Privacy Policy

Effective Date: March 10, 2023

Welcome to the family of websites and applications provided by Castle Branch, Inc. (“CastleBranch”). CastleBranch respects your privacy and is committed to protecting Personal Data (as defined below). This Privacy Policy (the “Privacy Policy“) will inform you as to how we look after your Personal Data and applies to all CastleBranch sites (e.g. www.castlebranch.com and https://mycb.castlebranch.com), mobile sites, CastleBranch Apps (as defined below) (“CastleBranch Sites“), regardless of where you visit from, all related functionality, features, widgets, plug–ins, content, uploads and downloads of information; and all products, services, platform, system, software, documentation, network, or other features, functionality, modules, or tools, including all content (collectively, the “Service“) offered or made available by CastleBranch on or through any of the foregoing.

This Privacy Policy contains certain rights, obligations, and agreements between CastleBranch and you, as well as consents, instructions, acknowledgments, and authorizations by you, regarding the access or use by you of the Service (as defined below), our use of mobile text messaging services, voice messaging and other mobile communication systems to contact you, and our collection, storage, processing, use, and disclosure of information and records about you, such as, but not limited to, Personal Data (as defined below) in order to facilitate use of the Service for such purposes as employment, licensure, education verification, consumer reports, investigative consumer reports, criminal background screen results, drug testing results, immunization record verification services, and other compliance management services offered by any of our CastleBranch Entities. By accessing or using the CastleBranch Sites or any CastleBranch Entities’ Service, you represent, warrant, certify, and agree that you are of legal age in your jurisdiction of residence to accept the conditions included in this Privacy Policy, or, if you are not, that you have obtained parental or guardian consent to visit the CastleBranch Sites (see our Children’s Policy below).

Certain terms are defined herein, but others have the meanings provided below:

  • CastleBranch,” means Castle Branch, Inc. and any subsidiaries (including any subsidiaries that CastleBranch may form or acquire in the future). We also refer to CastleBranch as “we,” “us” and “our.”  But when we say “CastleBranch Entities,” we mean CastleBranch and its affiliates; its and their suppliers, vendors, contractors, and licensors; and its and their directors, officers, employees, and agents.
  • CastleBranch Site” or “CastleBranch Sites,” we mean castlebranch.com, https://mycb.castlebranch.com, any CastleBranch mobile site, the CastleBranch Apps, and all related functionality, services, and Content offered by or for CastleBranch on or through any of the CastleBranch Sites and the CastleBranch Apps or the systems, servers, and networks used to make the CastleBranch Sites available.
  • CastleBranch Apps,” we mean any official apps we make available for iPhone and Android, which can be downloaded from the iTunes App Store or the Google Play Store.
  • we,” “us,” “our” and similar terms in this Privacy Policy refer to CastleBranch or, in certain instances, CastleBranch Entities.
  • The terms “you,” “You,” “your,” “Your,” and similar terms in this Privacy Policy refer to you, the user of the System.
  • When we say “you” or “your” we mean any visitor or user of any CastleBranch Site or Service.
  • When we say “user” we mean a natural person in an individual capacity (which likely includes you) who visits any of our CastleBranch Sites.
  • When we say “Customer” we are referring to a customer who has an agreement with one or more of the CastleBranch Entities and has requested use of our Service.
  • When we say “Business Information” we mean information submitted by a Customer to facilitate use of the Service.

