Privacy Policy

Last Updated: August 13, 2019

 

Nomis Solutions, Inc. (“Nomis”, “we”, “our”) provides solutions that enable retail banks and other financial services companies, to improve customer engagement and financial product offerings. In the course of its business activities, Nomis collects, processes, stores, and discloses personal information about individuals, who register to use Nomis’s website, are employed by Nomis or become a Nomis customer. Nomis also processes personal information in its capacity as a service provider for other companies. This policy describes our data privacy practices.

SCOPE

This Privacy Policy applies to personal information processed by us in our business, including on our websites and other online or offline offerings (collectively, the “Services”). This Policy applies to all of our operating divisions, subsidiaries, affiliates, and branches, including any U.S. affiliates certified under Privacy Shield, and any additional subsidiary, affiliate, or branch that we may subsequently form.

Note: Websites and services that are owned, operated and hosted by Nomis may contain links to other websites and services. Nomis is not responsible for the privacy practices or the content of those other websites and services.

PERSONAL INFORMATION WE COLLECT

Categories of Personal Information

Nomis’s collection of personal information depends on whether you are a current, prospective or former customer, employee, user, or visitor, and the requirements of applicable law.  

Communications with Us. We may collect personal information from you such as your name, job title, company name, telephone number, location (e.g., postal address), email address, contents of your public comments and postings on our Services, when you choose to request information about our Services, create an account, register for our newsletter or blog, request to receive customer or technical support services, or otherwise communicate with us.

 

Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.

 

Registration for Sweepstakes or Contests. Occasionally, Nomis may run sweepstakes and contests. We ask those, who enter in the sweepstakes or contests, to provide contact information (e.g., an email address). If you participate in a sweepstakes or contest, your contact information may be used to reach you about the sweepstakes or contest, and for other promotional, marketing and business purposes. All sweepstakes/contests entry forms will provide a way for participants to opt-in or opt-out of any communications that are not related to awarding prizes in accordance with applicable law. In some jurisdictions, we are required to publish personal information of winners.

 

Interactive Features. Our forums, blogs, social media sites and services may contain interactive functionality that allow you to engage with other users on our third-party social media page(s) (e.g., Twitter, Facebook, LinkedIn and others), to participate in surveys, and otherwise to interact with services and with other users. If you use any interactive functionality that requests or permits you to provide personal information (including, for example, any services that allow you to post user materials on any of these services), we and/or third-party services collect the personal information that you provide in the course of using these interactive features. If you choose to submit content to any public area of these sites or services, such content will be considered “public” and will not be subject to the privacy protections set forth herein.

 

Automatic Data Collection. We may collect certain information automatically through our sites, services or other methods of analysis, such as your Internet protocol (“IP”) address, cookie identifiers, unique service ID, mobile carrier, advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, hardware type, operating system, Internet service provider, pages that you visited before and after using the site or services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the site or services, and other actions taken through use of the site or services such as preferences. Information we collect may be associated with accounts and other devices.

In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your information with information that other people provide when they use our Services, including information about you when they tag you.

 

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

 

  • Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.

Analytics. We may also use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on our Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.

Information from Other Sources. We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as a third-party login service or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

HOW WE USE YOUR INFORMATION

We use your information for a variety of business purposes, including to:

 Fulfil our contract with you and provide you with our Services, such as:  

  • Managing your information and accounts;
  • Responding to your questions, comments, and other requests;
  • Providing access to certain areas, functionalities, and features of our Services;
  • Communicating with you about your account, activities on our Services and policy changes;
  • Processing your financial information and other payment methods for products or Services purchased;
  • Processing applications and transactions;
  • Answering your requests for customer or technical support; and
  • Allowing you to register for events.

Analyze and improve our Services pursuant to our legitimate interest, such as:

  • Measuring interest and engagement in our Services;
  • Conducting research and development;
  • Developing new products and Services;
  • Ensuring internal quality control;
  • Verifying your identity and preventing fraud;
  • Detecting bugs or other software issues;
  • Preventing potentially prohibited or illegal activities;
  • Enforcing our terms of service; and
  • To comply with our legal obligations, protect your vital interest, or as may be required for the public good.

Provide you additional content and Services, such as:

  • Providing you with customized materials about offers, products, and Services that may be of interest, including new content or Services;
  • Providing Services to you and our customers;
  • Auditing relating to transactions; and
  • Other purposes you consent to, are notified of, or are disclosed when you provide personal information.

