instructions of the client or the card or payment issuer; and our processing of the data is subject to their instructions and privacy notices. Please read the agreement and terms and conditions provided in conjunction with your payment for further details regarding your payment issuer. For access to each payment issuer’s privacy notice, please click on each name: 

- Fifth 3rd, Member FDIC
- HDFC Bank
- MetaBank®, National Association, Member FDIC
- People's Trust Company
- Sunrise Banks, Member FDIC
- The Bancorp Bank, Member FDIC
- Transact Payments Limited

The purpose of this Privacy Notice is to share how Onbe does this and how to exercise your data protection rights. 

Topics

- What data do we collect?
- Children
- How do we collect your data?
- How will we use your data?
- How do we store your data? 
- What and with whom we share
- How to control your privacy options
- What are your rights under data privacy laws?
- What are cookies?
- How do we use cookies?
- What types of cookies do we use?
- How to manage your cookies
- Privacy policies of other websites
- Changes to our privacy policy
- How to contact us
- How to contact the appropriate authorities 

This Privacy Notice describes how Onbe manages the personal data we collect about users of our Web sites and mobile applications, as well as the personal data we collect in providing our products and services or when individuals communicate with us about our Web sites, mobile apps, products or services. 

WHAT DATA DO WE COLLECT? 

We may collect the following data, as applicable:
- Full name, personal or business contact information including physical mailing address, email address, telephone number, and in some instances date of birth and/or national identification number (e.g., SSN).
- Contact preferences and other business information that helps us do business with you.
- Technical information such as login information, IP address, device and operating system.
- Other data with your consent or as allowed or required by applicable law. 

CHILDREN 

Our Services are meant for adults and are not for children. We do not intentionally collect Personal Data from children under 13 without authorization from a parent or legal guardian. If you think your child under 13 has sent us data, you can contact us at privacy@onbe.com

HOW DO WE COLLECT YOUR DATA? 

You directly provide us with most of the data we collect. We collect data and process data when you:
- Use or view our website via your browser’s cookies.
- Use our products or services.
- Contact customer service.

In addition to these items, we also process personal data on behalf of our clients and card or payment issuers. When we do so, we process personal data solely to provide services to our clients and card or payment issuers. We collect, use and disclose the data only under the instructions of our client or the card or payment issuer, and our processing of the data is subject to their instructions and Privacy Notices. 

HOW WILL WE USE YOUR DATA? 

We process your Personal Data, on specific legal grounds. We do so with your consent, to fulfill the contractual requirements we have with you, comply with our legal responsibilities, or as needed to deliver our services and products and for other legitimate business interests for the purposes described in this Privacy Notice.

We collect your data so that we can operate and support our services and products only. We may use your data to:
- Send administrative material to you, such as changes to our terms, conditions, and policies.
- Provide access to our website and customer service.
- Provide technical support.
- Send you alerts that you requested.
- Identify areas where our products and services can be enhanced.
- Detect and protect against errors, fraud, or other criminal activity.

We may also use your Personal Data in other instances with your consent, and as required by law. 

HOW DO WE STORE YOUR DATA? 

We store Personal Data in the United States (“U.S.”). If you reside outside of the U.S., you understand that we transfer Personal Data to the U.S. Our products and services and associated practices comply with privacy provisions as set forth by the U.S. government, including the U.S. Department of Commerce’s EU Privacy Shield Framework, and GDPR as required by EU/UK. When we transfer your Personal Data to service providers or third parties as outlined in this Privacy Notice, we rely on contractual clauses to administer the transfer of that Personal Data and uphold those entities to protecting the data as described in this Privacy Notice or as required by law.

We implement security policies, processes and technical security solutions to protect Personal Data which includes various network safeguards, logging and alerting. In order to perform certain obligations, our authorized employees and service providers will need access to your Personal Data. We contractually require our service providers to protect your Personal Data.

We may hold Personal Data as long as required or relevant for the practices described in this Privacy Notice or as otherwise applicable by law. Actual hold periods differ depending on the type of services and products. The principles we use to determine the holding periods include the following:
- Personal Data required to provide our services and products as described in this Privacy Notice;
- Personal Data required for auditing purposes;
- Personal Data required to troubleshoot problems or to assist with investigations;
- Personal Data required to enforce our policies; and
- Personal Data required to comply with legal requirements.

Regulations require financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records, Onbe generally holds those records for a minimum of seven (7) years or such other time period as may be required pursuant to applicable law. 