CastleBranch is a private company, established in the U.S.A., and located at 1844 Sir Tyler Drive, Wilmington, North Carolina, United States with the contact email address privacy@castlebranch.com. CastleBranch provides its Services domestically and internationally and this Privacy Policy sets out the basis on which we will collect, retrieve, access, use, disclose, store or dispose any Personal Data or usage information we collect from you, or that you provide to us, in connection with your use of the CastleBranch Sites and Service regardless of how you access or use them; provided, CastleBranch complies in all material respects with applicable federal, state and local laws, regulations and orders and any amendments thereto, including, but not limited to, and to the extent applicable, the Fair Credit Reporting Act (the “FCRA“) (15 U.S.C. § 1681 et seq.), the California Consumer Credit Reporting Agencies Act (California Civil Code § 1785), the Investigative Consumer Reporting Agencies Act (California Civil Code § 1786), the Gramm–Leach-Bliley Act (15 U.S.C. § 6801 et seq.), the Driver Protection Policy Act (18 U.S.C. § 2721 et seq.), the Health Insurance Portability and Accountability Act (42 U.S.C. § 1320d), the fair information practice principles published by the United States Federal Trade Commission, and Regulation 2016/679 of the European Parliament and of the Council the European Union (“EU“), and the European Commission of April 27, 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (“GDPR“). Please read this Privacy Policy carefully so that you understand your rights in relation to your Personal Data, and how the CastleBranch Sites and Service operating with respect to your Personal Data. Please note that for the purposes of compliance with GDPR, we process Personal Data as a data processor for our Customers.

CastleBranch operates in business primarily based on information available in the United States. Even if a foreign element is involved, CastleBranch will attempt to obtain the information through domestic means and sources. In instances that necessitate an in–country verification or research, CastleBranch obtains the information directly from the source or, if applicable, through research by a member of our established network of vetted subcontractors. Documentation or information such as passport numbers and dates of birth are not sent to anyone overseas other than the actual verification provider (e.g., school registrar) whenever possible. CastleBranch takes reasonable measures to ensure that its handling of Personal Data on an international basis is safe and secure, which includes requiring its subcontractors who conduct international searches to contractually agree that they will perform CastleBranch’s assignments in accordance with applicable laws and regulations and maintain adequate safeguards with respect to the protection of data privacy and security and the corresponding rights of individuals.

Unless otherwise provided for herein, this Privacy Policy does not apply to data collection activities that occur outside of your use of our Service and does not govern the data practices of third–parties that may interact with our Service.

In addition, please review the Terms of Use, which governs your use of the Service. By using our Service, you acknowledge that you have read and understood our Privacy Policy and Terms of Use and accept our collection, use and disclosure of your information and data, and other activities, as described below. If you do not agree to the terms of this Privacy Policy, please do not visit any of our CastleBranch Sites and please do not use the Service.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE YOU ACCESS OR USE ANY PART OF THE CASTLEBRANCH SITES OR SERVICE. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY IN ITS ENTIRETY, INCLUDING ANY FUTURE MODIFICIATIONS, YOU SHALL (1) NOT ACCESS OR USE THE CASTLEBRANCH SITES OR SERVICE, (2) CEASE USING THE SERVICE IMMEDIATELY, AND (3) CLOSE OUT OF THE CASTLEBRANCH SITES. BY VIEWING AND/OR USING ANY PART OF THE CASTLEBRANCH SITES OR SERVICE, YOU ARE DEEMED TO HAVE ACCEPTED, AGREED TO, AND AGREED TO BE BOUND BY, THIS PRIVACY POLICY IN ITS ENTIRETY.

WARRANTY DISCLAIMERS AND LIABILITY LIMITATIONS: While there are important points throughout this Privacy Policy, please note there are specific warranty disclaimers and limitations on CastleBranch’s liability.

UPDATES: CastleBranch may, in its sole discretion, modify this Privacy Policy at any time without further notice, and such changes, modifications, additions, or deletions are, unless otherwise stated, effective immediately. The current version of our Privacy Policy will either be posted directly at https://www.castlebranch.com/privacy-policy or through a URL link if you are visiting any other CastleBranch Site controlled by CastleBranch. If this Privacy Policy is modified, the modified Privacy Policy will be posted in the same manner and we will make reasonable efforts to bring any modifications to your attention at the time of your access to a CastleBranch Site. By continuing to use or access any of the CastleBranch Sites after we post any changes, you accept the updated Privacy Policy. The “Last Updated” legend above indicates when this Privacy Policy was last changed.

