This policy explains how RMO Corporation, DBA RMO, and its subsidiaries (“RMO,” “we,” “us”) collect, use, share, and protect your personal information in the United States, and the privacy rights and choices available to you.
This U.S. Privacy Policy applies to personal information we collect from individuals located in the United States through RMO products, services, websites, mobile applications, retail centers, contact centers, and other interactions, across our Banking, Lending, Insurance, Protection, Investments, Payments, and Human Services divisions.
RMO is a financial services provider. Much of the information we collect about consumers who obtain financial products or services for personal, family, or household purposes is nonpublic personal information (“NPI”) governed by the federal Gramm-Leach-Bliley Act (“GLBA”). Our collection, use, and sharing of that NPI is described in our Consumer Financial Privacy Notice (the GLBA “FACTS” notice), which controls in the event of any conflict with this policy as to NPI. This policy describes our broader practices — including information collected online and through marketing — and the rights available to you under state privacy laws. It is supplemented by our Data Collection Notice (cookies and online tracking) and our Do Not Sell or Share My Information page.
In the 12 months preceding the date of this policy, we may have collected the following categories of personal information. The specific information collected depends on the products and services you have and how you interact with us.
| Category | Examples |
|---|---|
| Identifiers | Name, postal address, email address, telephone number, date of birth, Social Security number, driver’s license or other government ID number, account numbers, IP address, device identifiers, and online identifiers. |
| Financial information | Account balances, transaction and payment history, card and bank account details, income, assets, employment, credit history, and creditworthiness. |
| Commercial information | Products and services purchased or considered, and other purchasing or service histories. |
| Internet or network activity | Browsing and search history, interactions with our websites, apps, and emails, and device and usage data collected through cookies and similar technologies. |
| Geolocation data | General location derived from IP address and, where you permit it, more precise location from your device. |
| Audio & electronic information | Recordings of customer service calls, secure messages, and chat transcripts. |
| Professional & employment information | Employer, occupation, and income information you provide in connection with an application. |
| Sensitive personal information | Social Security, driver’s license, or other government ID numbers; financial account log-in credentials and account numbers; and precise geolocation. We may also process this to the extent it is necessary to provide the products and services you request. |
| Inferences | Profiles reflecting preferences, characteristics, and behavior drawn from the information above, used to personalize and improve our products and detect fraud. |
We collect personal information directly from you (applications, forms, account activity, and customer service interactions); automatically when you use our websites and apps (through cookies, pixels, and similar technologies — see our Data Collection Notice); and from third parties, including credit bureaus, identity-verification and fraud-prevention services, payment networks, public records, our affiliates, and marketing partners.
Our products and services are intended for adults and are not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 where applicable state law requires) without the consent required by the Children’s Online Privacy Protection Act (COPPA) and applicable state law. If you believe a child has provided us personal information, contact us and we will delete it.
We use your personal information to:
We may disclose personal information to:
We do not sell your personal information for monetary consideration. However, certain online advertising activities — such as sharing identifiers and internet-activity data with advertising partners for cross-context behavioral (targeted) advertising — may be considered a “sale” or “sharing” under some state laws. You can opt out: see Do Not Sell or Share My Information.
We collect sensitive personal information — such as your Social Security number, government ID numbers, and financial account information — to provide financial products and services, verify your identity, and prevent fraud. We do not use or disclose sensitive personal information to infer characteristics about you, and we limit its use to the purposes permitted under applicable law. Where state law provides a right to limit the use of sensitive personal information, you may exercise it as described below.
We and our partners use cookies, pixels, and similar technologies for essential functionality, analytics, personalization, and advertising. You can manage cookies through your browser and through the controls described in our Data Collection Notice. Where required, we honor browser-based opt-out preference signals, including the Global Privacy Control (GPC), as a request to opt out of the sale or sharing of personal information for the browser or device on which the signal is received.
Depending on your state of residence, you may have some or all of the following rights. We will not discriminate or retaliate against you for exercising them.
Request the categories and specific pieces of personal information we have collected, the sources, the purposes for collecting it, and the categories of third parties with whom we share it.
