Last Updated: August 1, 2024
1. Introduction and Purpose
Bank Shot, LLC (the "Company", "we", "us", and "our") is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business practices. We also believe in transparency, and we are committed to informing you about how we treat the information we collect, use, share, store, and process.
This Privacy Policy (the "Policy") describes our practices regarding your personal information when you use the Bank Shot mobile application (the "App"), visit our website, www.getbankshot.com (the "Site"), or the Bank Shot Portal located at https://admin.checkimg.com/login (the "Portal") (the App, Site, and Portal are collectively referred to as the "Platforms").
Please read this Policy carefully to understand how we treat your personal information and your choices and rights. If you do not agree with the terms and conditions of this Policy, you should not use the Company's services or use any of its platforms. Your use of the Company's services or use of any of its platforms expressly indicates that you agree to the terms and conditions set forth in this Policy.
THE PLATFORMS ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES AND THEY ARE NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA.
2. What Information Do We Collect?
“Personal information” is information that identifies you as an individual or relates to an identifiable individual. Subject to your consent if required by law, we may collect the following categories of personal information:
Data Anonymization and Aggregation: Subject to your consent if required by law, we may anonymize or aggregate personal information about you so that you are not identified or identifiable from it, in order to use the anonymized or aggregated data, for example, for statistical analysis including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessments and analysis of costs and charges in relation to our products and services. We may disclose anonymized or aggregated data to our global affiliates and with other third parties. This Notice does not restrict Bankshots' use or disclosure of any anonymized or aggregated information.
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
3. Collection Process
We collect the types of information covered by this Notice from:
4. Information Retention
We retain and use your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. We may delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active cloud-based servers and databases, but it may remain in our electronic archives for a period of time pursuant to our contractual obligations or when it is not practical or possible to delete it. To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for operational improvement.
5. How Do We Use Your Information?
To the extent permitted by applicable law, we may use the information described above in order to:
6. How Do We Disclose or Share Your Information?
Where permitted by applicable law, we may disclose the information described above in the following contexts:
7. How Long Do We Store and Use Your Information?
We retain and use your information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. We may delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active cloud-based servers and databases, but it may remain in our electronic archives for a period of time pursuant to our contractual obligations or when it is not practical or possible to delete it. To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for operational improvement.
8. How Do We Protect Your Information?
We have put physical, technical, and administrative safeguards in place to protect the information you share with us from accidental loss, use, alteration, disclosure, or from being accessed in an unauthorized manner.
While our security measures seek to protect the personal information in our possession, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information transmitted to or from our Platforms. Any transmission of information via the internet or other electronic means is at your own risk. We cannot guarantee that your information will remain secure in all circumstances.
The safety and security of your personal information also depend on you. Where you use a password for access to the App, Site, or Portal, you are responsible for keeping the password confidential. Do not share your password with anyone. You should also take care with how you handle and disclose your personal information and should avoid sending personal information through unsecure email. If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
9. Third-Parties Sites and Services
This Policy only applies to our Platforms, and it does not apply to any third-party websites or applications.
The Platforms may contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Platforms, it may not be clear to you which links are to external, third-party resources. If you click on an embedded third-party link, you will be redirected away from the Platforms to the external third-party website. You can check the URL to confirm that you have left the Platforms.
We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties' independent collection or use or your information, or (3) endorse any third-party information, products, services, or websites that may be reached through embedded links on the Platforms.
Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties' technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
10. Cookie & Related Technologies
A "cookie" is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a "session" cookie) or a future browsing session (a "persistent" or "permanent" cookie). "Session" cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. "Persistent" or "permanent" cookies remain stored on your hard drive until they expire or are deleted by you. Local shared objects (or "flash" cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you're visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website.
We use cookies and similar technologies for purposes such as to improve website, mobile application, and portal functionality, to measure and track how users interact with those platforms, to market to users, to authenticate users, to store and maintain user preferences and settings, and to otherwise tailor communications with users.
