| (vi) For our affiliates to market to you. This reason
incorporates sharing information specified in §624 of the FCRA.
This reason may be omitted from the disclosure table when the covered
entity does not have affiliates, or does not disclose personal information
to its affiliates; the covered entity's affiliates do not use personal
information in a manner that requires an opt out; or the covered entity
provides the affiliate marketing notice separately. Covered entities
that include this reason must provide an opt out of indefinite duration.
A covered entity that must provide an affiliate marketing opt out,
but does not include that opt out in the model form under this clause,
must comply with §624 of the FCRA and Insurance Code Chapter
601 and 28 TAC Subchapter A, including §§22.8 - 22.12 of
this title (relating to Initial Privacy Notice, Annual Privacy Notice,
Information to be Included in Privacy Notices, Form of Opt Out Notice
to Consumers and Opt Out Methods, and Revised Privacy Notices, respectively),
with respect to the initial notice and opt out and any subsequent
renewal notice and opt out. A covered entity not required to provide
an opt out under this subparagraph may elect to include this reason
in the model form.
(vii) For nonaffiliates to market to you. This reason
incorporates sharing described in §22.11 and §22.12(a)(1)
- (4) of this title. A covered entity that shares personal information
for this reason must provide an opt out.
(E) To limit our sharing. A covered entity must include
this section of the model form only if it provides an opt out. The
word "choice" may be written in either the singular or plural, as
appropriate. Covered entities must select one or more of the applicable
opt out methods described: telephone, for example, by a toll-free
number; a website; or use of a mail-in opt out form. Covered entities
may include the words "toll-free" before telephone, as appropriate.
A covered entity that allows consumers to opt out online must provide
either a specific web address that takes consumers directly to the
opt out page or a general web address that provides a clear and conspicuous
direct link to the opt out page. The opt out choices made available
to the consumer who contacts the covered entity through these methods
must correspond accurately to the "Yes" responses in the third column
of the disclosure table. In the part titled "Please note," covered
entities may insert a number that is 30 or greater in the space marked
"(30)." Instructions on voluntary or state privacy law opt out information
are in the instructions in subparagraph (G)(v) of this paragraph.
(F) Questions box. Customer service contact information
must appear, as appropriate, where "phone number" or "website" appears.
Covered entities may elect to provide either a phone number, such
as a toll-free number, or a web address, or both. Covered entities
may include the words "toll-free" before the telephone number, as
appropriate.
(G) Mail-in opt out form. Covered entities must include
this mail-in form only if they state in the "To limit our sharing"
box that consumers can opt out by mail. The mail-in form must provide
opt out options that correspond accurately to the "Yes" responses
in the third column in the disclosure table. Covered entities that
require customers to provide only name and address may omit the section
identified as "account #." Covered entities that require additional
or different information, for example, a random opt out number or
a truncated account number, to implement an opt out election should
modify the "account #" reference accordingly. This includes covered
entities that require customers with multiple accounts to identify
each account to which the opt out should apply. A covered entity must
enter its opt out mailing address in the far right of the Version
3: Model Form with Mail-In Opt Out Form. A covered entity must enter
its opt out mailing address below the Version 4: Optional Mail-In
Form. The reverse side of the mail-in opt out form must not include
any content of the model form.
(i) Joint accountholder. Only covered entities that
provide their joint accountholders the choice to opt out for only
one accountholder, in accord with the instructions in paragraph (3)(A)(v)
of this subsection, must include in the far left column of the mail-in
form the following statement: "If you have a joint account, your choice(s)
will apply to everyone on your account unless you mark below. Apply
my choice(s) only to me." The word "choice" may appear in either the
singular or plural, as appropriate. Covered entities that provide
insurance products or services, provide this option, and elect to
use the model form may substitute the word "policy" for "account"
in this statement. Covered entities that do not provide this option
may eliminate this left column from the mail-in form.
(ii) FCRA §603(d)(2)(A)(iii) opt out. If the covered
entity shares personal information under §603(d)(2)(A)(iii) of
the FCRA, it must include in the mail-in opt out form the following
statement: "Do not share information about my creditworthiness with
your affiliates for their everyday business purposes."
(iii) FCRA §624 opt out. If the covered entity
incorporates §624 of the FCRA in accord with the instructions
in subparagraph (D)(vi) of this paragraph, it must include in the
mail-in opt out form the following statement: "Do not allow your affiliates
to use my personal information to market to me."
(iv) Nonaffiliate opt out. If the covered entity shares
personal information under §22.14(a)(1) - (4) of this title (relating
to Limits on Disclosure of Nonpublic Personal Financial Information
to Nonaffiliated Third Parties), it must include in the mail-in opt
out form the following statement: "Do not share my personal information
with nonaffiliates to market their products and services to me."
(v) Additional opt outs. Covered entities that use
the disclosure table to provide opt out options beyond those required
by federal law must provide those opt outs in this section of the
model form. A covered entity that chooses to offer an opt out for
its own marketing in the mail-in opt out form must include one of
the two following statements: "Do not share my personal information
to market to me." or "Do not use my personal information to market
to me." A covered entity that chooses to offer an opt out for joint
marketing must include the following statement: "Do not share my personal
information with other financial institutions to jointly market to
me."
(H) Barcodes. A covered entity may elect to include
a barcode, a tagline, or both as an internal identifier in 6-point
font at the bottom of page one, as needed for information internal
to the institution, so long as these do not interfere with the clarity
or text of the form.
(3) Page two instructions.
(A) General instructions for the questions. Certain
of the questions may be customized as follows:
(i) "Who is providing this notice?" A covered entity
may omit this question where only one covered entity provides the
model form and that covered entity's name clearly appears in the title
on page one. Two or more covered entities or financial institutions
that jointly provide the model form must use this question to identify
themselves as required by §22.13(g) of this title (relating to
Delivery). Where the list of covered entities or financial institutions
exceeds four lines, the covered entity must describe in the response
to this question the general types of covered entities or financial
institutions jointly providing the notice and must separately identify
those covered entities or financial institutions, in minimum 8-point
font, directly following the "Other important information" box, or,
if that box is not included in the covered entity's form, directly
following the "Definitions." The list may appear in a multi-column
format.
(ii) "How does (name of covered entity) protect my
personal information?" The covered entity may only provide additional
information about its safeguarding practices following the designated
response to this question. This may include information about the
covered entity's use of "cookies" or other measures it uses to safeguard
personal information. Covered entities are limited to a maximum of
30 additional words.
(iii) "How does (name of covered entity) collect my
personal information?" Covered entities must use at least five of
the following terms to complete the bulleted list for this question:
open an account, deposit money, pay your bills, apply for a loan,
use your credit or debit card, seek financial or tax advice, apply
for insurance, pay insurance premiums, file an insurance claim, seek
advice about your investments, buy securities from us, sell securities
to us, direct us to buy securities, direct us to sell your securities,
make deposits or withdrawals from your account, enter into an investment
advisory contract, give us your income information, provide employment
information, give us your employment history, tell us about your investment
or retirement portfolio, tell us about your investment or retirement
earnings, apply for financing, apply for a lease, provide account
information, give us your contact information, pay us by check, give
us your wage statements, provide your mortgage information, make a
wire transfer, tell us who Cont'd... |
