The following LemFI Privacy Notice and GLBA Privacy Notice and Disclosure applies to you if you are an individual who resides in the United States, and you use the services of Pomelo Two US LLC including any third party through whom you are delivered LemFi Services.
The Privacy Notice applies to all services offered by LemFi to clients and website visitors. Certain individuals may be provided with additional privacy notices as described below:
LemFi Clients – When you sign up for an account with us to obtain remittance or card services, we may collect and use your information to facilitate the provision of banking, payments and cards services pursuant to our GLBA Privacy Notice as applicable. Federal law requires us to provide notice to certain customers to explain what personal information we collect, how we share it, and how consumers may limit information sharing. These privacy practices are subject to our GLBA Privacy Notice, which we strongly suggest you review.
Notice to California Residents – If you are a resident of California, please see our California Consumer Privacy Statement.
You may have other privacy protections under applicable state laws. To the extent these state laws apply, we will comply with them when we share information about you. Please see our State Specific Privacy Statement for more information on whether you have additional rights or protections under other state privacy laws.
As part of our daily business operations, we collect personal information from our customers and prospective customers in order to provide them with our products and services, and to ensure that we can meet their needs when providing these products and services, as well as when providing them with any respective information. When you visit our website, social media pages, or other online properties, collectively “Sites” or “Services,” we may collect and use certain information about you.
Your privacy is of utmost importance to us, and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This Privacy Notice explains how LemFi collects, uses, and manages the personal information we receive from you, or a third party, in connection with our provision of services to you or which we collect from your use of our services and/or our website. The Privacy Notice also informs you of your rights with respect to the processing of your personal information and the choices you can make about what information you share.
The following terms are defined as follows:
“LemFi Account” means a user-accessible account offered via Community Federal Savings Bank.
“We”, “Our”, and “Us” refers to Pomelo Two LLC, LemFI, Pomelo Group entities.
“Personal information” or “personal data” or “your data” refers to any information relating to you, as an identified or identifiable natural person, including your name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural, or social identity of you as a natural person.
“User”, and “You” refers to our customers, prospective customers, and individuals who visit our Site or use our Services.
Facts | What does LemFi do with your Personal Information? |
Why? | LemFi chooses how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
What? | The types of personal information we may collect and share depend on the product or service you have with us. This information includes: - Full legal name, date of birth and social security number - Information about your financial status - Account balance, transaction history, any other financial or personal information forming part of our relationship with you as a customer - A selfie for securing your account including identification and verification information - Biometric data |
When you are no longer our customer, we continue to share your information as described in this notice. | |
How? | All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons LemFi chooses to share; and whether you can limit this sharing. |
Reasons We Can Share Your Personal Information | Does LemFi share? | Can you limit this sharing? |
---|---|---|
For our everyday business purposes — | ||
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to our financial partners and intra-group companies. | Yes | No |
For our marketing purposes - to offer our products and services to you | Yes | No |
For joint marketing with other financial companies | No | No |
For our affiliates’ everyday business purposes — information about your transactions and experiences | Yes | No |
For our affiliates to market to you | Yes | Yes |
For nonaffiliates to market to you | No | N/A |
Please refer all your questions to dataprivacycounsel@lemfi.com
Who We Are | |
---|---|
Who is providing this notice? | Pomelo Two US LLC |
What We Do | |
---|---|
How does LemFi protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards. We maintain many types of safeguards to protect against loss, misuse, and unauthorized access of your personal information. |
How does LemFi collect my personal information? | We collect your personal information, for example, when you: - Interact with LemFi support, LemFi Mobile App, third parties that help us comply with our legal and regulatory obligations to identify and verify you and your address; - Apply for any LemFi product or service; - Open a LemFi mobile App account; - Conduct transactions using our remittance and card services deposits using your account; - Give us your income information (where applicable); - Provide employment information or your employment history (where applicable); - Give us your contact information; - Provide your government-issued ID or your driver's license. We also collect your personal information from third parties, such as affiliates or other companies. |
Why can’t I limit all sharing? | Federal law gives you the right to limit only: - sharing for affiliates’ everyday business purposes - information about your creditworthiness - affiliates from using your information to market to you - sharing for non-affiliates to market to you State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law. |
Definitions | |
---|---|
Affiliates | Companies related by common ownership or control. They can be financial and non-financial companies. - LemFi does share with our affiliates. |
Non-affiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies. - LemFi does share with non-affiliates. |
Joint marketing | A formal agreement between non-affiliated financial companies that together market financial products or services to you. LemFi does not jointly market with non-affiliated financial companies. |
You may have other privacy protections under applicable state laws. To the extent these state laws apply, we will comply with them when we process your personal information.