I. INFORMATION WE COLLECT

  • Information Collected When You Visit or Use CastleBranch Sites: We collect a variety of information about you from numerous sources, including from you (generally referred to as “Usage Information“). Some of the information that we collect about you may not identify you (such as information collected through cookies as a result of your visit to our website). Other information that we may collect from you or about you, whether individually or in combination with other information, may contain Personal Data about you. For the purposes of this Privacy Policy, “Personal Data” is information about you, such as your first and last name, username and password, credit card and/or banking information, date of birth, social security or other government generated identification number, gender, home address, work address, education, work history, telephone numbers, fax numbers, email addresses, medical record numbers, health plan beneficiary number, education history, employment, certificate/license number, vehicle identification number, device identifiers or serial numbers, Internet Protocol (IP) address, finger or voice prints, photographic images, information bearing on your creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, Personal Data, any online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, or any other characteristic that would uniquely identify the individual. CastleBranch Entities generally do not request, and thus do not use or retain, “sensitive data” which we perceive as data regarding health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity.
  • Collection of Information Through Tracking Technologies: We use various methods and technologies to store or collect Usage Information (“Tracking Technologies“). A few of the Tracking Technologies used with the Service, include, without limitation, cookies, web beacons, embedded scripts, browser fingerprinting, entity tags, UTM codes (i.e. a code that you can attach to a custom URL in order to track a source, medium, and campaign name), and recognition technologies that make assumptions about users and devices. We use Tracking Technologies for a variety of purposes, including:
    • Strictly Necessary: We use Tracking Technologies that we consider are strictly necessary to allow you to use and access our Service, including cookies required to prevent fraudulent activity, improve security or allow you and a Customer to make use of Service functionality.
    • Performance Related: We use Tracking Technologies that are useful in order to assess the performance of the Service, including as part of our analytic practices or otherwise to improve the content, ads, products or services offered through the Service.
    • Functionality Related: We use Tracking Technologies that are required to offer you enhanced functionality when accessing the Service, including identifying you when you use our Service or keeping track of your specified preferences.
    • Targeting Related: We use Tracking Technologies to deliver content, which may include ads, including those promoted by our Customers, that we deem relevant to your interests on our Service and third–party services based on how you interact with our advertisements and/or content. This includes using Tracking Technologies to understand the usefulness to you of the content and ads that have been delivered to you.
    • Analytics: We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our Service. Like many services, Google Analytics uses first–party cookies to track user interactions, as in our case, where they are used to collect information about how users use our Service. This information is used to compile reports and to help us improve our Service. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Service—for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout. Further, third–parties may use Tracking Technologies in connection with our Service, which may include the collection of information about your online activities over time and across third-party websites or online services as well as across your Devices. We do not control those Tracking Technologies and we are not responsible for them. However, you accept that you will encounter third–party Tracking Technologies in connection with use of our Service and accept that our statements under this Privacy Policy do not apply to the Tracking Technologies or practices of such third–parties.
  • In connection with our use of Tracking Technologies, CastleBranch also uses cookies to collect and store Personal Data and non–Personal Data about you. “Cookies” are commonly used pieces of information in the form of small files that are placed on your computer hard drive to enable you to more easily communicate and interact with websites. A cookie file can contain information such as the URL, computer IP address, domain type, browser type, the country, state, and telephone area code where your server is located, the pages of the website viewed, and any search terms entered on the website. These cookies also allow CastleBranch to customize the website content to your preferences, profile, or demographic information. You may configure your browser to accept or reject all or some cookies or notify you when a cookie is set. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited or impossible. Please note that CastleBranch may allow third party advertisers to access cookies on your computer. Use of cookies by advertisers is subject to the privacy policies of those third–party advertisers, not this Privacy Policy. We may work with third parties to display advertising on our website or to manage our advertising services. Those third parties may use cookies to gather information about your activities on this website and other websites in order to provide you advertising based upon your browsing activities.
