Effective Date: __ 2018
 
MetaBank (“MetaBank” or “we”) adopted this MetaBank E.U. Privacy Statement (“E.U. Privacy Statement”) to reflect our commitment to protecting personal privacy.
 

WHEN THIS E.U. PRIVACY STATEMENT APPLIES

This E.U. Privacy Statement is in addition to our general Privacy Policy and applies to the personal data of residents of and other individuals in the European Economic Area (“EEA Residents”) who are protected by the EU’s General Data Protection Regulation (“GDPR”). If you are not an EEA Resident, then the terms of this E.U. Privacy Statement do not apply to you.  If this E.U. Privacy Statement and our general Privacy Policy conflict or are inconsistent, then our general Privacy Policy applies to the extent of the conflict or inconsistency.
 
When we refer to “personal data” in this E.U. Privacy Statement, we mean information that directly or indirectly identifies an EEA Resident.
 
To the extent you arrived at our products or services through our service provider’s website: This policy only applies with respect to information you submit or we collect to offer our product or service, and the provisions regarding automatic collection of data through cookies and similar technologies by our service providers do not apply. The collection of any information, whether actively or passively that is done on the service provider website outside of our product page is governed by the privacy notice of the service provider website. We do not get any of this information and do not have any control over how the service provider website processes it.
 

DATA CONTROLLER

MetaBank is the data controller for the personal data that is provided to us or that we or our service providers collect from or about EEA Residents and is used in connection with the provision of our products and services. With respect to data collected by a service provider outside of the enrollment or account center page – the service provider is the data controller for personal data, and we do not have any access to such data. 
                 

PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

The personal data we collect depends on our relationship with you. 
 
Personal data you give us in order to use our services or products: The types of personal data we collect depends on the product or service you have with us. In order to be able to provide you with our products and services, we may require that you provide us with: your name, government issued identification number, date of birth, street address and email address. This information is necessary for the provision of the product or service. In the course of your use of our product and services, we also collect account transaction information. We also may collect feedback, questions and information that you provide to us when you call or write for customer service.
 
When you use our website: If you use one of our websites, we collect information about which features you use, how you use them and how you access the website.  Some of this information is collected through cookies and other data collection technology.
 

• Usage Information. We may collect information about your activity on the website, such as date and time you logged in, features you’ve been using, search queries, webpages you viewed and referring webpage address.
• Device information. We may collect information from and about the computer, tablet or mobile telephone (“Device”) you use to access the website, including hardware and software information such as IP address, device ID and type, identifiers associated with cookies or other technologies that may uniquely identify your Device or browser, and  information on your wireless and mobile network connection.
• Location Information. If you give us permission, we may collect data about the location of the Device that you use to access the website (“Location Data”) using IP address, GPS and Wi-Fi access points.  We also may use Google Maps to determine your location.  When Google Maps is part of the services you choose to use, you are subject to Google’s Privacy Statement at http://www.google.com/policies/privacy. 

 
From other sources: MetaBank may collect personal data about you from third parties:
 

• Through service providers: Third parties that assist us with our business operations or to offer our products and services also collect and use your personal data and may share the collected personal data with us to assist us in servicing and marketing our products, detecting and preventing fraud or analyzing or performing market research on our products and services. 
• When you connect with social media: our websites may link with social media platforms and social media plug-ins (e.g., the Facebook "Like" button).  We may (depending on your social media account settings) automatically receive personal data from the social media platform.  You can change your settings in your social media accounts at any time.
• With your consent: We may from time ask you for your consent to collect personal data that is not described in this E.U. Privacy Statement. You may revoke your consent at any time.

 

COOKIES AND OTHER DATA COLLECTION TECHNOLOGY [KH1] 

Cookies are small text files that are sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history. 
 
Our websites may use the following cookies:

• Essential cookies. MetaBank uses essential cookies to authenticate users (both our customers and our customers' end-users) and prevent fraudulent use of user accounts.
• Preferences cookies. MetaBank uses preferences cookies to remember information that changes the way the product or service behaves or looks, such as the "remember me" functionality of a registered user or a user's language preference.
• Analytics cookies. MetaBank uses analytics cookies to track information how our website is used so that we can make improvements. Analytics cookies allow MetaBank to recognize and count the number of visitors and learn how visitors navigate our websites
• Targeting cookies. MetaBank uses targeted cookies to record your visits to its websites, the pages you visited and the links you followed. MetaBank may also share information collected through targeting cookies with third parties that send you targeted advertisements.