For California residents: In accordance with California law, we will not share information we collect about you with companies outside of our corporate family, except as permitted by law, including, for example, with your consent or to service your account. We will limit sharing among our companies to the extent required by California law.
For Vermont residents: In accordance with Vermont law, we will not share information we collect about you with companies outside of our corporate family, except as permitted by law, including, for example, with your consent or to service your account. We will not share information about your creditworthiness within our corporate family except with your authorization or consent, but we may share information about our transactions with you within our corporate family without your consent
The Children's Online Privacy Protection Act (COPPA) is intended to provide parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from, children under the age of 13.
Our products and services are not directed to persons under the age of 18, hereinafter “Children” or “Child,” and we do not knowingly collect personal information from Children. If we learn that we have inadvertently gathered personal information from a Child, we will take legally permissible measures to remove that information from our records. LemFi will require the user to close his or her account and will not allow the use of our products and services.
If you are a parent or guardian of a Child, and you become aware that a Child has provided personal information to us, please contact us at dataprivacycounsel@lemfi.com and you may request to exercise your applicable access, rectification, cancellation, and/or objection rights. If you are under the age of 18, please do not provide any personal information through the Sites or Services.
For additional information on COPPA protections refer to the Federal Trade Commission's website.
If you are a California or Virginia resident, your state’s laws may provide you with additional rights regarding our processing of your personal information. Please see the state-specific sections below:
This California Privacy Notice (“California Notice”) is for California residents, and describes how LemFi collects, uses, and shares your personal information. The information on this page provides details on how we respond to and implement processes to uphold applicable state laws. The laws on this page give individuals certain rights regarding the personal information that LemFi or our affiliates have collected from or about them. This notice may be superseded by the Global Privacy Notice, if applicable. Any terms defined in the California Consumer Privacy Act (as amended by the California Privacy Rights Act of 2020) (“CCPA”) have the same meaning when used in this California Notice. The CCPA does not apply to personal information we collect as part of our current or former customer relationship with you pursuant to other privacy laws such as the Federal Gramm-Leach-Bliley and Fair Credit Reporting Acts, and the California Financial Information Privacy Act. For more information about what information is exempt from disclosure, see the section titled ‘Exemptions’ below.
Definitions
“Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. This information may also be referred to in this California Notice as “Personal Data.”
“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
“Customers” are defined as individuals who access or use our services
Sources Of Personal Information
We gather various types of personal information from our customers from a range of sources, such as:
information you give us when you sign up for, or otherwise use our Services;
information we receive from our Affiliates and third parties; and
information we collect automatically through cookies and similar technologies (see our Cookie Policy for more information on this type of information).
We’ve collected and disclosed the below categories of personal information to create, develop, operate, deliver, and improve our services, to communicate with you, to ensure the safety, security and integrity of our Services, and for business and commercial purposes. LemFi does not collect, use, or disclose sensitive personal information for purposes other than those specified in this California Notice, to provide the Services, or as permitted under applicable law. LemFi does not sell personal information. For more information about how LemFi may use your personal information, please refer to other potentially applicable notices, such as, the Global Privacy Notice.
