Global Privacy Policy

This Privacy Policy covers our global privacy and information practices and applies to our Solutions, including our websites, products, applications, physical facilities and related services. Please remember that our Terms of Use may also govern your use of our Solutions.

Nomis may process the Personal Data of customers, partners, vendors, employees, applicants, visitors, or other individuals who are associated with or interact with Nomis (“Individuals”). This Privacy Policy applies to these Individuals regardless of their geographic location during their interactions with Nomis.

Privacy and data laws in different countries and regions around the world give individuals certain rights in relation to their Personal Data. Nomis values privacy and we conduct our privacy practices according to this global Privacy Policy and the relevant laws of the countries or regions in which we interact with you. Nomis encourages you to read this Privacy Policy in full to learn more about your privacy rights and how we collect and use your Personal Data.

A. Personal Data You Provide.

• When you interact with us, we may collect Personal Data, such as your name, gender, birthdate, government identification number, shipping/billing address, email address, phone number, device IDs, username and password.
• Providing us with some Personal Data may be required in order for you to interact with us or to use our Solutions.
• You may be invited to provide additional Personal Data to personalize your interactions with us and your use of our Solutions.
• We may allow you to provide information about your friends or colleagues through our referral services. For example, you can forward or share certain content with a friend or colleague, such as an email inviting your friend or colleague to use or learn more about our Solutions.
• If you work at Nomis, or are applying to work at Nomis, Personal Data will be required in order for you to apply for, be considered for, and maintain employment with Nomis. In the course of our interactions with employees, contractors or applicants, we may also collect sensitive Personal Data, such as health information, race/ethnic origin or financial information. Our employment application process and our employment policies and procedures provide additional information regarding our privacy practices for employment matters.

B. Mobile Application Data.

If you download or use our mobile applications(s), we may collect, either through your mobile device or the application itself, your email address, your username, your mobile device identifier, hardware model, operating system version or mobile network information (as well as any additional registration data you provide to us). We may collect geolocation information and language preferences, which may be used for operational and product or service-related purposes, such as to customize information based on your location. We may also collect data related to your interaction with our mobile applications, crash data, performance data and other diagnostic data.

C. Personal Data from Third Parties.

• If you interact with Nomis through a third party, we may receive Personal Data from that third party when you have consented for them to share it with us.
• We may use third party services to supplement, validate or increase the accuracy of Personal Data that you give to Nomis.
• The Personal Data that you share with third parties is not controlled by Nomis or covered by our privacy practices. We encourage you to review third party policies and privacy settings so that you understand how the Personal Data you share with them may be used or shared with others.

D. Automatic Functional Information.

We may automatically collect some usage information when you interact with us. For instance, we use cookies and other tracking technologies to automatically collect technical information, such as URL, cookie data, IP address, device type, unique device IDs, device attributes, network connection type (e.g., WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, operating system, and products and services information.

E. Derived Information.

Nomis may use information we have about you to draw inferences and we may then use those inferences to gain a more complete understanding of your preferences. We use preference data in order to offer you potential choices, make recommendations, or to alert you to products, services or new Solutions features that may be of interest to you.

F. Children’s Information.

Nomis products and services are intended for and directed to adults, not children. If you are under 16, do not supply any Personal Data to any Nomis website. If you are aware that we have unintentionally collected information from someone who is underage, please notify us immediately by sending an email to legal@nomissolutions.com.

Unless we specifically disclose otherwise, you understand that we may use any of your collected Personal Data for any of the purposes described in this Policy (as permitted by applicable law), including:

A. For Account Registration and Servicing.

• We may use your Personal Data to create, maintain, supplement, service, change or delete your account with us.
• If you have a customer account with us, we may collect certain Personal Data for security purposes in order to verify your authorized access to your accounts with us.
• We may use your Personal Data to resolve customer service questions you may have about our Solutions and to follow up with you about your experience.

B. To Communicate with You.

• We may use your Personal Data to communicate with you about our Solutions and to share offers for third party products and services that we think you may find useful.

C. To Improve our Solutions and Develop New Products and Services.

• We may use your Personal Data to personalize your interactions and experiences with us.
• We may use your Personal Data to improve the quality of our Solutions and to develop new products and services.
• We may use any information you give to us in surveys or other forms of feedback.
• We may combine your information with that from other customers in order to better understand our Solutions and how we may improve them.

D. To Provide our Solutions and Operate our Business.

• We may use your information to operate our business, including fulfilling your requests, providing you with technical or customer support, and to help us protect our Solutions, including combating fraud and protecting your information.
• We may conduct research using your information alone or in combination with that of other Individuals. When we share that research outside of Nomis for research, academic, marketing and/or promotional purposes, we do so in an aggregated or de-identified way such that no individual person or household is identifiable.

E. No Sale of Your Information.

Nomis does not sell and has not within the past 12 months sold the Personal Data we collect, process or store about Individuals.

A. Third Party Service Providers.

With your permission or at your direction, we may disclose or share your Personal Data with third party service providers who we contract with to help us provide our Solutions and operate our business. For example, your personal data may be shared when you authorize a third party application to access your account. We share Personal data to fulfill your requests, provide you with technical or customer support, and to help us protect our Solutions, including combating fraud and protecting your information.

