ZSUITE TECHNOLOGIES PRIVACY POLICY

Last edited 17th October 2022

Who are we?
ZSuite Technologies, Inc. (“ZSuite”, “us”, “we”), provides digital commercial banking products, enabling technologies, and professional services that help community Financial Institutions in the United States of America (USA) better serve commercial clients. ZSuite respects privacy and is committed to protecting it though compliance with this Policy. Applicable Law requires us to disclose what personal information we collect, and how we collect, share, and protect any personal information we receive from Partnering Financial Institutions or Consumers interacting with the Products or our website or personnel. Definitions are located at the end of this Privacy Policy (the “Policy”).

PLEASE READ THIS NOTICE CAREFULLY, AS IT IS INTENDED TO DISCLOSE OUR INFORMATION COLLECTION PRACTICES FOR BOTH PARTNERING FINANCIAL INSTITUTIONS AND CONSUMERS.

PLEASE READ THIS POLICY IN ITS ENTIRETY BEFORE USING ANY OF ZSUITE’S PRODUCTS.

BY USING ANY PRODUCTS THAT WE PROVIDE TO A PARTNERING FINANCIAL INSTITUTION OR CONSUMER, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND UNDERSTAND THIS POLICY AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS OF THIS POLICY, SIMPLY EXIT WITHOUT ACCESSING OR USING OUR WEBSITE OR ANY OF OUR SERVICES.

Applicability
This Policy applies to any and all interactions with ZSuite (including employment related), any of the Services it provides, and ZSuite Events in which we participate, unless a different policy is posted or is made available and by its terms supplant this Policy.

Other privacy policies, such as those of Third Parties that we contract with for specific services and functionality, may also apply in addition to this Policy.

ZSuite will not share Personal Information (defined herein) with any person or organization except (i) to support the Products and perform necessary services, (ii) for the business purposes described in this Policy, (iii) as authorized by the Consumer, (iv) with the Partnering Financial Institution used by the Consumer, (v) with Third Parties delivering contracted services, (vi) as may be required Applicable Law, or (vii) as otherwise set forth herein.

ZSuite does not sell Personal Information.

This Policy describes the types of information we may collect through any of the Services or ZSuite Events in which we participate, as well as, and our practices for collecting, using, maintaining, protecting and disclosing the information.

What kind of information do we collect?
The information that ZSuite collects is specific to the products that are used by the Consumer and/or licensed by the Partnering Financial Institution. In the past twelve (12) months, the “Personal Information” that we have collected includes:

  • Personal Identifiable Information: Information which identifies the Consumer (e.g. name, address, email address, telephone number, age/age range/date of birth, Social Security Number, photograph, or any other information which is personally identifiable).
  • Non-Personal Identifiable Information: Information gathered via an individual's use of an online product, service, application or website (e.g. browser type, IP address, online navigation, demonstration viewings)
  • Aggregated and Non-Identifiable Information: Information that we may create or compile from various sources, including but not limited to accounts and transactions. This information contains no identifiable elements and is used for our general business and marketing purposes.
  • Nonpublic Personal Information: Information provided by the user during the application process (e.g. name, date of birth, address, email address, telephone number, national identifier or social security number, age / age range or photograph)

Personal Information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 and information excluded from the scope of state laws like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); clinical trial data and specific state laws.

How do we obtain the information?
Information may be obtained from a variety of sources, including the following:

  • Partnering Financial Institutions, their representatives, agents or service providers;
  • Credit bureaus, identity verification providers or other Third-Parties that interaction with ZSuite in connection to the Products;
  • Consumer interactions with any of the ZSuite Products;
  • Interaction with advertising and applications on Third Party websites and services, including those with links to ZSuite; and
  • Cookies, Clear GIFs, Flash Objects, IP Addresses and data entry forms.

Who has access to customer information?
We have strict internal policies against unauthorized use or disclosure of information collected through the ZSuite Products. Information is accessible only to employees who need it to conduct financial affairs, to the employees of the Partnering Financial Institution with whom Consumers have a relationship or to trusted Third Party vendors responsible for everyday business functions. We emphasize the importance of confidentiality through our code of conduct, employee training, operating procedures, privacy policy, oversight and contractual requirements of our Third Parties, as we require all the businesses with which we have a relationship to maintain the confidentiality of Consumer information.

Why does ZSuite need this information?
We maintain information and data about Consumers to maintain the security of Personal Information and to protect against fraud. We need clear and accurate information to be able to positively identify Consumers and authenticate transactions authorized through ZSuite products. We are also required by laws and regulations to gather certain information.

How does ZSuite protect user information?
ZSuite maintains physical, electronic, and procedural safeguards according to established security standards to protect Consumer Personal Information. We encrypt all ZSuite Products user and financial account information stored in our databases. ZSuite also fully complies with all data security requirements of federal law, including the Gramm-Leach-Bliley Act data security regulations.

