Privacy Policy Guidance for Enova SMB (ISO) Partners - 2023
Legal Disclaimer & Purpose of this Document
This document does not constitute legal advice of any kind, nor does it stipulate or offer exact wording for the privacy policies of Enova's partners.
The document is intended to clarify the expectations Enova has for its partners in terms of privacy disclosures and compliance with privacy regulations. It is also intended to offer resources for further reference and information about privacy policy best practice.
Enova Partnership Requirement
Enova is a publicly traded company with security and transparency obligations to our customers, employees, and shareholders as well as regulatory requirements to comply with.
One way we fulfill these is to draft our own privacy policies in accordance with applicable regulations and make them readily available to those whose information we collect.
Another way is by selecting third party partners who share our commitment to security, transparency, and compliance.
Potential Enova partners must have a privacy policy that accurately describes their data collection and usage practices and may not verbatim copy any of Enova’s or its subsidiaries’ and/or affiliates’ privacy policies. The remainder of this document will explain and clarify what Enova looks for when evaluating a partner's privacy policy.
Enova Partner Requirements Regarding Privacy
Applicable to all partners
Each partner must have a Privacy Policy explaining their information collection activities and practices to potential customers.
Each partner must have a Privacy Policy explaining their information collection activities and practices to potential customers.
Privacy Policy must be readily available and easily visible to site visitors on the main website.
'Privacy Policy' website footer that hyperlinks to a webpage with your privacy policy content.
Tab in settings menu stating 'Privacy Policy' and hyperlinking to a webpage with your privacy policy content.
Privacy Policy should be visible before a site visitor enters any information into a web form and available to them to review at any time (i.e. not just when applying).
Privacy Policy content must include:
The name of your business
Date of most recent privacy policy update
Effective as of Jan 1 2023, last updated Jan 20 2023s
What information you collect
Provide a list of the information you collect from merchants, such as name, address, email, date of birth, Social Security Number, bank statements, photo IDs, etc. as applicable
How and why you use the information you collect
Whether you share information with any other entities, and if so, for what purpose (i.e. why do you share this info?)
How you keep the information you collect safe and secure
Whether your site uses cookie or other tracking tools, and if so how those can be opted out of
What rights a consumer has over the information they provide to you, and how they can request these rights
Is it possible to opt out of marketing? Can someone make a request to access, delete, or update information that you've collected about them, and if so, how?
| Requirements - All Partners | ||
|---|---|---|
| Requirement | Example(s) | |
| 1.1 | Each partner must have a Privacy Policy explaining their information collection activities and practices to potential customers. | Privacy Policy should be a stand-alone document (not a few sentences at the bottom of an application page) |
| 1.2 | Privacy Policy must be readily available and easily visible to site visitors on the main website. |
'Privacy Policy' website footer that hyperlinks to a webpage with your privacy policy content. Tab in settings menu stating 'Privacy Policy' and hyperlinking to a webpage with your privacy policy content. Privacy Policy should be visible before a site visitor enters any information into a web form and available to them to review at any time (i.e. not just when applying). |
| 1.3 | Privacy Policy content must include: | |
| 1.3.1 | The name of your business | |
| 1.3.2 | Date of most recent privacy policy update | Effective as of Jan 1 2023, last updated Jan 20 2023 |
| 1.3.3 | What information you collect | Provide a list of the information you collect from merchants, such as name, address, email, date of birth, Social Security Number, bank statements, photo IDs, etc. as applicable |
| 1.3.4 | How and why you use the information you collect | |
| 1.3.5 | Whether you share information with any other entities, and if so, for what purpose (i.e. why do you share this info?) | |
| 1.3.6 | How you keep the information you collect safe and secure | |
| 1.3.7 | Whether your site uses cookie or other tracking tools, and if so how those can be opted out of | |
| 1.3.8 | What rights a consumer has over the information they provide to you, and how they can request these rights | Is it possible to opt out of marketing? Can someone make a request to access, delete, or update information that you've collected about them, and if so, how? |
Applicable to partners who interact with California-based merchants
Partners who interact with the information of California residents must have all of the above as well as additional measures in order to comply with the California Consumer Privacy Act of 2018, the California Privacy Rights Act of 2020, and its regulations (collectively, the “CCPA”).
Privacy Policy must be updated every 12 months
Privacy Policy link must be 'conspicuously' placed on your website's main page
Privacy Policy content must include:
Categories of Personal Information You Collect
Categories of Sources You Collect Information From
Your Purposes for Collecting Personal Information
Personal Information You've Sold, Shared, or Disclosed (in the Past 12 Months) and Categories of Recipients
How Long You Keep the Personal Information You Collect
List of Rights California Residents Have Under CCPA
How California Residents Can Request Their CCPA Rights Regarding Information You Have About Them or Authorize Another Person to Request on Their Behalf
| Requirements - Partners Interacting with Information about California Residents | ||
|---|---|---|
| Requirement | Example(s) | |
| 2.1 | Privacy Policy must be updated every 12 months | |
| 2.2 | Privacy Policy link must be 'conspicuously' placed on your website's main page | |
| 2.3 | Privacy Policy content must include: | |
| 2.3.1 | Information | |
| 2.3.2 | Categories of Sources You Collect Information From | |
| 2.3.3 | Your Purposes for Collecting Personal Information | |
| 2.3.4 | Personal Information You've Sold, Shared, or Disclosed (in the Past 12 Months) and Categories of Recipients | The CCPA interpretation of 'selling' or 'sharing' information includes certain third party website activities like cookies, retargeting ads, etc. |
| 2.3.5 | How Long You Keep the Personal Information You Collect | |
| 2.3.6 | List of Rights California Residents Have Under CCPA | |
| 2.3.7 | How California Residents Can Request Their CCPA Rights Regarding Information You Have About Them or Authorize Another Person to Request on Their Behalf | |