No disclosures will be made that violate your rights under the Fair Debt Collection Practices Act
Date of last revision: March 9, 2020
Welcome to the FMS portal
1. FMS's Commitment to Your Privacy
Please note: The laws and regulations in different countries impose different (and even conflicting) requirements on the Internet and data protection. FMS is located in the United States and the services we provide through the Sites are intended for U.S. users only. All matters relating to the Sites are governed by the laws of the State of Maryland in the U.S., without reference to its conflicts of law rules that would result in the application of the laws of another jurisdiction. Please note that any information you provide will be transferred to the U.S., and by using a Site or providing FMS your Personal Information, you expressly consent to, and authorize, this transfer.
2. Collection, Use, and Disclosure of Your Personal Information
FMS will not sell or rent your Personal Information. FMS and Service Providers may use and disclose your Personal Information only as follows:
to analyze Site usage and improve the Sites and the Services;
to deliver to you any administrative notices, alerts, and communications relevant to your use of the Services;
to fulfill your requests for Services and provide you with support;
for market research and project planning;
to troubleshoot problems and detect and protect against error, fraud, or other criminal activity;
to third-party contractors that provide services to FMS who are bound by these same privacy restrictions;
to investigate, prevent, defend against, or take other action regarding violations of the TOU, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or security of FMS’s network or the Services;
when required by any applicable laws, rule, regulation, subpoena, or other legal processes; and
In the event that you access the Services as brought to you by one of our co-brand partners, through a co-branded URL, your email address used for registration on the Services may be provided to that co-brand partner.
Employees and agents of FMS or Service Providers for FMS may have access to your Personal Information. All FMS and Service Provider employees and agents who may have access to your Personal Information are bound by the security policies and practices described herein and are bound by confidentiality obligations to FMS.
FMS may also share your Personal Information with creditors who have placed accounts with FMS, credit bureaus if applicable, and third-party vendors or Service Providers we use to send email messages on our behalf or to host and/or operate a particular feature or functionality of the Services, such as to notify you of account registration, password changes, profile updates, or loan status changes. Additionally, FMS may share your Personal Information with Service Providers that we use to offer you support via telephone or webchat. All third party vendors or Service Providers are bound by confidentiality obligations that require the protection of your Personal Information.
When you visit a Site, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on the Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve the application or web design and functionality.
When you use the mobile versions of a Site, we may collect the unique device identifier assigned to your mobile device by phone makers, carriers, or makers of the operating system (the “Device ID”). Device IDs allow app developers, advertisers, and others to uniquely identify your device for purposes of storing application preferences and other data. We may use your Device ID for security purposes.
3. Registration for the Sites
You are required to register on the designated Site to use certain features of the Services. To register, you must provide your email address, account number, and certain Personal Information (collectively the “Registration Information”) via the Site. Certain functions of the Services, such as retrieval of Account Information (as defined in the TOU), require your username, passwords, and other account credentials (“Account Credentials”) in order for us to access and retrieve Account Information from third party loan providers, services, and other Data Providers (as defined in the TOU) on your behalf. Certain versions of the Sites may require that you first sign up on the web version of the Site before you can use the other version of the Sites.
From time to time we may request other Personal Information to provide you with other benefits of the Services. In all such instances, you are not required to provide such Personal Information and you may decline to participate in the Services.
4. Information Uploaded to a Site
In addition to the types of information we collect from you disclosed herein, you may be allowed to upload personal documents and other information to a Site. The documents and other information that you upload may include Personal Information. We are not responsible for the information you choose to upload to a Site. Please see our applicable TOU on this point and for other guidelines about uploading content to the Sites.
5. Collection of Social Security Numbers
In connection with accessing Account Information from third party Data Providers, you are required to provide your social security number (“SSN”) to validate your identity with such Data Providers’ sites and only to the extent required by such third party Data Provider. If you do provide your SSN where required to access and retrieve Account Information from a Data Provider, FMS will use it only as necessary to access Account Information from such Data Provider on your behalf, in connection with the Account Credentials or other authorization you provide to us.
