Effective June 2022
Maintaining the privacy and security of your personal information is LightStream’s highest priority. In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as LightStream’s Privacy Policy https://www.lightstream.com/privacy and Online Privacy Practices https://www.lightstream.com/privacy set forth how we will interact with your personal information. Specifically, it provides information on how you may exercise your California privacy rights. This Notice is directed to consumers who reside in the state of California and relates to collection, use, and disclosure of personal information covered by the California Consumer Privacy Act (CCPA). That said, all of our consumers are welcome to submit questions or requests about their data.
It is important to note that LightStream does not sell personal information. Because such sales do not occur, there is no link on our websites to opt-out of such activity.
To help ensure transparency around our handling of consumer personal information, we offer a portal with our partner, OneTrust, to facilitate receiving and processing requests related to accessing and potentially deleting your data. This portal helps us meet certain legal and compliance requirements such as those under the CCPA. It also gives non-CA consumers a vehicle to make similar requests.
CCPA Privacy Notice
LightStream’s Privacy Policy https://www.lightstream.com/privacy and Online Privacy Practices https://www.lightstream.com/privacy provide consumers details about our practices concerning the privacy of personal information. This Notice provides further information about our practices, along with details concerning how “Consumer Access” (“Right to Know”) and/or “Right to Request Deletion” requests may be submitted. This Notice is designed to provide additional information to California residents pursuant to CCPA.
The following are some general notes about LightStream’s practices related to the collection, use and sharing of personal information:
As a financial institution, it is necessary for us to collect certain personal information in order to provide our products and services, fulfill consumer requests, to comply with the federal and state laws, and other legal obligations.
Below is a list of categories of personal information we have collected in the past 12 months:
It is necessary for LightStream to share certain personal information with affiliates and/or trusted service providers in order to provide our products and services, and to comply with legal, regulatory, and contractual obligations. We may disclose each of the categories of personal information described above to such external or affiliated companies. When engaging service providers, LightStream ensures that such partners will maintain the information in accordance with our privacy and security standards, and only use the data for the use(s) specified in the contract. Below are categories of third parties with whom we share personal information:
Purpose for Collection and Use
We collect and use personal information in order to conduct business, manage relationships and accounts, and maintain operational functions at LightStream. In the past 12 months, we have collected and used personal information for the following purposes:
Sources of Personal Information
LightStream collects information from various sources in the course of providing products and services to you, and the sources will vary based on the relationship and products or services we provide to a client or consumer. Below is a list of the categories of sources from which we obtain data:
LightStream's No Sale Policy
As noted above, LightStream has not sold personal information to third parties in the preceding 12 months, including personal information of minors under the age of 16. Therefore, there is no opt-out for the sale of data provided on our website, since there is no activity from which to opt out.
Consumer Access Requests
Consumers are welcome to submit requests to see, delete, or correct your personal data by visiting our Consumer Rights Request Portal, hosted by OneTrust:
If you need assistance completing the form or have any other questions or comments, you may email us at customerservice@lightstream.com. All requests must be verified prior to receiving a response, using LightStream authentication protocols. Requesters will be asked to supply certain basic Personal Information to enable us to validate the requestor is the consumer who is subject to the request, such as name, Social Security number, and address. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.
Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent, or legal guardian of the consumer whose information is being requested. This will require the submission of a valid Power of Attorney, Birth Certificate, approved LightStream authorization form, Guardianship Order, or other court order granting authority to receive information, as appropriate.
Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).
Please note that LightStream adheres to an exemption within the CCPA for data collected pursuant to the Gramm-Leach-Bliley Act (GLBA). This enables us to best protect the security of our clients and consumers when responding to requests. Data provided pursuant to GLBA is often highly sensitive Personal Information, including financial data, that could lead to identity theft should it land in the wrong hands. We will continue to provide access to sensitive financial data only through our established, secure mechanisms to obtain that information such as online or mobile banking, or visiting a branch. Therefore, specific pieces of data collected pursuant to GLBA will not be provided through the Consumer Rights Access Request Portal.
"Right to Request Deletion" Requests
Consumers also have a right under the CCPA to request deletion of their personal information collected or maintained by LightStream.
The submission methods, authentication protocols, and time frames for response are identical to those referenced above in the “Consumer Access Requests” section. Keep in mind that the GLBA exemption and other legal exemptions may also apply to these requests. For example, LightStream cannot delete data provided by a client to service an active (or recently active) account, because such data is still needed to provide the product or service and/or meet legal retention requirements. Another example would be the inability to delete certain data that is subject to a legal hold.
LightStream will explain in its response the manner in which it has deleted the personal information. Or, if an exemption applies restricting LightStream’s ability to delete the data, LightStream will describe the basis for the denial of the request in its response. Should an exemption apply precluding the destruction of the data, LightStream will not use the consumer’s personal information for any other purpose than provided for by that exemption (for example, if certain data cannot be deleted due to a legal hold, we will ensure that such data is no longer used for LightStream marketing purposes).
