PRIVACY NOTICE

PURSUANT TO THE TEXAS DATA PRIVACY AND SECURITY ACT

Effective Date: 07-01-2024

This Texas privacy notice (“Notice”) pursuant to the Texas Data Privacy and Security Act, Texas Title 11, Business & Commerce Code Section Chapter 541 et seq., (“TDPSA”), supplements the information contained in the Privacy Policy of Rausch Sturm LLP (“Rausch Sturm,” “we,” “us,” or “our”), and applies solely to visitors, users, and others who reside in the State of Texas (“consumers” or “you”). Rausch Sturm is a debt collector. This Notice applies to both our online and offline practices. We adopt this Notice to comply with the TDPSA. Any terms defined in the TDPSA have the same meaning when used in this Notice. For questions concerning this Notice or to obtain a copy of this Notice in an alternative format or in Spanish, please call us at 855-517-6279.

A. Consumer Rights

The TDPSA provides consumers with specific rights regarding their personal data. This section describes your rights.

  1. Right of Confirm:

    You have the right to confirm whether we are processing your personal data and to access the personal data.

  2. Right to Correct:

    You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.

  3. Right to Deletion:

    You have the right to delete personal data provided by or obtained about you

  4. Right to Obtain:

    If the data is available in a digital format, you have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance.

  5. Right to opt out:

    You have the right to opt out of the processing of the personal data for purposes of: targeted advertising; the sale of personal data; or profiling in furtherance of a decision that produces a legal or similarly significant effect concerning you.

    We do not process your personal data for any of these purposes. If we intend to process your data for any of these purposes, we will provide you with notification of your rights including opt out rights.

B. Our Duties

  1. The TDPSA requires that we provide you with the following information.
    1. Categories of personal data processed by us:
      • Personal identifying information, like name, address and account number, as well as other identifying information, which we obtain from the consumer’s creditor, credit reports and other skip trace tools, and the consumer;
      • Characteristics such as age, gender, etc., which we obtain from the consumer’s creditor and consumer’s credit report;
      • Retail information, which we obtain from the consumer’s creditor and the consumer’s credit report;
      • Commercial information, including records of personal property;
      • Internet activity regarding online payments and account updates, which we collect if the consumer visits our website or payment portal;
      • Geolocation data, which we obtain from process servers;
      • Recordings, which are made when the consumer has a telephone conversation with us;
      • Professional and employment related information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources; and
      • Educational information, which we obtain from the consumer’s creditor, credit reporting agencies, the consumer, and other skip trace sources.
    2. Purposes for which the categories of personal data are processed:
      1. Helping to ensure security and integrity to the extent the use of personal data is reasonably necessary and proportionate for these purposes;
      2. Debugging to identify and repair errors that impair existing intended functionality;
      3. Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of consumer’s current interaction with the business, provided that the consumer’s personal data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us.
      4. Performing services on our behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.
      5. Undertaking internal research for technological development and demonstration.
      6. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufacture for, or controlled by the business.
      7. Other business or business operational purposes as follows:
        • Debt collection.
        • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order for us to process a payment, we will use that information to process said payment.
        • To provide you with information or services that you request from us.
        • To provide you with email or text alerts and other notices concerning our services.
        • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for collections.
        • To carry out our obligations and enforce our rights arising from any contracts entered into between you and our clients, including for collections.
        • To improve our website and present its contents to you.
        • For testing, research, analysis and service development.
        • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
        • To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or comply with a court order or subpoena to provide information.
        • As described to you when collecting your personal data or as otherwise set forth in the Florida collection laws.
    3. How you may exercise your rights, including the process by which you may appeal our decision with regard to your request:
      • When you exercise your rights, we will use commercially reasonable methods for authenticating the identity of the person submitting a request to exercise rights.
      • We will notify you if we cannot, using commercially reasonable methods, authenticate your request without additional information from you
      • When you exercise your rights, we will respond without undue delay, which may not be later than 45 days after the date of the receipt of the request. We may extend the response period once by an additional 45 days when reasonably necessary, taking into account the complexity and number of the consumer’s request, so long as we inform you of the extension within the initial 45 day response period, together with the reason for the extension
      • If we cannot take action regarding your request, we must inform you without undue delay, which may not be later than 45 days after the date of receipt of the request, of the justification for the inability to take action on the request and provide instructions on how to appeal the decision.
      • We have established an appeal process by which you may appeal any refusal of ours to take action on a request. We will inform you in writing of any action taken or not taken in response to an appeal within 60 days after the date of receipt of the appeal, including a written explanation of the reason or reasons for the decision. If we deny the appeal, we will provide or specify information that enables you to contact the Attorney General to submit a complaint.
    4. Categories of personal data that we share with third parties:
      • Personal identifying information
      • Characteristic information
      • Retail information
      • Professional or employment related information
    5. Categories of third parties with whom we share personal data:
      • Service providers and contractors.
      • Third parties to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.
  2. Description of the methods by which consumers can submit requests to exercise their consumer rights or appeal our refusal to take action:
    • Submission: To exercise the rights described above, please submit a verifiable consumer request to us by either:
  3. We do not sell personal data. If in the future, we anticipate selling your personal data, we will provide you required information pursuant to the TDPSA, including any applicable opt out rights.

