Origence Privacy Policy and Notice


Effective date November 8, 2023


About US


CU Direct Corporation dba Origence for itself and its wholly owned affiliates, with the exception of FI Connect, LLC (collectively, “Origence”), is a third-party service provider to automotive dealerships and certain financial institutions, (our “Clients”) on whose behalf we collect personal information pursuant to a written contract, and where the automotive dealership and /or financial institution determines the purpose and means of processing the personal information. When we receive or process information on behalf of our Clients, the processing of that information is governed by our Client’s privacy notice and our Clients are solely responsible for taking action or making changes to any consumer information that is submitted through our systems.


Our Commitment to Your Privacy


Our goal is to protect the privacy of our Clients, and their customers. This Privacy Policy is in effect for information we collect and/or own through our website, online services, third-party providers, or applications submitted by our Clients (collectively, “Information Channels”). This Privacy Policy may be updated or modified at any time and shall become effective once the Privacy Policy is made available for viewing.

This Privacy Policy and Notice (“Privacy Policy”) describes:

  • How and why we collect certain information from you via our Services;
  • How we use and with whom we share this information;
  • How you can access and update this information
  • The choices you can make about how we collect, use and share your information.
  • How we safeguard your information.

How to Contact us


If you have any questions regarding this Privacy Policy or our information collection and use practices, please contact us at privacy@origence.com, OR 1-833-908-0121 and follow the telephone prompts OR by mail at Origence, 18400 Von Karman, Suite 900, Irvine, CA 92612, Attn: PRIVACY.


Safeguards


Origence maintains industry safeguards, in accordance with applicable federal and state laws and regulations, to keep your personal information safe and secure. When we provide personal information to financial entities, our affiliates, or third-party service providers, we require that these parties agree to process and keep the information in compliance with applicable privacy laws. The use of your information by our business partners may be subject to that party’s own privacy notice. Unless we are permitted by law, we will not disclose the information we collect about you from consumer or credit reporting agencies, without your consent. For certain online features or services, such as those that that may include personal information, we require the use of username/password and/or encryption technologies for the protection of your personal information. You are responsible for protecting your username, password, and other user account information from disclosure to third parties, and you are restricted from circumventing the use of required encryption technologies. You agree to: (a) immediately notify us at privacy@origence.com of any unauthorized use of your username, password, and/or user account information, and/or any other breach of security; and (b) make sure that you log out from your user account at the end of each session. While we may provide certain safeguards to protect your confidential information, we do not and cannot guarantee or warrant that any information transmitted through the Internet is secure, or that such transmissions are free from delay, interruption, interception or error.


Types of Information Collected


To perform our services, we may collect certain information from you, and third parties we engage may also collect such information for the purpose of hosting, configuring, maintaining, operating, administering, designing and supporting our systems, and to provide services to the financial entities with whom you do business. We do not share your personal information with third parties other than as set forth in this Privacy Policy. Each financial entity’s privacy notice shall apply to you and your personal information, and you should refer to those privacy notices to understand how the financial entity uses and processes your personal information. Origence is not responsible, nor liable, for the practices, privacy notices and their content, of third parties, including the financial entities with whom we, and you, do business.

Personal information that Origence may collect includes, but is not limited to, the following categories of information:

  • Contact (i.e., first/last name, mailing or property address, phone number, email address)
  • Financial Transactions (i.e., loan number, account number).
  • Other personal information required by financial entities in order to provide services to you.

Browsing Information


Like most online services, we collect standard technical, information when you use our services, including, but not limited to unique device identifiers, internet protocol (IP) addresses, browser types, internet service providers (ISPs), the number and duration of page visits and the number of clicks. We may use cookies, which are small pieces of data stored on your device which include an anonymous unique identifier, for session purposes. We may use tracking systems for certain systems, and we recognize Do Not Track requests from internet browsers or similar devices with regard to consumers, but not for financial institution employees acting within the scope of their employment.


How We Collect Information


Information about you may be collected by Origence from the following sources:

  • Applications or other forms we receive from you or your authorized representative.
  • Correspondence you or others send to us.
  • Information we receive through our Information Channels, financial institutions, and third-party providers.
  • Information from consumer or other credit reporting agencies and public records maintained by government entities that we obtain directly from those entities, including your credit worthiness and credit history.
  • Information we receive from other sources, as permitted by applicable, laws, and regulations.

Use of Collected Information


The information we collect from you, or others on your behalf, is used for the following business purposes:

  • To provide products and services to you or any financial entity or other third party who is obtaining services on your behalf, or in connection with a transaction involving you.
  • To communicate with you regarding your transaction or our products and services.
  • To improve our products and services.
  • To personalize your user experience regarding our Information Channels.

