Branch operates the Website and the associated mobile app (and any other connected devices related to the services) for offering banking services and other products (the “Branch Service” or “Service”). The MasterCard debit cards and related banking services are offered by Evolve Bank & Trust, member FDIC (“Evolve”), as card issuer and depository, which we market and assist you to obtain as part of our Service offering. Our Terms of Service (available at http://www.branchapp.com/terms ), contain more detail about the Branch Service that are available to you.
In this Policy, we will outline and describe the following with respect to the personal information that we collect:
We obtain personal information about you in various ways, such as when you visit our Website or use the mobile app, or when you use the Branch Service. We also may obtain personal information about you in other ways, such as when you call, mail, or email us. In addition, we may obtain information about you when you transact with your debit card or conduct other business with us in connection with the Service.
The types of personal information we may obtain includes:
When you use our mobile app, we also may collect certain information by automated means, such as through device logs, server logs, and other technologies. The information we collect in this manner may include the device type used, the mobile operating system, device identifiers and similar unique identifiers, device settings and configurations, IP addresses, battery and signal strength, usage statistics, referring emails and web addresses, dates and times of usage, actions taken on the app, and other information regarding use of the app. In addition, as indicated above, we may collect your device’s geolocation information. Your device’s operating platform may provide you with a notification when the app attempts to collect your precise geolocation. Please note that if you decline to allow the app to collect your precise geolocation, you may not be able to use all of the app’s features (like ATM locations near you).
We may also collect information about you from any social network or other platform. Further, we may associate this personal information obtained from these sources with the other personal information we have collected about you from other sources as described in this Policy. We do not control or supervise how these third-party sources process your personal information, and any request that you have regarding the disclosure of your personal information from them to us should be made directly to those third parties (such as Facebook or LinkedIn).
In addition to the information that we collect as described above, we also collect information about you from our third-party integrators and vendors, such as Google Analytics and similar services. Personal information that we collect through these channels includes, for example, IP address, access times, browser type and language, device type, and device identifiers.
For each of the categories of personal information set forth in Section I above, we use your personal information in order to provide you with the Branch Service. In addition, we may use your personal information for the following purposes:
In using your personal information, we may share some or all of it with authorized representatives of Evolve, your workplace or wherever you are providing services, and other entities that you may designate whose activities relate to the Branch Service. Please refer to Section III of this Policy below for a full description of our information sharing practices.
Except as set forth in this section, Branch does not share, sell, or rent personal information it collects about you to or with third parties.
A. Bank Partner:
B. Per your instruction or use of the Services/Consents:
The personal information that you provide will be kept confidential and used to support your relationship with Branch and our products and services. Among other things, we want to help you quickly find information through our Branch Service, leverage our tools in connection with your authorized use of our products and services, process transactions, facilitate interaction with third party services that you opt into via the Branch Service, and alert you to product upgrades, special offers, updated information, and other new products and services from Branch. Branch cannot offer the Branch Service without using your personal information. We are using the Personal Information because you consented to it by using the Service, Website, and mobile app.
We may also share all categories of your personal information to selected outside companies, by transferring it to other business partners that assist us in providing you with the Branch Service. The sharing of your personal information with these parties is conducted in accordance with your choices when you open an account with us, or when you express an interest in any content displayed on our Website or app, or when you enter a response to any affirmative authorization that you provide by typing it in a space provided or clicking on an icon designed to show your interest in an item on the Website or in the app.
C. Third party processors:
We also share your personal information with third party processors who act on our behalf (including contractors and service providers) to provide our Website and app services and to help with our operations on our behalf (“Processors”). These Processors need access to and use of your personal information, and include third parties to provide us with technical support, to give us additional personal data about you, and to perform analytics and other work that we may need to outsource. These Processors are bound by law and/or contract to protect the confidentiality and security of your personal information. They only process your personal information to provide requested services for us. These third-party Processors include, but are not limited to, Google’s reCAPTCHA service, to validate login credentials of individuals and to frustrate bots; LexisNexis and Persona, to validate user information and detect fraud, and Marqeta to provide card processing and related services on our behalf.
