MERCURY FINANCIAL PRIVACY AND SECURITY POLICY

Last Modified: 2/28/2024

This Privacy and Security Policy explains how Mercury Financial LLC (“Mercury Financial”, “we”, “us” or “our”) collects,  uses, shares, and otherwise processes personal data in connection with our websites, including https://www.mercuryfinancial.com/ and other websites we own and operate that link to this Privacy and Security Policy (the “Sites”), the Mercury Oculus mobile application (the “App”)and the related content, platforms, services, products, and other functionality offered on or through our services (collectively, the “Services”). This Privacy and Security Policy does not address our privacy practices relating to Mercury Financial job applicants, employees, and other personnel. Please note this Privacy and Security Policy is not a contract and does not create any legal rights or obligations.

Mercury Financial also operates this website on behalf of First Bank & Trust, Brookings, SD (“FB&T”). Mercury Financial is a service provider to FB&T. This Privacy and Security Policy describes the ways that Mercury Financial, on behalf of ourselves and FB&T, collects and shares personally identifiable information collected online.

Financial Products or Services and Related Notices/Consents: Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to contractual restrictions.  If you apply or sign up for, or otherwise use, a financial product or service from Mercury Financial, we will use and share any “nonpublic personal information” (as such term is defined under the Gramm-Leach-Bliley Act or “GLBA”) that we collect from or about you on behalf of FB&T, who is the data controller, and in accordance with the FB&T Financial Consumer Privacy Notice, which offers you certain choices with respect to the collection, use, sharing, and processing of your nonpublic personal information by financial institutions. Please see the FB&T Financial Consumer Privacy Notice to learn how both we and FB&T use your “nonpublic personal information” and your choices relating thereto.

1.   WHAT IS PERSONAL DATA?

When we use the term “personal data” in this Privacy and Security Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a person or household.  It does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to a person.

2. HOW WE COLLECT AND USE PERSONAL DATA

Personal Data Collected from Individuals

The categories of personal data we collect submitted to us by individuals through the Services may include:

• Contact Information, including first and last name, email address, phone number, and communication preferences. We use this information to fulfill your request or transaction, to communicate with you directly, and to send you marketing communications in accordance with your preferences.
• Applicant and Account Information, including your first and last name, email address, username and password, and Mercury card or account information. We may also collect your social security number and/or other government-issued ID numbers, financial account information, and demographic information such as age and military status for certain of our Services. We use this information to evaluate your application, administer your account, provide you with the relevant Services and information, communicate with you regarding your account and your use of the Services, and for customer support purposes.
• Inquiry and Communications Information, including information provided via the forms or to one of our email addresses. This also includes contact information provided on our Services. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization.
• Events, Surveys, and Promotions. If you fill out any forms or participate in Mercury Financial events, surveys, competitions (contests/sweepstakes), or other promotional events, we may collect your contact information (such as your name, email, and phone number, postal code), your demographic information, and any other information requested on the form, at sign up, or a part of your competition entry, including photos/videos (each, as applicable). On occasion, we may also collect your shipping and billing information, such as if you are a competition winner or purchase our products or services (where available).   If you are part of our event or promotion partner, we may also collect your personal data including your name, company email, and company address. 
• Marketing Emails Information, including email address and applicable interests and communication preferences. We use this information to manage our communications with you and send you information about products and services we think may be of interest to you.  If you wish to stop receiving promotional email messages from us, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
• Other information that you provide to us online, by phone or in person, and use this information to respond to your request, provide you the requested services, and to inform our marketing and advertising campaigns.

Personal Data from Third Parties

We also obtain personal data from third parties, which we often combine with personal data we collect either automatically or directly from an individual.

• Our Affiliates. We may receive personal data from other companies and brands owned or controlled by Mercury Financial, and other companies owned by or under common ownership as Mercury Financial.
• Service providers. Our service providers that perform services solely on our behalf, such as survey and marketing providers and payment processors, collect personal data and often share some or all of this information with us. The information may include contact information, demographic information, payment information, and information about your communications and related activities. We may use this information to administer and facilitate our services and our marketing activities.
• Social media. When an individual interacts with our Services through various social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Google, Facebook, LinkedIn, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We use this information to operate, maintain, and provide to you the features and functionality of the Services, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
• Information we receive from authentication services you connect to our Services. We may offer Face ID, Touch ID or fingerprint authentication as a log-in method if you access the Service through an Apple or Android device equipped with authentication technology. We are only notified as to whether the authentication was successful and cannot access the data associated with the enrolled fingerprint. For more details, please refer to the fingerprint security guides offered by your device provider.
• Other sources. In addition to third-party data providers, we may also collect personal data about individuals that we do not otherwise have from, for example, publicly available sources and consumer reporting agencies, or through transactions such as mergers and acquisitions. We use this information to operate, maintain, and provide to you the features and functionality of the Services, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.  