  • Information Collected From You When You Do More than Visit: If you create an account with CastleBranch, place an order for services, or otherwise use certain features or functions on our website or system, we may collect information from you to help us identify you and to ensure that we have the information needed to provide the services, products, or access to the website features which you may have purchased or ordered, and to otherwise perform our business operations. The information collected from you may include Personal Data. CastleBranch also may collect, record, or transcribe written transcripts, descriptions, summaries, or video or audio recordings of you when you contact CastleBranch, which may include Personal Data about you (an example is a recording of a telephone conversation between a CastleBranch customer service representative and you). You also may provide to us through the website certain documents, records, or other data, such as photographs, immunization records, CPR, OSHA, HIPAA, and other training certifications, and other information which we will store and use as provided for in this Privacy Policy and in our Terms of Use.
  • Information Collected From Other Sources: We may collect information about you, including Personal Data, from our Customers who place orders with us for a consumer report, investigative consumer report, or other product or service about you. The information collected from our Customers may include, but is not limited to, your name, date of birth, social security number, email address(es), home address, mailing address, phone number(s), student identification number, education history, licensure, and employment history. We also may collect information about you, including Personal Data, from other sources, such as, but not limited to, third-party databases; the department of motor vehicles; county, state, and federal courts; state repositories; federal repositories; state and regional prisons; local police stations; federal bankruptcy courts; federal civil courts; state medical boards; drug testing facilities or specimen collection sites; professional licensing organizations; and other private, local, state, and federal organizations and agencies.
  • Information Collected and Stored When We Send You a Text Message: After you sign up for our Service (subject to your consent where required by applicable law), we and/or our Customers may send you text messages that provide marketing, promotional, and/or other information. We and our third–party service providers use a variety of technologies that automatically (or passively) store or collect certain information whenever you, we, and/or our Customers send you a text message. This information will be stored or accessed using a variety of technologies that will be downloaded to your mobile device whenever you receive a text message.
  • Information Third–Parties Provide About You: We will, from time to time, supplement the information we collect directly from you on our Service with information from third–parties for various purposes, including to enhance our ability to serve you, to tailor our content to you and to offer you opportunities that may be of interest to you. To the extent we receive Personal Data from those sources we will apply this Privacy Policy.
  • Interactions with Third–Party Services: The Service includes functionality that allows certain kinds of interactions, direct and indirect, between the Service and a third–party web site or application, including those hosted or controlled by a Customer. The use of this functionality involves the third–party operator providing certain information, including Personal Data, to us. For example, we may provide you third–party sites’ interfaces or links on the Service to facilitate your sending a communication from the Service to, for example, a Customer, or we use third–parties to facilitate emails, tweets or Facebook postings. These third–parties retain any information used or provided in any such communications or other activities and these third–parties’ practices are not subject to our Privacy Policy. We do not control or have access to your communications through these third parties. Further, when you use third–party sites or services, you are using their services and not our services and they, not we, are responsible for their practices. You should review the applicable third–party privacy policies before using such third–party tools on our Service.
  • Information Collected from Other Social Media Sites: CastleBranch also conducts and/or collects social media data about individual users, including you, for itself, its Customers, or other third parties that either you make available or is made available to CastleBranch and others directly by social media sites such as Twitter, Facebook, LinkedIn, Instagram, Pinterest, YouTube, Google+ and others through APIs or social media monitoring technology (“Third Party Sites“). This data includes names, user IDs, social media handles, gender, and other information that individuals choose to make publicly available on social media sites. In connection with the Service, CastleBranch may also monitor the public activities of individuals on social media sites, including posts, blogs, tweets, and profile information, including such social media messages directed at you and other users. This Privacy Notice does not govern the collection of content by Third-Party Sites that is not published or generated through the Service, except to the extent that we act as a processor with respect to such content. Our customers are required to abide by the applicable policies and requirements of such Third-Party Sites used in connection with the Services and when using information from Third-Party Sites.