 
MetaBank may also uses web beacons (also called pixel tags or clear GIFs).  A web beacon is computer code that communicates information from your Device to a server.  Some of MetaBank’s content and emails may contain embedded web beacons that allow a server to read certain types of information from your Device, allow us to count the number of people who have viewed content, to know when you opened an email message and the IP address of your Device.  Web beacons help MetaBank develop statistical information to provide better and more personalized content.  To learn more about cookies and web beacons, visit www.allaboutcookies.org.
 
MetaBank may also use tracking services (such as Double Click) and analytics services (such as Google Analytics and SiteImprove Analytics) to collect information.  Generally tracking and analytics services do not identify individual users.  Some tracking and analytics services allow you to opt out of data collection.  The Double Click, Google Analytics and SiteImprove.  DoubleClick is a Google service and to learn more about its privacy practices, visit https://policies.google.com/privacy?hl=en. To learn more about Google Analytics practices, visit https://support.google.com/analytics/answer/6004245?hl=en.  To learn more about SiteImprove Analytics, visit https://siteimprove.com/en/privacy/.
 
How does MetaBank use cookies and other data collection technology?
Cookies and other data collection technology may help us improve your experience of our websites by, for example, measuring the success of marketing campaigns, compiling statistics and helping us analyze technical and navigational information and to detect and prevent fraud.
 
How can you control cookies?
 

• Browser settings: Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your Device. You also may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device.  Although you are not required to accept cookies or mobile device identifiers, if you block or reject them, you may not have access to all features.
• Advertising: To opt out of interest based advertising or to learn more about the use of this information by our Service Providers you can visit the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp) or the Digital Advertising Alliance (http://www.aboutads.info/choices/) or http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to opt out, we will place an "opt-out cookie" on your computer. The "opt-out cookie" is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for some cookies that are important to how our websites and mobile apps work ("essential cookies"). If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return to the links above to re-select your preference.
• Google Analytics:  See http://www.google.com/policies/privacy/partners/ for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here https://tools.google.com/dlpage/gaoptout

 

HOW WE USE PERSONAL DATA

MetaBank uses the personal data that we collect for the following purposes as necessary to provide you with our products and services. The legal basis for this is the performance of a contract with you or to take steps at your request prior to entering into a contract:
 

• respond to your inquiries and fulfill your requests for information, products or services;
• verify your identity;
• provide you with  important notices about our products or services and policies or other administrative information;
• evaluate your eligibility for products or services;
• identify you when you access and use our websites

 
As part of MetaBank’s legitimate interest in the improvement and marketing of MetaBank’s products and services, compliance with our legal and contractual obligations, as well in the security of MetaBank’s products and services, MetaBank processes your personal data in order to:
 

• deliver marketing communications to you;
• help us understand the types of products and services that interest you and present you with offers for them;
• personalize your experience on the website and when you use our services;
• conduct data analysis, identify usage trends and determining the effectiveness of promotional campaigns;
• develop and improve our products and services;
• detect and prevent fraud;
• comply with applicable laws and regulations and legal process and law enforcement requirements; and
• enforce our agreements with you
• share your personal data as described below

 

HOW WE SHARE PERSONAL DATA: 

We share personal data as follows:
 

• Service Providers: MetaBank shares personal data with MetaBank’s third-party service providers that help us provide our products and services for you, marketing, providing customer service, industry benchmarking and market research.
• Corporate Transactions: MetaBank may share and transfer personal data if MetaBank is or intends to be involved, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by MetaBank (in each case, whether in whole or in part).
• Other Lawful Disclosures: MetaBank also shares personal data: (i) as permitted by law; (ii) if we determine that disclosure of specific personal data is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect the rights, privacy, property, interests or safety of our company or our affiliates, customers, business partners, employees or the general public; (iv) to pursue available remedies or limit the damages; (v) to enforce our agreements with customers and others; and (vi) to respond to an emergency.
• With Your Consent[KH2] : Apart from the reasons identified above, MetaBank may request your permission to share your personal data for a specific purpose. MetaBank will notify you and request consent before you provide the personal data or before the personal data you have already provided is shared for such purpose.  You may revoke your consent at any time.

