Onbe Website Privacy Notice

At Onbe (“we”, “our”, “us” or “Onbe”), our mission is to manage and modernize consumer and workforce
disbursements, enabling program sponsors (“clients”) to outsource their entire business to individual (B2I)
payment operations – relieving them of the cost, complexity and risk that come with orchestrating these
payments in-house, and delivering a customer experience that is instant, convenient and simple. In order
to do this, we collect, use, and share some of your personal information.
‍
When we do so, we process personal information solely to provide services to clients and card or payment
issuers; we collect, use, and disclose the data only under the instructions of the client or the card or
payment issuer; and our processing of the data is subject to their instructions and privacy notices. Please
read the agreement and terms and conditions provided in conjunction with your payment for further
details regarding your payment issuer. For access to each payment issuer’s privacy notice, please click on
each name:
‍
- Ebixcash
- Fifth 3rd, Member FDIC
- Pathward National Association, Member FDIC
- People's Trust Company
‍- Sunrise Banks, Member FDIC
- The Bancorp N.A., Member FDIC
- Transact Payments Limited

The purpose of this Privacy Notice is to share how Onbe does this and how to exercise your data protection rights.

- What data do we collect?
- Children
- How do we collect your data?
- How will we use your data?
- How do we store your data? 
- What and with whom we share
- Identity Verification & Anti-Money Laundering
- How to control your privacy options
- What are your rights under data privacy laws?
- What are cookies?
- How do we use cookies?
- What types of cookies do we use?
- How to manage your cookies
- Privacy policies of other websites
- Changes to our privacy notice
- How to contact us
- How to contact the appropriate authorities 

This Privacy Notice describes how Onbe manages the personal information we collect about users of our Web sites and mobile applications, as well as the personal information we collect in providing our products and services or when individuals communicate with us about our Web sites, mobile apps, products or services.

We may collect the following data, as applicable:
‍
- Full name, personal or business contact information including physical mailing address, email
address, telephone number, and in some instances date of birth and/or national identification
number (e.g., SSN).
‍
- Contact preferences and other business information that helps us do business with you.
‍
- Technical information such as login information, IP address, device, and operating system.
‍
- Other data with your consent or as allowed or required by applicable law. 

Our Services are meant for adults and are not for children. We do not intentionally collect personal information from children under 13 without authorization from a parent or legal guardian. If you think your child under 13 has sent us data, you can contact us at privacy@onbe.com. 

You directly provide us with most of the data we collect. We collect data and process data when you:
- Use or view our website via your browser’s cookies.
- Use our products or services.
- Contact customer service.
‍
In addition to these items, we also process personal information on behalf of our clients and card or payment issuers. When we do so, we process personal information solely to provide services to our clients and card or payment issuers. We collect, use, and disclose the data only under the instructions of our client or the card or payment issuer, and our processing of the data is subject to their instructions and privacy notices.

We process your personal information, on specific legal grounds. We do so with your consent, to fulfill the contractual requirements we have with you, comply with our legal responsibilities, or as needed to deliver our services and products and for other legitimate business interests for the purposes described in this Privacy Notice.
‍
We collect your data so that we can operate and support our services and products only. We may use your
data to:
- Send administrative material to you, such as changes to our terms, conditions, and policies.
- Provide access to our website and customer service.
- Provide technical support.
- Send you alerts that you requested.
- Identify areas where our products and services can be enhanced.
- Detect and protect against errors, fraud, or other criminal activity.

Any email addresses provided will be hashed, stored, and combined with other identifiers for cross-device recognition purposes and targeted advertising and measurement and analytics by NextRoll as applicable. NextRoll’s privacy notice discloses the categories of data collected and the purposes for which that data is collected and used by NextRoll. We may also use your Personal Data in other instances with your consent, and as required by law. 

We store Personal Data in the United States (“U.S.”). If you reside outside of the U.S., you understand that we transfer Personal Data to the U.S. Our products and services and associated practices comply with privacy provisions as set forth by the U.S. government, including the U.S. Department of Commerce’s EU Privacy Shield Framework, and GDPR as required by EU/UK. When we transfer your Personal Data to service providers or third parties as outlined in this Privacy Notice, we rely on contractual clauses to administer the transfer of that Personal Data and uphold those entities to protecting the data as described in this Privacy Notice or as required by law.

We implement security policies, processes and technical security solutions to protect Personal Data which includes various network safeguards, logging and alerting. In order to perform certain obligations, our authorized employees and service providers will need access to your Personal Data. We contractually require our service providers to protect your Personal Data.

We may hold Personal Data as long as required or relevant for the practices described in this Privacy Notice or as otherwise applicable by law. Actual hold periods differ depending on the type of services and products. The principles we use to determine the holding periods include the following:
- Personal Data required to provide our services and products as described in this Privacy Notice;
- Personal Data required for auditing purposes;
- Personal Data required to troubleshoot problems or to assist with investigations;
- Personal Data required to enforce our policies; and
- Personal Data required to comply with legal requirements.

Regulations require financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records, Onbe generally holds those records for a minimum of seven (7) years or such other time period as may be required pursuant to applicable law. 

We may share your personal information:
‍
- With organizations and partners that help us operate our business by providing services such as website hosting, data analysis, information technology, customer service, email delivery, auditing, and other similar services.
‍
- With partners and other vendors that perform services on our behalf, such as network services support, including data processing services, customer service, call center services, information technology services, internal audit, management, or administrative purposes.
‍
- To comply with the law or other legal responsibilities such as responding to subpoenas, including laws and other legal duties outside your country of residence.
‍
- To answer requests from government authorities including authorities outside your country of residence.
‍
- To protect our rights, business operations and possessions, or that of our users, employees, and partners.
‍
- To investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions.