II. HOW WE USE YOUR INFORMATION

  • Generally: In order to perform services on your behalf, primarily to our Customers, we will process your Personal Data, Business Information or Usage Information:
    • to process and track the actions you take into using the Service;
    • to verify your identity;
    • to provide the Service;
    • to provide customer support, including to resolve disputes, and troubleshoot problems;
    • to contact you with regard to your use of the Service and, in our discretion, changes to the Service and/or Service’s policies; and
    • to enable you to participate in a variety of the Service’s features.
  • Legitimate Interests: As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Service and provide you with a user–friendly service, we will use your Personal Data, Business Information, and/or Usage Information:
    • to provide you with information such as to send you electronic correspondence or to provide you with promotional and marketing materials on behalf of us or third–parties, including to let you know about new products or services;
    • to manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
    • to manage and protect our information technology infrastructure;
    • to improve the Service, marketing endeavors, or our Service offerings;
    • to customize your experience on the Service or to serve you specific content or ads that we deem are relevant to you;
    • to identify your Service preferences so that you can be informed of new or additional opportunities, products, services, and promotions;
    • to improve the overall experience of the Service;
    • to comply with our legal and regulatory obligations;
    • for internal business purposes; and
    • for purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy.
  • Telephonic Communications: If you are an individual user, you acknowledge that by providing your telephone number(s) to CastleBranch, you are providing CastleBranch with your express written consent to receive informational phone calls from us and/or Customers. You acknowledge that you may incur a charge for these calls by your telephone carrier and that CastleBranch is not responsible for these charges. Your consent to receive automated calls and texts is completely voluntary, however, opting out of receiving such communications will limit your use of the Service. You may opt-out of receiving text messages and/or phone calls at any time:
    • To opt-out of automated phone calls and text messages, please contact us at opt-out@castlebranch.com. Please allow up to thirty (30) days to process any opt-out request.
    • If you opt-out of receiving text messages and/or phone calls, we reserve the right to still contact you if it relates to verifying your account, any transaction made using our Service, or if required by law.
    • It is your sole responsibility to notify us if you no longer want to receive automated calls or text messages. You waive any rights to bring claims for unauthorized or undesired calls or text messages by failing to opt-out immediately or by failing to follow these instructions. Please allow up to thirty (30) days (or ten (10) business days where required by law) to process any opt-out request. Please note that if you opt out of automated calls or text messages, we reserve the right to make non-automated calls to you.

III. HOW WE SHARE YOUR INFORMATION

  • With Customers: We share your Personal Data and Usage Information with Customers whom you authorize.
  • With Third–Parties: We do not sell your Personal Data to third parties without your consent. We share non–Personal Data, such as aggregated user statistics, with third parties. Further, we share your Device Identifiers with third parties along with data related to you and your activities. For non–EU users, we share your Personal Data, Business Information, Usage Information, and/or Device Identifiers with third parties for other commercial purposes. If you are a California resident, you may have the right to request additional information about this sharing. In addition, we share the information we have collected about you, including Personal Data, as disclosed at the time you provide your information and as described below or otherwise in this Privacy Policy. CastleBranch will additionally disclose your information with third–parties as follows:
    • When You Request Information from or Provide Information to Third–Parties: You will be presented with an option on our Service to receive certain information and/or marketing offers directly from third–parties or to have us send certain information to third–parties or to have us give third–parties access to your information. In many instances these third parties are our Customers who you are working with to, for example, obtain a job. If you choose to do so, such Personal Data will be disclosed to such third parties and all information you disclose will be subject to the third–party privacy policies and practices of such third–parties. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review such third–party privacy policies and practices of such third–parties prior to requesting information from or otherwise interacting with them.
    • Third–Parties Providing Services on our Behalf: We may share your data with third-party vendors, service providers, contractors, or agents use third-parties to perform certain services on behalf of us or the Service, which include, but are not limited to, data furnishers, government data repositories, and other data sources. We provide these vendors with access to user information, including Device Identifiers and Personal Data, to carry out the services they are performing for you or for us. Third–party analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, including Personal Data about you. We are not responsible for those third–party technologies or activities arising out of them. As it pertains to any third parties in which we use to contact you, such as email, data management, or survey platforms, you may opt out of future contacts from the specific platform. Opting out of third-party platforms used by CastleBranch, may not necessarily remove you or information you have volunteered completely. If you wish, you may ensure that all information is removed from our database and we release control of it by emailing or at privacy@castlebranch.com or calling the number provided on our website, asking specifically to be removed completely and release all information being stored and/or controlled by CastleBranch. CastleBranch shall keep your information for as long as it is necessary for the purposes set out in the Privacy Policy unless a longer retention period is required or permitted by law.

