CONNEX MARKETS, INC. PRIVACY NOTICE
Last Updated: January, 14 2022
This Sites is owned and operated by Connex Markets, Inc. [and its affiliates] (“CXM”, the “Company”, “we”, “us” or “our”). We at CXM respect and protect the privacy of visitors to our Sites, and the privacy of our customers. This Privacy Notice describes our information handling practices when we collect, access, share, retain, dispose of, and otherwise process individuals’ personal information. This Privacy Notice applies to all personal information that we collect through the CXM Sites (the “Sites”) and through any other means, including through third parties. Your use of the CXM Sites and our services is subject to this Privacy Notice and the Terms of Service.
Please review this Privacy Notice carefully. If you have any questions about it, please submit an email to privacy@connexmarkets.com.
This Privacy Notice describes and sets forth our policies on the following topics:
1. Your Acceptance of This Privacy Notice
2. Types of Personal Information and Technical Data We Collect
3. How and Where We Collect Your Personal Information
4. Purposes For Which We Process Your Personal Information
5. Personal Information That We Disclose to Third Parties
6. Personal Information That We Obtain from Third Parties
7. Updating, Accessing, and Storing Your Personal Information / Data Retention
8. Security
9. Children
10. Choice/Opt-out
11. Special Notice to California Residents
12. Special Notice to Nevada Residents
13. Special Notice to Vermont Residents
14. Special Notice to Individuals in the European Economic Area
15. International Data Transfers of Personal Information
16. Business Transfers of Personal Information
17. Modifications to This Privacy Notice
18. Contact Information
1. Your Acceptance of This Privacy Notice
By providing your personal information to us or by using our lending platform services (the “Services”), either as a potential borrower or as a potential lender, you signify your acceptance of this Privacy Notice. We may provide additional “just-in-time” disclosures or information about the data processing practices of specific Services. These notices may supplement our privacy practices as described herein.
If you do not agree with or you are not comfortable with any aspect of this Privacy Notice, you should immediately discontinue access or use of our Services, and you should not provide any of your personal information to us.
2. Types of Personal Information and Technical Data We Collect
To establish an account and access our Services, we will ask you to provide us with some important information about you and your business. We may collect the following personal data from our customers and from others who interact with the Company.
As we add new features and Services, you may be asked to provide additional information.
If you do not provide your personal data to us when requested, we may not be able to provide our Services to you. We may also not be able to perform any contract we have (or are trying to enter into) with you.
When you visit any of our Sites, our servers automatically gather information from your browser (such as your IP addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks) to analyze trends, administer the site, prevent fraud, track visitor movement in the aggregate, and gather broad demographic information. For example, we may log your IP address for system administration purposes. IP addresses are logged to track a user´s session. This gives us an idea of which parts of our Site users are visiting.
In addition, we may automatically receive and record the following information on our server logs:
We may also use identifiers to recognize you when you access our Sites via an external link, such as a link appearing on a third-party site.
Our Sites may collect information through "cookies." Cookies are small strings of text that are sent by our Sites to your browser and then stored by your browser on your computer's hard drive. We use cookies to help diagnose problems with our servers and to administer our Sites. We also use cookies to gather broad demographic information and to help identify you (by certain personally identifiable information) in respect to visits to our Sites, so that we may improve your user experience, and to determine whether you visited our Sites from a particular Internet link or advertisement.
We may also use small bits of code called "one-pixel gifs," "clear gifs," or "web beacons" embedded in web pages to gather certain web site information. Information may also be collected passively in the form of log files that record Sites activity, including how many "hits" a particular web page is getting (a.k.a., "click-through data"). For example, log file entries are generated every time a user visits a particular page or clicks an image on our Sites. These entries enable us to track a particular user's visits to a web page, assess overall Site activity, track user interest in portions of our Sites, troubleshoot technical concerns, and identify the type of browser you are using. We may also use the log file entries for our internal marketing and demographic studies, so we can constantly improve our Sites.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. If you disable cookies, some features of our Sites may become disabled, and some aspects of our Sites may not function properly. Deleting cookies does not necessarily delete Flash objects. You can learn more about Flash objects – including how to control and disable them – through the Adobe interface. If you choose to delete Flash objects from our Sites, then you may not be able to access and use all or part of our Sites or benefit from the information and services offered.
We may use anonymized or aggregate customer data for any business purpose, including to better understand customer needs and behaviors, improve our products and services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third parties. Types of data we may anonymize include transaction data, click-stream data, performance metrics and fraud indicators.
