PRIVACY NOTICE

PURSUANT TO THE CONNECTICUT DATA PRIVACY ACT

Effective 7/1/2023

This Connecticut privacy notice (“Notice”) pursuant to the Connecticut Data Privacy Act, Connecticut Public Act No. 22-15 (“CTDPA”), supplements the information contained in the Privacy Policy of Rausch Sturm LLP (“Rausch Sturm,” “we,” “us,” or “our”), and applies solely to visitors, users, and others who reside in the State of Connecticut (“consumers” or “you”). Rausch Sturm is a debt collector. This Notice applies to both our online and offline practices. We adopt this Notice to comply with the CTDPA. Any terms defined in the CTDPA have the same meaning when used in this Notice. For questions concerning this Notice or to obtain a copy of this Notice in an alternative format or in Spanish, please call us at 855-517-6279.

A. Consumer Rights

The CTDPA provide consumers with specific rights regarding their personal data. This section describes your rights.

1. You have the right to confirm whether or not we, in our capacity as a controller, are processing your personal data and access such personal data, unless such confirmation or access would require the controller to reveal a trade secret.
2. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of your personal data.
3. You have the right to delete personal data provided by, or obtained about, you.
4. You have the right to obtain a copy of your personal data processed by us, in our capacity as a controller, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means, provided that we shall not be required to reveal any trade secret.
5. Rausch Sturm will not process your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you. If, in the future, Rausch Sturm decides to process your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you, we will update our privacy notice accordingly and you will have the right to opt out of the processing of the personal data for the stated purposes.

B. Categories Of Personal Data Processed By Us

1. Personal identifying information, like name, address and account number, as well as other identifying information, which we obtain from the consumer’s creditor, credit reports and other skip trace tools, and the consumer;
2. Characteristics such as age, gender, etc., which we obtain from the consumer’s creditor and consumer’s credit report;
3. Retail information, which we obtain from the consumer’s creditor and the consumer’s credit report;
4. Commercial information, including records of personal property;
5. Internet activity regarding online payments and account updates, which we collect if the consumer visits our website or payment portal;
6. Geolocation data, which we obtain from process servers;
7. Recordings, which are made when the consumer has a telephone conversation with us;
8. Professional and employment related information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources; and
9. Educational information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources.

C. Purposes For Processing Personal Data

1. Helping to ensure security and integrity to the extent the use of personal data is reasonably necessary and proportionate for these purposes;
2. Debugging to identify and repair errors that impair existing intended functionality;
3. Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of consumer’s current interaction with the business, provided that the consumer’s personal data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us.
4. Performing services on our behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
5. Undertaking internal research for technological development and demonstration.
6. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufacture for, or controlled by the business.
7. Other business or business operational purposes as follows:
8. Debt collection.
9. To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order for us to process a payment, we will use that information to process said payment.
10. To provide you with information or services that you request from us.
11. To provide you with email or text alerts and other notices concerning our services.
12. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for collections.
13. To carry out our obligations and enforce our rights arising from any contracts entered into between you and our clients, including for collections.
14. To improve our website and present its contents to you.
15. For testing, research, analysis and service development.
16. As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
17. To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or comply with a court order or subpoena to provide information.
18. As described to you when collecting your personal data or as otherwise set forth in the Connecticut collection laws.

D. How You May Exercise Your Rights

1. Submission: To exercise the access, deletion, or correction rights described above, please submit a verifiable consumer request to us by either:
   • Calling us at 855-517-6279
   • Submitting the submission form located at: Connecticut Data Protection Request
2. Appeal: To exercise your right to appeal our response to your submission, please submit a verifiable consumer appeal to us by either:
   • Calling us at 855-517-6279
   • Submitting the submission form located at: Connecticut Data Protection Request
3. Verification: We will use commercially reasonable methods for authenticating the identity of the person submitting a request to exercise rights. These methods will take into consideration the right exercised, sensitivity, value and volume of personal data involved, the level of possible harm that improper access or use could cause to you and the cost of authentication. If we cannot verify the request, we will inform you and may request additional information to verify the request.
4. We will comply with any opt-out request received from a person authorized by you to act on your behalf if we are able to authenticate with commercially reasonable effort, the identity of you and the authorized agent’s authority to act on your behalf.

