PRIVACY NOTICE
PURSUANT TO THE OREGON CONSUMER PRIVACY ACT
Effective Date: 07-01-2024
This Oregon privacy notice (“Notice”) pursuant to the Oregon Consumer Privacy Act, Oregon Revised Statutes § 180.095 et seq., (“OCPA”), supplements the information contained in the Privacy Policy of Rausch Sturm LLP (“Rausch Sturm,” “we,” “us,” or “our”), and applies solely to visitors, users, and others who reside in the State of Oregon (“consumers” or “you”). Rausch Sturm is a debt collector. This Notice applies to both our online and offline practices. We adopt this Notice to comply with the OCPA. Any terms defined in the OCPA have the same meaning when used in this Notice. For questions concerning this Notice or to obtain a copy of this Notice in an alternative format or in Spanish, please call us at 855-517-6279.
A. Consumer Rights
The OCPA provides consumers with specific rights regarding their personal data. This section describes your rights.
-
Right of Obtain:
- You have the right to obtain confirmation as to whether we are processing or have processed the consumer’s personal data and the categories of personal data we are processing or have processed.
- You have the right to obtain, at our option, a list of specific third parties, other than natural persons, to which we have disclosed: your personal data; or any personal data.
- You have the right to obtain a copy of all of your personal data that we have processed or are processing.
-
Right to Correct:
You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
-
Right to Deletion:
You have the right to require us to delete personal data about you, including personal data you provided to us, personal data that we obtained from another source and derived data.
-
Right to Opt Out:
You have the right to opt out of the processing of your personal data that we process for any of the following purposes:
- Targeted advertising;
- The sale of personal data;
- Profiling in furtherance of a decision that produce legal effects or effects of similar significance.
We will not sell your personal data. We will not process your personal data for the purpose of targeted advertising. We will not engage in profiling in the processing of personal data. If in the future, we anticipate selling your personal data or processing your personal data for purposes of targeted advertising or profiling, we will provide you with the opt-out rights pursuant to the OCPA.
-
Right to Portability:
If we provide a copy of personal data to you pursuant to your request, we will provide the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the personal data to another person without hinderance.
B. Our Duties
-
The OCPA requires that we provide you with the following information.
-
Categories of personal data processed by us:
- Personal identifying information, like name, address and account number, as well as other identifying information, which we obtain from the consumer’s creditor, credit reports and other skip trace tools, and the consumer;
- Characteristics such as age, gender, etc., which we obtain from the consumer’s creditor and consumer’s credit report;
- Retail information, which we obtain from the consumer’s creditor and the consumer’s credit report;
- Commercial information, including records of personal property;
- Internet activity regarding online payments and account updates, which we collect if the consumer visits our website or payment portal;
- Geolocation data, which we obtain from process servers;
- Recordings, which are made when the consumer has a telephone conversation with us;
- Professional and employment related information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources; and
- Educational information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources.
-
Purpose for processing personal data:
- Helping to ensure security and integrity to the extent the use of personal data is reasonably necessary and proportionate for these purposes;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of consumer’s current interaction with the business, provided that the consumer’s personal data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us.
- Performing services on our behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufacture for, or controlled by the business.
-
Other business or business operational purposes as follows:
- Debt collection.
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order for us to process a payment, we will use that information to process said payment.
- To provide you with information or services that you request from us.
- To provide you with email or text alerts and other notices concerning our services.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for collections.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and our clients, including for collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and service development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or comply with a court order or subpoena to provide information.
- As described to you when collecting your personal data or as otherwise set forth in the Florida collection laws.
-
How you may exercise your rights, including the process by which you may appeal our decision with regard to your request:
- When you exercise your rights, we will use commercially reasonable methods for authenticating the identity of the person submitting a request to exercise rights.
- We will notify you if we cannot, using commercially reasonable methods, authenticate your request without additional information from you
- When you exercise your rights, we will respond without undue delay, which may not be later than 45 days after the date of the receipt of the request. We may extend the response period once by an additional 45 days when reasonably necessary, taking into account the complexity and number of the consumer’s request, so long as we inform you of the extension within the initial 45 day response period, together with the reason for the extension
- If we cannot take action regarding your request, we must inform you without undue delay, which may not be later than 45 days after the date of receipt of the request, of the justification for the inability to take action on the request and provide instructions on how to appeal the decision.
- We have established an appeal process by which you may appeal any refusal of ours to take action on a request. We will inform you in writing of any action taken or not taken in response to an appeal within 60 days after the date of receipt of the appeal, including a written explanation of the reason or reasons for the decision. If we deny the appeal, we will provide or specify information that enables you to contact the Attorney General to submit a complaint.
-
Categories of personal data that we share with third parties:
- Personal identifying information
- Characteristic information
- Retail information
- Professional or employment related information
-
Categories of third parties with whom we share personal data:
- Service providers and contractors.
- Third parties to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.
-
Categories of personal data processed by us:
-
Description of the methods by which consumers can submit requests to exercise their consumer rights or appeal our refusal to take action:
-
Submission: To exercise the rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 855-517-6279
- Submitting the submission form located at: www.rauschsturm.com/request-OR
-
Submission: To exercise the rights described above, please submit a verifiable consumer request to us by either:
- We do not process your sensitive personal data. If in the future, we anticipate processing your sensitive personal data, we will provide you required information pursuant to the OCPA.
