California Privacy Notice

Last Updated: October 6, 2025

1. Purpose

This privacy policy is for California residents and discloses the privacy practices of Credit Corp Solutions Inc., and its affiliates (“Credit Corp”, “we”, “us” or “our”). This policy supplements the information contained in Credit Corp’s Privacy Policy, which can be found at www.creditcorponline.com/privacy. We adopt this policy to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”). Any terms defined in the CCPA have the same meaning used in this policy.

2. Scope

This policy covers the practices of Credit Corp with respect to California residents and applies to all personal information, including information contained in customer reports, or our current and former customers and the customers with whom Credit Corp interacts. The Credit Corp website is not intended for individuals less than the age of eighteen and we do not knowingly collect data relating to the individuals less than the age of eighteen. Further, Credit Corp does not knowingly sell or share personal information about consumers under the age sixteen. Nothing in this policy is intended to contradict your rights under the Fair Debt Collection Practices Act (“FDCPA”). Credit Corp will not disclose any information to third parties that is otherwise prohibited by the FDCPA.

3. Personal Information

The CCPA applies to certain personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information from government records, deidentified or aggregated customer information or information excluded from the CCPA’s scope such as (1) health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data in addition to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994.

4. What Information We Collect.

We may have collected the following categories of personal information within the last 12 months. Inclusion of a category indicates that we may collect some information in that category. It does not mean that we collect all information listed in that category in all situations.

Categories of Personal Information	Examples of Specific Types of Personal Information Collected	Collected	Purpose
Identifiers	A real name, alias, postal address, email address, telephone numbers, internet protocol address, account number, Social Security number, date of birth, or other similar identifiers	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests d. Prevent Fraud
Personal Information Categories listed in California Customer Records Statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests d. Prevent Fraud
Protected Classification Characteristics under California or Federal Law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Internet or Other Similar Network Activity	Information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Geolocation	Physical location or movements related to use of our internet website, application or device.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Sensory Data	Audio, electronic, visual.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Professional or employment related information	Current or past job history.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Non-public education information (per the Family Educational Rights and Privacy Act [20 U.S.C. Section 1232g, 34 C.F.R. Part 99])	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	Yes	a. Necessary to provide the services b. Necessary to comply with a legal obligation c. Necessary for our legitimate business interests
Sensitive Personal Information	Government-issued identifying numbers, such as a driver’s license, passport or social security number, financial account details that allow access to an account, such as a credit card number and access code, Genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, contents of mail, email, or text messages, biometric data related to your unique identification.	Yes	a. Necessary to provide the services b. Maintain and service your account c. Process Payments d. Ensure security and integrity regarding the use of such personal information e. Verify or maintain the safety and quality of the services f. Necessary to comply with a legal obligation g. Necessary for our legitimate business interests.

5. How We Collect Your Personal Information

Credit Corp collects most of this personal information directly from sellers of portfolios of debt, as well as from you by telephone, written correspondence through the mail, email, SMS, chat, or fax, by viewing your public social media/network pages, activity on our website, or other information available online. Credit Corp also collects your personal identifiable information when you update your personal information on the website and when you make a payment. Credit Corp may also collect information:

• From you, such as from the forms or other information you provide to the us;
• From publicly accessible sources (e.g., property records or court records);
• From our service providers (e.g., letter vendors, location vendors, payment processing vendors, call analytics vendor, and/or electronic signature service provider);
• Directly from a third party (e.g., third parties contacted during location activities pursuant to 15 U.S.C. § 1692b, such as your friends, neighbors, relatives, and/or employer);
• From a third party with your consent (e.g., your authorized representative and/or attorney); and
• From activity on our website.

6. How We Use Your Personal Information

Credit Corp collects personal information solely for the purpose of lawful debt recovery. Personal information remains part of our records until we determine the information is no longer needed, or we are required by law to delete such information. We will collect the minimum amount of data necessary to collect a debt. We do not sell your personal information.