B. Information Sharing Between Nomis Entities.

This Privacy Policy applies to all of your interactions with Nomis regardless of geography, meaning that your information is shared with and among our affiliates and subsidiaries. Except where prohibited by law, regulation, or a contractual obligation, we share your information across Nomis to support our business operations, to enhance your experiences with our Solutions, to improve your interactions with us, and to help detect and prevent fraud. When we share information between Nomis entities, we do so with your consent and/or utilizing adequate technological and data minimization measures to safeguard the collection, processing, and transfer of data between Nomis entities.

C. Following the Law and Protecting Nomis.

We may share your information with courts, law enforcement or regulatory agencies, or other government bodies when we have a good faith belief we are required or permitted to do so by applicable law, regulation, or legal process. We may also disclose your information if we believe it is appropriate to enforce our Terms of Use, to protect the rights, property or safety of Nomis and our Solutions, or to protect or assist others as required by law or contract.

D. Credit Reporting.

We may share information about your creditworthiness with credit bureaus, consumer reporting agencies, and card associations. Late payments, missed payments, or other defaults on your account may be reflected in your credit report and consumer report. We may also share your information with other companies, lawyers, credit bureaus, agents, government agencies, and card associations in connection with issues related to fraud, credit, or debt collection.

E. Sale of our Business.

If we sell, merge, or transfer any part of our business, information about you may be shared, sold or transferred as part of that transaction. We may also share your information with current or future corporate parents, subsidiaries or affiliates.

F. De-identified or Aggregated Data.

We may de-identify or aggregate your information, alone or in combination with other individuals’ information, and share such de-identified or aggregated information freely.

G. With Your Consent.

Other than as set out above, we may also share your information for other purposes with your consent or at your direction.

Where permitted by applicable law, we may transfer, process or store your Personal Data in any country or region where we have facilities, business operations, or in which we engage service providers. By using our Solutions, including our websites, you consent to the transfer of your Personal Data to, and the processing and storage of your Personal Data in, countries outside of your country of residence or the point of collection.

Some countries may have data protection laws that are different from the laws of your country. However, Nomis has taken appropriate safeguards to require that your Personal Data remains protected when it is being transferred, processed and stored.

Nomis complies as a self-certifying entity with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as described in our Privacy Shield Policy, where you can find additional information regarding how Nomis complies with the Privacy Shield Frameworks. Please note, however, that Nomis no longer relies on those Frameworks for its own transfers of Personal Data from the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland (“CH”) to jurisdictions which are not recognized as having laws that provide an adequate level of protection. Instead, Nomis relies on the legal mechanisms such as the European Commission approved Standard Contractual Clauses or your consent (in limited circumstances) for such transfers. For a copy of the Clauses, you may contact us as described below.

Please email legal@nomissolutions.com to learn more about your rights with respect to data transfers and to request access to, limit the use of, or limit the disclosure of, your Personal Data. If you make a request that involves Personal Data, you will need to provide certain authentication and verification information in order for us to respond to your request.

In your interactions with us, it may be necessary for us to sync, link or connect your information with third parties, including providing Personal Data necessary to identify or authenticate your requested interactions. Your consent for these interactions will be required by us, by the third party or by both. We encourage you to review the privacy practices of any third party that you choose to share your Personal Data with, as we are not responsible for the privacy practices of third parties.

A. Managing Marketing Communications from Nomis.

We will honor your choices when it comes to receiving marketing communications from us. If you have received marketing communications from us that you no longer wish to receive, you may:

• Email marketing@nomissolutions.com to manage your data and adjust your preferences regarding your Personal Data and your interactions with us.
• Click the “unsubscribe” link in the email or newsletter you received.
• Adjust your preferences in your account settings.
• For SMS messages, reply “STOP” or follow the instructions in the message or settings to discontinue the communications.
• If you are receiving push notifications from us to your mobile device and no longer wish to receive these types of communications, you may turn them off at the device level.
• Remember that even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.

B. Updating Your Personal Data.

You may access, update, change, correct or request deletion of your Personal Data by adjusting your account settings, or by contacting Nomis’ customer support.

C. Cookies and Similar Tracking Technologies.

We may use and allow others to use cookies, web beacons, pixels, local shared objects, device identifiers, and other similar technologies (“Cookies) to collect information about you. We use this information to improve your experiences when you interact with us. You have control over some of the data we collect from Cookies and how we use it. For details about these technologies and the information that they collect, use or share, including how you may be able to control or disable these applications, please visit the following websites:

• All About Cookies
• Criteo
• Digital Advertising Alliance
• Network Advertising Initiative
• Interactive Advertising Bureau (IAB) Europe
• Google Privacy and Terms
• Adobe Privacy

Please note that even if you elect not to enable Cookies or interest-based advertising, you may still receive advertisements, they just won’t be tailored to your interests. Also, if you elect to receive Cookies and later delete your Cookies, use a different browser or buy a new computer, you may need to renew your choices.

D. Do Not Track.

Like most other companies, we are not currently configured to respond to browser “Do Not Track” signals because, at this time, no formal “Do Not Track” standard has been adopted.

