GrabrFi Privacy Policy


Last updated: January 19, 2022

Introduction

Welcome to GrabrFi. Grabr, Inc. (collectively, “Grabr,” “we, “our” or “us”) provides a platform to access banking services offered by its partners. GrabrFi allows users to open a transaction account and access other financial services.

We are committed to respecting the privacy and maintaining the security of your personal information. This privacy policy applies to all websites and mobile applications linking to or posting this privacy policy and that are operated by us (collectively, the “Sites,” and each a “Site”)

In this privacy policy, we describe Grabr’s practices for collecting, storing, using, and disclosing personal (and other) information that we may obtain about you through any of the Sites. By accessing or using our Sites, or otherwise manifesting your assent to this privacy policy, you signify that you have read, understood, and agree to this policy and consent to the collection, storage, use and disclosure practices described in this privacy policy.

Information We Collect Through the Sites

Personal Information You Provide

Your privacy is important to us, and we take care to only collect the information we need, and only if we need it. The types of personal information we collect from you will depend on how you are interacting with us using our website and services. For example, we may collect different information from you when you sign up for newsletters and updates, or if you apply for and use our services. Depending on how you interact with our websites, we may collect the following personal information from you:

  • To respond to your questions, requests, or communications, including any feedback or requests relating to our website and services, we may collect your name, email address, and any other information you choose to provide to us;

  • When you create an account, we will collect your name, email address, and phone number from you;

  • To provide you with services, we may collect your name, email address, mailing address, phone number, driver's license or government ID number, address, Social Security number, and bank account number and routing number from you.

  • For recordkeeping and audit purposes, we will collect the details of your transactions, including the information you provide about any recipients, including your transaction history and information and bank account information.

Special Categories of Data. Generally, we do not collect or process categories of Personal Data that require a heightened level of protection under data protection legislation in some jurisdictions because it reveals or concerns sensitive information, such as health matters, race, or ethnic origin (“Special Categories of Data”). However, there could be a situation (such as for employment purposes) where we may process such data. In this case, we will be sure to comply with applicable data protection legislation, including relying on the necessary legal grounds to process the data (e.g., processing health data for an insurance contract). We shall use reasonable security practices and procedures to safeguard your Special Categories of Data.

Information Collected From Your Devices

In order to use our services, we will collect the following information automatically from your devices:

  • When you use the website, we automatically track and collect general log information when you visit our website, including your: (a) Internet Protocol (IP) address; (b) domain server; (c) operating system; (d) type of web browser; and (e) the pages you visit on our website (collectively "Traffic Data"). We use the Traffic Data to report aggregated website activity and to better understand the needs of our users so we can make informed decisions regarding the content and design of our website. We may collect Traffic Data through various technologies including, but not limited to, cookies, IP addresses, and pixel tags. While it is not our practice to link IP addresses to your Personal Information, we reserve the right to use IP addresses to identify a user when we feel it is necessary to protect the compelling interest of our website, customers or others, or to comply with laws, court orders, or law enforcement requests.

  • For data analytics, including to audit, research, and conduct analysis in order to maintain and improve our services and to protect people who use our services, we may use cookies and similar technologies to collect log information (including IP address, browser type, domain names, access times, referring website addresses, app usage, events that occur within the app, performance data, and download sources) and device information (including computer or mobile device used to access the website, hardware model, operating system, and device identifiers).

We do not knowingly collect any personal information from individuals under 18 years of age, and therefore do not use or disclose it to third parties.

Personal Information Provided by Others

To provide the services, we will collect the following information from third parties:

  • To help protect against theft and fraud, we will collect the results of OFAC and AML searches from our vendors who perform the searches for us; and

  • We may collect cookies and browsing data from our service providers, depending on how you interact with our website. This includes online activity information and browsing and usage information. We may also track the Internet domains from which people contact us, and from time-to-time we may gather information concerning the “referring“ domain that a person visited prior to our site, and the “destination“ domain a person visits after leaving our site. Information automatically collected is used to identify and analyze the trends and statistics of visits to our website and to make our website more responsive to the needs and interests of our customers. We may also use the information to support Site features by not asking you to re-enter information we already possess. We also use this information to personalize your experience when you use the Site and to improve marketing efforts, including through use of targeted advertising. As the Internet evolves, we may use different types of technologies for this purpose. Unless prohibited by law, creating a user identity during a visit to the Site constitutes your consent to processing your Personal Data, and we may link the information your browser provides to information that identifies you personally, as described in this Privacy Statement.

