Consumer Privacy Rights
This page was last revised on and has an effective date July 14, 2023.
We have recently updated our Consumer Privacy Rights page. Be sure to review this page carefully to understand our privacy practices.
To view, print or download our full Consumer Privacy Rights, click here
With some restrictions, residents of California, Colorado, Connecticut, Utah, and Virginia may make requests of us with regard to Personal Information. The following provisions apply to our processing of information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the comprehensive state privacy laws in these states, as amended, (herein referred to as Personal Information). For such requests, the provisions of this U.S. Consumer Privacy page prevail over any conflicting provisions of the Privacy Notice.
1. Categories of Personal Information Collected
We may have collected the following categories of Personal Information within the last 12 months. The Personal Information collected varies based on the product or service purchased or otherwise obtained by the consumer:
- Identifiers. This includes, but is not limited to, personal identifiers such as name, alias, address, email address, Internet Protocol (IP) address, insurance or other policy numbers, other online identifiers, or other similar identifiers.
- Financial Information and Medical Information. Financial information may include information directly provided by you such as a bank account number, routing number, credit card number, debit card number, or any other financial information, including information obtained from consumer reporting agencies as it may apply in our providing our Services to you. We generally do not collect medical information in providing our products or services, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
- Characteristics of Protected Classifications. May include information about race, color, religion, creed, national origin, sex, age, disability, veteran status, and other Categories of Sensitive Personal Information (further described below). We do not generally require the collection of this type of Personal Information.
- Commercial Information. Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric Information. May be used to establish identity, including but not limited to fingerprints, retinal scans, voice prints or facial recognition. We do not collect this type of information in providing our products and services.
- Internet or Other Electronic Network Activity Information. Including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Geolocation Data. May be obtained using IP address, GPS (where enabled on your smart device), and/or similar technologies when accessing our website(s), mobile application(s), or other online services.
- Sensory Data. We record audio calls made to our support center for quality purposes. We may collect Personal Information when you communicate with us electronically, such as using email. Other types of information, such as visual, thermal, olfactory, or similar information are not collected.
- Professional or Employment-Related Information. We do not generally collect this type of information, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
- Non-Public Education Information (per the Family Educational Rights and Privacy Act). We do not generally collect this type of information, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
- Inferences drawn from other Personal Information. Insights that we may use to build a profile about you; including profiles, preferences, and behaviors drawn from collection and analytics of any of the other categories of Personal Information.
- Categories of Sensitive Personal Information. This includes, but is not limited to, information such as Social Security number, passport number, and driver’s license number.
2. Categories of Personal Information Sold/Shared or Disclosed
Within the last 12 months, we may have transferred Personal Information (identifiers) to credit reporting agencies in a manner that may be considered a sale or sharing of Personal Information under state privacy laws and regulations. Sontiq does not knowingly sell/share Personal Information of minors under the age of eighteen (18) years.
Within the last 12 months, we may have disclosed Personal Information, including but not limited to: identifiers, internet or other electronic network activity information, geolocation data, and categories of sensitive personal information: government-issued identifiers and account credentials, for our business purposes, to the following categories of third parties:
- Banks/credit unions
- Collection agencies
- Consumer data resellers
- Data analytics providers
- Data brokers, which include data aggregators, data compilers, and data compilers/originators
- Financial technology (fintech) companies
- Government agencies
- Identity verification companies
- Insurance carriers/agencies/partners
- Internet service providers
- Marketing companies
- Operating systems and platforms
- Retail merchants
- Service providers
- Social networks
- TransUnion companies
- Survey providers
To learn more about the categories of third parties with whom we share such information, please see https://www.sontiq.com/privacy-policy/.
3. How We Collect Personal Information
We collect Personal Information from a variety of sources, including directly provided by you, through our partners or affiliates, or from commercially or publicly available data sources. Some of the products and services we offer may include collecting information about you from credit bureaus; identify verification and fraud prevention services; social media platforms; and others consistent with the product or service. We also gather information from or about you when you use our Services, including accessing our website(s), mobile application(s), and other online services, as well as marketing and analytics providers. More information can be found at https://www.sontiq.com/privacy-policy/.
4. How We Use Personal Information
We use the Personal Information we collect for the business purposes disclosed within this Privacy Notice. Please see https://www.sontiq.com/privacy-policy/. Please note that the business purposes for which we may use your information include:
- Providing services on our behalf or on behalf of another organization, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
- Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
- Debugging to identify and repair errors in our systems;
- Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.
- Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
- Short-term, transient use including contextual customization of ads;
- Conducting internal research to develop and demonstrate technology; and
- We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the Personal Information was collected.
5. Your Consumer Privacy Rights
In some instances, Sontiq offers its services to customers as a service provider/processor or subject to other exceptions under the applicable state privacy laws. Where Sontiq is acting as a service provider/processor, we are processing data on behalf of others who will provide the applicable privacy rights.
With some restrictions, residents of California, Colorado, Connecticut, Utah, and Virginia may make requests of us with regard to Personal Information, including (depending on the relevant state’s laws) (i) the right to know the categories of Personal Information we have collected about you, the categories of sources from which we collected Personal Information about you, the business or commercial purpose for collecting, selling/sharing, or disclosing Personal Information about you, the categories of third parties to whom we sell/share and disclose Personal Information, and the specific pieces of Personal Information we have collected about you; (ii) the right to request deletion of this Personal Information; (iii) the right to correct inaccurate Personal Information; (iv) the right to opt out of the sale or sharing of Personal Information; (v) the right to opt out of processing your Personal Information for targeted or cross-context behavioral advertising; (vi) the right to opt out of processing your Personal Information for profiling or automated decision making; and (vii) the right to limit the use or disclosure of your sensitive personal information. You may also have the right to appeal a denial of your privacy rights.