Other Uses of Personal Data

In addition to the above, we may use personal data to:

• To provide you with products or services that you request or in which you express interest;
• To provide, improve, test, update and monitor the services; or diagnose or fix technology problems;
• Manage our organization and its day-to-day operations;
• To communicate with you, including via email, text message, and/or social media, and respond to your requests, such as to respond to your questions, contact you about changes to the Services, and communicate about account related matters;

• To send you technical notices (including sending you an SMS text code for verification purposes), security alerts, and other support and administrative messages;
• To customize the advertising and content you see;
• Market our Services to individuals, including through email and social media;
• Administer, improve and personalize our Services, including by recognizing individuals and remembering their information when they return to our Sites;
• Facilitate customer benefits and services, including customer support through our command center services;
• Identify and analyze how individuals interact with our Services;
• Conduct research and analytics on our Customer and end user base and our Services; 
• Improve and customize our Services to address the needs and interests of our Customer base and other individuals we interact with;
• Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
• Help maintain the safety, security and integrity of our property and Services, technology assets and business;
• Facilitate corporate business transactions, such as a merger, acquisition, joint venture, or financing or sale of company assets, or in the event of insolvency, bankruptcy or receivership;
• Defend, protect or enforce our rights or applicable contracts and agreements;
• Prevent, investigate or provide notice of fraud or unlawful or criminal activity;
• Comply with legal obligations; and
• For any other purpose we may describe when you provide the information.

3. COOKIES AND OTHER DATA COLLECTION TECHNOLOGIES

We, and our third-party partners, automatically collect information you provide to us and information about how you access and use the Services when you visit our online services, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “tracking technologies”) and we may use third-party partners or technologies to collect this information.  Information we collect automatically about you may be combined with other personal data we collect directly from you or receive from other sources.

We, and our third-party partners, use cookies and other tracking technologies to automatically collect usage and device information, such as:

• Information the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, mobile carrier phone number, date and time stamp, and a unique ID that allows us to uniquely identify your browser, mobile device, or your account (including, for example, a persistent device identifier or an Ad ID), and other such information. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices.
• Information about the way you access and use our Services, for example, the site from which you came and the site to which you are going when you leave our services, how frequently you access the Services, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other browsing behavior and actions you take on the Services.
• Information about how you use the Services, such as the pages you visit, the links you click, the ads you view and click on, videos you watch, and other similar actions. We may also use third-party tools to collect information you provide to us or information about how you use the Services and may record your mouse movements, scrolling, clicks and keystroke activity on the Services and other browsing, search or purchasing behavior. These tools may also record information you enter when you interact with our Services.
• Information about your location, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate or infer a device’s location by analyzing other information, like an IP address.
• Analytics information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the services and to understand more about the demographics of our users. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners and view its opt-out options at https://tools.google.com/dlpage/gaoptout.

All of the information collected automatically through these tools allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our Sites and Services, and to improve the effectiveness of our Services, offers, advertising, communications and customer service.  We may also use this information the data collected through tracking technologies to:  (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our services.

Please note that we link some of the personal data we collect through cookies with the other personal data that we collect about you and for the purposes described above.

We and our third-party partners may also use cookies and tracking technologies for advertising purposes.  For more information about tracking technologies, please see Third Party Data Collection and Online Advertising below.

For more information about your choices regarding cookies, please see the Your Choices section below.