3. How and Where We Collect Your Personal Information
We may obtain personal information about you from the following sources:
From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include:
4. Purposes For Which We Process Your Personal Information
The purposes for which we process your personal information include the following:
a) To provide the Services
We process your personal information to provide the Services to you. For example, when you wish to seek a loan from one of our lending partners, we require certain personal information as described in Section 2 above. We cannot provide you with Services without such information.
b) To maintain legal and regulatory compliance
Our Services are subject to laws and regulations that require us to collect, use and store your personal information in certain ways. For example, we must identify and verify customers using our Services to comply with commercial lending laws across jurisdictions. In addition, we use third parties to verify your identity by comparing the personal information you provide against third-party databases and public records. When you seek to link a bank account to your CXM account, we may require you to provide additional information that we may use in collaboration with service providers acting on our behalf to verify your identity or address, or to manage risk as required under applicable law. If you do not provide personal information required by law, we reserve the right to close your account and terminate our Services to you.
c) To enforce this Privacy Notice, our Terms of Service and our other agreements with you
CXM handles sensitive information, such as your identification and financial data, so it is very important for us and our customers that we actively monitor, investigate, prevent and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties or prevent and detect violations of our Terms of Service and our other agreements with you and other parties.
d) To detect and prevent fraud
We process your personal information to help detect, prevent and mitigate fraud and abuse of our services and to protect you against account compromise or information loss.
e) To provide Service communications
We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your account that may affect how you can use our Services. You may not opt-out of receiving critical service communications, such as emails sent for legal or security purposes.
f) To provide customer service
We process your personal information when you contact us to resolve any questions or disputes or to troubleshoot problems.
g) To ensure quality control
We process your personal information for quality control and staff training.
h) To ensure network and information security
We process your personal information to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations.
i) For research and development purposes
We process your personal information to better understand the way you use and interact with our Services. In addition, we use such information to customize, measure, and improve our Services and the content and layout of our Sites and applications, and to develop new services.
j) To engage in marketing activities
Based on your communication preferences, we may send you marketing communications (e.g., emails or mobile notifications) to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers.
In addition to the foregoing, we may use your personal information for any other legally-permitted purpose
5. Personal Information We Disclose to Third Parties
We may share your personal or business information with one or more third parties for a business or other legal purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal or business information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
a) Disclosure that is required by law
We may disclose information you provide if required to do so by law, at the request of a third party, or if we believe that disclosure is reasonable to (1) comply with the law, requests or orders from law enforcement, or any legal process (whether or not such disclosure is required by applicable law) and
(2) protect or defend CXM´s or a third party´s, rights or property.
b) Lenders or brokers
By signing up for our Services or submitting a request for a business loan product or service as offered on the Sites, you signify your agreement to proceed and that you agree to the disclosure of you information with lenders and brokers within our network. We will not perform a credit check without your authorization. Please be aware that the lenders, brokers or other service providers with whom you are matched and with whom your information is shared may retain your information, even if you do not enter into an agreement for their products or services. Please contact each such party directly to obtain their privacy and information policies. Also, if you enter into an agreement with a lender, broker or other service provider through our Services and make changes to the information you have provided to us, we may share the updated information with such lenders, brokers and service providers.
c) Disclosure to third parties
Upon completing a profile on the Sites, and filling out an application, you may receive various marketing materials from our trusted third parties, including potential lenders and service providers. A list of those partners can be received upon formal request. We are not responsible for the material of the third parties or their actions. Your information will be treated as private and confidential by such third parties. If you do not wish to receive offers from our trusted partners, you can change your e-mail preferences at any time by following the steps outlined in the “Choice/Opt-Out” section below.
d) Sharing Certain Data on an Anonymized Basis
We may share personal data on an anonymized basis with other potential borrowers and other potential lenders understand the state of the loan market.
e) Our Service Providers
We engage various service providers under contract who help us with parts of our business operations. Examples of the types of service providers with whom we may share personal information include:
Our contracts require these service providers to only use the personal information we provide to them in connection with the services they perform for us, and prohibit them from selling your information to anyone else.
6. Personal Information We Obtain from Third Parties
We purchase data about our customers from third parties and combine it with information we already have about you, to create more tailored advertising and products.
If you provide information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Any information obtained from a third party will be used to assist matching your business with various lenders.
The Sites contain links to other Sites that are maintained by third parties. These third parties are solely responsible for their own Sites and we encourage you to reach out to such third parties for copies of and information regarding their security practices. We do not control, and are not responsible for, the privacy and security practices of these third parties.
If you authorize one or more third party applications to access your Personal Information stored by CXM, then information you have provided to CXM may be shared with those third parties. Unless you provide further authorization, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using CXM Services. Please note that third parties you interact with may have their own privacy policies, and CXM is not responsible for their operations. Information collected by third parties, which may include such things as contact details, or other personal information, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
Examples of account connections include:
Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Please review the privacy notice of any third-party that will gain access to your personal information.