Request deletion of personal information we collected from you, subject to exceptions — including information we must retain to complete transactions, comply with law, or detect fraud.
Request correction of inaccurate personal information. We use commercially reasonable efforts to correct verified inaccuracies.
Obtain a copy of certain personal information you provided to us in a portable, readily usable format, where technically feasible.
Opt out of the sale or sharing of personal information, targeted advertising, and certain profiling. Use our Do Not Sell or Share page, or send a Global Privacy Control signal.
Where state law provides it, direct us to limit the use and disclosure of your sensitive personal information to permitted purposes.
If we decline your request, you may appeal in states that provide this right (e.g., Virginia, Colorado, Connecticut). We respond to appeals within the timeframe your state requires.
Opt out of marketing, review-request, and service-update emails at any time on the Email Preferences page (use the manage-preferences link in any RMO email). Required account, security, and regulatory notices are not affected.
You may submit a privacy request by:
To protect your information, we verify your identity before acting on a request to know, delete, or correct, generally using information we already maintain. You may use an authorized agent to submit a request on your behalf; the agent must provide proof of authorization, and we may still ask you to verify your identity directly.
We acknowledge requests within 10 business days and respond substantively within 45 calendar days. When reasonably necessary, we may extend our response by an additional 45 days and will notify you of the extension and the reason for it.
If we decline a request and your state provides an appeal right, you may appeal by contacting us at (888) 764-3448 or through our Contact Us page. We will respond within the period your state law requires and, if your appeal is denied, tell you how to contact your state attorney general.
As a financial institution, RMO complies with the GLBA. We deliver initial and annual privacy notices, maintain safeguards to protect NPI, and limit information sharing as required by law. You have the right to opt out of certain sharing among RMO affiliates — see our Consumer Financial Privacy Notice. Information we use for credit and eligibility decisions is also governed by the Fair Credit Reporting Act (FCRA).
Most state comprehensive privacy laws contain an exemption for financial institutions or financial data already subject to the GLBA (and for information subject to the FCRA). Where that is the case, the rights described below may not apply to NPI that RMO handles under the GLBA, though they continue to apply to other personal information, such as data collected through our websites for marketing.
California residents have the rights to know, access, delete, correct, and obtain portability of personal information; to opt out of the sale or sharing of personal information; to limit the use of sensitive personal information; and to non-discrimination. Personal information subject to the GLBA is exempt from the CCPA (except for the data-breach private right of action). Under California’s “Shine the Light” law, we do not disclose personal information to third parties for their own direct marketing. Notice of Financial Incentive: RMO does not offer financial incentives in exchange for the retention or sale of personal information.
A growing number of states have enacted comprehensive consumer privacy laws. As of the date of this policy, these include California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island, with additional state laws taking effect over time. RMO honors the rights granted to residents of these states as, and to the extent, required by applicable law — subject to each law’s exemptions, including those for GLBA- and FCRA-regulated financial institutions and data (note that some states, such as Montana and Connecticut, have narrowed their GLBA exemptions). Some states also provide rights to opt out of profiling that produces legal or similarly significant effects, and rights to appeal. To exercise your state-specific rights, contact us at (888) 764-3448 or through our Contact Us page.
We maintain administrative, technical, and physical safeguards designed to protect your personal information, including encryption, access controls, monitoring, and regular security assessments. We limit access to those who need it to serve you. No system is perfectly secure, but we work continuously to protect your information — see our Security Center.
We retain personal information for as long as needed to provide products and services, and thereafter as required to comply with our legal, regulatory, tax, accounting, recordkeeping, and fraud-prevention obligations and to resolve disputes and enforce agreements. Retention periods vary by the type of information and the applicable requirement. When information is no longer needed, we securely delete or de-identify it.
We may update this U.S. Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will revise the “Last Updated” date above and, where required, provide additional notice. Your continued use of our products and services after an update means the revised policy applies to you.
For questions, concerns, or to exercise your privacy rights, contact our Privacy Office:
Phone: (888) 764-3448
Mail: RMO Corporation, Attn: Privacy Office, PO Box 811280, Los Angeles, CA 90081