IV. OTHER REASONS WE SHARE YOUR INFORMATION

  • To Protect the Rights of CastleBranch and Others: We will access, use, preserve, transfer and disclose your information (including Device Identifiers and Personal Data) to third–parties: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law; (ii) to protect and/or defend the Service’s Terms of Service or other policies applicable to the Service, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Service or any third–party; and/or (iv) to detect, prevent or otherwise address fraud, security or technical issues. Further, we will use IP address or other Device Identifiers to identify users and will do so in cooperation with third parties such as copyright owners, internet service providers, wireless service providers and/or law enforcement agencies, including disclosing such information to third parties, all in our discretion, subject to applicable law. Where necessary in accordance with applicable law, such disclosures will be carried out without notice to you.
  • Affiliates and Business Transfer: We share your information, including your Device Identifiers and Personal Data, Business Information and Usage Information within and across all CastleBranch Entities as we deem appropriate. We will also disclose your information to third parties: (i) in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or (ii) if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
  • California Residents:
    • Your California Privacy Rights: We may elect to share information about you with third parties for those third parties’ direct marketing purposes. California Civil Code § 1798.83 permits California residents who have supplied Personal Data (as defined in the law) to us to, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of Personal Data to third parties for their direct marketing purposes. If this law applies to you, you may obtain the categories of Personal Data shared by us and the names and addresses of all third parties that received Personal Data for their direct marketing purposes from us during the immediately prior calendar year (e.g., requests made in 2023 will receive information about 2022 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. To make such a request (limit one request per year), please send an email to: privacy@castlebranch.com, with “California Privacy Rights” as the subject line or mail us a letter to: CastleBranch, Inc., Attention: Compliance, 1844 Sir Tyler Drive, Wilmington, NC 28405. You must include your full name, email address, and postal address in your request.
    • California Do Not Track Disclosure: Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third–party websites or online services (e.g., browser do not track signals). Currently, we do not monitor or take any action with respect to these signals or other mechanisms.

V. DE-PERSONALIZED OR ANONYMIZED DATA – POTENTIONAL FOR MARKETING

  • CastleBranch may, in accordance with applicable law (e.g. GDPR, California Consumer Privacy Act (“CCPA”), and other similar data privacy laws), sell to third parties aggregate, de-personalized, or anonymized data that may be comprised in part by your Usage Information or other information we gather from your use of the Services.

VI. HOW WE TREAT PUBLICLY AVAILABLE INFORMATION

  • Public Information: Use of our CastleBranch Sites and the Service may permit you to submit some or all of the following: ideas, photographs, video, audio recordings, computer graphics, pictures, data, information about your location, questions, comments, suggestions or other content, including Personal Data and/or Business Information (collectively, “User Content“). We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User Content and may have the ability to share it with third–parties. Please think carefully before deciding what information you share, including Personal Data, in connection with your User Content. We are not responsible for the privacy or security of any information, including Personal Data, that you make publicly available or what others do with information you share with them on the Service. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third–parties through the Service.
  • Name and Likeness: We may also publish your name, voice, likeness and other Personal Data and/or Business Information that is part of your User Content, and we may use such User Content, or any portion thereof, for advertising, marketing, publicity and promotional activities, as well as for any other commercial purpose.

VII. THIRD–PARTY CONTENT, SITES, AND/OR APPS YOU ACCESS THROUGH US

  • When you are on the Service you may be directed to other sites and apps that are operated and controlled by third–parties, including those that we do not control such as our Customers or merchants who directly sell products and services to you (“Third–Party Owners“). If you go to these other sites and apps, such sites and apps will have their own privacy policies. We are not responsible for these third–party privacy policies or the practices of Third–Party Owners. Be sure to review any available policies before submitting any Personal Data to a third–party application or otherwise interacting with it and exercise caution in connection with these applications and Third–Party Owners.