Please use our self-service options or contact our Privacy Office in the following ways:
- Visit your Sontiq Member Dashboard
- Call us (toll-free) at 888-6-SONTIQ or (888) 676-6847
- Email us at [email protected]
- Complete our Consumer Privacy Rights request forms available as follows:
For more information, visit our Sontiq Trust Center.
Right to Access/Know Personal Information
You have the right to request a disclosure of the Personal Information collected, sold/shared, and disclosed about you and the purpose for doing so, unless such request proves impossible or would involve disproportionate effort. Upon submission of a verifiable consumer request, we will provide you with the following information:
- the categories of Personal Information we have collected about you;
- the categories of sources from which the Personal Information is collected;
- our commercial or business purposes for collecting, selling/sharing, or disclosing Personal Information;
- the categories of third parties with whom we sell/share or disclose Personal Information; and
- the specific pieces of Personal Information we have collected about you.
To recap the categories of Personal Information that we may collect, please refer to Section 1 above. If we provide this information to you electronically, the information will be in a portable format. To the extent that it is technically feasible, we will provide you the information in a readily useable format that you can easily transfer to another entity. Please use this form to submit an Access Request.
Right to Correct Personal Information
You have the right to request that we correct inaccurate Personal Information that we collect or maintain about you, subject to verification. Please use your Sontiq Member Dashboard, call us, or email us to submit a Correction Request. You may also use this form to submit a Correction Request.
Right to Delete Personal Information
You have the right to request that we delete Personal Information about you which we maintain or have collected from you, subject to certain exemptions. Please use this form to submit a Deletion Request.
Right to Opt Out of the Sale or Sharing of Personal Information
You have the right to opt out of the sale/sharing of your Personal Information to third parties. To opt-out of the sale or sharing of your Personal Information through non-cookie and tracker based ways, click here.
Right to Opt Out of Profiling/Automated Decision Making, Targeted Advertising, or Cross-Context Behavioral Advertising
At this time, we are not using your Personal Information for purposes of profiling, automated decision making, targeted advertising, or cross-context behavioral advertising subject to the right to opt out.
Right to Limit the Use of Sensitive Personal Information
At this time, we are not collecting Sensitive Personal Information subject to the right to limit.
Right to Appeal
If you believe we have denied any of your consumer privacy rights in error, you have the right to appeal by replying to our denial message or any communication from us.
Please also note that Sontiq is now a TransUnion company. To exercise your consumer privacy rights for data processed by TransUnion, please click here.
No Discrimination for Exercising Rights
We do not discriminate against consumers because they have exercised any of the rights granted by the applicable comprehensive state privacy laws.
Verification of Identity
We want to ensure that the person requesting Personal Information is indeed that person, or someone authorized to exercise these rights on their behalf as permitted under applicable law. We will process Personal Information requests once the requestor’s identity has been verified or authority authenticated as permitted by law.
Using an authorized agent (with or without power of attorney) to submit an opt-out request or a request to limit the use of a consumer’s sensitive personal information: In order to submit an opt-out request or a request to limit on behalf of another consumer, please provide written permission, signed by the applicable consumer, authorizing the agent to submit the opt-out request. The name of the agent submitting the request must match the name on the authorization.
In order for us to locate the consumer’s record, please also include the consumer’s first and last name (middle name optional) and their address (including unit number, city, state, and zip code). You may also provide the consumer’s Social Security number and data of birth. While those fields are optional, this information makes it easier for TransUnion to locate the consumer’s information and complete the request.
Documentation may be sent to the addresses listed below.
Using an authorized agent without power of attorney to submit a verifiable privacy request for access, correction, or deletion of a consumer’s personal information: In order to submit a verifiable request for access, correction, or deletion on behalf of another consumer, an authorized agent without power of attorney must provide one item from each of the two sections below.
- Signed permission from the applicable consumer authorizing the agent to submit the verifiable privacy request on their behalf, including a description of the type of privacy request. The name of the agent submitting the request must match the name of the authorization.
- The applicable consumer must verify their own identity directly with the business by submitting information or documentation that provides sufficient proof of identification, such as:
- a Social Security number or a copy of a Social Security card issued by the Social Security Administration,
- a certified or official copy of a birth certificate issued by the entity authorized to issue the birth certificate, or
- a copy of a driver’s license or an identification card issued by the motor vehicle administration or any other government issued identification.
This secondary identification must include or reference the same name as stated in the signed permission form. The submission must also include sufficient information for TransUnion to locate the consumer’s file.
Documentation may be sent to the addresses listed below.
Using an authorized agent with power of attorney to submit a verifiable privacy request for access, correction, or deletion of a consumer’s personal information: In order to submit a verifiable request for access, correction, or deletion on behalf of another consumer, an authorized agent with power of attorney, must provide the valid power of attorney executed under applicable law.
The submission must also include sufficient information for us to locate the consumer’s file.
Documentation may be sent to:
Attn: Privacy Team
9920 Franklin Square Drive, Suite 250
Nottingham, MD, 21236, USA
You can also email the information to [email protected]
To protect the confidentiality of your data, you and/or your authorized agent may choose to submit your data using confidentiality features offered by your email provider.
All personal information provided as part of this process will be deleted after verification has been completed.
Parent or Guardian Privacy Opt-Out Request (child under 18 years)
Sontiq does not knowingly collect Personal Information from children. If you believe we have collected Personal Information from individuals under the age of eighteen (18), a parent or guardian may make a data privacy opt-out request (subject to limitations and exceptions under applicable law) by visiting our Opt-Out Form.