Identity verification or an anti-money laundering check may need to be performed by a third party for the purpose of potentially supporting a relationship involving a financial transaction.
‍
- The relevant credit reference agency is TransUnion International UK Limited.
‍
- The search footprint retained by TransUnion International UK Limited related to the verification will indicate that either an anti-money laundering check or an identity check has been performed.
‍
- The search footprint retained by the credit reference agency will read as having been made by Trulioo Information Services Inc.

You can update your account profile online or by email. We maintain electronic records of your personal information for the purposes described in this Privacy Notice. You will be able to access and edit your personal information on the website listed on the back of the card. Otherwise, you may contact us at the email address listed at the bottom of this Privacy Notice. Your right to access, correct or delete your personal information indicated in our records is subject to applicable law including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to confirm your identity before giving access or making modifications to your personal information.
‍
If we receive data from other sources, we may direct you to contact those sources. Please note that we are not responsible for permitting you to review, or for updating or deleting personal information that you provide to those sources or any other third party.

‍
‍California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. Effective January 1, 2020, under the California Consumer Privacy Act (CCPA), residents of California have certain rights to access, delete, or otherwise control the use, collection, and/or disclosure of their information. California residents may also opt out of the sale of such information, if applicable; please note that we do not sell your personal information. These provisions of the CCPA do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
‍
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
‍
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
‍
Please note, consumers will not be subject to discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

EU & UK Residents

We adhere to applicable data protection laws in the EU and UK, when relevant and appropriate, including the General Data Protection Regulation (“GDPR”).
 
We would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request from us copies of your personal information.
‍
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
‍
- The right to erasure – You have the right to request that we erase your personal information, under certain conditions.
‍
- The right to restrict processing – You have the right to request that we restrict the processing of your personal information under certain conditions.
‍
- The right to object to processing – You have the right to object to us processing your personal information, under certain conditions.
‍
_ The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
‍
We will make every effort to honor your request, however in some situations, we may not be able to act and/or may impose limitations on your request. For instance, if your request is likely to adversely affect the rights and freedoms of others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe on applicable law.
‍
You may exercise these rights free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, in particular because of its repetitive character.

If you make a request, we have one month to respond to you.

Canada Residents

We adhere to applicable data protection laws in Canada, when relevant and appropriate, including the Personal Information Protection and Electronics Documents Act (“PIPEDA”).
‍
We would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
‍
- The right to be informed – We will inform you of purposes for processing your personal information, either orally or in writing.
‍
- The right to access – You have the right to request from us copies of your personal information. If you make a request, we have one month to respond to you.
‍
- The right to correction – You have the right to request that we correct any personal information you believe is inaccurate.
‍
- The right to erasure – You have the right to request that we erase your personal information.
‍
- The right to withdraw consent – You have the right to withdraw consent at any time. However, we may retain personal information for the period in which it is necessary to fulfill the purpose for which it was collected.
‍
- The right to lodge a complaint – You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we are in violation of PIPEDA.
‍
We will make every effort to honor your request, however in some situations, we may not be able to act and/or may impose limitations on your request. For instance, if your request is likely to adversely affect the rights and freedoms of others, prejudice the execution or enforcement of the law, interfere with pending or future litigation, or infringe on applicable law.
‍
You may exercise these rights free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded or excessive, in particular because of its repetitive character.

Clients Submitting A Data Subject Rights Request
Data subject rights requests may be submitted via our privacy webform.‍

Personnel and Employment Candidates Submitting a Data Subject Rights Request
Data subject rights requests may be submitted via our privacy webform. We may request additional information to verify your identity in accordance with applicable law.

Cookies are text files placed on your computer or device to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
‍
For further information, visit www.allaboutcookies.org.

We use cookies in a range of ways to improve your experience on our website, including:
‍
- Identify new or past users.
- Save your password if you are registered on our website.
- Enhance our website and troubleshoot issues.
- Investigate, stop, or take action concerning possible or suspected illegal activities, fraud, or violations of our terms and conditions.

There are several different types of cookies our website may use, including:
‍
- Functionality cookies – to enable certain functions of the service and to store your preferences, such as language
and currency preferences and policy acknowledgments.
- Tracking and performance cookies – to understand service usage and performance.
- Essential cookies – to authenticate users and prevent fraudulent use of user accounts.
‍
For more information, please read our Cookie Policy. 

You can adjust cookies and tracking tools on our website. Your web browser may give you the ability to adjust cookies. How you do so depends on the type of cookie. Certain web browsers can be set to clear past and reject future cookies. If you block cookies on your browser, certain features of our website may not work. Additionally, if you limit or delete cookies, not all the tracking activities we have defined here will stop. The choices you make are both browser and device specific. For more information on cookies and how to manage them, visit www.allaboutcookies.org. 

Our website contains links to other websites. Our Privacy Notice applies only to our website and does not apply to the privacy practices of third-party websites. If you click on a link to another website, you should read the Privacy Notice of that website. We are not liable for these third-party practices.

Onbe keeps its Privacy Notice under regular review and places any updates on this web page. We may inform you of any changes to our Privacy Notice as required by law. By continuing to use this website and access our services you agree to receive updates to our Privacy Notice at this website. This Privacy Notice was last updated on August 2, 2023.

If you have any questions about Onbe’s Privacy Notice, please do not hesitate to email the Onbe Privacy Officer, Thephil Russelliah Roby, at privacy@onbe.com. We are committed to resolving any questions you may have. ‍