11. Your Rights & Choices Regarding Personal Information
Please use the "Contact Us" details provided at the end of this Notice to exercise your rights and choices concerning the handling of your information. We honor such requests when we are required to do so under applicable law.
11a. Email Opt-Out We may send you emails about our services and other updates. If you no longer wish to receive communications from us via email, you may opt-out by clicking the "unsubscribe" link at the bottom of our emails, if applicable, or by submitting a request via the "Contact Us" details at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action. Please note that users on the App cannot opt out of receiving transaction emails related to their account.
11b. Accuracy and Updating Your Information Our goal is to keep your information accurate, current, and complete. If any of the information you have provided to us changes, please let us know via the "Contact Us" details at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate personal or business information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal or business information that you provide to us.
11c. Complaints If you believe your rights relating to your personal or business information have been violated, please contact us via the "Contact Us" details provided at the end of this Notice.
11d. The Children's Online Privacy Protection Act ("COPPA") COPPA as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our platforms and services are not directed to children aged 13 or younger, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, use, or provide any information to the Company or the Company's platforms. If you are under 13, please do not use or provide any information to the Company. If we learn that we have collected or received personal information from a child under the age of 13 without a parent's or legal guardian's consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 13, please contact us via the "Contact Us" details provided at the end of this Notice.
11e. Nevada Residents You may submit a verified request to us at [email protected] to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request. We will respond to your request in accordance with Nevada law.
12. Tracking Technologies and User Consent
We use cookies and similar tracking technologies to collect information about your online activities over time and across different websites and online services. We use CookieYes to manage user consent for these technologies.
When you visit our website, you will see a consent banner powered by CookieYes. This banner provides detailed information about the types of cookies we use and allows you to:
You can change your consent preferences at any time by clicking on the Cookie Settings link in the footer of our website.
13. Legal Compliance and Case References
We are committed to complying with all applicable privacy laws, including the California Invasion of Privacy Act (CIPA). Our practices are informed by recent legal precedents, such as Levings v. Choice Hotels Int'l (2024 WL 1481189), which emphasized the importance of explicit user consent and transparency in data collection.
We use CookieYes to ensure compliance with these laws by managing user consent for cookies and tracking technologies. We regularly review and update our privacy practices to ensure compliance with the latest legal requirements and to protect our users' privacy.
14. User Rights and Control
You have the right to:
To manage your cookie preferences, you can use the CookieYes consent banner on our website. You can also change your preferences at any time by clicking on the Cookie Settings link in the footer of our website.
To exercise other rights or for more information, please contact us at 3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305 [email protected]. We will respond to your request in accordance with applicable laws and within the timeframe specified by those laws.
15. Contact Us
You may direct questions or comments about this Notice, access or correct the personal information we hold about you, or make a complaint about how we have handled your personal information by contacting us using the information below, and we will do our best to assist you:
Bank Shot Support Team
3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305
678-842-4255
16. Specific State Rights
Depending on your state of residence in the United States of America, you may have other rights regarding the collection, use, storage, and deletion of your personal information.
16a. Vermont We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
16b. California The California law provides California residents with specific rights regarding their personal information. This section describes those rights and explains how to exercise those rights.
16.1 Right to Know and Data Portability You have the right to request that we disclose certain information to you about our collection and use of your personal information every year. (the "right to know"). Once we receive your request and confirm your identity, we will disclose to you:
16.2 Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We will delete or de identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
16.3 Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request to:
Bank Shot Support Team
3490 Piedmont Rd NE Suite 1350 Atlanta, GA 30305
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
16.4 Response Timing and Format
We will confirm receipt of your request within fourteen (14) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
17. Changes to this Policy
We may add to, change, update, or modify this Policy to reflect any changes to how we treat your information or in response to changes in law. Should this Policy change, we will provide the updated version to you. Any such changes, updates, or modifications will be effective immediately upon posting. The date on which this Policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Company's services or its platforms, and from time to time, so that you are aware of any changes. Your continued use of the Company's services and Platforms will constitute your acceptance of and agreement to such changes and to our collection and sharing of your information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, you should not use the Company's services or Platforms.