In the past 12 months, we’ve collected the below categories of personal information, and disclosed the specific types of personal information below with the following categories of third parties:
Category of Personal Information as outlined in the CCPA | Information Collected and Disclosed | Categories of Recipients |
---|---|---|
Identifiers | Real Name, Postal Address, Unique Personal Identifier, Such As: A Device Identifier; Cookies, Beacons, Pixel Tags, Mobile Ad Identifiers And Similar Technology; Customer Number, Unique Pseudonym, Or User Alias; Telephone Number And Other Forms Of Persistent Or Probabilistic Identifiers), Online Identifier, Internet Protocol Address, Email Address, Account Name, Social Security Number, Driver’s License Number, Passport Number, And Other Similar Identifiers; | Third Party Identity Verification Services Financial Institutions Service Providers Professional Advisors Our Affiliates |
Protected Classifications Under California And Federal Law, Including Gender, Age, And Citizenship | Supplemental Identification Information Electronic Identification Information Characteristics Of Protected Classifications Under California Or Federal Law, Such As: Race, Color, National Origin, Age, Sex, Gender, Marital Status, Citizenship Status, And Military And Veteran Status; | Third Party Identity Verification Services Professional Advisors |
Commercial Information Such As Records Of Services Purchased, Obtained, Or Considered | Transaction Information, Records Of Personal Accounts, Products Or Services Obtained, Used Obtained, Or Considered, And Other Purchasing Or Consuming Histories Or Tendencies; | Third Party Identity Verification Services Financial Institutions Service Providers Professional Advisors Our Affiliates |
Biometric Information | Electronic Identification Information | Third Party Identity Verification Services Financial Institutions Professional Advisors |
Internet Or Other Electronic Network Activity Information | Product Usage Information App, Browser, And Device Information Information From Cookies And Similar Technologies | Third Party Identity Verification Services Financial Institutions Professional Advisors Internet And Other Electronic Network Activity Information, Including, But Not Limited To: Browsing History, Search History, And Information Regarding Your Interaction With Websites, Applications, Or Advertisements; |
Geolocation Data | App, browser, and device information | Third Party Identity Verification Services Service Providers Professional Advisors |
Audio, Electronic, Visual, Thermal, Olfactory, Or Similar Information | Call And Video Recordings Communications Audio, Electronic, Visual, Or Similar Information | Third Party Identity Verification Services Service Providers Professional Advisors Our Affiliates |
Professional Or Employment Related Information | Institutional Information Direct deposit Salary | Third Party Identity Verification Services Service Providers Professional Advisors Our Affiliates |
Inferences About Preferences, Characteristics, Predispositions, Etc. | Inferences Drawn From Any Of The Information Identified Above To Create A Profile About You Reflecting Your Preferences, Characteristics, Psychological Trends, Predispositions, Behavior, Attitudes, Intelligence, Abilities, and Aptitudes. | Service Providers Professional Advisors Our Affiliates |
Additional Data Subject to Cal. Civ. Code § 1798.80 | Signature, Physical Characteristics Or Description, State Identification Card Number, Bank Account Number, Credit Card Number, Debit Card Number, And Other Financial Information; |
Collection and Disclosure of Sensitive Personal Information
In the past 12 months, we’ve collected and disclosed the following categories of sensitive personal information, with the following categories of third parties:
Category of Personal Information as outlined in the CCPA | Information Collected and Disclosed | Categories of Recipients |
---|---|---|
Identifiers | Supplemental Identification Information Electronic Identification Information | Third party identity verification services Professional advisors |
The contents of a resident’s mail, email, and text messages | Communications | Service Providers Professional Advisors |
Biometric information | Electronic Identification Information | Third party identity verification services Financial institutions Professional advisors |
Selling or Sharing of Personal Information
In the past 12 months, we have not shared identifiers with third party analytics providers, advertising partners, and ad networks for analytics and advertising purposes. LemFil does not sell your personal information.
As a California resident, you may have the rights listed below in relation to personal information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
Right to Know
You have a right to request the following information about our collection, use and disclosure of your personal information over the prior 12 months, and ask that we provide you with a copy of the following:
Categories of personal information we have collected, sold, or shared about you;
Specific pieces of personal information we collected about you;
Categories of sources from which we collect personal information;
The business or commercial purpose for collecting, selling, or sharing the personal information;
Categories of third parties with whom we disclose that personal information.
Categories of personal information disclosed about you for a business purpose.
Categories of personal information that each recipient received.
Twice within a twelve month period, you have the right to request the personal information we have collected, used, disclosed, and sold about you during the past 12 months.
