DPP_202406TOTAL

TOTAL DIGITAL PRIVACY POLICY
EFFECTIVE DATE: JUNE 20, 2024


This digital privacy policy (“Digital Privacy Policy”) describes how the Total application (referred to herein as “we,” “us,” and “our”) uses the information that we process in connection with your use of our website, mobile application, and any other online services we operate that links to this Digital Privacy Policy (collectively, our “Sites”) and any services provided through our Sites or in the course of doing business online or offline (collectively, our “Services”). If you provide information in connection with a credit card application, such information will also be subject to the Privacy Notice of the issuing bank. Both the Digital Privacy Policy and the Privacy Notice are written in accordance with Federal and State law requirements.


Please read this Digital Privacy Policy carefully to better understand how we collect, use, and disclose information about you as you use our Services. Any changes to this Digital Privacy Policy will appear on this page, so we encourage you to review it periodically. By using our Services, you consent to the terms of this Digital Privacy Policy. If you do not agree with this Digital Privacy Policy, you must discontinue using our Services.

  1. INFORMATION WE COLLECT.

    In the past 12 months, we have collected various categories of personal information enumerated in the CCPA. The types of information we may collect include:

    • Identifiers including your name, alias, phone number, postal address, residence, email address, and other contact details;

    • date of birth, Social Security number, and other account information we use to verify your identity;

    • your employer's identity, income, expenses, date of paycheck(s), and other sources of professional or employment related information;

    • the name and date of birth of any additional cardholder(s) that you authorize;

    • the web browser you employ, your internet protocol address, operating device and/or system type, IMEI, device identifiers (including cookies), other online identifiers, clickstream data, tracking codes provided by third-party marketers, choice of settings such as Wi-Fi and Bluetooth settings, and other information relating to internet activity or other electronic network activity; geolocation data, which may include Global Positioning System (“GPS”) data, locational information based upon your IP address, cell network data, and similar location data.

    • payment, banking, and account information you provide; and

    • any other information you may provide to us voluntarily through your use of our Services.

    • audio, electronic, or visual information, which may include audio recordings and similar information.

    • inferences, such as predispositions, behavior, preferences, and characteristics.

    • information not listed above, but related to characteristics protected under California or federal law.


    We collect this information directly from you, service providers, business partners, government entities, operating systems and platforms, social networks, and data brokers.

    If you choose to use your mobile device’s and operating system’s finger scan or facial image recognition features, your biometric information, identifiers or data will be maintained under your custody on your device in accordance with your device’s and your operating system’s features, and we will not collect, capture, purchase, receive through trade, otherwise process, obtain, or have access to them.



  2. INFORMATION COLLECTED AUTOMATICALLY.

    Certain information is collected automatically when you use our Services by means of various software tools. We have a legitimate interest in using such information for our business or commercial purposes, such as to assist in systems administration, information security and abuse prevention, to track user trends, and to analyze the effectiveness of our Services.


    1. Log Files.

      Log files refers to the information that is automatically sent by your web browser or device (or otherwise automatically collected) each time you view our Sites or interact with our Services. The information inside the log files may include IP addresses, type of browser, internet service provider, date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us.


    2. Device and Online Usage.

      We may collect information about your computer, browser, mobile or other device that you use to access our Services. We may use cookies, pixels, log files and other techniques to collect such information, including IP address, time zone, device identifiers and other unique identifiers, browser type, browser language, operating system name and version, device name and model, version, referring and exit pages, dates and times of Services access, links clicked, features uses, crash reports and session identification information.


    3. Location Information.

      When you use our Services on your mobile phone or device, we may collect information on your physical location through satellite, cell phone tower, Wi-Fi signal, beacons, Bluetooth, and near field communication protocols. For example, when you opt-in to allowing us to collect this information, it may allow us to recognize the location of your mobile device.