C. Limitations

The above rights and duties may be limited if any of the following apply:

  1. We are both a controller and a processor as those terms are defined by the TDPSA. A processor that is a controller shall comply with the TDPSA with regard to any personal data that it collects or maintains outside of its role as a processor. Most of the personal data that we collect or maintain is done in context of our role as a processor. If we deny your verified request pursuant to this notice because all of the information collected or maintained about you has been pursuant to our role as a processor, we will provide you with the contact information of the business on whose behalf we collect or maintain the information.
  2. The TDPSA does not apply to:
    • A state agency or a political subdivision of this state;
    • A financial institution, an affiliate of a financial institution, or data subject to title V of the federal Gramm Leach Bliley Act;
    • A covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human services, 45 CFR parts 160 and 164 established pursuant to HIPAA and the federal Health Information Technology for Economic and Clinical Health Act;
    • A nonprofit organization;
    • An institution of higher education;
    • Protected health information under HIPAA;
    • Health records;
    • Patient identifying information for purposes of 42 USC section 290dd-2;
    • Personal data processed or sold in connection with research conducted in accordance with applicable law;
    • Information and documents created for purposes of the federal Healthcare Quality Improvement Act of 1986;
    • Patient safety work product for purposes of the federal Patient Safety and Quality Improvement Act;
    • Information derived from the healthcare related information identified in accordance with the requirements for de identification pursuant to HIPAA;
    • Information originating from, and intermingled to be indistinguishable with, or information treated in the same manner as, information that is maintained by a covered entity or business associate as defined by HIPAA or a program or qualified service organization;
    • Information used only for public health activities and purposes as authorized by HIPAA;
    • The collection, maintenance, disclosure, sale, communication, or use of personal data bearing on a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency more furniture that provides information for use and consumer report, and by a user of a consumer report, but only to the extent that such activity is regulated by and authorized under the federal Fair Credit Reporting Act;
    • Personal data collected, processed, sold, or disclosed in compliance with the federal Drivers Privacy Protection Act of 1994;
    • Personal data or educational information regulated by the federal Family Educational Rights and Privacy Act;
    • Personal data collected, processed, sold, or disclosed in compliance with the federal Farm Credit Act;
    • Data processed or maintained:
      • In the course of an individual applying to, being employed by, or acting as an agent or independent contractor of a controller, processor, or third party, to the extent that the data is collected and used within the context of that role;
      • As the emergency contact information of an individual under this part used for emergency contact purposes; or
      • That is necessary to retain to administer benefits for another individual and used for the purposes of administering those benefits;
    • Processing of personal data by a person in the course of a purely personal or household activity.
  3. Compliance would restrict our ability to:
    • comply with a federal, state, or local law, rule, or regulation;
    • comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
    • investigate, establish, exercise, prepare for, or defend legal claims;
    • provide a product or service specifically requested by a consumer, perform a contract to which the consumer is a party, including fulfilling the terms of a written warranty, or take steps at the request of the consumer prior to entering into a contract.
    • take immediate steps to protect an interest that is essential for the life of physical safety of the consumer or of another natural person, and where the processing cannot be manifestly based on the another legal basis;
    • prevent, detect, protect against or respond to security incidents, identity theft, fraud, harassment or malicious, deceptive or illegal activity
    • preserve the integrity or security of systems or investigate, report, or prosecute those responsible for breaches of system security;
    • Engage in public or peer reviewed scientific or statistical research in the public interest that adheres to all other applicable ethics and privacy laws and is approved, monitored, and governed by an institutional review board, or a similar independent oversight entity that determines whether: (a) deletion of the information is likely to provide substantial benefits that do not exclusively accrue to the controller; (b) the expected benefits of the research outweigh the privacy risks; and (c) the controller has implemented reasonable safeguards to mitigate privacy risks associated with research, including risks associated with re identification;
    • Assist another controller, processor or third party with obligations under TDPSA.
    • Conduct internal research to develop, improve, or repair products, services, or technology
    • Effect a product recall;
    • Identify and repair technical errors that impair existing or intended functionality;
    • Perform internal operations that;
      • Are reasonably aligned with the expectations of the consumer;
      • Are reasonably anticipated based on the consumers existing relationship with the controller; or
      • Are otherwise compatible with processing data in furtherance of the provision of a product or service specifically requested by a consumer or the performance of a contract to which the consumer is a party.
  4. Compliance would violate an evidentiary privilege under the laws of this state.
  5. Compliance would adversely affect the rights or freedoms of a person
  6. Compliance would require us to disclose a trade secret.
  7. Compliance would require us to do any of the following:
    • reidentify deidentified data or pseudonymous data; or
    • maintain data in identifiable form or collect, obtain, retain or access data or technology for the purpose of allowing us to associate a consumer request with personal data; or
    • comply with an authenticated consumer request to exercise a right if: (a) we cannot reasonably associate the request with personal data or it would be unreasonably burdensome for us to associate the request with the personal data; (b) we do not use personal data to recognize or respond to the specific consumer who is the subject of the personal data or associate the personal data with any other personal data about you; and (c) we do not sell or otherwise voluntarily disclose personal information to a third party other than a processor.

D. Changes To Our Privacy Notice

This Notice was last updated on 7-01-2024. We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you by updating the “last updated” date on this notice.

This communication is from a debt collector.