Effective Date: January 1, 2023
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party service providers, our business partners, and other organizations, as described below.
A. Personal Information You Provide to Us Directly
We collect the following personal information that you provide to us when engaging with our Services (e.g., when you register on our website, use our website, or apply for a financial product; from your transactions with us, including your financial product purchases, repayments, and disbursements; and your communications with us):
- email address
- home address
- telephone number
- date of birth
- Social Security number
- driver’s license or passport number
- commercial information regarding the solar or home improvement agreement in relation to your financial product
Other Identifying Information That May Be Collected to Provide Services
- digital signature
- bank account information for ACH payments
- income information
B. Personal Information Collected Automatically
Internet or Other Electronic Activity
- information about your visits to and use of this website to help us maintain the appropriate features, functionality and user experience
- IP address, browser type, referral source, length of visit and page views, through the use of log files
- cookies, pixel tags, local shared objects or other similar technologies
- voice recordings of telephone conversations with customer service agents
C. Personal Information Collected from Third Parties
- commercial information from our business partners regarding the solar or home improvement agreement in relation to your financial product
Other Identifying Information Collected to Provide Services
- credit report, credit score and credit related information from credit bureaus
- public records and other information from service providers for identity verification
We may process your personal information for the following business purposes:
- Transactional: We use your contact information and other identifying information, to provide you with the services and products you request, including:
- providing and managing Services you have requested making offers of credit on behalf of Mosaic and/or Mosaic’s successors, assignees, affiliates, partners, vendors, representatives, third party lending partners, financial partners, loan brokers, or loan servicing providers
- assessing your eligibility to invest on the Mosaic platform
- creating borrower profiles on our website
- tailoring our services
- otherwise enhancing features, functionality, and customer experience
- Security: We use your contact information and other identifying information, to provide you with the services and products you request, including:
- protecting against fraud and security threats, and otherwise managing risks
- verifying your identity and authenticating your identity
- Marketing: We use your contact information, other identifying information, and internet or other electronic activity for:
- communicating with you regarding services that may be of interest
- communicating with other financial companies for joint marketing purposes
- evaluating and improving our website and other offerings
- Legal: We use your contact information, other identifying information, demographic information, and inferences for:
- satisfying legal or regulatory requirements or law enforcement requests
- detecting and preventing fraud
We use aggregated information in the administration of our website to improve its usability and to evaluate the success of particular marketing and advertising campaigns, search engine optimization strategies and other marketing activities, as well as for security purposes. We use non-identifying and aggregated information to help optimize our website based on the needs of our users.
- Service Providers: From time to time, we may establish a business relationship with other businesses to provide services to our company (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using personal information other than as specified by us.
- Non-Affiliates: We may disclose your contact information with certain non-affiliated businesses. You have the opportunity to opt out of any disclosures of your personal information with any such non-affiliated businesses.
- Legal Process: We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of our company or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
- Secondary Market Transactions: We may share information with businesses in relation to financial transactions on the secondary market including but not limited to whole loan sales and securitizations.
Modifying or deleting information about you:
Customers can access information about themselves (such as name, email address, and mailing address) that we collect online and maintain by visiting their borrower portal. You can access and review the personal contact information you submit by accessing the borrower portal provided by your loan servicer who may be Mosaic and/or any of Mosaic’s successors, assignees, affiliates, partners, vendors, representatives, third party lending partners, financial partners, or loan servicing providers. To update your personal profile information on Mosaic’s platform, you can log in to your account using your email address and password specified at the time of registration. Click on the “Settings” section of “My Account” and make changes to your profile as necessary. Please note that if the servicing of your loan is transferred to an entity other than Mosaic, then you will have to update your personal profile with your new loan servicer, not Mosaic. You will be provided with notice of any loan servicing transfer in writing. If you believe that information reported by the credit bureau is inaccurate, please contact the credit bureau to make any changes.
All other requests to change or remove information we collect about you can be sent to us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. We may not be able to modify or delete information in all circumstances. Due to the regulated nature of our industry, we are under legal requirements to retain certain data and are generally not able to delete consumer transactional data upon request. Certain regulations issued by state and/or federal government agencies may require us to maintain and report demographic information on the collective activities of our customers. We may also be required to maintain information about you for at least seven years to be in compliance with applicable federal and state laws regarding recordkeeping, reporting and audits.
Opt-out of any sharing of your personal information:
Customers may opt-out of any sharing of their personal information, such as name, email address, and mailing address, that we may share with certain non-affiliates from time to time. Any requests to opt-out of any sharing can be sent to us by email at: email@example.com or by calling (855) 746-7849.
We may collect information automatically when you use our Services.
- Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising and other unique identifiers, browser or device information, and location information (including approximate location derived from IP address). We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
- Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties. See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
- Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services. Our analytics partners include:
“Do Not Track” Signals
Certain laws require that operators of websites disclose how they respond to a “Do Not Track” signal. However, because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals, if any, that we might receive from browsers. If you have any questions about cookies and other technologies, please visit http://www.allaboutcookies.org/ or http://networkadvertising.org/, or contact us as indicated in the How You Can Contact Us section below.
We are committed to maintaining the security and confidentiality of your personal information. We maintain physical, electronic and procedural safeguards that meet or exceed industry standards for financial institutions.
We protect your sensitive account information by storing it in encrypted form on computers not publicly accessible via the Internet. We control access to this information via secure web pages and limit access to employees and third parties on a need-to-know basis. We do not allow visibility to social security numbers or bank account information via the website.