    4. Cookies.

      We use cookies to make interactions with our Services easy and meaningful. When you visit our Services, our servers may send a cookie to your computer. We may use cookies that are session-based or persistent. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. We use cookies that enable you to navigate our Services and use its features, such as accessing secure areas of our Services. Because required cookies are essential to operate our Services, there is no option to opt out of these cookies. We use cookies to provide features and services such as:

      • Remembering your preferences and allowing you to enter your information less frequently; and

      • Providing other services and features that are only available through the use of cookies;


      The Options/Settings section of most internet browsers will tell you how to manage cookies and other technologies that may be transferred to your device, including how to disable such technologies. You can disable our cookies or all cookies through your browser settings, but please note that disabling cookies may impact some of our Services features and prevent the Services from operating properly.


      We may use or engage a third party that uses Local Stored Objects (LSOs), sometimes referred to as “Flash Cookies”, and other technologies to collect and store information about your use of our Services. A flash cookie is a small data file placed on your device using Adobe Flash technology. Flash cookies are different from the cookies described above because cookie management tools provided in your browser will not remove them. To limit the websites that can store information in flash cookies on your device, you must visit the Adobe website: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

      We may use or engage a third party that uses session replay technology (with or without cookies) to record and analyze interactions with our Services. This technology captures your interactions with our application, including but not limited to, mouse movements, key strokes, clicks, and scrolling. It helps us gain insights into how users interact with our Services, identify usability issues, mitigate security threats, and improve the overall user experience.

      The online advertising industry also provides websites from which you may opt out of receiving certain targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative (https://optout.networkadvertising.org/) and the Digital Advertising Alliance ( https://optout.aboutads.info/).


    5. Do Not Track Signals.

      We do not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of information about an individual consumer's online activities over time and across third-party websites or online services.


    6. Analytics Services.

      We work with service providers (including, without limitation, Google Analytics) who conduct analytics to help us track and understand how visitors use our Sites. Google Analytics is a web analytics service provided by Google that uses cookies to help us analyze how users use our Sites. The information generated by the cookies about your use of the Services will be transmitted to and stored by Google on servers in the United States. If you access the Sites through different devices, Google may associate your devices with one another. Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can prevent Google’s collection and use of the data it collects as defined in its policy by downloading and installing this browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB. For more information about Google Analytics cookies, please see Google’s help pages (https://support.google.com/analytics/answer/6004245) and privacy policy (https://www.google.com/intl/en/policies/privacy).


    7. Web Beacons and Similar Tracking Technologies.

    When you visit our Services, we may collect your IP address for certain purposes such as, for example, to monitor the regions from which you navigate our Services. We may also use web beacons alone or in conjunction with cookies to compile information about your usage of our Services and interaction with emails from us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular site tied to the web beacon. We may use web beacons to operate and improve our Services. We may use other tracking technologies to collect other information, such as session replay information or recordings of communications, relating to you and your online activities.


  3. HOW WE USE YOUR INFORMATION.

    If you submit or we collect information, then such information may be used for the following business or commercial puposes:

    • Provision and Monitoring of the Services: We may use your information to: (i) determine whether you are qualified for our Services, (ii) provide you with access to our Services; (iii) support our Services and your use of our Services; (iv) monitor your use of the Services; (v) fulfill any requests you make of us; and (vi) enable you to make payments.

    • Questions and Requests: We will use the information you provide to answer your questions or resolve your problems.

    • Research and Data Analysis: In an ongoing effort to better understand and serve the users of the Services, we may conduct research on users’ demographics, interests and behavior based on usage data and other information provided to us. This data may be compiled and analyzed on an aggregate basis, and we may use this aggregated data for its own purposes and disclose this aggregated data with advertisers, researchers, business partners, publications, and other third parties, who will use the data for their own purposes.

    • Services Improvement: We may use your information to help us improve the content and functionality of the Services, to better understand our users, and to improve the Services.

    • Fraud Monitoring, Prevention, and Detection. We may use your information as necessary to confirm your identity and to prevent and detect fraud.

    • Compliance. We may use your information to protect our rights or our property and to ensure the technical functionality and security of the Services. We may also use your information to comply with applicable law, assist law enforcement, and to respond to regulatory or other legal inquiries.