WHAT AND WITH WHOM WE SHARE 

We do not share your Personal Information with third parties for joint marketing purposes or so they can market to you, without your prior express consent. We may share your Personal Data:
- With organizations and partners that help us operate our business by providing services such as website hosting, data analysis, information technology, customer service, email delivery, auditing and other similar services.
- With partners and other vendors that perform services on our behalf, such as network services support, including data processing services, customer service, call center services, information technology services, internal audit, management, or administrative purposes.
- To comply with the law or other legal responsibilities such as responding to subpoenas, including laws and other legal duties outside your country of residence.
- To answer requests from government authorities including authorities outside your country of residence.
- To protect our rights, business operations and possessions, or that of our users, employees and partners.
- To investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions. 

HOW TO CONTROL YOUR PRIVACY OPTIONS 

You can update your account profile online or by email. We maintain electronic records of your Personal Data for the purposes described in this Privacy Notice. You will be able to access and edit your Personal Data on the website listed on the back of the card. Otherwise, you may contact us at the email address listed at the bottom of this Privacy Notice. Your right to access, correct or delete your Personal Data indicated in our records is subject to applicable law including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to confirm your identity before giving access or making modifications to your Personal Data.

If we receive data from other sources, we may direct you to contact those sources. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to those sources or any other third party. 

WHAT ARE YOUR RIGHTS UNDER DATA PRIVACY LAWS? 

When you provide us with your Personal Data it is only used for the purposes of providing products and services as described in this Privacy Notice. You have the option to opt-out of certain uses and disclosures of your Personal Data as outlined in this Privacy Notice. We may not be able to provide the full extent of our products and services if you do opt out. If you would like to opt out of these uses or disclosures of your Personal Data, you may contact us at the email address listed at the bottom of this Privacy Notice.

California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. Effective January 1, 2020, under the California Consumer Privacy Act (CCPA), residents of California have certain rights to access, delete, or otherwise control the use, collection, and/or disclosure of their information. California residents may also opt out of the sale of such information, if applicable. These provisions of the CCPA do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law.

To contact us with questions about our compliance with the CCPA, or exercise the access, data portability, and deletion rights described above, please email us at privacy@onbe.com.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Please note, consumers will not be subject to discriminatory treatment for the exercise of the privacy rights conferred by the CCPA. 

EU & UK Residents

We adhere to applicable data protection laws in the EU and UK, when relevant and appropriate, including the General Data Protection Regulation (“GDPR”).
‍ 
We would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request from us copies of your personal data.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data under certain conditions.
- The right to object to processing – You have the right to object to us processing your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. 

We will make every effort to honor your request, however in some situations, we may not be able to act and/or may impose limitations on your request. For instance, if your request is likely to adversely affect the rights and freedoms of others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe on applicable law.

You may exercise these rights free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, in particular because of its repetitive character.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please email us at privacy@onbe.com

WHAT ARE COOKIES? 

Cookies are text files placed on your computer or device to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit www.allaboutcookies.org.

HOW DO WE USE COOKIES? 

We use cookies in a range of ways to improve your experience on our website, including: 
- Identify new or past users.
- Save your password if you are registered on our website.
- Enhance our website and troubleshoot issues.
- Investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions. 

WHAT TYPES OF COOKIES DO WE USE? 

There are several different types of cookies our website may use, including:
- Functionality cookies – to enable certain functions of the service and to store your preferences, such as language and currency preferences and policy acknowledgments.
- Tracking and performance cookies – to understand service usage and performance.
- Essential cookies – to authenticate users and prevent fraudulent use of user accounts. 

For more information, please read our Cookie Policy

HOW TO MANAGE YOUR COOKIES 

You can adjust cookies and tracking tools on our website. Your web browser may give you the ability to adjust cookies. How you do so depends on the type of cookie. Certain web browsers can be set to clear past and reject future cookies. If you block cookies on your browser, certain features of our website may not work. Additionally, if you limit or delete cookies, not all the tracking activities we have defined here will stop. The choices you make are both browser and device specific. For more information on cookies and how to manage them, visit www.allaboutcookies.org

PRIVACY POLICIES OF OTHER WEBSITES 

Our website contains links to other websites. Our Privacy Notice applies only to our website and does not apply to the privacy practices of third-party websites. If you click on a link to another website, you should read the Privacy Notice of that website. We are not liable for these third-party practices. 

CHANGES TO OUR PRIVACY POLICY 

Onbe keeps its Privacy Notice under regular review and places any updates on this web page. We may inform you of any changes to our Privacy Notice as required by law. This Privacy Notice was last updated on November 21, 2022. 

HOW TO CONTACT US 

If you have any questions about Onbe’s Privacy Notice, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to email us at privacy@onbe.com. We are committed to resolving any questions you may have.