VIII. YOUR DATA RIGHTS AND RESPONSIBILITIES

  • You are responsible for maintaining the accuracy of the information you submit to us. As discussed below in detail, the Service allows you, in certain instances, to access, review, move, correct, restrict, update, or delete Personal Data you have provided; however, when you use any of the CastleBranch Sites, outside of the Service, you may not be able to update your Personal Data.
  • We will upon request, and where required by applicable law (e.g. GDPR, CCPA, or similar data privacy laws) update your Personal Data if you contact us by email at: privacy@castlebranch.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but retain the prior information as a legitimate interest). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons. These provisions are limited to where the application is required by applicable law (e.g. you are an individual who hold legal or resident status in the EEA, or you are covered under GDPR, CCPA, or similar data privacy laws.).
  • Depending on your state or country of resident, you may have additional data privacy rights, including, rights related to:
    • Access and Portability: You may have the right to ask us to access the information we hold about you, including Personal Data, and be provided with certain information about how we use your such information and with whom we share it. Where you have provided your Personal Data to us with your consent, you may have the right to ask us for a copy of this data in a structured, machine readable format and to ask us to share (port) this data to another data controller.
    • Right to deletion: In certain circumstances, you may have the right to ask us to delete the Personal Data we hold about you:
      • (1) where you believe that it is no longer necessary for us to hold your data including Personal Data; (2) where we are processing your Personal Data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; (3) where you have provided your Personal Data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your Personal Data; or (4) where you believe the Personal Data we hold about you is being unlawfully processed by us.
    • Restriction: In certain circumstances, you may have the right to ask us to restrict (stop any active) processing of your Personal Data:
      • (1) where you believe that it is no longer necessary for us to hold your data including Personal Data; (2) where where you believe the Personal Data we hold about you is inaccurate and while we verify accuracy; (2) where we want to erase your Personal Data as the processing is unlawful, but you want us to continue to store it; (3) where we no longer need your Personal Data for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or (4) where you have objected to us processing your Personal Data based on our legitimate interests and we are considering your objection.
      • In addition, you can object to our processing of your Personal Data based on our legitimate interests and we will no longer process your Personal Data unless we can demonstrate an overriding legitimate ground. To exercise any of these rights above, please contact us at privacy@castlebranch.com. Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals where there are overriding public interest reasons or where we are required by law to retain your Personal Data. You can withdraw your consent at any time by contacting us at privacy@castlebranch.com.
    • Correction and/or Complaints: In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at privacy@castlebranch.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with a relevant supervisory authority. Please check the laws for your jurisdiction for more detail regarding your individual data privacy rights.
  • We will retain your information as follows for as long as we are required in order to provide the Service to you, as required to fulfill our legal obligations (e.g. under applicable law), commitments we made to and on behalf of our Customers in order to provide the Service to you, and defend legal claims. After you have ceased use of the CastleBranch Sites, any relationship with any CastleBranch Entities, or have terminated use of the Service, we may, and you consent, store your information in any manner permitted under applicable law.
  • Full File Disclosure: Under the FCRA, you are entitled to request and receive any piece of information we have about you. To request your file, please contact us at privacy@castlebranch.com.

IX. COPPA

  • Castle Branch does not permit anyone under age 13 from using our products and services and does not knowingly collect any information from anyone under age 13. If we come to find out that we have received information from a person under age 13, we will purge the information from our files.
  • Protecting the privacy of children is especially important to us. Castle Branch complies with all applicable state and federal laws regulating student and health privacy. The federal Children’s Online Privacy Protection Act (COPPA) is designed to prevent the collection and use of information from children under age 13. However, certain products and services we offer are intended to support a child’s participation in both school and non-school related activities. In such instances, verifiable consent from a child’s parent or guardian is required before collecting, using, or disclosing personal information from a child under age 13.
  • In order to use our products and services, you must attest that all of the following must be true: (i) you are at least 18 years old and have not been removed from using the service under our Terms of Conditions and Use; (ii) you are the parent, guardian or other lawful representative of the child whose information is being provided in connection with our products and services; (iii) you have agreed to be bound by our Terms and Conditions of Use; and (iv) your use complies with all state and federal laws and regulations.