    • Business and Commercial Purposes. We may use your information for auditing our Sites, such as counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with applicable law; helping to ensure security and integrity of our Services; debugging to identify and repair errors that impair existing intended functionality; and for advertising and marketing.

    • SMS Alerts. When you provide your mobile telephone number to us in connection with your use of our website, mobile application, and any other online services, you expressly agree that we (and our affiliates, agents and contractors) may contact you at this number via SMS (text message). Compatible carriers include: AT&T, Virgin Mobile, T-Mobile, MetroPCS, US Cellular, and Verizon Wireless. Mobile carriers are not liable for any delayed or undelivered messages. Message and data rates may apply. To opt out of text messages, respond "STOP" to any text message. To request support, text "HELP" in reply to any text message we send you. If you have any difficulty unsubscribing, please contact us at 1-877-480-6988. Mobile information will not be shared with any third parties for marketing or promotional purposes.


  4. HOW WE DISCLOSE YOUR INFORMATION.

    We may disclose any of the above categories of personal information for any of the above business purposes with third parties, including service providers, business partners, government entities, operating systems and platforms, social networks, and data brokers as well as the following third parties:

    1. Our Business Partners.

      We transfer and disclose information to our business partners to perform tasks on our behalf and to assist us in providing our Services. For example, we may disclose your information to the issuing bank or the entity servicing your account. If you opt-in to certain supplemental services (e.g., credit protection or debt cancellation), we may share your information with third party business partners who service and administer such offerings.


    2. Our Third-Party Service Providers.

      We transfer information to our third-party service providers to perform tasks on our behalf and to assist us in providing our Services. For example, we may disclose your information with service providers who assist us in performing core functions (such as payment processing, hosting, data storage, and security) related to our operation of the Services and/or by making certain interactive tools available to you as a user. We also use third parties for technical and customer support, application development, marketing, analytics, tracking and reporting functions, quality assurance, and other services. In the performance of our Services, we may disclose information from or about you with these third parties so that we can deliver a quality user experience.


    3. Aggregated or Deidentified Information.

      To better serve our users, business partners, and to improve our Services, we may conduct research on user demographics, interests and behavior or engage in other activities based on identifiable personal information and/or information that we aggregate or de-identify. Aggregated or de-identified information is not considered personal information and does not identify a user personally. We may disclose this aggregated or de-identified information with our affiliates, agents, business partners, and/or other third parties.


    4. Across our Organization.

      We may share your information with our parent company and affiliates.


    5. In the Event of Merger, Sale, or Change of Control.

      We may transfer or assign your information in the course of (or in the evaluation of) a merger, acquisition, sale, or other change of control.


    6. With Your Consent.

      At your direction or request, or when you otherwise consent, we may disclose your information.


    7. Other Disclosures.

    We may disclose information about you if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our Terms of Use, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of our company, our users, or the public.


  5. RETENTION.

    We reserve the right to retain any information as long as it is needed to: (i) fulfill the purposes for which we collected the information, and (ii) comply with applicable law. Please note that in many situations we must retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes. We will not retain information for longer than is reasonably necessary for any of the disclosed purposes in this Digital Privacy Policy.


  6. DATA SECURITY.

    We take the protection of your information seriously and use physical, administrative, and technical measures that are designed to protect the information collected through the Services. However, please keep in mind that the Internet is not a 100% secure medium for communication. We also cannot guarantee that the information collected about you will always remain private when using our Services. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.


  7. CHILDREN'S PRIVACY.

    Our Services are not intended for or directed to individuals under 13 years of age, and we do not knowingly collect any personal information from children under the age of 13. When a user discloses personal information on our Services, the user is representing to us that he or she is at least eighteen (18) years of age.


  8. LINKS TO OTHER SITES AND SERVICES.

    Our Sites may include links or provide access to other third party websites as a convenience to you. If you click on one of those links you will be taken to websites we do not control, and this Digital Privacy Policy does not apply to those third-party websites. The inclusion of any link does not imply our endorsement of any other company, its site(s), or its product(s) and/or service(s). We are not responsible for the privacy practices or content of any other site.