When Information is Disclosed


We are permitted by law to provide your personal information to various companies and individuals, without obtaining your permission. Certain laws do not allow you to restrict these disclosures. In the section below entitled “Your Information Choices,” we share with you how to limit certain disclosures of your personal information. Origence may disclose information including, but not limited to, the following situations, to affiliates and third parties, unless otherwise restricted by applicable law:

  • To third parties to provide you with services you have requested, and to enable us to detect or prevent fraud, misrepresentation, or criminal activity.
  • To third parties that provide services on our behalf and use the information only in connection with such services.
  • To law enforcement or other government authorities in connection with an investigation, civil or criminal subpoena, or court order.
  • To other third parties with whom you have given us written, including electronic authorization to disclose your personal information.
  • To investigate potential unauthorized use of our Information Channel.
  • To share and use, for any purpose, the personal information if it is in an aggregated, anonymized form, so that you are not identified (collectively, “De-Identified Data”).
  • In connection with a sale, transfer or other disposition of all or part of Origence’s business/assets, or in the event of bankruptcy, reorganization, receivership, insolvency, or assignment for the benefit of creditors.
  • For any purpose disclosed by us to you when you provide the information, and as directed by you, or with your permission.
  • (i) to understand and analyze trends and preferences; (ii) to monitor and analyze our services’ effectiveness; (iii) to improve our services and develop new products, services, features, and functionality; (iv) to personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our services, and (v) to provide customized content and information.

Your Information Choices


You consent to the collection and use of your information by Origence in compliance with this Privacy Policy by your submitting personal information to Origence, or using our services, unless you inform us otherwise, as allowable by law. Your available information choices are set forth below. Origence may use your personal information for the following purposes, which such use cannot be limited by you:

  • For our everyday business purposes – to process services, respond to law enforcement or other government authorities regarding an investigation, and subpoenas or court orders.
  • For our own marketing purposes.
  • For joint marketing with financial companies.
  • For our affiliates’ everyday business purposes, we may share information about your transaction and experiences.

You may choose to prevent Origence from disclosing or using your personal information in the following circumstances:


  • For our affiliates’ everyday business purposes – information about your credit worthiness.
  • For our affiliates to market to you.

Updates and Corrections


To update or correct your personal information we maintain for our own business purposes, please refer to the “How to Contact Us” section at the beginning of this Privacy Policy. Please be advised, in those cases where we are acting as a third-party service provider to a financial institution, you must contact your financial institution to update or correct your personal information. See the “For California Residents” section below for additional information.


For California Residents

California Privacy Policy and Notice at Collection


Effective and updated as of November 8, 2023

The California Consumer Privacy Act (CCPA) of 2018 gives California (CA) consumers certain rights over their personal information as detailed below. Under the CCPA, Origence is a third-party service provider to automotive dealerships and certain financial institutions (“Clients”), on whose behalf we collect personal information pursuant to a written contract, and where the Client determines the purpose and means of processing the personal information. When we receive or process information on behalf of one of our clients, the processing of that information is governed by our client’s privacy notice. The client is solely responsible for making changes to any consumer information that is submitted through our systems and verifying your CCPA requests prior to submitting them to us.

The CCPA provides the following consumer rights:

Right to Know about the personal information a business collects about them, how it is used or shared. If we receive a verified request, you have not made this request more than twice in a 12-month period, and the information is subject to the CCPA, we will disclose to you:

  • The categories of personal information we collected about you in the last 12 months.
  • The categories of sources from which your personal information was collected.
  • Our business or commercial purpose for collecting, using or disclosing your personal information.
  • If we disclosed your personal information for a business purpose, the categories of personal information disclosed in the last 12 months.
  • The categories of third parties with whom we disclose your personal information in the last 12 months.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold your personal information, the categories of personal information sold and the categories of third parties to whom personal information was sold.

Origence does not and has not, within the preceding 12 months, “sold” or “shared” consumer’s personal information to “third parties,” as such terms are defined in the CCPA, for a business or commercial purpose.

We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us, or the security of our systems or networks.


Information We Collect. Information that Origence may collect includes, but is not limited to, the following categories of personal information or sensitive information within the last 12 months:


Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.    YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.    YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).    YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.    YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.    NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.    YES
G. Geolocation data. Physical location or movements.    YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.    NO
I. Professional or employment-related information.

Current or past job history or performance evaluations.

Information collected about you through your employment application or employment with us.

   YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Performance management information such as employment status (full-time or part-time, regular or temporary), work schedule, job assignments, hours worked, accomplishments and awards, training and development, performance evaluation, employment termination.    YES
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.    NO
L. Sensitive Personal Information Personal information that reveals a person’s social security, driver’s license, state identification card, passport number; an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a person’s genetic data; and/or biometric data processed for the purpose of uniquely identifying a person.    YES

Sources of Personal or Sensitive Information.