6. FMS Disclosure of Non-Identifiable Personal Information
FMS may make anonymous or aggregate disclosure of your Non-Identifiable Information (information that does not identify you individually) relating to your access or use of the Sites and Services to third parties for informational, troubleshooting, and security purposes.
8. Changes to Your Registration Information
If your Personal Information changes you may update your profile by making the change on your Profile page.
9. Third-Party Service Providers
We use this information to improve the quality of the Site Offers and customized content on the Sites.
Additionally, the Sites may contain links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices, as FMS has no control over information that is submitted to, or collected by, these third parties.
FMS DOES NOT CONTROL AND IS NOT RESPONSIBLE FOR WHAT THIRD PARTIES DO IN CONNECTION WITH THEIR SITES OR HOW THEY HANDLE YOUR PERSONAL INFORMATION. PLEASE EXERCISE CAUTION AND CONSULT THE PRIVACY POLICIES POSTED ON EACH THIRD-PARTY SITE FOR FURTHER INFORMATION
The features, programs, promotions, and other aspects of the Sites requiring the submission of Personal Information are not intended for anyone under 13 years of age. We do not knowingly collect personally identifiable information from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us, please contact us at 877-291-8405.
11. You can Deactivate Your Account
If you wish to deactivate your account, please follow the applicable instructions in the TOU. When you request us to deactivate your account, we will promptly disconnect any connection we had established to third party Data Providers using your Account Credentials and we will use commercially reasonable efforts to remove from our servers any data you provided to us or that we collected on your behalf using your Account Credentials. To the extent that we have received data about you from other sources (e.g., your college, university, or other institution at which you are enrolled and/or currently attending or have attended in the past), we reserve the right to retain such data except as otherwise agreed with such other source. Despite the removal of any of the data you provided to us or that we collected on your behalf, portions of such data may remain on our production and back-up servers indefinitely. We keep these backups to ensure our continued ability to provide the Services to you in the event of malfunction or damage to our primary production servers. We also reserve the right to retain and use any aggregated or anonymous data derived from or incorporating your Personal Information, but we will not use such data in any way that identifies you personally.
12. Email Communication From Us
From time to time, we may send you emails in connection with certain features of your account(s), such as reminders of the due dates of loan payments. We may also allow users to subscribe to email newsletters and from time to time may transmit emails promoting the Sites or third-party goods or services.
Users have the ability to opt-out of receiving our promotional emails and to terminate their newsletter subscriptions by following the instructions in the emails. Opting out in this manner will not end transmission of service-related emails, such as email alerts.
When FMS or one of its Service Providers collects Personal Information directly from you, we follow generally accepted industry standards to protect the submitted Personal Information. All personally identifiable and confidential information is segregated from other information and appropriate protection mechanisms are in place based on the criticality of the information being protected. The only information that is stored is that which is needed to retrieve initial student loan information and subsequent student loan updates. All Personal Information is encrypted using a minimum of AES-256 encryption while in storage, in transit, and at rest. Multi-level encryption is used to this end. FMS takes every precaution possible and conducts consistent and regular security assessments, penetration tests, and vulnerability scans to ensure the safety and security of your Personal Information at all times.
FMS uses a combination of firewall barriers, encryption techniques, and authentication procedures, among others, to maintain the security of your online session and to protect Site accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure. If you have any questions about security on the Sites, you can contact FMS at firstname.lastname@example.org.
14. Our Service Ensures Secure Communications with Encryption
From the time you submit your email address and password to log in to a Site, communications between your computer and the Site are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
1. Information We Collect About You
We may collect and use personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked, with a consumer, device, or household (“personal information”).
Personal Information does not include:
Publicly available information from government records.
Deidentified or aggregated consumer information.
Information excluded from the CCPA’s scope, such as (but not limited to) information governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the California Confidentiality of Medical Information Act (“CMIA”), the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994 (“DPPA”).
We regularly collect (and have collected in the past 12 months) several types of personal information about individuals offline regarding accounts we service, including: name, DOB, address, gender, account number, payment and other financial information, email address, insurance information, SSN, employment information, telephone number, IP address, military or veteran status, audio information, educational information, username, publicly available information, and information collected or shared pursuant to HIPAA, FIPA, GLBA, FCRA, DPPA, and/or other applicable privacy laws. We also may collect additional categories of personal information users provide directly to us or our service providers.