Non-Discrimination
The submission of a "Right to Know" or "Right to Request Deletion" request will have no impact on the service and/or pricing you receive from LightStream. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services.
Updates
This Consumer Rights and CCPA Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date listed at the top of this page). If we revise this or other privacy notices in a manner that materially changes our privacy practices, we will provide conspicuous notice on our website and provide direct notice to our clients.
Contact Us
If you have any questions or comments on this notice or our privacy practices generally, please contact us at privacy@lightstream.com.
In today's environment, where people are subjected to marketing calls, junk mail, and spam and are very concerned about fraud and identity theft, we recognize the seriousness of our responsibility to help maintain the privacy and security of your personal information. As a result, we have adopted privacy and security practices that go beyond minimum legal requirements in order to give you greater comfort. We invite you to compare what we do with any other lender that you are presently using or considering.
Recognize and prevent scams
We take your security seriously. Protect yourself from fraudsters who reach out to you pretending to be LightStream.
Always confirm the caller is from LightStream before sharing personal information.
We are a Norton Secure Site:
For Nevada residents only, Nevada law requires that we also provide you with the
following contact information:
Bureau of Consumer Protection, Office of the Nevada Attorney General
555 E. Washington St., Suite 3900
Las Vegas, NV 89101
Phone: 702.486.3132
Email: BCPINFO@ag.state.nv.us
We may modify this privacy and security policy from time to time. We will post such changes to this page and update the last revised date. If the changes to the policy are significant, we will provide a more prominent notice including, possibly, an email notification to you.
FACTS | WHAT DOES LIGHTSTREAM DO WITH YOUR PERSONAL INFORMATION? |
Why? | Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
What? | The types of personal information we collect and share depend on the product or
service you have with us. This information can include:
|
How? | All financial companies need to share customers' information to run their everyday business—to process transactions, maintain customer accounts, and report to credit bureaus. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons LightStream chooses to share; and whether you can limit this sharing. |
Reason we can share your personal information | Does LightStream share? | Can you limit this sharing? |
For our everyday business purposes— such as process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus |
Yes | No |
For our marketing purposes— to offer our products and services to you |
Yes | Yes (See below) |
For joint marketing with other financial companies | No | We don't share |
For our affiliates' everyday business purposes— information about your transactions and experiences |
Yes | No |
For our affiliates' everyday business purposes— information about your creditworthiness |
Yes | Yes (See below) |
For our affiliates to market to you | Yes | Yes (See below) |
For nonaffiliates to market to you | No | We don't share |
To limit our sharing |
|
Questions? |
|
Who we are | |
Who is providing this notice? | LightStream, and its affiliates. |
What we do | |
How does LightStream protect my personal information? | To protect your personal information from unauthorized access and use, we use security
measures that comply with federal law. These measures include computer safeguards
and secured files and buildings. Our employees are bound by our Code of Ethics and policies to access consumer information only for legitimate business purposes and to keep information about you confidential. |
How does LightStream collect my personal information? | We collect your personal information, for example, when you
|
Why can't I limit all sharing? | Federal law gives you the right to limit sharing only for
|
What happens when I limit sharing for an account I hold jointly with someone else? | Your choices will apply to everyone on your account—unless you tell us otherwise |
Definitions | |
Affiliates | Companies related by common ownership or control. They can be
financial and nonfinancial companies. LightStream is a division of Truist Bank.
|
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|
Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|
Other important information |
State and Local Regulations: If, in addition to federal law,
you are protected by specific state or local rules concerning information sharing and marketing,
Truist will fully comply with these regulations as well. Under Vermont and California law,
we will not share information we collect about you with companies outside of Truist Bank,
unless the law allows. Nevada State law requires that we provide residents with the following
contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General,
555 E. Washington Street, Suite 3900, Las Vegas, NV 89101; Phone: 702.486.3132; Email: BCPINFO@ag.state.nv.us.
Use of Third Parties: We have arrangements with companies whose
experience is essential for our own services to operate properly. These companies,
some of which may be located outside the United States, work at LightStream's direction,
only receive the information necessary to perform these functions, and adhere to
LightStream’s data security guidelines.
Important Notice about Credit Reporting: We may report information
about your account(s) to credit bureaus. Late payments, missed payments, or other
defaults on your account(s) may be reflected in your credit report.
Do Not Call Policy. This notice is LightStream’s Do Not Call Policy
under the Telephone Consumer Protection Act. LightStream abides by all federal and
state regulations on telephone usage, maintains an internal Do Not Call list and
makes no telemarketing calls to numbers on this list. All Do Not Call requests are
implemented within 30 days and the selection is permanent - unless you elect to
remove your number from the list.
|
Updated March 2022
LightStream has a longstanding commitment to protecting the confidentiality and security of our clients' personal information. We believe it is helpful to have an overview of how this commitment is applied as LightStream collects, uses, and protects your personal information when you visit us online.