 

HOW WE PROTECT AND RETAIN PERSONAL DATA

We use physical, technical and organizational measures designed to protect your personal data against unauthorized access, theft and loss.  Although we take precautions intended to help protect personal data that we process, no system or electronic data transmission is completely secure.  Any transmission of your personal data is at your own risk and we expect that you will use appropriate security measures to protect your personal data.
 
If we determine that the security of your personal data in our possession or control was subject to unauthorized access or us, applicable law may require that we notify you.  If you have provided us with your email address, you agree to our use of email as a means of notification.
 

TRANSFERS OF PERSONAL DATA

MetaBank transfers, processes, and stores personal data about you on servers located in the United States. Therefore, your personal data may be transferred to, stored, or processed by staff who work for us, or for one of our service providers in the United States whose data protection, privacy, and other laws may not provide the same level of protection as those in your country of residence. For example, government entities in the United States may have certain rights to access your personal data. If MetaBank transfers your personal data outside of the EU in this way, MetaBank will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
 
By using our products or services, you understand and consent to the collection, storage, processing, and transfer of my personal data to MetaBank’s facilities in the United States or in other non-EU countries. You also understand and consent to MetaBank’s sharing personal data as described in this E.U. Privacy Statement with third parties in the United States or in other non-EU countries.
 

YOUR CHOICES ABOUT YOUR PERSONAL DATA

If you would like to review, amend, correct or update personal data that you have previously provided to us or if you would like to restrict, delete or receive an electronic copy of your personal data for purposes of transmitting it to another company (when these rights are provided to you by law), please contact us at the address or phone number provided below.
 
In your request, please make clear what personal data you would like to have changed or other limitations you would like to put on our use of your personal data. For your protection, we only fulfill requests for the personal data associated with the particular accounts you identify and we may need to verify your identity before fulfilling your request.  We will try to comply with your request as soon as reasonably practicable.
 
Your rights include:

• The right to access: You have the right to ask us for copies of your personal data. This right has some exemptions, which means you may not always receive all the personal data we process.
• The right to rectification: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete personal data you think is incomplete.
• The right to erasure: You have the right to ask us to erase your personal data in certain circumstances.
• The right to restrict processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.
• Right to object to automated processing, including profiling: the right to not be subject to the legal effects of automated processing or profiling.
• The right to lodge a complaint with the supervisory authority: A list of Supervisory Authorities is available here:  https://ec.europa.eu/info/law/law-topic/data-protection_en.

 
Please note that we often need to retain certain personal data for recordkeeping purposes and/or to complete any transaction that you began prior to requesting a change or deletion.  Our databases and other records may have residual personal data that is not removed.  In addition, we also may not allow you to review certain personal data for legal, security or other reasons.
 

HOW LONG WE KEEP YOUR PERSONAL DATA

We will retain your personal data for the period necessary to fulfill the purposes outlined in this E.U. Privacy Statement unless a longer retention period is required or permitted by law.  The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you;
• Whether there is a legal obligation to which we are subject; and
• Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).

 

LINKS TO OTHER SITES

Our website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or Services.
 

CHANGES TO THIS PRIVACY STATEMENT

The effective date of this E.U. Privacy Statement is set forth at the top of this page. We reserve the right to change this E.U. Privacy Statement as business needs require.  We will post the changes to this page, and will indicate the date they go into effect.  We encourage you to review our website terms, E.U. Privacy Statement, and Privacy Policy to stay informed.  If we make changes that materially affect your privacy rights, we will notify you of the changes by posting a prominent notice on our website or using other methods that we select, as required by law.  Any amended E.U. Privacy Statement supersedes all previous versions.
 

CONTACT US

If you have any questions about this E.U. Privacy Statement, please contact us at: MetaBank, PO Box 91607, Sioux Falls, SD 57109 or 1-866-550-6382.