2. How Your Personal Information is Collected
We collect most of this personal information from our creditor clients or from you or your authorized representative by telephone or written communications. However, we may also collect information:
From publicly accessible sources (e.g., property or other government records);
From our service providers (e.g., call analytics, information source, skip-tracing, payment processing, mailing, and other vendors)
3. Why We Use or Disclose Your Personal Information
We regularly use or disclose personal information for one or more of the following business purposes:
Fulfill the reason you provided the information. For example, if you share your personal information to make a payment, we will use that information to process your payment.
Perform services on behalf of a business or service provider, including maintaining or servicing accounts, providing customer service, processing transactions, verifying customer information, processing payments, providing analytic services, or providing similar services on behalf of the business or service provider
Provide you with information or services that you request from us
Auditing related to consumer interactions
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Debugging to identify and repair errors that impair existing intended functionality
Short-term, transient use, where the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction
Undertaking activities to verify or maintain the quality of a service or device that is owned, made by or for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, made by or for, or controlled by us
Respond to law enforcement requests and as required by applicable law or court order
As appropriate to protect the rights, property, or safety of us, our clients, or others
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different purposes without providing you notice.
We regularly disclose (and have disclosed in the past 12 months) several types of personal information about individuals for one or more business purposes, including: name, DOB, address, gender, account number, previous payment and other financial information, email address, insurance information, SSN, employment information, educational information, telephone number, IP address, military or veteran status, audio information, username, and information collected or shared pursuant to HIPAA, FIPA, GLBA, FCRA, DPPA, and/or other applicable privacy laws.
We do not sell your personal information and have not sold your personal information over the last 12 months under the CCPA.
4. Verifiable Consumer Requests for Information
Upon verification of identity, California residents may in some cases request that a business:
Disclose the categories of personal information the business collected about the consumer;
Disclose the categories of sources from which the personal information is collected
Disclose the categories of personal information that the business sold about the consumer;
Disclose the categories of personal information that the business disclosed about the consumer for a business purpose;
Disclose the categories of third parties with whom the business shares personal information
Disclose specific pieces of personal information the business has collected about the consumer
Disclose any financial incentives offered by the business for collection, sale, or deletion of personal information
A business may charge a different price or rate, or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to you by your personal information.
For applicable personal information access and portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Please note that we are not required to:
Carry out information access requests we receive from you if acting as a service provider to another entity regarding such information
Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information;
Provide the requested information disclosure to you more than twice in a 12-month period.
Provide the requested information disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf; or
Provide the requested information disclosure if a CCPA or applicable exception applies.
5. Right to Request Deletion of Personal Information
Upon verification of identity, California residents may in some cases request that we delete personal information about you that we collected from you and retained, subject to certain exceptions.
We may deny your deletion request if we are acting in the role of a service provider to another business regarding the applicable personal information. If we deny your request on that basis, we will generally refer you to the relevant business.
In addition, we may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent.
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with a legal obligation.
Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information; or
If another CCPA or applicable exception applies.
California residents may obtain more information about verifiable requests pursuant to the CCPA by contacting us at [emailing us/completing a webform at [link]/calling us at toll-free number, etc.].
6. Verifying Your Identity If You Submit CCPA Requests
If you choose to contact us directly via the designated methods described above to exercise your CCPA rights, you will need to:
Provide enough information to reasonably identify you [(e.g., your full name, account number if applicable, and potentially other identifying information]; and
Describe your request with sufficient detail to allow us to properly process and respond to your request.
We are not obligated to make an information disclosure or carry out a deletion request pursuant to the CCPA if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any personal information we collect from you in order to verify your identity in connection with your CCPA request will be used solely for the purposes of verification.
17. Contact Us if You Have Any Questions or Concerns
Our postal address is:
FMS Investment Corp
1100 W. Lake Cook Rd.
Buffalo Grove, IL 60089
We can be reached via email at: email@example.com
You can reach us by telephone at: 1-800-605-9817
During the following hours:
Monday-Thursday: 8am – 9pm (Central time)
Friday: 8am – 5pm (Central time)