WHO WE ARE

RIGHT USA, Inc., (“RIGHT”) is a software development company that develops and licenses personal finance software for the consumer market to offer to its customers for personal finance management. RIGHT automatically builds users their personalized itemized budget and provides them with debit cards and other payment tools and banking services to help the users stick with their budgets and by that increase their savings. As a result, users can grow their savings faster to enlarge their emergency funds, close debts, save for downpayments or kids’ education, as well as for their retirement.

RIGHT is based in the United States and its prime goal is to help Americans reduce social stratification by enabling the low-income population to grow their personal wealth.

RIGHT respects your privacy and takes safeguarding personal data seriously. Please read this Privacy Policy to understand the privacy practices of RIGHT. This Privacy Policy applies to the website or application from which you access RIGHT services and/or any of its affiliated web or mobile applications (“Services”).

DEFINITIONS

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data does not include information that is anonymized. Personal Data also does not include corporate information that relates to an organization but not to an individual, such as a corporate name, corporate address or general corporate phone number. However, if it is combined with your Personal Data in a manner that reasonably allows it to be associated with your identity, or is otherwise considered Personal Data under applicable law, it will be treated as Personal Data under this Privacy Policy.

EU-U.S. PRIVACY SHIELD FRAMEWORK

Based on the subsequent court and regulator decisions, RIGHT no longer relies on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as a legal basis for transfers of personal data from the European Union and Switzerland, and instead relies on Standard Contractual Clauses (SCC). For more information on Standard Contractual Clauses, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. However, because RIGHT remains committed to the underlying privacy principles, RIGHT continues to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. RIGHT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

PERSONAL DATA WE PROCESS

We process personal data of our clients to fulfill our contractual obligations as a budgeting and banking service provider. We also process personal data obtained from our third-party service providers to aggregate data when customers choose to use these features. We also process personal data that we collect directly, such as when a user navigates to our website or when we generate potential sales leads. This data may be collected through the information that you actively submit to us or through automated processes. We process the personal data of data subjects that include client representatives, representatives of potential clients, other business representatives, users, and client customers.

We do not actively collect or otherwise process personal data from minors. The age of a minor varies by country. For the purposes of personal data collected from the European Union, the age of a minor is under age sixteen (16). We do not actively collect or otherwise process special categories of personal data as identified in the EU General Data Protection Regulation (“GDPR”) including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not actively collect or otherwise process personal data relating to criminal convictions and offenses.

The personal data we process in relation to our personal finance software is based upon our contractual requirements with the client and in turn their contractual requirements with their customers. We contractually require our clients to obtain the necessary consents from their customers before providing access to the personal finance software. The expected consequences of failing to consent to the processing of personal data in the use of the personal finance software is that access to the software will not be granted.

The personal data we process in relation to our business-to-consumer activities and the provision of personal data is not a statutory requirement nor a contractual requirement on the part of the data subject, although we do provide services under our customer contracts. The possible consequences of failing to provide personal data is that we will be unable to respond to requests or inquiries or interact for business purposes.

1. Data processed as a budgeting & banking provider of our clients.
   We process personal data of our clients to perform our contractual obligations under our service agreements. Processing includes analyzing financial transactions and performing advanced data modeling, classifying and categorizing for building users’ personalized budgets. The data analysis can be extended to financial transactions obtained from external accounts, which are those outside of the financial institution hosting the software, if the feature is activated by the customers. We also process personal data of the customers in an aggregate form to assist them with making more meaningful financial decisions.
2. Data processed from third-party service providers.
   When the software feature to aggregate external accounts is activated, we collect personal data from Data Aggregator Service Providers, who share with us the financial transactions of the users’ external account. These processings activate some of the key elements of our business. We source this information to our clients in order to perform our contractual obligations under our service agreements. This service is an integrated part of our overall advanced data analysis features available with our personal finance software and related services. Data sourced from third-party service providers is used by us on behalf of our clients in the aggregate to advance the quality of our financial services. We do not separately sell or share personal data.
3. Data processed directly.
   We process technical information and navigational information when you visit our website, which is found at https://www.rightfinancial.io/. Technical information includes IP address, geographical location, device ID and related information and browser type. Navigational information includes mobile application screens and webpages viewed, selection made and length of visit. Our primary goal in processing this information from you is to provide you access to features on the site and help us improve our product and services and develop and market new products and services.
   We process contact information and information related to employment when you fill out web forms or downloaded content. This information includes your name, email address, company name, address, phone number and other information about yourself or your business or employment. We process personal data available through social media including Facebook, LinkedIn, Twitter and Google, as well as publicly available information that we acquire directly. We process this information to advance our business purposes such as offering our services to corporate representatives.
   We may also process payment information when you pay for certain RIGHT services.
4. California Consumer Privacy Act.
   Pursuant to the § 1798.110 of the California Consumer Privacy Act (“CCPA”) the categories of personal information we have collected about consumers in the preceding 12 months are:
   • Identifiers such as a real name, postal address, online identifier, Internet Protocol address, email address;
   • Personal information categories described in the California Customer Records Statute (Cal. Civ. Code §1798.80(e)).
   • Characteristics of protected classifications under California or federal law;
   • Commercial information;
   • Internet or other electronic network activity information;
   • Geolocation data;
   • Professional or employment-related information;
   • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
5. Patriot Act Disclosure.
   To help the Government fight the funding of terrorism and money laundering activities, Federal Law requires all financial institutions to obtain, verify, and record information that identifies each persona who opens an account.