  9. LOCATION-BASED SERVICES.

    Where you have opted in to sharing your location information, we may use various technologies to collect your information as described in this Digital Privacy Policy to provide you with location-based services and content, including, without limitation, for marketing purposes. You can opt-out from further allowing us to access your location data, by adjusting the permissions in your mobile device.


  10. CHANGES TO THIS PRIVACY POLICY.

    As our organization changes over time, this Digital Privacy Policy may change as well. We reserve the right to amend the Digital Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Digital Privacy Policy or as otherwise required by applicable law. We will provide you notice of material changes by indicating that the Digital Privacy Policy has been updated on our homepage and will indicate the date we made the update above. Your continued use of any of the Services after the changes have been made will constitute your acceptance of the changes. Please, therefore, make sure you read any such notice carefully. If you do not wish to continue using the Services under the new version of the policy, please cease using the Services. The terms of this Digital Privacy Policy are effective as of the Last Updated date posted above.


  11. CONTACTING US

    Any comments, concerns, complaints, or questions regarding our Digital Privacy Policy may be addressed to us at: [email protected] or at 2700 Lorraine Place, Sioux Falls, SD 57106.


  12. ADDITIONAL RIGHTS FOR CALIFORNIA CONSUMERS


    CALIFORNIA CONSUMER PRIVACY ACT (CCPA).

    This section sets forth our privacy practices as required by the CCPA. This section applies only to: (i) individuals who apply for jobs with us through the Sites who also reside in the State of California; and (ii) and individuals who based on the nature of their relationship with us are afforded rights under CCPA (“California Consumers”).


    For specific detail regarding the categories of information we collect, please refer to section 1 hereinabove ("Information We Collect”).

    We share or disclose personal information as set forth in the “How We Disclose Your Information” section above. We do not knowingly sell your information, including if you are a consumer under 16 years of age, for any purpose.

    Your Privacy Rights:


    If you are a California Consumer, you have the right to:

    1. Request we disclose to you, free of charge, the following information covering the 12 months preceding your request:

      • The categories of personal information, including personal sensitive information, we have collected about you;

      • The categories of sources from which the personal information, including sensitive personal information, was collected;

      • The categories of personal information, including sensitive personal information, about you we collected, sold, or shared for a business or commercial purpose;

      • The categories of third parties to whom the personal information, including sensitive personal information, was disclosed and the categories of personal information that was disclosed (if applicable);

      • The specific pieces of personal information, including sensitive personal information, we have collected about you.

    2. Request deletion of personal information we have collected from you.

    3. Request the correction of inaccurate personal information.

    4. Request to opt out of the selling or sharing of your personal information. Please note that we will respond to opt-out preference signals in compliance with applicable laws. Please refer to the settings in your browser to use opt-out preference signals.

    5. Request we limit the use and disclosure of sensitive personal information. Our use and disclosure of sensitive personal information, however, is already limited in accordance with permitted purposes under applicable law, and we do not use your sensitive personal information to infer characteristics about you. As a result, you do not need to take any further action to limit the use or disclosure of your sensitive personal information.

    6. Be free from discriminatory treatment or retaliation for exercising your rights under the CCPA.


  13. When requesting deletion of the personal information we have collected from you, please note that any information that is subject to the Gramm-Leach-Bliley Act or subject to other applicable exceptions available under applicable law, such as information used for the purposes of servicing your account, is exempt from such request under the CCPA.

    To contact us with your questions and concerns or to exercise any of these rights, please submit a request to us by either using our online form at https://myccpay.com/pages/consumerPrivacy.php or by calling us at 1-844-727-3477. You may be asked to verify your identity in order for us to process your request, including by:


    If you are using an authorized agent to submit a request on your behalf, we may ask that you:


    Your request may be denied if we are unable to verify your identity, or your agent’s authorization to act on your behalf.