Right to Correct
You have a right to request that we correct inaccurate personal information maintained about you.
Right to Delete
You have a right to request that we delete personal information, subject to certain exceptions.
Right to Opt out of Selling or Sharing
You have the right to direct a business that sells or shares personal information about you to third parties to stop doing so. LemFi does not sell personal information.
Right to Non-Discrimination
We will not discriminate against you for exercising any of these rights
Right to Portability
You have the right to receive this information in a format, where feasible, that is portable, usable, and allows you to transmit the personal information without impediment.
Exercising Rights
To exercise your rights described above, please submit a Request to us by:
By email, at dataprivacycounsel@lemfi.com
Opt out link
Only you or an agent registered with the California Secretary of State who is authorized to act on your behalf may make a Request.
You may only make two Requests within a 12-month period. Each Request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. We will make every effort to verify your identity using your email address, but we may request additional information. If an authorized representative is making the request on your behalf, we require documentation showing that the representative has such authority. Describe your Request with sufficient detail that allows us to properly evaluate and respond to it.
We will not respond to your request or provide you with personal information if we are unable to verify your identity, or to verify the authority for the person making the request as your agent. We will use personal information provided in a verifiable consumer Request to verify your identity or authority to make the Request, and not for any other purpose.
Verified Request
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. We may require you to provide any of the following information: your name, date of birth, the last four digits of your Social Security number, the email and physical addresses associated with your LemFi account, one or more recent transactions, and the last four digits of one or more of the cards associated with your account. If you have never had an account with us and you request access to or deletion of your personal information, there is no reasonable method by which we can verify your identity to the level of certainty required by the CCPA. The reason for this is that LemFi does not maintain information about non-account holders in a way that is linked to named actual persons (and historically has not linked IP addresses, device identifiers or other information collected by automated means to named actual persons). In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
Authorized Agent
Generally, if you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.
For questions or concerns about our privacy policies and practices, please contact us as described in the Exercising Rights section above.
Response Timing And Format
We will respond to a verifiable consumer request within 30 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response by mail or electronically.
LemFi will not charge a fee to process or respond to your verifiable consumer request, but reserves the right to request a fee if the request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Right to Appeal
If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. If we refuse to act on your request, you have the right to appeal our decision within a reasonable period of time after receipt of our initial decision. We will inform you in writing, within 60 days of receipt of an appeal, of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
If your appeal is denied, you may contact the Attorney General to submit a complaint by visiting the Office of the Attorney General’s website to complete an Online Consumer Complaint Form or by calling the Consumer Protection Hotline at 1-800-552-9963 (within Virginia) or 1-804-786-2042 (outside Virginia).
Right Against Automated Decision Making
A prohibition against a business making decisions about a consumer based solely on an automated process without human input.
Situations where businesses are exempt from complying with consumer rights requests include:
When personal information has already been pseudonymized (and safeguards are in place), and
Compiling would be "unreasonably burdensome."
VCDPA cannot limit a controller or processor's ability to:
Comply with state or federal law
Cooperate with law enforcement
Defend legal claims
Provide a service or product, which a consumer requests
Perform a contract with the consumer
Detect or prevent security incidents
Specific datasets exempted from the VCDPA include:
Specific personal data regulated by the Family Educational Rights and Privacy Act (FERPA)
Particular kinds of data regulated by the Fair Credit Reporting Act (FCRA)
HIPAA personal health data
Data related to employment
The law also will not forbid controllers and processors from conducting: Internal operations that are reasonably aligned with the expectations of the consumer or reasonably anticipated based on the consumer's existing relationship with the controller or are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by a consumer or the performance of a contract to which the consumer is a party.
You may request a copy of this Privacy Notice from us using the contact details set out above. Where changes to this Privacy Notice will have a fundamental impact on the nature of our processing of your personal data or, otherwise, have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you may have under applicable law (e.g., to object to the processing).
We reserve the right to make changes to our Privacy Notice at any time consistent with applicable local laws. Such changes, as long as they do not have a fundamental impact on the nature of our processing of your personal data or, otherwise, have a substantial impact on you, will be posted on this page. We encourage you to review the web site and the Privacy Notice periodically for any updates or changes.