We employ firewalls and other security technologies to protect our servers from external attack. We enable our servers with Secure Socket Layer (SSL) technology to establish a secure connection between your computer and our servers, creating a private “conversation” that cannot be viewed or accessed by other parties. We test our systems regularly to ensure that our security mechanisms are up to date.
We also employ session time-outs to protect your account. You will be logged out of the site automatically after a specified period of inactivity. This time-out feature reduces the risk of others being able to access your account if you leave your computer unattended.
NOTICE TO NEVADA RESIDENTS/YOUR NEVADA PRIVACY RIGHTS
NOTICE TO CALIFORNIA RESIDENTS / YOUR CALIFORNIA PRIVACY RIGHTS
Right to Opt Out from Sharing your Personal Information with Third Parties for their Direct Marketing
To opt out of sharing your Personal Information with third parties for their direct marketing purposes, please e-mail us at firstname.lastname@example.org and clearly state your request, including your name, mailing address, e-mail address and phone number.
CALIFORNIA CONSUMER PRIVACY ACT
If you are a California resident, you have certain privacy rights under the California Consumer Privacy Act (“CCPA Rights”). This section describes those rights and how you can exercise them with Mosaic. Certain information that Mosaic collects and uses is not subject to CCPA Rights. For example, information that you provide to us or that we otherwise collect when you obtain a financial product as well as information we obtain from or provide to credit reporting agencies is excluded from the CCPA Rights and this section does not apply to that information.
The CCPA provides California residents with the right to know what categories of personal information Mosaic has collected about them, and whether we have disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months.
|Category of Personal Information Collected by Mosaic||Category of Third Parties Personal Information is Disclosed to for a Business Purpose|
For example, your name email address, mailing address, etc.
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
For example, your passport number, digital signature, etc.
For example, this may include the purchase history and information from documents related to such purchases.
|Internet or other electronic network activity
For example, this may include your IP address
For example, voice recordings of telephone conversations with customer service agents
For example, profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|Sensitive personal information
For example, this includes social security, driver’s license, state identification card, or passport number, etc.
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “What Information We Collect” and “Why We Collect Information” above, respectively.
Data Subject Rights
A. Right to Access
You have the right to request, free of charge, that we disclose to you the following information:
- The categories of personal information and sensitive personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- The business or commercial purpose for collection or selling personal information;
- The categories of third parties with whom we share your personal information;
- The specific pieces of personal information we have collected about you; and
- The length of time we intend to retain each category of personal information, or the criteria used to determine such period.
B. Right to Delete
You have the right to request that we delete any personal information about you which we have collected from you. The CCPA provides certain exceptions to the right to have personal information deleted, which may prevent us from honoring such requests. We may not delete all of your personal information if an exception applies, such as one of the following:
- Transactional: to complete a transaction for which the personal information was collected, provide a good or service requested by you, or perform a contract we have with you;
- Security: to detect data security incidents;
- Error Correction: to debug or repair any errors;
- Legal: to protect against fraud or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; or
- Internal Use: to use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e., to improve our services).
C. Right to Correct
You have the right to request the correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information. This includes the changes made via the “My Account” feature where you can make changes to your profile as necessary.
D. Right to Limit Processing
You also have the right, at any time, to opt-out if we (i) sell personal information about you to third parties or (ii) share information with third parties for purposes of cross context behavioral advertising. We currently do not sell personal information; however, our use of tracking online advertising/tracking technologies may constitute sharing for purposes of targeted advertising. Please note that this sharing is limited to the “Internet or Other Electronic Activity” information described above.
In some instances, you also have the right to limit the use and disclosure of certain sensitive personal information. Examples of sensitive personal information include your: precise geolocation, genetic data, ethnic origin, and religious background. Our collection of sensitive personal information is limited to Social Security numbers, driver’s licenses, state identification cards, and passport numbers, and this information is only disclosed to service providers involved in providing the Services. The right to limit the processing of sensitive personal information only applies if the information is being used for certain purposes. We currently do not engage in such processing.
E. Right to Non-Discrimination
We shall not discriminate against you because you exercised any of your rights under the law.
Please note that these rights may not extend to financial information to the extent such information is subject to the federal Gramm-Leach-Bliley Act (GLBA).
Submitting a Request
To submit a request, please send an email to email@example.com with the details of your request. We will verify your identity through our email confirmation procedures. Alternatively, you may call (855) 746-7849 to submit a request.
We will verify your identity through our standard verbal authentication procedures, which includes verification of the following information: account holder’s or applicant’s first and last name, the last four digits of the account holder’s or applicant’s social security number, and the account holder’s or applicant’s date of birth.
In order to designate an authorized agent to act on your behalf, written or verbal authorization must be provided through our standard process for accepting third party representation. This process can be initiated by emailing us at firstname.lastname@example.org or by calling (855) 746-7849.
If you wish to make multiple requests under this section, we recommend sending the deletion request last, as we will not be able to fulfill your other requests once we have deleted your information.
Except as stated above, all changes will apply to the personal information that is already collected and to the personal information that is collected after the effective date of the revised Policy. If any proposed change is unacceptable to you, you have the right to terminate your relationship with us. You are advised to consult this Policy regularly for any changes.
If you use Mosaic’s blog or any other social media feature on Mosaic’s website, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of such forum, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in any such forum.
We do not knowingly solicit from, and the Services are not intended for, children under 13, and children under 13 should not provide personal information online. If a parent or guardian becomes aware that his or her child under the age of 13 has provided us with information without their consent, he or she should contact us. We will delete such information from our files.