C. Limitations
The above rights and duties may be limited if any of the following apply:
- We are both a controller and a processor as those terms are defined by the OCPA. A processor that is a controller shall comply with the OCPA with regard to any personal data that it collects or maintains outside of its role as a processor. Most of the personal data that we collect or maintain is done in context of our role as a processor. If we deny your verified request pursuant to this notice because all of the information collected or maintained about you has been pursuant to our role as a processor, we will provide you with the contact information of the business on whose behalf we collect or maintain the information.
-
The OCPA does not apply to:
- A public corporation, including the Oregon Health and Science University and the Oregon State Bar, or a public body, as defined in ORS 174.109;
- Protected health information that a covered entity or business associate processes in accordance with, or documents that a covered entity or business associate creates for the purpose of complying with, the Health Insurance Portability and Accountability Act of 1996, PL 104-191, and regulations promulgated under the Act;
- Information used only for public health activities and purposes described in 45 CFR 164.512;
- Information that identifies a consumer in connection with: (a) Activities that are subject to the federal policy for the protection of human subjects codified as 45 CFR part 46 and in various other federal regulations; (b) Activities that are subject to the protections provided in 21 CFR parts 50 and 56; and (c) Research conducted in accordance with the requirements set forth in this paragraph or otherwise in accordance with applicable law;
- Patient identifying information, as defined in 42 CFR 2.11 that is collected and processed in accordance with 42 CFR part 2;
- Patient safety work product, as defined in 42 CFR 3.20 that is created for purposes of improving patient safety under 42 CFR part 3;
- Information and documents created for the purposes of the health care quality improvement act of 1986, 42 USC 11101 etc, and implementing regulations;
- Information that originates from, or that is intermingled so as to be indistinguishable from, information that a covered entity or business associate, or a program of a qualified service organization, as defined in 42 CFR 2.11 creates, collects, processes, uses or maintains in the same manner as is required under the applicable laws, regulations and guidelines;
-
Information processed or maintained solely in connection with, and for the purpose of enabling:
- And individual’s employment or application for employment;
- An individual’s ownership of or function as a director or officer of, a business entity;
- An individual's contractual relationship with the business entity;
- An individual's receipt of benefits from employer, including benefits for the individuals dependents or beneficiaries; or
- Notice of an emergency to persons that are individual specifies;
-
Any activity that involves collecting maintaining, disclosing, selling, communicating or using information for the purpose of evaluating a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living if done strictly in accordance with the provisions of the Fair Credit Reporting Act, 15 USC 1681 by:
- A consumer reporting agency, as defined in 15 USC 1681a(f);
- A person who furnishes information to a consumer reporting agency under 15 USC 1681s-2; or
- A person who uses a consumer report as provided in 15 USC 1681b(a)(3);
-
Information collected, process, sold or disclosed under and in accordance with the following federal laws, all as in effect as of the effective date of this 2023 act:
- The Graham Leach Bliley Act, PL-106-102, and regulations adopted to implement that act;
- The drivers privacy protection act of 1994, 18 USC 2721; and
- The family educational rights and privacy act, 20 USC 1232G and regulations adopted to implement that act;
- A financial institution, as defined in ORS 7006.008, or a financial institution’s affiliate or subsidiary that is only and directly engaged in financial activities, as described in 12 USC 1843(k);
- Information that originates from, or is intermingled so as to be indistinguishable from, information that a licensee, as defined in ORS 725.010, collect, processes, uses or maintains in the same manner as is required under the applicable laws and regulations;
-
Compliance would restrict our ability to:
- comply with federal, state or local statutes, ordinances, rules or regulations;
- comply with a federal, state or local governmental inquiry, investigation, subpoena or summons related to a civil, criminal or administrative proceeding;
- cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state or local statutes, ordinances, rules or regulations;
- investigate, establish, initiate or defend legal claims;
- prevent, detect, protect against or respond to, and investigate, report or prosecute persons responsible for, security incidents, identity theft, fraud, harassment or malicious, deceptive or illegal activity or preserve the integrity or security of systems;
- identify and repair technical errors in our information systems that impair existing or intended functionality;
- provide a product or service that a consumer specifically requests from us as the parent or guardian of a child on the child’s behalf or as the guardian or conservator of a person subject to a guardianship, conservatorship or other protective arrangement on the person’ behalf;
- negotiate, enter into or perform a contract with a consumer, including fulfilling the terms of a written warranty;
- protect any person’s health and safety;
- effectuate a product recall;
- conduct internal research to develop, improve or repair products, services or technology;
- perform internal operations that are reasonably aligned with a consumer’s expectations, that the consumer may reasonably anticipate based on the consumer’s existing relationship with us or that are otherwise compatible with the processing data for the purpose of providing a product or service the consumer specifically requested or for the purpose of performing a contract to which the consumer is a party;
- assist another controller or processor with any of the activities otherwise listed herein as an exception to compliance.
- Compliance would prevent us or a consumer to disclose a trade secret;
- Compliance would violate an evidentiary privilege under the laws of this state.
- We are unable to authenticate a request made under the OCPA using commercially reasonable efforts.
-
Compliance would require us to do any of the following:
- reidentify deidentified data or associate a consumer with personal data in order to authenticate the consumer’s request; or
- maintain data in identifiable form or collect, retain or access any particular data or technology; or
- comply with an authenticated consumer request to exercise a right if: (a) we cannot reasonably associate the request with personal data or if our attempt to associate the request with personal data would be unreasonably burdensome; (b) we do not use personal data to recognize or respond to the specific consumer who is the subject of the personal data or associate the personal data with any other personal data about you; and (c) we do not sell or otherwise voluntarily disclose personal data to a third party.
D. Changes To Our Privacy Notice
This Notice was last updated on 7-01-2024. We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you by updating the “last updated” date on this notice.
This communication is from a debt collector.