We also share all categories of your personal information with other business partners that perform certain functions for us (“Business Partners”). These Business Partners are responsible to determine the purposes and/or means of processing your personal information and for the lawfulness of that processing. For instance, when the primary accountholder elects funding by a bank account, we use the Plaid, Inc. (“Plaid”) open banking interface to complete your request by inputting your online banking credentials instead of full bank account and routing numbers:
D. Third party websites:
E. De-identified information about you:
We also share aggregated or de-identified information (i.e., information that does not personally identify you directly), or statistical information about you, including statistical data and historical use data, with others for a variety of purposes, including for their own uses, for example, for improving their services for you and others. We do not consider personal information to include information that has been aggregated and/or otherwise de-identified such that it does not identify a specific individual, household or device.
F. As required by law or legitimate business interest:
Branch does not share your personal information with advertisers or similar parties for marketing purposes.
We may still sell de-identified information about you, but marketers and advertisers will not be able to trace this information back to you or use it to market their products and services specifically to you. Please note, you cannot opt out of our sharing of your personal information with Evolve, our Processors or Business Partners, or our sharing of deidentified information, or your personal information as required by law or legitimate business interests, as described in Sections III. A., C., E. and F. above. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device. With respect to information captured and shared through cookies, pixel tags, and other tracking technologies, and your ability to limit the sharing of your information through those channels, please refer to the Cookie section above for your options. Also, if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.
A special note about your telephone number – By providing your telephone number to us, you agree that this action constitutes an “inquiry” for purposes of telemarketing laws. Regardless of the fact that your telephone and/or mobile number may be listed with the Federal Do-Not-Call Registry or your State Do-Not-Call list, you are providing your express written consent to receive future information (including telemarketing) about products and services from us, and you hereby agree and consent to our contacting you using the information you have provided and will provide to us. This means we may contact you by e-mail, phone and/or mobile number (including use of automated dialing equipment and/or pre-recorded calls), text (SMS) message, or any other means of communication that your wireless or other telecommunications device may be capable of receiving (e.g., video, etc.). You are not required to agree to this consent in order to obtain Services through us. This consent may be revoked by you at any time and by any reasonable means, including by emailing us at firstname.lastname@example.org and putting the words “remove my telephone number” in the subject line of your email, or by telephoning us at 1-866-547-2413.
We retain your personal information as reasonably necessary to fulfill the purposes for which we collected it and you provided it, and to comply with our legal obligations. In no event will we keep your personal information for longer than is reasonably necessary for the purposes defined in this Policy. You also have the right to request that we delete your personal information, subject to certain exceptions, such as our need to prevent and protect against fraud or other illegal activity, to complete business transactions with you, and for such other purposes as allowed by law. Further, due to regulatory recordkeeping obligations, we may be unable to delete all information associated with a closed account and may be required to retain information related to each accountholder and their debit card account in order to comply with applicable law. You can correct or update your personal information by updating your profile or by contacting us. For more information on where and how long your personal information is stored, your requests to delete it or correct it, please contact us at the address set forth below in Section X.
We do not currently use your personal information in such a way that automated decisions are made about you without any human input. In the future, we may use automated processes to help us determine your eligibility for new services or other business-related opportunities. In such cases, if and as applicable, and to the extent required by applicable law, we will endeavor to implement suitable safeguards, including, for example, an opportunity for you to request human intervention, express your point of view, contest any decisions made, and request that we restrict the use of your personal information for the purposes of these automated decisions.
To help protect the privacy of your personal information collected by us, we maintain reasonable physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. For security of data, we use the Secure Sockets Layer (SSL) protocol for data in transit, which encrypts all information you send to us electronically. The encryption process protects your information, by scrambling it before it is sent to us from your computer or mobile device. Once we receive your transmission, we make commercially reasonable efforts to ensure its security on our system by using industry grade 256-bit encryption algorithms. We also restrict access to your personal information to those employees who need to know that information in order to provide the Branch Service to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of your personal information and you transmit it to us at your own risk.
By mail at:
Branch Messenger, Inc.
8014 Olson Memorial Hwy 55, #471
Golden Valley, MN 55427
You may send an email to: email@example.com
Please be specific when telling us what your request is.
Children under the age of 13 are not permitted to use the Branch Service, the Website, or our mobile app, and we do not intentionally collect or maintain personal information from those who are under 13 years old. Protecting the privacy of children is very important to us. Thus, if we obtain actual knowledge that a user is under 13, we will take steps to remove that user’s personal information from our databases. We recommend that children between the ages of 13 and 18 obtain their parent’s permission before submitting information over the Internet. By using the Website, mobile app or Service, you are representing that you are at least 18 years old, or that you are at least 13 years old and have your parents’ permission to use the Website, mobile app and any Services offered by us.