E. Categories Of Personal Data That We Share With Third Parties

1. Personal identifying information
2. Characteristic information
3. Retail information
4. Professional or employment related information

F. Categories Of Third Parties With Whom We Share Personal Data

1. Service providers and contractors.
2. Third parties to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.

G. Online Method To Contact Us

You may contact us at our website www.rauschsturm.com.

H. Limitations

The above rights and duties may be limited if any of the following apply:

1. We are both a controller and a processor as those terms are defined by the CTDPA. A processor that is a controller shall comply with the CTDPA with regard to any personal data that it collects or maintains outside of its role as a processor. Most of the personal data that we collect or maintain is done in context of our role as a processor. If we deny your verified request pursuant to this notice because all of the information collected or maintained about you has been pursuant to our role as a processor, we will provide you with the contact information of the controller on whose behalf we collect or maintain the information.
2. The CTDPA does not apply to:
   1. Financial institutions or data subject to Title V of the Gramm-Leach-Bliley Act;
   2. Protected health information under HIPAA;
   3. The collection, maintenance, disclosure, sale, communication or use of any personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living by a consumer reporting agency, furnisher or user that provides information for use in a consumer report, and by a use of a consumer report, but only to the extent that such activity is regulated by and authorized under the Fair Credit Reporting Act;
   4. Data processed or maintained in the course of an individual applying to, employed by or acting as an agent or independent contractor of a controller, processor or third party, to the extent that the data is collected and used within the context of that role, as the emergency contact information of such an individual, or that is necessary to retain to administer benefits for another individual relating to such an individual.
3. The CTDPA does not require us to comply with a request if we:
   1. Are not reasonably capable of associating the request with the personal data or it would be unreasonably burdensome for us to associate the request with the personal data;
   2. Do not use the personal data to recognize or respond to the you, or associate the personal data with other personal data about you;
   3. Do not sell the personal data to any third party or otherwise voluntarily disclose the personal data to any third party other than a processor.
4. The CTDPA shall not restrict out ability to:
   1. Comply with federal, state or municipal ordinances or regulations;
   2. Comply with a civil, criminal or regulatory inquiry, investigation, subpoena or summons by federal, state, municipal or other governmental authorities;
   3. Cooperate with law enforcement agencies concerning conduct or activity that the controller or processor reasonably and in good faith believes may violate federal, state, or municipal ordinances or regulations;
   4. Investigate, establish, exercise, prepare for or defend legal claims;
   5. Provide a product or service specifically requested by you
   6. Perform under a contract to which you are a party, including fulfilling the terms of a written warranty;
   7. Take steps at the request of a consumer prior to entering into a contract;
   8. Take immediate steps to protect an interest that is essential for the life or physical safety of the consumer or another individual, and where the processing cannot be manifestly based on another legal basis;
   9. Prevent, detect, protect against or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities or any illegal activity, preserve the integrity or security of systems or investigate, report or prosecute those responsible for any such action;
   10. Assist another controller, processor or third party with any of the obligations under the CTDPA.
5. The CTDPA shall not restrict our ability to collect, use or retain data for internal use to:
   1. Conduct internal research to develop, improve or repair products, services or technology;
   2. Identify and repair technical errors that impair existing or intended functionality; or
   3. Perform internal operations that are reasonably aligned with the expectations of you or reasonably anticipated based on your existing relationship with us, or are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by you or the performance of a contract to which you are a party.
6. The CTDPA shall not apply to us where compliance would violate an evidentiary privilege under the laws of Connecticut.
7. The CTDPA shall not be construed to:
   1. Impose any obligation on us that adversely affects the rights or freedoms of any person.

I. Changes To Our Privacy Notice

This Notice was last updated on 01-01-2024. We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you by updating the “last updated” date on this notice.

This communication is from a debt collector.