4. OUR DISCLOSURE OF PERSONAL DATA

We may disclose your personal data with:

• Affiliates: We may disclose personal data between and among Mercury Financial and its current and future parents, affiliates, subsidiaries, and other companies under common control or ownership.
• Online Advertising Partners: We may also share personal data with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers to serve targeted ads to you or to groups of other users who share similar traits, such as likely commercial interests and demographics, on third-party platforms. For more information, including how to opt out of interest-based advertising, please see the Your Choices section below.
• Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, marketing providers, customer service and communications providers, infrastructure provisioning, IT services, analytics services, employment application-related services, payment processing services, and administrative services.
• Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets.  We may disclose personal data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction.  Personal data may also be disclosed in the event of insolvency, bankruptcy, or receivership, in compliance with applicable law.
• Legal Obligations and Rights: We may disclose personal data to third parties, such as consumer reporting agencies, legal advisors and law enforcement:
  • in connection with the establishment, exercise, or defense of legal claims;
  • to comply with laws or to respond to lawful requests and legal process;
  • as otherwise required by applicable law.
  • to protect the rights and property of Mercury Financial, our agents, customers, and others, including to enforce our agreements, policies, and our Terms of Use;
  • to detect, suppress, or prevent fraud;
  • to reduce credit risk and collect debts owed to us;
  • to protect the health and safety of us, our customers, or any person; or
  • as otherwise required by applicable law

• With Your Consent or At Your Direction: We may disclose personal data about you to certain other third parties with your consent or at your direction.

5. THIRD-PARTY DATA COLLECTION AND ONLINE ADVERTISING

We may participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your browsing history. We permit third party online advertising networks, social media companies and other third-party services, to collect information about your use of our online services over time so that they may play or display ads on our Services, on other websites or services you may use, and on other devices you may use. Typically, though not always, the information used for interest-based advertising is collected through tracking technologies, such as cookies, web beacons, embedded scripts, location-identifying technologies, and similar technology, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the Sites, AdID, and other similar information. If permitted by your device settings, they may also collect location data through GPS, Wi-Fi or other methods. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help identify you across devices. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. We may do this by providing a hashed version of your email address or other information to the platform provider.

Please see Online Advertising of the Your Choices section below, to learn how you can opt out of interest-based advertising.

We may engage in the following:

• Social Media Widgets and Advertising.  Our Services may include social media features, such as the Facebook “Like” button, LinkedIn, Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

• Social Media Platforms. We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, LinkedIn, and other social media forums. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. We may share a unique identifier, such as a user ID or hashed email address, with these platform providers or they may collect information from our website visitors through a first-party pixel, in order to direct targeted advertising to you or to a custom audience on the social media platform. These advertisements are governed by the privacy policies of those social media companies that provide them. If you do not want to receive targeted ads on your social networks, you may be able to adjust your advertising preferences through your settings on those networks.

• Third Party Partners.  We work with a variety of third-party partners to provide advertising services. For example, we use Google Analytics to recognize you and link the devices you use when you visit our Services on your browser or mobile device, log in to your account on our Services, or otherwise engage with us.  We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Services and to tailor our advertisements and content to you.  For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s website, “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here: https://tools.google.com/dlpage/gaoptout/.

We may also utilize certain forms of display advertising and other advanced features through Google Analytics. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Services.  You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at  https://google.com/ads/preferences, or by visiting NAI’s online resources at  http://www.networkadvertising.org/choices.

For more information about these practices and your choices regarding cookies, please see the Your Choices section below.

6.  YOUR CHOICES

Email Communications.  From time to time, we may send you emails regarding updates to our Services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you, including emails on behalf of one of our Customers.  

If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication.  Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Modifying and Deleting your Information. If you have an account with us, you may update your account information and adjust your account settings by logging into your account. Please note that changes to your settings may require some time to take effect. If you have any questions about modifying or updating any information in your account, please contact us at 1-877-677-0982.

Push Notifications. You can stop receiving push notifications from us by changing your preferences in the iOS or Android notifications settings menu.

SMS Text Messaging. You may opt-out of receiving SMS text messages at any time. To unsubscribe from SMS texts, you can reply STOP to any one of our text messages. Personal data collected through the short code/SMS program won’t be shared, sold, or rented to unaffiliated or affiliated parties for their own marketing purposes. For more information, see our Terms of Use.

Cookies. If you would prefer not to accept cookies, most browsers will allow you to:  (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies.  Please note that doing so may negatively impact your experience using our online Services, as some features and services on our online Services may not work properly.  Depending on your device and operating system, you may not be able to delete or block all cookies.  In addition, if you want to reject cookies across all of your browsers and devices, you will need to do so on each browser on each device you actively use.  You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.

Online Advertising. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Digital Advertising Alliance’s (DAA) resources and/or the Network Advertising Initiative’s (NAI) online resources, at www.aboutads.info/choices or http://www.networkadvertising.org/choices/. You may also be able to limit interest-based advertising through the settings menu on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android).  You may also be able to opt-out of some — but not all — interest-based advertising served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.

Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services.  It means that the online ads that you do see from DAA program participants should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles. For California Residents: Unless you have exercised your Right to Opt Out (as described in the “Your Privacy Choices” section of our California Privacy Notice), we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes.  The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties. To exercise your right to opt-out of the sale or sharing of personal data as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please see the To Exercise the Right to Opt Out of the Selling or Sharing of Personal Data for Targeted Advertising Purposes section of our California Privacy Notice below.

7. REGION-SPECIFIC DISCLOSURES

Depending on your country, region, or state of residence, certain rights may apply to you. Please refer below for disclosures that may be applicable to you:

• If you are a California resident, please see our California Privacy Notice for additional California-specific privacy information.
• Nevada Residents: If you are a resident of the State of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To submit such a request, please contact us at 1-877-677-0982.

8. LINKS TO THIRD-PARTY WEBSITES AND SERVICES

For your convenience, our Services may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal data.

9. CHILDREN’S PRIVACY

Our services are not intended for children under the age of 13.  We do not knowingly solicit or collect personal data from children under the age of 13.  If we learn that any personal data has been collected inadvertently from a child under 13, we will delete the information as soon as possible.  If you believe that we might have collected information from a child under 13, please contact us at 1-877-677-0982.

10. CHANGES TO THIS PRIVACY AND SECURITY POLICY

We reserve the right to change this Privacy and Security Policy from time to time at our sole discretion.  We will notify you about material changes in the way we treat personal data by sending a notice to the primary email address specified in your Mercury Financial account, by updating the “Last Updated” date at the top of this Privacy and Security Policy, and/or by placing a prominent notice on our Sites. It is your responsibility to review this Privacy and Security Policy periodically.

11. CONTACT US

If you have any questions regarding this Privacy and Security Policy, or any other privacy-related questions, please contact us at 1-877-677-0982.

CALIFORNIA PRIVACY NOTICE

Last Updated: 2/28/2024

This California Privacy Notice (“CA Notice”) supplement the information contained in our Privacy and Security Policy by providing additional information about our personal data processing practices relating to individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act. Unless otherwise expressly stated, all terms defined in our Privacy and Security Policy retain the same meaning in this CA Notice.

As a consumer financial services company, Mercury Financial applies privacy and security protections to your personal information as required by United States federal law, including but not limited to the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act. As such, most of the personal information about you that we may collect and use is exempt from the CCPA, with only a relatively small dataset of personal information being subject to the CCPA. For a detailed description of how we collect, use, disclose, and otherwise process personal data in connection with our Services, please see our Privacy and Security Policy above.

COLLECTION AND USE OF PERSONAL DATA

We collect various categories and types of personal data from a variety of sources and for a variety of purposes. To learn more about the types of personal data we collect, the sources from which we collect or receive personal data, and the purposes for which we use personal data, please review the How We Collect and Use Personal Data section of our Privacy and Security Policy to learn more.

In the last 12 months, we may have collected the following categories of personal data:

• Identifiers, such as name, email address, telephone number, address, zip code, account username and password, or other similar identifiers.

• Personal information, as defined in the California customer records law.

• Commercial Information, such information about products or services purchased or considered, and information about your use of the Services.

• Internet/Network Information, such as your browsing history, log and analytics data, search history and information regarding your interaction with our website.

• Geolocation Data, such as information about your physical location collected from geolocation features on your device, including your IP address.

• Communications, recordings, images: audio, electronic, visual

• Inferences, including information generated from your use of the Services reflecting predictions about your interests and preferences.

For more information about our collection of personal data, the sources of personal data, and how we use this information, please see the How We Collect and Use Personal Data of our Privacy and Security Policy.

DISCLOSURE OF PERSONAL DATA

In the previous 12 months, we may have disclosed all of the categories of personal data we collect with third parties for a business purpose, as described in the Our Disclosure of Personal Data section of our Privacy and Security Policy. The categories of third parties to whom we sell or disclose your personal data for a business purpose may include: (i) other affiliates in our family of companies; (ii) our service providers and advisors; (iii) marketing providers; (iv) analytics providers; (v) social networks; and (vi) consumer reporting agencies.

