PRIVACY NOTICE

PURSUANT TO THE TENNESSEE INFORMATION PROTECTION ACT

Effective Date: 07-01-2024

This Tennessee privacy notice (“Notice”) pursuant to the Tennessee Information Protection Act, Tennessee Code Annotated, Title 47, Chapter 18 et seq., (“TIPA”), supplements the information contained in the Privacy Policy of Rausch Sturm LLP (“Rausch Sturm,” “we,” “us,” or “our”), and applies solely to visitors, users, and others who reside in the State of Tennessee (“consumers” or “you”). Rausch Sturm is a debt collector. This Notice applies to both our online and offline practices. We adopt this Notice to comply with the TIPA. Any terms defined in the TIPA have the same meaning when used in this Notice. For questions concerning this Notice or to obtain a copy of this Notice in an alternative format or in Spanish, please call us at 855-517-6279.

A. Consumer Rights

The TIPA provides consumers with specific rights regarding their personal data. This section describes your rights.

  1. Right of Confirm:

    You have the right to confirm whether we are processing your personal information and to access the personal information.

  2. Right to Correct:

    You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal information and the purposes of the processing of the personal data.

  3. Right to Deletion:

    You have the right to delete personal information provided by or obtained about you. We are not required to delete information that we maintain or use as aggregate or de-identified data, provided that such data in our possession is not linked to a specific consumer.

  4. Right to Obtain:

    You have the right to obtain a copy of your personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.

  5. Right to Request: You have the right to request, if we have sold personal information about you, or disclosed the information for a business purpose, to disclose to you:
    • The categories of personal information about you that we sold;
    • The categories of third parties to which the personal information about you was sold by category of personal information for each category of third parties to which the personal information was sold; and
    • The categories of personal information about you that we disclosed for a business purpose.
  6. Right to opt out:

    You have the right to opt out of our sale of personal information about you. We do not sell your personal information to third parties. If we intend to sell your personal information to third parties, we will provide you with notification of your rights including opt out rights.

B. Our Duties

  1. The TIPA requires that we provide you with the following information.
    1. Categories of personal data processed by us:
      • Personal identifying information, like name, address and account number, as well as other identifying information, which we obtain from the consumer’s creditor, credit reports and other skip trace tools, and the consumer;
      • Characteristics such as age, gender, etc., which we obtain from the consumer’s creditor and consumer’s credit report;
      • Retail information, which we obtain from the consumer’s creditor and the consumer’s credit report;
      • Commercial information, including records of personal property;
      • Internet activity regarding online payments and account updates, which we collect if the consumer visits our website or payment portal;
      • Geolocation data, which we obtain from process servers;
      • Recordings, which are made when the consumer has a telephone conversation with us;
      • Professional and employment related information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources; and
      • Educational information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources.
    2. Purpose for processing personal data:
      • Helping to ensure security and integrity to the extent the use of personal data is reasonably necessary and proportionate for these purposes;
      • Debugging to identify and repair errors that impair existing intended functionality;
      • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of consumer’s current interaction with the business, provided that the consumer’s personal data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us.
      • Performing services on our behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
      • Undertaking internal research for technological development and demonstration.
      • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufacture for, or controlled by the business.
      • Other business or business operational purposes as follows:
        • Debt collection.
        • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order for us to process a payment, we will use that information to process said payment.
        • To provide you with information or services that you request from us.
        • To provide you with email or text alerts and other notices concerning our services.
        • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for collections.
        • To carry out our obligations and enforce our rights arising from any contracts entered into between you and our clients, including for collections.
        • To improve our website and present its contents to you.
        • For testing, research, analysis and service development.
        • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
        • To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or comply with a court order or subpoena to provide information.
        • As described to you when collecting your personal data or as otherwise set forth in the Florida collection laws.
    3. How you may exercise your rights, including the process by which you may appeal our decision with regard to your request:
      • When you exercise your rights, we will use commercially reasonable methods for authenticating the identity of the person submitting a request to exercise rights.
      • We will notify you if we cannot, using commercially reasonable methods, authenticate your request without additional information from you.
      • When you exercise your rights, we will respond without undue delay, which may not be later than 45 days after the date of the receipt of the request. We may extend the response period once by an additional 45 days when reasonably necessary, taking into account the complexity and number of the consumer’s request, so long as we inform you of the extension within the initial 45 day response period, together with the reason for the extension.
      • If we cannot take action regarding your request, we must inform you without undue delay, which may not be later than 45 days after the date of receipt of the request, of the justification for the inability to take action on the request and provide instructions on how to appeal the decision.
      • We have established an appeal process by which you may appeal any refusal of ours to take action on a request. We will inform you in writing of any action taken or not taken in response to an appeal within 60 days after the date of receipt of the appeal, including a written explanation of the reason or reasons for the decision. If we deny the appeal, we will provide or specify information that enables you to contact the Attorney General to submit a complaint.
    4. Categories of personal information that we sell to third parties:

      We do not sell your personal information to third parties. If we intend to sell your personal information to third parties, we will provide you with notification of your rights including opt out rights.

    5. Categories of third parties with whom we sell personal data:

      We do not sell your personal information to third parties. If we intend to sell your personal information to third parties, we will provide you with notification of your rights including opt out rights.

    6. Description of the methods by which consumers can submit requests to exercise their consumer rights or appeal our refusal to take action:

      Submission: To exercise the rights described above, please submit a verifiable consumer request to us by submitting the submission form located at: www.rauschsturm.com/request-TN

  2. We do not sell personal information to third parties or process personal information for targeted advertising. If in the future, we anticipate selling your personal information to third parties or processing your personal information for targeted advertising, we will provide you required information pursuant to the TIPA, including opt-out rights.