For California residents, the California law requires that we provide consumers with advance notice of the types of personal information we collect from consumers, our intended use of such information, and a description of your privacy rights under California law. This includes rights to request disclosure of the types of personal information we have collected on you and your right to request that we delete certain information we have collected from you. Please click here for further information on your specific consumer privacy rights.
When you visit the LightStream website, application or otherwise interact with us online, we may collect the below information:
The information we collect online helps LightStream to:
LightStream and its online advertising and marketing partners may employ various technologies to collect information, including:
LightStream advertises its products and services on websites and applications not affiliated with LightStream. The third-party companies we hire to display these ads use their own tracking technologies to measure the effectiveness of these ads and to understand your interest. Many of our third-party partners have their own privacy policies. We encourage you to review these policies carefully.
Some of our third-party advertising is interest-based and may use information about your online interests to customize the online ads you see. LightStream has adopted the use of the AdChoices Icon (also known as the Advertising Option Icon) for our interest-based advertising (excluding ads appearing on platforms that do not accept the icon). Anyone receiving an interest-based ad can click on the displayed icon to receive more information. The AdChoices Icon does not prevent you from receiving advertisements, but allows you to control whether you receive interest-based advertisements and from which companies. Visit the Digital Advertising Alliance website for more information about the AdChoices Icon and interest-based advertising.
Aggregation allows you to gather information from many websites and view that information in a consolidated format. An example of why you might use a third-party aggregation tool is if you wanted a comprehensive view of assets and liabilities held within your financial accounts. If you provide information about your LightStream accounts (including your access information) to an aggregation service provider, we will consider that as your having authorized all transactions initiated by that aggregation site. LightStream reserves the right to disable aggregation for any account without notice. If you wish to cancel your third-party aggregation services you should also change your password at lightstream.com.
LightStream provides experiences on social media platforms such as Facebook or Twitter that enable online sharing and collaboration. Any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.
Given the very public nature of social media, it is critical that we all safeguard confidential financial information. If you post information on a LightStream site that we feel should be shielded from public view, we will remove it. This includes not only specific details about your LightStream accounts and other private, confidential information (such as your Social Security Number), but details of information relayed in private conversations between you and LightStream representatives. Please know that in taking down or editing your posts, we are focusing our experience and best judgment to keep your personal information safe.
LightStream may provide links to non-LightStream companies, such as credit bureaus or merchants, and will notify you when leaving the LightStream site. If you choose to link to websites not controlled by LightStream, we are not responsible for the privacy or security of these sites, including the accuracy, completeness, reliability or suitability of their information. If you are asked to provide information on one of these sites we urge you to carefully study their privacy policies before sharing.
LightStream strictly follows the federal guidelines of the Children's Online Privacy Protection Act (COPPA) which gives parents control over what type of information is collected online about their children. We do not knowingly collect, maintain, or use personally identifiable information from children under age 13 on our websites. We are not responsible for the data collection and use practices of nonaffiliated third-parties that are linked from our websites. Visit the COPPA website for more information.
In summary, the below links can help you to customize and control your privacy preferences when interacting with LightStream online:
LightStream's Online Privacy Practices are subject to change, so please review them periodically. Any changes will become effective when we post the revised Practices on the site (please note the effective date listed at the top of this page). Your use of the site and applications following these changes means that you accept the revised Practices.
With regard to the security of your personal information, we employ a variety of electronic, physical, and procedural safeguards to protect your personal information including:
Encryption - We employ 128-bit Secure Sockets Layer (SSL) technology to encrypt your personal information when it is in transit between your web browser and our web server or vice versa. In addition, we also use advanced encryption when storing or backing up your personal information on our computers, substantially reducing the risk even in the event of loss or misuse of your personal information.
Software and Hardware Security - We employ stringent, up-to-date software and hardware solutions to minimize the risk that your encrypted, personal information could be hacked, lost, or stolen from our computer systems.
Physical Security - Your encrypted, personal information is located and stored in secure areas within our building and any offsite data processing facilities.
Access - Access to your personal information (either physically or online) is limited to you and our employees who have a "need to know" in order to perform their jobs and who have the appropriate authentications such as key cards, user IDs, and passwords. A user ID and password is required on the Sign In page on our web site for you to access and/or update your account information. Please remember to keep your user id and password secure. Also, if you prefer additional security, we offer our AccountLock feature which will prevent access to your account even with a valid user id and password. Access will only be granted after you request a pass code from us. We will then email you a randomly-generated, temporarily available pass code, allowing you one-time access to your account.
Training - We provide training to our employees regarding our security procedures.