TRACKING TECHNOLOGIES, COOKIES, AND CLEAR GIFS

We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites.

Cookies store small text files onto a user’s computer hard drive with the user’s browser, containing the session ID and other data. Cookies enable a website to track a user’s activities on the website for the following purposes: (1) enable essential features; (2) provide analytics to improve website performance and effectiveness; (3) store user preferences; and (4) facilitate relevant targeted advertising on advertising platforms or networks. Users are free to change their web browsers to prevent the acceptance of cookies. Cookies may also be set within emails in order to track how often our emails are opened.

A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.

Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers and customer affiliates.

You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.
To opt-out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.

PURPOSES FOR PROCESSING PERSONAL DATA

We process personal data to fulfill our contractual obligations in our service contracts with clients and assist our customers in optimizing advanced data analytics and personal financial planning. 

In addition, we process personal data in order to operate our business, including for sales leads, information services, web analysis, security monitoring, and recruitment and employment. Our purpose in processing this personal data is to develop new client relationships, increase our client service and for administrative and other business purposes.

In this context, the legal basis for our processing of your personal data is either the necessity to perform contractual and other obligations or our legitimate business interests as a provider of personal finance software and related services. If personal data processing is related to cookies and other tracking technologies, we rely upon the consent given when we display our cookie banner and the user selects “Accept”. We do not process that category of personal data if the user selects “Decline”.

We may use your data to comply with applicable laws, exercise legal rights, and meet tax and other regulatory requirements. We may also use your personal data for internal purposes, including auditing, data analysis, system troubleshooting, and research.

In these cases, we base our processing on legitimate interests in performing the activities of the organization.

SHARING OF PERSONAL DATA

We might share your personal data with third-party service providers, regulatory bodies, public authorities and law enforcement in the following circumstances:

1. Third-Party Providers.
   We share personal data with third-party providers for their processing in performing functions on our behalf. The categories of third-party providers with whom we share personal data are: Customer Relations Management Software Providers; Lead-generation Service Providers; Data Analytics Service Providers; Technology Software Providers; Data Aggregator Services Providers; Accessor Service Providers; Web Analytics Service Providers, and Security Monitoring Service Providers. In such instances, the providers will be contractually required to protect personal data from additional processing (including for marketing purposes) and transfer in accordance with this Privacy Policy and applicable laws.
2. Research Bodies
   For a limited number of users, who provide their explicit consent, we share personal data with a third party for the purposes of conducting research on financial behavior with an aim to assist the user to monitor and improve financial management.
   Regulatory Bodies, Public Authorities and Law Enforcement.
   We may access and disclose your personal data to regulatory bodies if we have a good-faith belief that doing so is required under regulation. This may include submitting personal data required by tax authorities. We may disclose your personal data in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements.
3. Other Disclosures.
   We may also disclose your personal data to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the resource, of any individual, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations. Disclosures may be made to courts of law, attorneys and law enforcement or other relevant third parties in order to meet these purposes.
   In cases of onward transfer of personal information to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, RIGHT remains liable.
4. California Consumer Privacy Act.
   Pursuant to the § 1798.115 of the CCPA the categories of personal information we have disclosed about consumers for a business purpose in the preceding 12 months are:
   • Identifiers such as a real name, postal address, online identifier, Internet Protocol address, email address;
   • Personal information categories described in the California Customer Records Statute (Cal. Civ. Code §1798.80(e)).
     Characteristics of protected classifications under California or federal law;
   • Commercial information;
   • Internet or other electronic network activity information;
   • Geolocation data;
   • Professional or employment-related information;
   • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
5. Patriot Act Disclosure.
   To help the Government fight the funding of terrorism and money laundering activities, Federal Law requires all financial institutions to obtain, verify, and record information that identifies each persona who opens an account.