We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you or your agents. For example, from documents that our clients provide to us related to the services for which they engage us on your behalf.
  • Indirectly from our clients or their agents. For example, through information we collect from our clients, in the course of providing services to them.
  • Directly and indirectly from activity on our systems and/or websites. For example, from submissions through our website portals or website usage details collected automatically.
  • From third-parties that interact with us in connection with the services we perform.

Business Purpose for Disclosing Personal or Sensitive Information.


Disclosure of your personal information may be made (or may have been made in the preceding 12 months) to these categories of our affiliates, and non-affiliated third parties for a business purpose, unless otherwise restricted by applicable law:

  • To third parties to provide you with services you have requested, and to enable us to detect or prevent fraud, misrepresentation, or criminal activity.
  • To contracted third parties that provide services on our behalf and use the information only in connection with such services.
  • To law enforcement or other government authorities in connection with an investigation, civil or criminal subpoena, or court order.
  • To other third parties with whom you have given us written, including electronic authorization to disclose your personal information.
  • To investigate potential unauthorized use of our Information Channel.
  • To share and use, for any purpose, the personal information if it is in an aggregated, anonymized form, so that you are not identified (collectively, “De-Identified Data”)
  • In connection with a sale, transfer or other disposition of all or part of Origence’s business/assets, or in the event of bankruptcy, reorganization, receivership, insolvency, or assignment for the benefit of creditors.
  • For any purpose disclosed by us to you when you provide the information, and as directed by you, or with your permission.(i) to understand and analyze trends and preferences; (ii) to monitor and analyze our services’ effectiveness; (iii) to improve our services and develop new products, services, features, and functionality; (iv) to personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you use our services, and (v) to provide customized content and information.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Category A: Identifiers
  • Category B: California Customer Records personal information categories
  • Category C: Protected classification characteristics under California or federal law
  • Category D: Commercial information
  • Category G: Geolocation data
  • Category I: Professional or employment-related information
  • Category J: Non-public education information
  • Category L: Sensitive Personal Information

To the extent that you are a current or former employee or applicant, Origence may use your personal or sensitive personal information for the following purposes:

  • To collect equality and diversity information, such as minority, veteran and disability status, through voluntary self-disclosure and other means to implement the Company’s diversity programs and comply with applicable laws.
  • To administer and provide compensation, benefits, and other work- related allowances, as applicable.
  • To manage our information technology (g., computers, phones, company systems, and applications) and information security, including the helpdesk, corporate directory, IT support, fraud prevention, and information security.

Right to Delete personal information collected about them, subject to certain exceptions. Once we receive a verified consumer request, we will erase your personal information from our records, unless an exception applies, or if we have de-identified or aggregated the personal information. There may be instances where applicable law and regulatory requirements allow or require us to retain personal information. We may deny a deletion request if it is necessary for us or our service providers to maintain your personal information for any of the reasons set forth in the CCPA.

Most of the personal information Origence obtains is subject to the CCPA exemptions for personal information subject to the Gramm-Leach-Bliley Act (“GLBA”) and the Fair Credit Reporting Act (“FCRA”).

Right to opt-out of the sale or sharing of their personal information. Origence does not “sell” or “share” consumer personal information.

Right of Non-Discrimination for exercising their CCPA rights. We will not discriminate against you for exercising any of your rights in this Privacy Policy and under applicable laws.

Right to Correct inaccurate personal information. To update or correct your personal information in our possession, please refer to the “How to Contact Us” section at the beginning of this Privacy Policy. If you are receiving consumer services, please contact your financial institution for questions or to exercise your CCPA rights.

Right to Limit use of sensitive personal information collected about them. Origence does not use or disclose sensitive personal information for purposes other than those expressed herein or otherwise permitted by applicable law.

Data Retention. Our retention periods are based upon business needs and legal requirements. We retain information for as long as is necessary for the purpose(s) for which the information was collected, and any other permissible related purpose.

Information From Children. We do not intentionally collect information from children who are under the age of 16, and neither our website nor our services are directed to children under the age of 16.

Exercising Your Rights. If you are receiving consumer services, please contact your financial institution to exercise your CCPA rights.

To exercise your rights for personal information that we collect, use and process for our business purposes, please submit a verifiable consumer request to us. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

A verifiable consumer request must:

  • Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

You may submit your request in either of these following methods:

By email: clientsupport@origence.com

By toll free number: 877-744-2835 option 1

Consumers with disabilities may contact us using any of the contact information provided below to receive this notice in an accessible format.

When using an Authorized Agent. You may designate an authorized agent to make a request under the CCPA on your behalf. You will need to provide the authorized agent written permission to make requests on your behalf, and the agent will need to verify their own identity. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.