X. SECURITY

  • CastleBranch takes seriously the security of the CastleBranch Sites and your Personal Data, and we utilize a combination of online and offline security technologies, procedures and organizational measures to help safeguard consumer information against loss, misuse, and unauthorized access, disclosure, alteration and destruction of your information. CastleBranch has implemented industry standard technology designed to keep your Personal Data safe from unauthorized access or disclosure. Any CastleBranch Site that accepts credit cards is compliant with the Payment Card Industry Data Security Standard (PCI DSS). CastleBranch has installed layered firewalls and other security technologies to help prevent unauthorized access to the System. Strong password protection protocols are used on all computers and employees are kept up–to–date on CastleBranch’s security and privacy policies. The servers used to store your information are maintained in a secure environment with appropriate security measures. Such protective measures are designed to limit access to your Personal Data. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. CastleBranch cannot guarantee that your Personal Data will be secure under all circumstances and as such offers no guarantees, warranties, or representations regarding the security from unauthorized disclosure of Personal Data.

Contact Information: If you need additional information, have any questions, or otherwise need any assistance regarding this Privacy Policy or our privacy practices, or to report a suspected compromise of your Personal Data or are an individual who holds legal or resident status in the EEA and wishes to contact our Data Protection Officer, please contact:

Castle Branch, Inc.
Attn: Compliance
1844 Sir Tyler Drive
Wilmington, NC 28405
privacy@castlebranch.com
888.723.4263

XI. PROTECTION FOR SURVIVORS OF HUMAN TRAFFICKING

  • The federal Consumer Financial Protection Bureau recently implemented new section 605C of the Fair Credit Reporting Act (FCRA). The new section 605C provides that a consumer reporting agency may not furnish a consumer report containing any adverse item of information concerning a consumer that resulted from a severe form of trafficking in persons or sex trafficking if the consumer has provided trafficking documentation to the consumer reporting agency.
  • If you are a survivor of human trafficking and would like to dispute an adverse item on your consumer report that resulted from trafficking, please email us at traffickingdisputes@castlebranch.com, or call toll-free at 1-866-217-7215.

XII. SEVERABILITY

  • To the extent any provision of this Privacy Policy is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable. We are, however, not responsible for third–party policies or practices.

XIII. CHOICE OF LAW:

  • You agree that, notwithstanding the principles of conflicts of law, the internal laws of the State of North Carolina shall govern and control the validity, interpretation, performance, and enforcement of this Privacy Policy, CastleBranch’s Terms of Use, any other agreement between CastleBranch and You, and any dispute or claim between You and CastleBranch. Further, You agree that any claim or action relating in any way to this Privacy Policy, CastleBranch’s Terms of Use, the System (including, without limitation, the Website(s), or the products, services, features, functions, or tools offered, provided, or sold on or through the System), or Your Personal Information, Data, Content, or Recordings shall be instituted and prosecuted exclusively in the courts of the County of New Hanover, State of North Carolina or the federal Eastern District of North Carolina, and You consent to the jurisdiction of said courts and waive any right or defense relating to such jurisdiction or venue.

XIV. CLASS ACTION AND JURY TRIAL WAIVER:

  • CLASS ACTION AND JURY TRIAL WAIVER. YOU AND CASTLEBRANCH AGREE THAT ANY AND ALL CLAIMS MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION OR OTHER REPRESENTATIVE PROCEEDING. YOU AGREE THAT, BY ENTERING INTO THESE TERMS, YOU AND CASTLEBRANCH ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION OR OTHER REPRESENTATIVE PROCEEDING.

XV. CONTACT US

  • If you have any questions about the Privacy Policy or practices described in it, you should contact us in the following ways: Email: privacy@castlebranch.com.