How We Use Information Collected Through Our Sites

We may use information about you collected through our Sites for a variety of commercial purposes. Without limitation, we may use such information to:

  • To enforce our agreements, including agreements with you when you use our website and services;

  • To operate, evaluate, and improve our business, including improving and personalizing the experience for you and others, completing and maintaining records of transactions with individual customers following use of services, promoting our products and services, promoting third-party products and services to you that we think you may find of interest;

  • For safety and security, by making sure third parties protect your information, monitoring the technical functioning and security of our network;

  • For legal and compliance, including complying with applicable laws, regulations, and legal obligations; and

  • To protect the rights or property of the Company, its employees, and people who use its services.

When Information We Collect Through Our Sites May Be Disclosed to Third Parties

We disclose to third parties the personal (or other) information collected about you through any of our Sites either (i) when we have your permission to do so or (ii) in any of the following situations (without your permission):

  • We may share the information collected about you within the Grabr family of companies, which means we may disclose the information collected about you to our affiliates (subject to the terms of this privacy policy).

  • We may disclose the information collected about you to our third-party contractors and partners in connection with the performance of their services or other activities in support of the Sites and/or our businesses, or their completion or confirmation on our behalf of a transaction or series of transactions that you conduct with us.

  • As noted above, information about you collected by third-party ads, content or technologies integrated with any of our Sites may be disclosed to such third parties.

  • We may disclose the results of aggregated data about you and other users of our Sites without restriction. Aggregated and de-identified information is not personal information because it cannot be attributed to any specific individual .

  • We may disclose to one or more third parties the information collected about you as part of a merger, acquisition or other sale or transfer of any of the assets or business of Grabr and/or of any of our affiliates. Please note that the entity receiving such information in connection with one of these transactions may not comply with all of the terms of this privacy policy.

  • We may disclose information about you to the government or to other third parties without your consent and without notice to you as required to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders, subpoenas, or other legal process, such as in connection with suspected illegal activity associated with any of the Sites or our business. We reserve the right to release information collected through any of the Sites to law enforcement or other government officials, as we, in our sole discretion, deem necessary or appropriate.

  • We may also disclose information about you to third parties if needed to enforce any of the terms of use for one of our Sites or other agreements, or any investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; to protect against harm to any of the Sites; or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection).

Security Measures for Information Collected Through Our Sites

To help protect the privacy of information collected through our Sites, we have implemented reasonable physical, technical, and organizational safeguards to help protect your personal information from unauthorized access, acquisition, or disclosure, alteration, or destruction. In addition, we take commercially reasonable steps to store such information with the objective of protecting such data against unauthorized access. Notwithstanding the foregoing, please be aware that our Sites are operated on software, hardware, and networks, any component of which may, from time to time, experience breaches of security or other problems beyond our control and that may compromise the security of information collected about you.

Please also be aware that despite our best intentions and the guidelines outlined in this privacy policy, no data transmission over the Internet or via a Wi-Fi network, or any encryption method, can be guaranteed to be completely secure. You understand that it may be possible for third parties not under Grabr’s control to intercept or access your personal information transmitted through one of our Sites or via email. Accordingly, although we undertake commercially reasonable steps to protect the security and integrity of all information you provide through our Sites, due to the inherent nature of the Internet, we cannot guarantee that any such information will be absolutely safe from intrusion by others who do not have your authorization. Any such transmission of information about you to Grabr is at your own risk.

How to Correct or Update Information About You Collected Through Our Sites

You may correct or update information collected about you through any of our Sites by contacting us at the email or mailing address noted at the end of this privacy policy below, or (if available on a particular Site) by editing your information and preferences on the “Profile info” page. You may also unsubscribe to any email subscriptions by following the applicable “unsubscribe” link. We will use commercially reasonable efforts to update our files to reflect your request as promptly as possible.

We may retain original and updated information for reasons such as technical constraints, dispute resolution, compliance with laws, fraud prevention, troubleshooting and enforcement of our terms of use and other agreements. In addition, please note that we cannot update any information about you collected through any of the Sites that has already been disclosed (as permitted under this privacy policy) to a third party.