E. Social Media Features.

Nomis or our authorized third parties may use social media features to gather certain information about you. These features may collect your IP address, log which page you are visiting, and may set a cookie to enable the feature to function properly. Your interactions with these social media features are governed by the privacy policies and practices of the providing company.

A. Data Retention.

Nomis retains and uses your information in accordance with and as permitted by applicable law and regulations:

• We will retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business.
• When you close your account, we may continue to communicate with you about our Solutions, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have elected to not receive marketing communications from us.
• We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones.
• We will retain and use your information as required by applicable regulations and Nomis’ records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.

B. Responses from Nomis.

We respond to all requests from individuals regarding the exercise of their data protection rights in accordance with applicable data protection laws. Your data protection rights may vary depending on the country or region in which you are located, but generally include:

• Accessing, correcting, updating, or requesting deletion of your information;
• Objecting to or asking us to restrict the processing of your information;
• Requesting the portability of your information and providing same in a timely manner and at no charge;
• Electing whether or not to receive marketing communications from us;
• Withdrawing your consent at any time for us to collect or process your information (noting that such withdrawal will not affect the lawfulness of any processing that we conducted prior to your withdrawal, nor will it affect otherwise lawful processing).

C. Data Controller.

Nomis may be considered to be a “controller” of your information in certain situations under applicable data privacy regulations. Other entities may also act as controllers of your information, and you should contact them if you have any questions about how they use your information.

D. Data Processor.

Nomis processes Information on behalf of our customers (as processors).

Our customers may choose to use our Solutions to process certain data of their own, which may contain personal information. The data that we process through our Solutions is processed by us on behalf of our customers, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

More specifically, Nomis licenses software, which enables financial institutions (e.g., retail banks and mortgage lenders) to offer enhanced products or services and improve their customer engagement, through such services as price optimization, customer-centric offers, and omni-channel sales enablement. Such services can assist a company in its resource planning, financial projections, and record-keeping. Such services also can facilitate the processing of individual personal information. For example:

• New customer acquisition. Nomis may be used to predict which individuals are likely to buy certain products or services by processing personal information, which may include the age, gender, marital status, and buying patterns of financially and demographically similar individuals, to determine whether a company’s products and services match other individuals’ product preferences and their inclination and ability to purchase the products and services.
• Customer management. Nomis may be used to determine which individuals would benefit from enhanced or additional products or services; and customer service interactions to match individual expectations with available products or services.
• Automated decisions, including modeling and profiling. Nomis predictive models can be used to make automated decisions. In building and updating these models, Nomis reviews the data sets used for correlations with our objective functions, and reviews the correlations indicated by the model to address any non-intuitive results. Nomis audits the performance of its algorithms that drive these models, and regularly reviews the accuracy and relevance of the automated decision-making, including profiling, that results from the use of the models. Nomis has procedures and measures designed to prevent errors, inaccuracies, or discrimination on the basis of special category data. The outcome of such measures is input back into the system design.

If you have any questions or concerns about how such Personal Data is handled or would like to exercise your rights, you should contact the company (i.e., the data controller), who has contracted with us to use the service to process this data. Our customers control their personal information in these cases and determine the security settings within their account, its access controls, and credentials, and will assist with any escalations or human intervention required by law. Nomis will provide assistance, in accordance with our contractual obligations, to our customers to address their concerns. For a list of our sub-processors, contact us as described below.

Keeping your Personal Data safe is important to us. At Nomis we:

• Constantly work to update our security practices to implement accepted best methods to protect your Personal Data and review our security procedures carefully.
• Comply with applicable laws and security standards.
• Securely transmit your sensitive Personal Data.
• Train applicable employees and contractors on data privacy and require them to safeguard your data.

Nomis has adopted a global view on privacy with the intent of providing our customers with strong privacy rights regardless of where they reside. We have attempted to recognize and implement high standards for privacy rights compliance on a global scale and our use of terminology in this Privacy Policy should be interpreted to reflect that intent.

You can find additional privacy terms that may be relevant to your specific country or region below.

• Canada
• Europe (EU), United Kingdom (UK) and Switzerland
• United States (U.S.)

From time to time, we may change or update this Privacy Policy. We reserve the right to make changes or updates at any time and without prior notice to you.

If we make material changes to the way we process your Personal Data, we will provide you notice by posting the most current version of this Privacy Policy on our websites and we may also advise you of changes via our Solutions information, or by other communication channels, such as by email, newsletters or community post. Please review any changes carefully.

If you object to any changes and no longer wish to use our Solutions, you may close your accounts and cease use of our Solutions. All changes to our Privacy Policy are effective immediately upon posting and your continued interaction with us or your use of our products and services after a posting of an updated Privacy Policy shall constitute your consent to all changes.

If you have questions or comments about this Privacy Policy, you may contact us by email, telephone, or direct mail.

A. Via Email:

legal@nomissolutions.com

B. Via Telephone:

+1 650-588-9800

C. Via Direct Mail:

Nomis Solutions, Inc., 611 Gateway Blvd., Suite 276, South San Francisco, CA 94080