You may contact us at any time to opt out of the use of your personal information for marketing purposes, as described below.

 

Automate profiling.

 We may use technologies considered automated decision making or profiling. We will not make automated decisions about you that would significantly affect you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are required by law to use such technology.

Use De-identified and Aggregated Information

. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create.

Share Content with Friends or Colleagues

. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends or colleagues, through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend or colleague to use our Services.

Process Information on Behalf of Our Customers (as processors)

. Our customers may choose to use our Services to process certain data of their own, which may contain personal information. The data that we process through our Services is processed by us on behalf of our customer, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

More specifically, Nomis licenses software Services, which enable financial institutions (e.g., retail banks) to offer enhanced products or services and improve their customer engagement, through such Services as price optimization, customer-centric offers and omni-channel sales enablement. Such Services can assist a company in its resource planning, financial projections, and record-keeping. Such Services also can facilitate the processing of individual personal information. For example:

  • New customer acquisition – to predict which individuals are likely to buy certain products or services by processing personal information, which may include the age, gender, marital status, and buying patterns of financially and demographically similar individuals, to determine whether a company’s products and services match other individuals’ product preferences and their inclination and ability to purchase the products and services.
  • Customer management – to determine which individuals would benefit from enhanced or additional products or services; and customer service interactions to match individual expectations with available products or services.

Automated Decisions, Including Modeling and Profiling. Nomis predictive models can be used to make automated decisions. In building and updating these models, Nomis reviews the data sets used for correlations with our objective functions, and reviews the correlations indicated by the model to address any non-intuitive results. Nomis audits the performance of its algorithms that drive these models, and regularly reviews the accuracy and relevance of the automated decision-making, including profiling, that results from the use of the models. Nomis has procedures and measures designed to prevent errors, inaccuracies, or discrimination on the basis of special category data. The outcome of such measures is input back into the system design.

If you have any questions or concerns about how such personal information is handled or would like to exercise your rights, you should contact the company (i.e., the data controller), who has contracted with us to use the Service to process this data. Our customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials and will assist with any escalations or human intervention required by law. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as described below.

Automatic Collection Technologies

. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services. Our uses of these Technologies fall into the following general categories:

  • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions;
  • Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
  • Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
  • Advertising or Targeting Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third party sites.

Cross-Device Tracking. Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop. To do this our technology partners may share data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.

Notice regarding APIs and Software Development Kits

We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes including to provide analytics services and content that is more relevant to you.  For more information about our use of APIs and SDKs, please contact us as set forth below.

 

DISCLOSING YOUR INFORMATION TO THIRD PARTIES

Except as described below, we have not disclosed or sold consumers’ personal information in the preceding twelve months. We may share your personal information with the following categories of third parties. 

Service Providers (Vendors and Contractors). Nomis discloses personal information to its service providers who provide technical, operational, and/or administrative support to Nomis, but only if the personal information is reasonably necessary and proportionate to provide the services. Nomis will only disclose personal information to service providers who process it pursuant to Nomis’s instructions. Disclosure to service providers may occur for these purposes:

 

  • Auditing related to current customer interactions and concurrent transactions, including counting ad impressions for unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Provision of information technology and related infrastructure services.
  • Provision of information and services you have requested, and in connection with the provision of the sites and services.
  • Undertaking activities to verify or maintain the quality or safety of Nomis software or a service Nomis engages in, and to improve, upgrade, or enhance the software or service; debugging to identify and repair errors that impair existing intended functionality; performing internal research for technological development and demonstration.
  • Maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of Nomis or its service providers.
  • Processing employees’ personal information for the purposes of:
    • recruitment, relocation, and performance of an employee’s contract of employment;
    • health and safety at work;
    • exercise and enjoyment of rights and benefits related to employment, including, but not limited to, compensation, medical benefits stock plan services, and providing other support services; and
    • the termination of the employment relationship.

 

Performing certain corporate functions, such as legal compliance, maintaining accounting and tax records, company audits, sales and distribution of Nomis products and services.

Business Partners. We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.

Affiliates: We may share personal information with our affiliated companies for the purpose of implementing, administering, and managing your business relationship with Nomis, provide the product or service you requested, to contact you in connection with product or service offerings, or for other legitimate business purposes.

Advertising Partners.  Through our Services, we may allow third party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral” advertising. We may allow access to other data collected by the Services to share information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.

Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

You agree that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request.

YOUR CHOICES

General

You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.