Credit Corp may use and disclose your information if we have your permission or we have another legal reason for using it. These reasons may include:

• To pursue our legitimate business interests;
• To provide you with information or services that you request from us;
• Where required by law and regulation;
• To comply with legal process;
• To respond to requests from public and government authorities as required by law;
• To enforce our Terms and Conditions and this policy;
• To protect our operations or services, or those of any of our affiliates;
• To protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others;
• To ensure security and integrity to the extent personal information is reasonably necessary and proportionate to these purposes;
• To improve our products or services, marketing, or customer relationships and experience;
• To verify or maintain the quality or safety of the services or account, or to prevent fraud; and
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.

Credit Corp may also use your personal information for authentication purposes, to update your contact information and to process payments on your account(s). Credit Corp will retain your personal data in line with its retention policy and will delete the information once it is no longer needed, after which it will be deleted or anonymized.

Credit Corp will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We do not sell and will not sell your personal information.

7. Who We Share Your Personal Information With

We may share personal information with our employees and affiliates who need to know that information to service your account. Except as provided below, we do not share or disclose any personal information to any company or marketing group external to us. We may share your personal information with third parties and service providers to the extent it is reasonably necessary to manage and service your account, verify employment, determine location, process payment, fulfill a transaction, provide customer service, or as otherwise authorized by law.

Further, we may disclose personal information (a) to another entity with which we enter or reasonably may enter into a corporate transaction, such as, for example, a merger, consolidation, acquisition, or asset purchase, (b) to a third party pursuant to a subpoena, court order, or other form of legal process or in response to requests by or on behalf of any local, state, federal, or other government agency, department or body, whether or not pursuant to a subpoena, court order, or other form of legal process, or in connection with litigation brought against, or on behalf of, Credit Corp, where appropriate, (c) to a third party if determined by Credit Corp and its sole judgment that such discretion is appropriate to protect the life, health, or property of Credit Corp or any other person or entity, all in compliance with applicable law, (d) to third parties as authorized or designated by you, or (e) to conduct any other legitimate business activity not otherwise prohibited by law. The foregoing is not intended to obviate or displace any legal obligations or duties applicable to Credit Corp.

Except as necessary for us to provide the services, information, or products requested by a website user, or accept for disclosures identified in the preceding paragraphs, the user may opt out of having their personal information, which has been voluntarily provided to us through or from its website, prospectively retained by us, used by us for secondary purposes or disclosed by us to third parties.

E-mail posted or sent to us may not be secure against interception by unauthorized individuals. To protect against interception by unauthorized individuals, or because we cannot verify your identity, we may be unable to respond to e-mail requests concerning accounts placed for collection unless you have requested or authorized us to do so.

8. Sharing your information with customer reporting agencies

Customer Reporting Agencies (CRAs) collect and maintain information on customer and business credit profiles on behalf of organizations in the United States. We may share information about you with CRAs and may carry out periodic searches within to verify your identity or manage your account.

Details of your account(s) with us may be sent to CRAs and recorded by them. This information may be supplied by CRAs and may be used in searched by us and other organizations, such as debt collection agencies in order to:

• consider applications for credit and credit related services;
• locate debtors and recover debts; and
• manage your accounts.

We may furnish account information to Experian, Equifax, and TransUnion. You have a right to obtain an annual copy of your credit file from CRAs by visiting www.annualcreditreport.com. 

9. Right to Know and Data Requests

If you are a California resident, the CCPA grants you the following rights regarding your personal information. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable customer request, we will disclose to you:

• The categories of personal information we have collected about you.
• The categories of sources from which the personal information is collected.
• Our business or commercial purpose for collecting your personal information.
• The categories of third parties with whom we share personal information, if any.
• The specific pieces of personal information we have collected about you.

Please note that we are not required to:

• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.

10. Right to Request Deletion

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable customer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which the personal information was collected, fulfill a requested good or service, meet expectations based on our ongoing business relationship, or otherwise carry out a contract between you and us
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another customer to exercise his or her right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent.
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
• Comply with an existing legal obligation.
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

11. Right to Request Correction

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate. We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers to take appropriate action.