STORAGE OF YOUR PERSONAL DATA

Personal data stored for our customers’ personal needs and our own purposes is processed and stored at various locations including on servers located in the United States of America. In the event that personal data is transferred outside of the United States of America, we will ensure that adequate protections are implemented to comply with the GDPR, such as Standard Contractual Clauses. We endeavor to utilize third-party service providers from the United States that have certified with the EU-U.S. Privacy Shield Framework or alternatively provide adequate protections that are compliant with the GDPR such as implementing Standard Data Protection Clauses.

DATA SECURITY

We use industry-accepted standards, protocols and precautions to guide us in implementing technical and organizational measures to protect the personal data that we store, transmit, or otherwise process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems. The practical reality is, however, no data transmissions over the Internet can be guaranteed to be 100% secure. Therefore, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. If we learn of a data breach that is likely to affect the security of your personal data, we may attempt to notify you electronically via email so that you can take appropriate protective steps and/or by posting a notice on our website if a data breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

DATA RETENTION

RIGHT retains the personal data of its customers for a period of time as instructed by the clients for whom RIGHT processes data. Where RIGHT collects personal data for its own purposes, it retains the data for a reasonable period of time to fulfill the processing purposes mentioned above. Personal data is then archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, personal data is deleted from our records. If you wish to request deletion of your data, please contact RIGHT directly. If you want more information about how to contact us, make an inquiry to the address provided at the end of this notice.

We retain personal data that we are required to retain in order to meet our regulatory obligations including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that personal data is only stored and archived in alignment with our retention policy.

PERSONAL DATA RIGHTS

Individuals have the right to access personal data about them and to correct, amend, restrict or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Where you are receiving communication from us of a marketing nature directly related to RIGHT’s business marketing purposes, we provide the ability for you to unsubscribe at the end of the email. You may also contact us directly or through the RIGHT representative with whom you have a relationship to exercise your right to object to marketing communication or to exercise other rights. In addition, where we act as a data controller in relation to your personal data for our general business operations and that personal data is not required for regulatory or legal purposes or the like, we offer you a choice to limit the use and disclosure of your personal data. You may make such a request by contacting the RIGHT representative with whom you have contact or by contacting us directly. Our contact details are provided at the end of this Privacy Policy.

Personal data subject rights under the GDPR applies to individuals in the European Economic Area, granting certain rights which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to the processing of their personal data; and (iii) ask for a copy of their personal data to be provided to them, or a third party, in a digital format. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. Individuals also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.

Personal data subject rights under the CCPA may also apply to certain individuals and households. These rights include the right to: (i) know what personal information is being collected about them; (ii) know whether their personal data is sold or disclosed at to whom; (iii) say no to the personal sale of information; (iv) access their personal information; (v) equal service and price, even if they exercise their privacy rights; (vi) an accurate privacy notice at or before the time of the collection of personal information; (vii) request disclosure of the categories and specific pieces of personal information collected; and (viii) request deletion of personal information subject to certain exceptions.

You may contact us with your personal data inquiries or for assistance in modifying or updating your personal data and to exercise additional statutory rights such as: access, rectification, data portability, objection, processing restriction, and erasure of your personal data. Our contact details are provided at the end of this Privacy Policy.

DISPUTE RESOLUTION

RIGHT participates in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (“Frameworks”), under RIGHT USA, Inc. A list of participants can be viewed by accessing the link below:
https://www.privacyshield.gov/list.

As part of its participation in the Frameworks, RIGHT is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Organizations participating in the Frameworks must respond within 45 days of receiving a complaint. If you have not received a timely or satisfactory response to your question or complaint, please contact one of the independent recourse mechanisms listed below:
JAMS Privacy Shield Program
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.html.

Please note that these independent dispute resolution bodies are designated to address complaints and provide appropriate recourse free of charge to the individual. If a Consumer’s complaint cannot be resolved through RIGHT’s internal processes, RIGHT will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at www.jamsadr.com/international-mediation-rules. JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant personal data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of the personal data of the Consumer who brought the complaint. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over RIGHT. Under certain circumstances, Consumers also may be able to invoke binding arbitration to address complaints about RIGHT’s compliance with the Privacy Shield Principles.

EFFECTIVE DATE AND AMENDMENTS

This document is effective as of the date indicated at the bottom of each page of this Privacy Policy under “Last updated”. This document may be amended from time to time.

CONTACT US

Inquiries may be made to:
Organization: RIGHT USA, Inc.

Contact: Data Privacy Team

Address: 6232 Jack London Circle, Sacramento, California, 95842

E-mail: privacy@rightfinancial.io

Phone: 587-707-3020