How We Respond to Do Not Track Signals

At this time, our Sites do not support “Do Not Track” preferences that may be available in your browser for letting websites know that you do not want them collecting certain kinds of information. Specifically, if you turn on the Do Not Track setting on your browser, our Sites are not currently capable of following whatever Do Not Track preferences you set. For more information about Do Not Track, visit donottrack.us.

Choice

By providing personal and business information, accepting any cookies provided by Grabr, and/or purchasing a product from the Site, you consent to our collection and use of information in accordance with this privacy policy. If you do not agree to the provisions of this privacy policy, you can refuse to register, refuse to accept cookies, refuse to purchase, or refuse to volunteer optional information.

Children

Our Sites are not designed to appeal to persons under 13 years old (“children”). We do not knowingly collect or maintain personal information from children through our Sites, except for persistent identifiers that may be collected through children’s sections of our Sites which (as permitted by applicable law) we will use solely to support the internal operations of the Sites. If we learn that any unauthorized personal information of a child has been collected, we will take appropriate steps to delete such information. If you are a parent or guardian and discover that your child has provided any such personal information to us, then you may contact us at the email or mailing address noted at the end of this privacy policy below and request that we delete that information from our systems.

Minimum Age to Open an Account

You must be at least 18 years of age to open an account with GrabrFi.

Privacy Policies of any Linked Websites or Other Parties

This privacy policy only addresses Grabr’s practices for the personal (and other) information that we may obtain about you through any of the Sites. Please be aware that when you use or access any of the Sites, you may be directed to other websites that are beyond our control, and Grabr is not responsible for the privacy practices of third parties or the content of linked websites. We would expect most, if not all, of these third parties will collect information about you when you use their offerings. However, Grabr is not responsible for the privacy practices of third parties, regardless whether they are linked or otherwise connected to our Sites. We encourage you to read the posted privacy policy and terms of use whenever interacting with any third-party website, app, or other offering.

Governing Law

By choosing to visit any of our Sites, you agree that any dispute over privacy or the terms contained in this privacy policy will be governed by the law of the State of California, without reference to the choice of law or conflicts of law principles thereof, and will be subject to the dispute resolution clause contained in the terms of use applicable to the particular Site. You also agree to abide by any limitation on damages contained in the terms of use applicable to the Site or any other agreement that we have with you.

Changes to this Privacy Policy

We reserve the right to make changes to this privacy policy at any time, with any such changes to be effective prospectively. The use of your information is subject to the privacy policy and terms of use in effect at the time of collection. Please visit this page periodically so that you will be apprised of any such changes. Your continued use of our Sites after any modification to this privacy policy will constitute your acceptance of such modification.

Contact Us

If you have any questions or comments regarding this privacy policy or any of our Sites, you can contact us by:

  • Emailing us at support@grabrfi.com

  • Writing to us at 201 Spear Street, Suite 1100, San Francisco, CA 94105, Attn: Privacy Policy.

If you are a resident of California, Brazil, or Argentina, you may submit a request for information or a request to delete by emailing support@grabrfi.com.

California Residents

The California Consumer Privacy Act (CCPA), California’s “Shine the Light” law, and the California Online Privacy Protection Act provide consumers who are California residents with specific rights regarding their Personal Information. If you are a California resident, this section provides you with additional information, describes your rights and explains how to exercise those rights.

Categories of Information Collected

In the 12 months preceding the Last Updated date of this policy, we have collected or received the following categories of Personal Information about California residents.

In the 12 months preceding the Last Updated date of this policy, we have disclosed the following categories of Personal Information for a business purpose as described above:

Category A: Identifiers.

Category B: Categories of personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e).

Category C: Characteristics of protected classifications.

Category D: Commercial information.

Category E: Internet or other similar network activity

Category F: Geolocation data

Category G: Professional or employment-related information.

Category H: Education information.

Category I: Inferences drawn from other personal information.

Right to Information

Subject to certain limits, you may ask us to provide the following information for the 12-month period preceding your request:

  1. The categories of Personal Information we collected about you;

  2. The categories of sources from which the Personal Information was collected;

  3. The business or commercial purpose for collecting the Personal Information;

  4. The categories of third parties with whom we shared the Personal Information;

  5. If we disclosed Personal Information for a business purpose, a list of the disclosures including the Personal Information categories that each category of recipient received; and

  6. The specific pieces of Personal Information we collected about you.

We do not provide these information rights for Personal Information that we obtain through a business-to-business (B2B) relationship.