SALE OF PERSONAL DATA AND SHARING FOR TARGETED ADVERTISING

We do not “sell” personal information as most people would typically understand that term (i.e., we do not share your information in exchange for money), but certain uses may be deemed the “sale” of personal information under applicable privacy laws. Based on this definition, in the previous 12 months, we have “sold” or shared for targeted advertising purposes the following categories of personal data to third parties, subject to your settings and preferences and your Right to Opt Out:

• Identifiers
• Commercial Information
• Internet / Network Information
• Inferences

In addition, please see the Third-Party Data Collection and Online Advertising section of our Privacy and Security Policy to learn more about how third-party advertising networks, social media companies and other third party businesses collect and disclose your personal data directly from your browser or device through cookies or tracking technologies when you visit or interact with our Services or otherwise engage with us.

SENSITIVE INFORMATION

We do not collect or otherwise process sensitive information as part of the Services subject to the CCPA.

DEIDENTIFIED INFORMATION

We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain de-identified information, we will maintain and use the information in the deidentified form and not attempt to reidentify the information except as required or permitted by law.

YOUR PRIVACY RIGHTS

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

HOW TO EXCERCISE YOUR PRIVACY RIGHTS

To Exercise Your Privacy Rights

Please submit a request by:

• Filling out our online form;
• Calling 1-877-677-0982; or
• Email for request to correct: Partnerships@MercuryFinancial.com.

We will need to verify your identity and confirm you are a resident of a state that offers the request right(s) before processing your request.  In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests to include name and mailing address, and three additional pieces of information to verify your identity, which may include email address, mobile phone, date of birth and last 4 digits of SSN. Although we try to limit the personal data collected in connection with a request to exercise any of the above rights, certain requests may require us to obtain additional personal data from you.  In certain circumstances, we may decline a request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states.

To Exercise the Right to Opt Out of the Selling or Sharing of Personal Data for Targeted Advertising Purposes

We do not “sell” personal information as most people would typically understand that term (i.e., we do not share your information in exchange for money), but certain uses may be deemed the “sale” of personal information under applicable privacy laws. Unless you have exercised your Right to Opt Out, we may sell or share personal data (including Identifiers, Commercial Information, Internet/Network Information, and Inferences) to certain third-party ad networks, social networks and advertising partners to deliver targeted advertising (also known as “cross-context behavioral advertising”) and personalized content to you on our services, on other sites and services you may use, and across other devices you may use, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research.

The third parties to whom we sell or share personal data may use such information for their own purposes, in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties.

You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt out request.  We will only use personal data provided in an opt out request to review and comply with the request.  If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

• To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, click here.  or visit our website with a legally-recognized global preferences signal such as the Global Privacy Control (GPC) enabled.  Please note that these opt outs are browser-specific. You must reset your preferences if you clear cookies or use a different browser or device.

Authorized Agents

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by contacting us at 1-877-677-0982 and letting us know this is regarding a Privacy Request Appeal.

Minors

We do not sell personal data of consumers we know to be less than 16 years of age unless they have opted in (“Right to Opt In”). Please contact us at 1-877-677-0982 to inform us if you, or your minor child, are under the age of 16.

If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at 1-877-677-0982 . We may not be able to modify or delete your information in all circumstances.

If you wish to submit a privacy request on behalf of your minor child in accordance with applicable jurisdictional laws, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected personal data and you are authorized to submit the request on your child’s behalf (i.e. you are the child’s legal guardian or authorized representative).

DATA RETENTION

We retain personal data only for as long as is reasonably necessary to fulfill the purpose for which it was collected. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

Therefore, we retain personal data for as long as the individual continues to use our services for the purposes explained in the How We Collect and Use Personal Data section in our Privacy and Security Policy. When an individual discontinues the use of our services, we will retain their personal data for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. In particular, we will retain the personal data supplied when joining our services, including complaints and any other personal data supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.

Once retention of the personal data is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if this is not possible (for example, because personal data has been stored in backup archives), then we will securely store the personal data and isolate it from further processing until deletion or deidentification is possible.

“SHINE THE LIGHT” DISCLOSURES

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal data (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal data with third parties for their own direct marketing purposes.

UPDATES TO THIS CA NOTICE

We will update this CA Notice from time to time. When we make changes to this CA Notice, we will change the “Last Updated” date at the beginning of this CA Notice. If we make material changes to this CA Notice, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.

CONTACT US

If you have any questions or requests in connection with this CA Notice or other privacy-related matters, please contact us at 1-877-677-0982.