C. Limitations

The above rights and duties may be limited if any of the following apply:

  1. We are both a controller and a processor as those terms are defined by the TIPA. A processor that is a controller shall comply with the TIPA with regard to any personal data that it collects or maintains outside of its role as a processor. Most of the personal data that we collect or maintain is done in context of our role as a processor. If we deny your verified request pursuant to this notice because all of the information collected or maintained about you has been pursuant to our role as a processor, we will provide you with the contact information of the business on whose behalf we collect or maintain the information.
  2. The TIPA does not apply to:
    • A body, authority, board, bureau, commission, district, or agency of this state or a political subdivision of this state;
    • A financial institution, an affiliate of a financial institution, or data subject to title V of the federal Gramm Leach Bliley Act;
    • an individual, firm, association, corporation, or other entity that is licensed in this state under title 56 as an insurance company and transacts insurance business;
    • A covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human services, 45 CFR parts 160 and 164 established pursuant to HIPAA and the federal Health Information Technology for Economic and Clinical Health Act;
    • A nonprofit organization;
    • An institution of higher education;
    • Protected health information under HIPAA;
    • Health records for purposes of title 68;
    • Patient identifying information for purposes of 42 USC section 290dd-2;
    • Personal information:
      • Processed or sold in connection with research conducted in accordance with applicable law;
    • Information and documents created for purposes of the federal Healthcare Quality Improvement Act of 1986;
    • Patient safety work product for purposes of the federal Patient Safety and Quality Improvement Act;
    • Information derived from the healthcare related information identified in accordance with the requirements for de identification pursuant to HIPAA;
    • Information originating from, and intermingled to be indistinguishable with, or information treated in the same manner as, information that is maintained by a covered entity or business associate as defined by HIPAA or a program or qualified service organization;
    • Information used only for public health activities and purposes as authorized by HIPAA;
    • The collection, maintenance, disclosure, sale, communication, or use of personal information bearing on a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency more furniture that provides information for use and consumer report, and by a user of a consumer report, but only to the extent that such activity is regulated by and authorized under the federal Fair Credit Reporting Act;
    • Personal information collected, processed, sold, or disclosed in compliance with the federal Drivers Privacy Protection Act of 1994;
    • Personal information or educational information regulated by the federal Family Educational Rights and Privacy Act;
    • Personal information collected, processed, sold, or disclosed in compliance with the federal Farm Credit Act;
    • Data processed or maintained:
      • In the course of an individual applying to, being employed by, or acting as an agent or independent contractor of a controller, processor, or third party, to the extent that the data is collected and used within the context of that role;
      • As the emergency contact information of an individual under this part used for emergency contact purposes; or
      • That is necessary to retain to administer benefits for another individual and used for the purposes of administering those benefits;
    • Information collected as part of public or peer reviewed scientific or statistical research in the public interest; or
    • An insurance producer licensed under title 56
  3. Compliance would require a controller, processor, third party, or consumer to disclose trade secrets.
  4. Compliance would restrict our ability to:
    • comply with federal, state or local statutes, ordinances, rules or regulations;
    • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
    • cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state or local statutes, ordinances, rules or regulations;
    • investigate, establish, exercise, prepare for, or defend legal claims;
    • provide a product or service specifically requested by a consumer, perform a contract to which the consumer is a party, including fulfilling the terms of a written warranty, or take steps at the request of the consumer prior to entering into a contract.
    • take immediate steps to protect an interest that is essential for the life of physical safety of the consumer or of another natural person, and where the processing cannot be manifestly based on the another legal basis;
    • prevent, detect, protect against or respond to security incidents, identity theft, fraud, harassment or malicious, deceptive or illegal activity or preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for such action;
    • Engage in public or peer reviewed scientific or statistical research in the public interest that adheres to all other applicable ethics and privacy laws and is approved, monitored, and governed by an institutional review board, or a similar independent oversight entity that determines whether: (a) deletion of the information is likely to provide substantial benefits that do not exclusively accrue to the controller; (b) the expected benefits of the research outweigh the privacy risks; and (c) the controller has implemented reasonable safeguards to mitigate privacy risks associated with research, including risks associated with re identification;
    • Assist another controller, processor or third party with obligations under TIPA.
    • Collect use or retain data to:
      • conduct internal research to develop, improve, or repair products, services, or technology;
      • effectuate a product recall;
      • identify and repair technical errors that impair existing or intended functionality; or
      • perform internal operations that are reasonably aligned with the expectations of the consumer or reasonably anticipated based on the consumer's existing relationship with the controller or are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by the consumer or the performance of a contract to which the consumer is a party.
  5. Compliance would violate an evidentiary privilege under the laws of this state.
  6. Compliance would adversely affect the rights or freedoms of a person, such as exercising the right of free speech pursuant to the First Amendment to the United States Constitution, or applies to the processing of personal information by a person in the course of a purely personal activity.
  7. Compliance would require us to do any of the following:
    • reidentify deidentified data or pseudonymous data; or
    • maintain data in identifiable form or collect, obtain, retain or access data or technology in order to be capable of associating an authenticated consumer request with personal information; or
    • comply with an authenticated consumer request to exercise a right if: (a) we cannot reasonably associate the request with personal information or it would be unreasonably burdensome for us to associate the request with the personal information; (b) we do not use personal information to recognize or respond to the specific consumer who is the subject of the personal information or associate the personal information with any other personal information about you; and (c) we do not sell or otherwise voluntarily disclose personal information to a third party other than a processor; or
    • delete information that we maintain or use as aggregate or de-identified data, provided that such data in the possession of us is not linked to a specific consumer.

D. Changes To Our Privacy Notice

This Notice was last updated on 7-01-2024. We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you by updating the “last updated” date on this notice.

This communication is from a debt collector.