Right to Delete

You also have the right to ask us to delete any Personal Information that we have collected about you, subject to certain limitations as set forth under CCPA. We may deny your deletion request if the information is necessary for us or our service providers to, among other things, provide a good or service you requested, take actions reasonably anticipated in the context of our business relationship with you, perform a contract we have with you, detect and protect against security incidents or illegal activity, comply with a legal obligation, or exercise a right provided for by law.

Right to Nondiscrimination

We will not discriminate against you if you exercise your privacy rights under California law, including by:

  • Denying you goods or services.

  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

  • Providing you a different level or quality of goods or services.

  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, the CCPA permits us to offer you certain financial incentives that can result in different prices, rates, or quality levels, which are related to your Personal Information’s value. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Submission of Requests for Information or to Delete

You may submit a request for information or a request to delete by emailing support@grabrfi.com.

What We May Need from You. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Verifying Your Identity: To protect your privacy and security, we will take reasonable steps to verify your identity before providing your Personal Information and before deleting your information. Only you or someone legally authorized to act on your behalf may make a verifiable request related to your Personal Information. For example, if you make a request, we will ask you to confirm your name, email address, and/or other information we in our records to verify your identity, so that we can help protect your information.

Requests from Authorized Agents: If you live in California, you may designate an authorized agent to make a request for you. If you designate an authorized agent to make a request on your behalf, we may require you to verify your identity and provide the authorized agent’s identity and contact information to us. .

Response to Requests

We do not charge a fee to respond to your request unless it is repetitive (more than twice in a 12-month period) or excessive. We will confirm receipt of your request within 10 business days of receipt and generally will respond to your request within 45 days of receipt. If we need more time to respond, we will inform you of the reason and we may take up to an additional 45 days to respond.

No Fee Usually Required.

You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Brazil Residents

The Lei Geral de Proteção de Dados (LGPD) provide consumers who are residents of Brazil with specific rights regarding their Personal Information. If you are a resident of Brazil, this section provides you with additional information, describes your rights, and explains how to exercise those rights.

Your Rights

You have important rights that you may exercise to protect your personal data. You may access those rights at any time by contacting us at support@grabrfi.com.

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

  • Right of access – you have the right to request a copy of the information that we hold about you.

  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

  • Right of portability – you have the right to have the data we hold about you transferred to another organization.

  • Right to object – you have the right to object to certain types of processing such as direct marketing.

  • Right to judicial review: if Grabr refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.

Please note: we will not be able to delete information that is required to maintain our business purpose or that is required to facilitate your contract with us. All the above requests will be forwarded on to other parties holding and processing your data where appropriate.

Bases for Processing your Personal Information

We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:

  • Where we need to perform the contract we have entered into with you which covers your relationship with us or to take steps to enter into that contract.

  • Where we need to comply with a legal obligation which applies to us, for example complying with health and safety laws for visitors.

  • When it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. Please see the “How We Use Information Collected Through Our Sites” section on how we use your personal information together with more details on our legitimate interests.

  • You have given your consent. Generally we do not rely on or need your consent for almost all uses we make of your personal information.

Where we are processing any sensitive personal information about you (which covers personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation) then we also need to have one or more of the following legal bases for using your personal information.

  • Where we have your explicit consent to do so.

  • When it is necessary for us to comply with a legal or regulatory obligation.

  • When it is necessary by the public administration for the execution of public policies provided in laws or regulations;

  • Where we need to protect your vital interests (or someone else's vital interests).

  • Where you have already made public the personal information.

  • When it is necessary to ensure the prevention of fraud and safety of you.

  • In establishing, exercising or defending legal claims, whether those claims are against us or by us.

  • When it is necessary in the public interest.

International Transfer of Personal Data

Grabr may transfer your personal information within Grabr and/or to other third parties, such as our third-party service providers. Your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected. This may include the United States. When we do so, we transfer the information in compliance with applicable data protection laws.

Argentina Residents

Grabr processes your personal information pursuant to Argentina’s Law No. 25,326 (the Data Protection Law). You have the right to view the personal information we have and request to delete it. For more information on what personal information we collect and how we use it, please see the sections titled “Information We Collect Through the Sites” and “How We Use Information Collected Through Our Sites.”

International Transfer of Personal Data

Grabr may transfer your personal information within Grabr and/or to other third parties, such as our third-party service providers. Your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected. This may include the United States. When we do so, we transfer the information in compliance with applicable data protection laws.


Was this article helpful?