The following sets forth the categories of information we collect and purposes for which we may use a California Consumers’ personal information collected by us:
Categories of Personal Information We Collect About You:
The categories of personal information we may have collected about you or your use of our Service are:
In the past 12 months we have not sold the information listed in the above categories to third parties - we do not sell the personal information of our Customers (including the personal information of those under 16 year of age). We have during this time period disclosed all or substantially all of this personal information to our Processors and Business Partners for permissible business reasons. More details on the personal information we may collect are set forth in the “Categories of Information We Collect and its Sources” section above. More details on the personal information we have disclosed are set forth in the “With Whom We Share Your Information” section above.
Categories of Sources from Which We Collected Personal Information
The sources from which we may have collected personal information about you or your use of the Service are:
and as described in more detail in the “Categories of Information We Collect and its Sources” section above.
Your California Privacy Rights
Right to Request Information. A California Customer may request information about what personal information we have collected, used, sold or disclosed to any third parties for the third parties’ direct marketing purposes or for our business purposes. In general, if we in the future make such a sale or disclosure of your personal information, upon receipt of a verified request from you, we will be required to provide a list of all third parties to whom your personal information was either sold or disclosed for business purposes in the preceding 12 months following your request, as well as a list of the categories of personal information that were sold or disclosed, the sources of it, and what it was used for. You may also request a copy of the personal information about you that we have collected and used in the last 12 months.
Right to Request Deletion. You may have certain additional rights under the CCPA. You may request that we delete certain information we have about you. You can submit your request by phone, email, or mail as detailed in the “How to Request Information” section, below. There may be exceptions or exemptions from such requests under applicable law. For example, we need certain types of information so that we can provide the Branch Service to you. We also may be required to retain certain of your personal information under applicable law. You may also have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights under the CCPA. This means that we will not penalize you for exercising your rights by taking actions such as denying you the Branch Service; decreasing Service quality; or suggesting that we may penalize you for exercising your rights. As provided in Section III, above, we do not share, sell or rent your personal information collected by us with third parties for their direct advertising or marketing purposes.
How to Request Information. If you are a California resident, you may request information about our compliance with California law by calling us toll free at 1-(866)-547-2413, emailing us at firstname.lastname@example.org, or by writing to us at Branch Messenger, Inc. 8014 Olson Memorial Hwy 55, #471, Golden Valley, MN 55427 c/o “CA Privacy”, addressed to “Attention: California Privacy Matters.” Any such request must include “California Privacy Rights Request” in the subject line and include your name, street address, city, state and ZIP code. Please note that we are only required to respond to up to two requests per visitor each year, and we are not required to respond to requests made by means other than through this designated email address, mailing address or toll-free number.
Identity Verification and Additional Information Needed to Process a Request.
We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights. As part of this process, government identification may be required. California Customers can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization recognized by law confirming that authority. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it or to verify your or your agent’s identity.
Do Not Track Disclosure. California Business & Professions Code Section 22575(b) provides that California residents are entitled to know how Branch responds to “Do Not Track” browser settings. We currently do not respond to “Do Not Track” signals because a uniform technological standard has not yet been developed.
FOR RESIDENTS OF NEVADA ONLY. In accordance with SB 220, Nevada consumers may opt-out of the sale of their personal information to third parties, as provided by law. As provided in Section III, above, we do not share, sell or rent your personal information collected by us with third parties so that they can license or sell it to additional parties for any reason, including advertising and marketing purposes.
All non-public personal information that we collect related to your obtaining a financial product or service is subject to the following GLBA Consumer Privacy Notice:
Rev. August 2021
FACTS WHAT DOES BRANCH WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
All financial companies need to share customer’s personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customer’s personal information; the reasons Branch chooses to share; and whether you can limit this sharing.
For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus.
For our marketing purposes—to offer our products and services to you
For joint marketing with other financial companies
We don't share
For our affiliates’ everyday business purposes—information about your transactions and experiences
For our affiliates’ everyday business purposes—information about your creditworthiness
For our affiliates to market to you
For our nonaffiliates to market to you
We don't share
Questions? Call 1-866-547-2413 or go to https://www.branchapp.com/contact
Who is providing this notice?
Branch Messenger, Inc.
How does Branch protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Branch collect my personal information?
We collect your personal information, for example, when you
Why can’t I limit all sharing?
Federal law gives you the right to limit only:
See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.