Email Marketing and Other Communications

If you have signed up to receive emails from Nomis at this website or through another Nomis Service, you may receive that information via such communication mechanisms as telephone, automated email messages, text messaging or direct mail. Nomis’s email messages may contain web beacons and other features that tell us you received and were able to open the message. In accordance with applicable law, Nomis may transfer such information to third party service providers, including business partners pursuant to joint marketing agreements, for them to assist us in marketing Nomis products or services.

You may update your preferences, or revoke your consent and unsubscribe at any time by clicking the unsubscribe link in the footer of all Nomis email messages, or by following the unsubscribe instructions at this website. Note that you will continue to receive transaction-related emails regarding products or Services you have requested.

We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.

“Do Not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Cookies and Interest-Based Advertising

You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/. To separately make choices for mobile apps on a mobile device, you can download DAA's AppChoices application from your device's app store. Alternatively, for some devices you may use your device's platform controls in your settings to exercise choice.

Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

Your Privacy Rights:

In accordance with applicable law, you may have the right to:

  • request confirmation of whether we are processing your personal information;
  • obtain access to or a copy of your personal information;
  • receive an electronic copy of your personal information or ask us to send that information to another company;
  • restrict our uses of your personal information, including the right to opt in or opt out of the sale of your personal information to third parties, depending on applicable law;
  • seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; and
  • request erasure of personal information held about you, subject to certain exceptions prescribed by law.

If you would like to exercise any of these rights, please log into your account or contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

 

DATA RETENTION

We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an e-mail to you.

CHILDREN’S INFORMATION

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.

HUMAN RESOURCES DATA

The following section applies to Nomis’s processing in the context of human resources, recruitment, and applicant consideration.

Nomis collects personal information from current, prospective, and former employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals.

We process Human Resources Data for a variety of business purposes including:

  • Workflow management, including assigning, managing and administering projects;
  • Human Resources administration and communication;
  • Payroll and the provision of benefits;
  • Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
  • Job grading activities;
  • Performance and employee development management;
  • Organizational development and succession planning;
  • Benefits and personnel administration;
  • Absence management;
  • Helpdesk and IT support services;
  • Regulatory compliance;
  • Internal and/or external or governmental compliance investigations;
  • Internal or external audits;
  • Litigation evaluation, prosecution, and defense;
  • Diversity and inclusion initiatives;
  • Restructuring and relocation;
  • Emergency contacts and services;
  • Employee safety;
  • Compliance with statutory requirements;
  • processing of employee expenses and travel charges; and
  • Acquisitions, divestitures, and integrations.

 

We will use personal information we collect for Human Resources activities only for employment-related purposes as more fully described above. If we intend to use this personal information for any other purpose, we will notify the individual and provide an opportunity to exercise their rights under applicable law.

 

PRIVACY SHIELD REDRESS AND ACCOUNTABILITY

In compliance with the Privacy Shield Principles, Nomis commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nomis at: legal@nomissolutions.com or

 

Nomis Solutions, Inc.

Attn: Privacy Office

8000 Marina Boulevard, Suite 700

Brisbane, CA 94005

Ph: 650-588-9800

 

Nomis has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit JAMS website at https://www.jamsadr.com/eu-us-privacy-shield, or by phone at (702) 835-7803 for more information or to file a complaint.  The services of JAMS are provided at no cost to you. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.

 

In cases of onward transfer to third parties, Nomis shall remain potentially liable under the Privacy Shield Principles if an agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless Nomis proves it is not responsible for the event giving rise to the damage.

 

Nomis is subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”). Under certain conditions, you may invoke binding arbitration for complaints regarding Nomis’s Privacy Shield compliance. For further information, please refer to: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

PRIVACY SHIELD COMPLIANCE

 

Nomis complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Nomis has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and the Supplemental Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

 

This Privacy Policy shall be implemented by Nomis and its operating divisions, subsidiaries and affiliates. Nomis has put in place mechanisms to verify ongoing compliance with the Privacy Shield Principles and this Privacy Policy. Any employee that violates these privacy principles will be subject to disciplinary procedures.

 

Additionally, Nomis may protect personal information through other legally valid methods, including international data transfer agreements.

 

SUPERVISORY AUTHORITY

 

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

 

CHANGES TO OUR PRIVACY POLICY

 

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

 

CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this policy, please send a written request to the data controller of your Personal Information or to Nomis at legal@nomissolutions.com or Privacy Office, 8000 Marina Boulevard, Suite 700, Brisbane, CA 94005. Phone number: 650-588-9800.