7. Updating, Accessing and Storing Your Personal Information / Data Retention
We retain your personal data as needed to provide Services to you, and we store your personal and business information securely throughout the life of your CXM account. You may update or access your profile information at any time by logging into your account and making any change or update.
If you want to stop using our Services, you may deactivate it or delete it. When you deactivate an account, your information will not be sent to any further lenders, brokers, or other third parties, but the information will not be deleted. By deactivating your account you will have the ability to restore the account in its entirety.
We may retain your personal data after our Services are completed, if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between us and you or any third party, resolve any disputes between users, prevent fraud and abuse, or enforce this Privacy Notice, the Terms of Service or our agreements with you, and for as long as is necessary to provide support-related reporting and trend analysis. We also retain personal data if requested by law enforcement or as required under applicable law, regulation or legal process. For example, certain federal and state regulations require that we maintain a record of your information for certain periods of time. Because of these regulations, we may be unable to completely delete your information from our database until the time requirements of these regulations have expired.
Any removed information may persist in our backup files but will not be generally available to users. We will not endeavor to delete any information that is stored in our backup files.
8. Security
We use reasonable efforts to ensure the security of our systems. The Company employs reasonable physical, electronic and administrative safeguards to protect the information we receive from you from unauthorized disclosure. Internet data transmission is not always secure and we cannot warrant that information you transmit utilizing the Sites is secure.
Do not share your account login or password with any other individual. Your account login and password is sensitive and your sharing of your account information may lead to additional exposure to your account.
9. Children
We do not intend for children under 18 years of age to use our Sites or our Services. The Company does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18 years of age, please do not send any information about yourself to us.
By using our Services and our Sites, you represent that you are at least 18 years of age.
10. Choice/Opt-Out
You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instruction included in these emails or you can contact us at privacy@connexmarkets.com .
You can choose not to provide us with certain information, but this will likely result in the inability to use certain features of the Sites and to obtain the services and products you are seeking. As a general matter, do not post personal information on public forums. You are solely responsible for the posting of any personal information on public forums.
If, after signing up for our Services, you decide you no longer wish to receive our services or future contact from lenders, brokers or other third parties to which your information has been referred, you may cancel your account as discussed herein. Upon cancelling your account, your information will no longer be sent to lenders, brokers, or other third parties. This does not guarantee that these lenders, brokers, or other third parties will cease contacting you or using your information. Please be sure to reach out to all lenders, brokers or other third parties to ensure they cease contacting you.
11. Special Notice to California Residents
If you are a California resident, California law provides you with additional rights regarding our use of your personal data. To learn more about your California privacy rights, please see our Privacy Notice Supplement for California Residents Only¸ which is attached hereto. California Civil Code Section 1798.83, known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge.
12. Special Notice to Nevada Residents
We currently do not “sell” data (such as name, address, social security number or online service activity) that triggers the opt-out requirements of Nevada Revised Statutes Chapter 603A. This means that we do not exchange personal data of Nevada residents for monetary consideration to a recipient, for that recipient to license or sell such covered personal data to third parties.
13. Special Notice to Vermont Residents
Vermont law places additional limits on sharing information about Vermont residents so long as they are residents of Vermont. In accordance with Vermont law, we will not share information we collect about Vermont residents to companies outside of CXM and its affiliates except: (1) as permitted by law; (2) to companies that perform marketing or other services on our behalf; (3) name, contact and transaction and experience information to other financial institutions with which we have joint marketing agreements; or (4) with the authorization or consent of the Vermont resident. We also will not share non-transactional information about Vermont residents received from others within the CXM family of companies except with the authorization or consent of the Vermont resident.
14. Special Notice to Individuals in the European Economic Area
Under the General Data Protection Regulation (the “GDPR”), individuals in the European Economic Area (“EEA Individuals”) have certain rights in relation to their personal data, which are summarized below. These rights are subject to your exercising them in good faith and are subject to our legitimate interests or other valid basis to continue processing your personal data, in accordance with our policies and applicable law.
Our lawful basis for processing your personal data are: (a) performance of any contract we are about to enter into or have entered into with you, (b) it is necessary for our legitimate interests, (c) we must comply with applicable legal or regulatory obligations, or (d) we have received your consent.
EEA Individuals who wish to exercise any of the rights they have under the GDPR should contact us in writing by email. Our email address is shown at the end of this Privacy Notice. We may need to request specific information to help us confirm your identity, so that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
Generally, EEA Individuals do not have to pay a fee to exercise the rights described below. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 12
EEA Individuals may lodge a complaint with the appropriate regulatory body or supervisory authority in the country where they reside, where they work, or in the place of the alleged infringement of the law.