12. Right to Limit Sensitive Personal Information

This enables you to ask us to suspend the processing of your sensitive personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Credit Corp does not collect or use sensitive personal data for the purpose of inferring characteristics about customers. Therefore, such data is treated as “personal information” and requests handled in accordance with procedures for general personal information.

13. Protection Against Discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate, or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to you by your personal information.

14. How to Exercise Your Rights

To exercise the right to know, data portability, correction and deletion rights described above, please submit a verifiable customer request to us by either:

• Calling us, toll-free, at (800)-483-2361;
• Emailing us at: customercare@creditcorponline.com; or
• Writing to us at 121 W Election Road, Suite 200, Draper UT 84020.

Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice within a 12-month period.

15. Exercising the Right to Limit

You can submit your request to limit or opt-out through:

• Emailing us at customercare@creditcorponline.com;
• Calling us at (800)-483-2361; or
• Writing to us at 121 W Election Road, Suite 200, Draper UT 84020.

16. Verifying Your Identity (i.e., verifiable customer request)

If you choose to contact us directly by phone or in writing, you will need to:

• Provide us with enough information to identify you (e.g., your full name, address and customer or matter reference number);
• Provide us with proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
• Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

Responding to Your Requests

We endeavor to respond to a verifiable customer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and the extension period in writing. If you have an account with us, we will deliver our response to your verified email address of otherwise using your contact information. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable customer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable customer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

18. How We Protect Information

Credit Corp has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized release of or access to personal information. We employ internal and external system safeguards designed to protect confidentiality and security of personal information. The confidentiality of any communication or material transmitted to or from Credit Corp via the website or via e-mail cannot be, and is not, guaranteed. You acknowledge that the technical processing and transmission of the website’s content may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to confirm and adapt to technical requirements of connecting networks or devices. The safety and security of your information also depends on you.  If any questions arise about security, please contact us using the information provided above.

19. Authorized Agent

You can designate an authorized agent to make any of these requests by providing your express written authorization. We must be able to verify your identity and the authorization must include the authorized agent’s name, address, telephone number, and email address (for providing the personal information collected or to respond to a request for deletion).

20. External Website and Online Services

Our website may contain links to enable you to visit other websites of interest easily. We do not have control over any other websites or online services. Any access to and use of such third-party websites and online services is not governed by this policy. Therefore, Credit Corp does not accept any responsibility or liability for (the operation, content, and/or privacy practices of) services and/or websites or online services of third parties. You should exercise caution and look at the privacy policy applicable to the website or online services in question.

21. Using Cookies

Credit Corp may collect certain computer and browser information through automated technologies such as cookies and web beacons when you visit our website. Cookies are pieces of information that are sent to your browser when you visit the website to identify the browser or to store information or settings in the browser. They are then stored on the hard disk or in the memory of your equipment. The browser can send this information back on your next visit to the website. Web beacons (also known as internet tags, pixel tags, flash shared files, HTML 5 logical storage, HTML 5 minidatabases, or clear GIFs) link web pages to web servers and their cookies may be used to transmit information collected back to web server.

22. Information Retention

Credit Corp will retain your personal data until we determine the information is no longer needed to fulfill the business or legal purposes described in this policy, or as otherwise required for legal compliance purposes. Credit Corp may maintain aggregated or anonymized information indefinitely as it does not directly or indirectly reveal your identity.

23. Right to Change this Policy

Credit Corp reserves the right at any time to modify, alter or update this policy. Notice of any new or revised policy, as well as the location of the new or revised policy, will be posted on the website after the change. It is the obligation of users visiting the website before the change to learn of changes to the policy since their last visit. Your use of the website following any changes means that you agree to follow and be bound by the policy as changed. Any change to this policy shall be effective as to any visitor who has visited the website before the change was made. If there are material changes to the privacy policy or in how we will use your personal data, we will notify you by prominently posting a notice of such changes before they take effect or by directly sending you a notification.

24. Questions and Contacts

If you have questions about this policy, our practices concerning this website, or your dealings with Credit Corp, you can contact us at customercare@creditcorponline.com or by U.S. mail at the address below:

Credit Corp Solutions
121 W Election Road,
Suite 200,
Draper UT 84020