Are there any regulations allowing disclosure of account information?
Yes. Under current law, we are allowed to share certain information - such as Consumer names, addresses and information about bank accounts – between affiliates and subsidiaries, for marketing or joint marketing purposes, or as necessary to our Third-Parties necessary for routine business activities. In some cases, such as a fraud investigation or in response to a validly issued search warrant or subpoena, we may be required by law to provide certain information to law enforcement agencies.

Why does ZSuite share information with third-party companies?
We use third-parties to support the Products (e.g. host our cloud environments, help us process ZSuite Product payments and perform various identification processes). We may also use outside companies to help us with fraud investigation. Finally, we may share information to market our own Products to Consumers or to jointly market Products with other financial institutions pursuant to an existing joint marketing agreement.

What kind of information does ZSuite share with third-party companies?
The information shared depends on the Product or service we are providing to the Consumer or Partnering Financial Institution. We may share names, addresses, tax identification numbers, or other relevant information, depending on the situation. We will not share any Personal Information with any third-party for the purpose of marketing their products or services.

Will the third parties keep Consumer information confidential?
We will not share information with any company that does not agree to keep the Personal Information of Consumers confidential. We carefully select the third-party companies we work with, and any information that is shared is always subject to strict confidentiality agreement(s). Moreover, it is a violation of federal law for a third party to reuse customer information received from us unless that information is also publicly available elsewhere.

Is it possible to prevent information sharing with third parties?
We do not sell nor rent information to any non-affiliated third-party except through a joint marketing agreement where ZSuite partners with that third party. By law, except as indicated in the Privacy notice provided below, we would not be able to share information without providing Consumers the opportunity to "Opt-Out". However, insofar as we do not share information with such parties, Consumers do not need to take any action to prevent sharing of such information.

Will I receive a Privacy Notice in the mail every year?
Under the Privacy Rule (Regulation P) issued under the Gramm-Leach-Bliley Act, ZSuite is required to provide an initial Privacy notice to ZSuite Product users prior to providing any information to a non-affiliated party for joint marketing purposes. However, recent changes to federal law make additional annual notices unnecessary unless ZSuite further edits or changes its Policy.

Definitions
The following definitions applies to Consumer or Partnering Financial Institution interactions with ZSuite or any of the Products, unless a different policy is posted or is made available and by its terms supplants this Policy.

Affiliates: Companies related by common ownership or control, both financial and non-financial entities.

“Applicable law” means, as applicable, (i) court orders; and (ii) federal, state, and local laws, rules, regulations, and requirements of any governmental authority or other administrative or regulatory organization which is applicable to ZSuite and the Products.

Consumers: Any current or prospective customers or members of Financial Institutions or ZSuite that currently use the Products, or may use them in the future.

Cookies: Cookies are alphanumeric identifiers that are transferred to a computer’s hard drive through the web browser for tracking and record-keeping purposes. These Cookies, however, do not store any PERSONAL INFORMATION. We use three different types of Cookies: (1) Session Cookies: exist only during an online session and allow storage of online activities and verify an identity while using a website; (2) Persistent Cookies: remain on the computer after the browser has been closed or the computer has been turned off and track aggregate & statistical information about activity which may be combined with other information; and (3) Third Party Cookies: We also may engage Third Parties, including, without limitation, Google Analytics, to track and analyze non-indefinable information website data. We use the data collected by such Third Parties to help administer and improve the quality of the Products and to analyze usage. We do not have access to or control over these Third-Party Cookies, nor does this Privacy Policy cover such Third Parties’ use of data.

Clear GIFs (aka Web Beacons/Web Bugs, Pixel Tags): Clear GIFs are tiny graphics with a unique identifier, similar in function to Cookies, and are used to track the online movements of web users. In contrast to Cookies, which are stored on the computer’s hard drive, Clear GIFs are embedded invisibly on web pages.

Partnering Financial Institutions: Banks and/or credit unions that contract for the Products.

Flash Objects (or Local Shared Objects): These objects help us determine and recognize the browser type and version of Adobe Flash so that one can view “moving content” such as online demonstrations and tutorials on the device when logged onto or return to a website.

IP Address: A number that is automatically assigned to the device used by an Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever someone visits a website, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the internet and is done automatically by many websites. We use IP Addresses for purposes such as calculating website usage levels, helping diagnose server problems, compliance and security, and administering our Products.

Joint Marketing: A formal agreement between non-affiliated financial companies, or Third Parties that together market financial products or services to Consumers.

Non-Affiliates: Entities not related by common ownership or control, both financial and non-financial entities.

Products: Collectively refers to any and all of ZSuite’s products, services, applications and/or websites that ZSuite powers independently or on behalf of Financial Institutions.

Third Parties:  Any agents, vendors, subcontractor, licensor, or other representatives that ZSuite engages to develop, deliver or support the Products or capabilities.

Privacy Policy Facts-1Privacy Policy Fact cntd