If asked by an EEA Individual and if we are obligated to do so under applicable law, we will inform that individual about whether we are processing his/her personal data. If we are processing such EEA Individual’s personal data, we will provide access to the personal data that we have about that individual. If you request additional copies of your personal data, we may charge you a reasonable fee.
If the personal data we hold about an EEA Individual is inaccurate or incomplete, that individual may ask us to have it corrected.
EEA Individuals may request that we erase (i.e., delete or remove) their personal data in certain circumstances. If you are legally entitled to erasure, and if we have shared such personal data with third parties, we will take reasonable steps (taking into account available technology and the cost of implementation) to inform such third parties of your request, to the extent we are required to do so by applicable law.
EEA Individuals have the right to restrict the processing of their personal data in certain circumstances, such as if they contest the accuracy of that personal data, if the processing of the personal data is unlawful, or if we no longer need the personal data for our business purposes. If you are legally entitled to restriction, and if we have shared your personal data with others, we will use reasonable efforts to inform such third parties of your request, if we are required to do so.
EEA Individuals may ask to receive their personal data from us, where the legal basis of our processing is their consent, and where we carry out the processing of their personal data by automated means. If EEA Individuals so request, we may transmit their personal information directly to another organization if it would be technically feasible to do so.
EEA Individuals may object to the processing of their personal data where we are relying on a legitimate interest (or those of a third party). As noted above, you also have the right to object (i.e., opt out of) our processing of your personal data for direct marketing purposes.
EEA Individuals have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us. We do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.
There are certain types of personal data that require a higher level of protection, known as “special categories” of personal data under the GDPR. We do not process special categories of personal data unless (a) we have obtained such individuals’ explicit consent or (b) we are otherwise legally permitted to do so. We do not collect personal data about criminal convictions and offenses, unless revealed by due diligence conducted to comply with a legal or regulatory obligation or unless we are authorized to do so under applicable law.
In certain circumstances, EEA Individuals have the right to withdraw their consent to our processing of their personal data. However, withdrawal of consent will not affect the lawfulness of any processing that had been carried out before consent is withdrawn. Moreover, if we rely on another legal basis (e.g., performance of a contract or legitimate interest) to process your personal data, we may continue to process your personal data in accordance with such other legal basis even after you withdraw your consent. If you decide to withdraw your consent, we may not be able to provide our Services to you.
15. International Data Transfers of Personal Information
We are based in the United States and our computer servers are located in the United States. Accordingly, all personal data in our possession and control is collected and processed by us in the United States. Any party that provides personal data to us is thereby transferring such data to the United States and is consenting to the transfer of their personal data to the United States. Individuals who access the Sites from outside the United States do so on their own initiative and are responsible for compliance with local laws, rules and regulations.
16. Business Transfers of Personal Information
We may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal data and technical information may be disclosed to any potential or actual third party purchasers of such assets or may be among those assets transferred. We may also share or transfer personal data and technical information in connection with a merger, divestiture, reorganization or other disposition (whether of assets, stock or otherwise), or in the event of our bankruptcy or other insolvency proceeding.
17. Modifications to This Privacy Notice
We may update this Privacy Notice at any time and at our sole discretion. Any such modifications or updates will be effective upon posting on the Sites. You are responsible for checking the Sites for any updates to this Privacy Notice. If we modify this Privacy Notice, your continued use of the Sites will signify your acceptance of the modified Privacy Notice.
18. Contact Information
You can contact us about this Privacy Notice by writing, by telephone or email us at the address below:
ConnexMarkets, Inc.
9 West Broad St, Third Fl
Stamford, CT 06413
Email: privacy@connexmarkets.com
CONNEX MARKETS, INC. PRIVACY NOTICE SUPPLEMENT FOR CALIFORNIA RESIDENTS ONLY
Last Updated: December 31, 2021
This Privacy Notice Supplement for California Residents Only (this “Supplement”) supplements the Privacy Notice (the “General Privacy Notice”) of Connex Markets, Inc. (“CXM”, the “Company”, “we”, “us” or “our”), and applies solely to individuals who are residents of the State of California (such individuals, ”Consumers” or “you”). This Supplement addresses your rights under the California Consumer Privacy Act of 2018 (“CCPA”). This Supplement does not apply to individuals who are not residents of the State of California. Capitalized terms used but not otherwise defined in this Supplement have the meanings given to them in the General Privacy Notice.
Certain information that we collect, process or disclose pursuant to the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, Cal. Fin. Code § 4050-4060 (“Financial Information”) is not subject to the CCPA.