This California Privacy Rights Act Policy and Notice (collectively, this “Policy”) is for California Residents (“consumers” or “you”) only. This Policy describes the personal information that Beal Bank, Beal Service Corporation, Beal Bank USA, MGC Mortgage, Inc., CSG Investments, Inc., CLMG Corp., and Beal Nevada Service Corporation (collectively, “we,” “our,” or “us”) collects in the course of our business operations, your customer relationship with us, and/or through your job application and employment with us. This Policy explains how such information is collected, used, shared, and disclosed, describes rights provided by the California Privacy Rights Act of 2020 (California Civil Code § 1798 et seq.) (“CPRA”) to consumers regarding their personal information, and explains how consumers can exercise those rights.
We may collect, use, or share your Personal Information (California Civil Code § 1798.140(v)(1)), including Sensitive Personal Information (as defined in California Civil Code § 1798.140(ae)). We do not and will not sell personal information for monetary consideration. Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“personal information”). “Personal information” does not include: (1) publicly available information, such as information that is lawfully made available from federal, state, or local records, and (2) de-identified or aggregate consumer information.
With a limited exception, and as noted in other sections of this Policy, certain provisions of the CPRA do not apply to:
Certain personal information covered by or collected under industry-specific privacy laws including, but not limited to, the Health Insurance Portability and Accountability Act of 1996, the California Confidentiality of Medical Information Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
The CPRA requires us to disclose certain information regarding our collection, use, and sharing of personal information. The following table outlines the categories of personal information that we have collected about consumers in the last 12 months. For each category, if applicable, we have identified the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties and service providers with whom we share personal information.
Where you are a business and the Personal Information or Sensitive Personal Information relates to your directors, shareholders, beneficial owners, employees, agents, associates, or family members, it is not reasonably practicable for us to provide to them the information set out in this Policy. Accordingly, where appropriate, you are responsible for providing this information to any such person.
Business or commercial purposes are defined as follows:
We will retain your information as identified above, including personal and sensitive information, for each disclosed purpose for a period that is reasonably necessary and proportionate to the stated purpose or for such period as required by applicable law, regulation, or rule.
We retain personal information for as long as needed or permitted in light of the purposes for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
We may disclose your personal information to third parties in order to carry out specific business or commercial purposes. In the preceding 12 months, we have disclosed consumer personal information for business or commercial purposes to our service providers and the following categories of third parties:
In the last 12 months, we have disclosed the following categories of personal information (as described in more detail above) for a business or commercial purpose:
As described in more detail below, the CPRA provides you with certain rights regarding the collection, use, retention, and disclosure of your personal information.
You have the right to request that we provide you with certain information about the personal information we collect, use, or disclose about you, as well as the categories and specific pieces of information that we have collected about you in the 12 months before your submission of a verifiable consumer request. Specifically, you have the right to request the following information:
A household may request to know aggregate household personal information by submitting a verifiable consumer request. Also, if all consumers in a household jointly request access to specific pieces of information for the household, and we can individually verify all the members of the household, then we will comply with the request.
However, there is certain information that we will not disclose to you. This information includes but is not limited to your Social Security number, driver’s license number, or other government-issued identification number; financial account number; any health insurance or medical identification number; an account password; or security questions and answers. Also, we will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, your account with us, or the security of our systems or networks.
In certain circumstances, you have the right to limit our use of your Sensitive Personal Information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those good or services. This right is not absolute and we have the right to refuse requests, wholly or partly, where exceptions under applicable law apply.
We have not sold consumer personal information to third parties for a business or commercial purpose in the preceding 12 months. We do not and will not sell your personal information for monetary consideration. We do not offer an opt-out from the sale of personal information because we do not engage in the sale of personal information as contemplated by the CPRA.
We are a financial institution and do not sell the personal information of minors under 16 years of age.
You have the right to request that we correct any inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information.
In certain circumstances, you have the right to request that we delete any personal information that we have collected from you and maintained about you. We may need to retain some of your information to: complete a transaction, prevent or detect fraud, or comply with a legal obligation. While we may not delete your information, we will always use it for a lawful purpose that aligns with what you would expect given your relationship with us.
Once we receive and confirm your verifiable consumer request, if we determine that we must comply with a deletion request and delete your personal information from our records, we will also direct any service providers we work with to also delete your personal information from their records.
A household may request the deletion of aggregate household personal information by submitting a verifiable consumer request. If all consumers in a household jointly request deletion of household personal information, and we can individually verify all the members of the household, then we will comply with the request.
Please note that we may deny your deletion request for a number of different reasons, which are identified in the CPRA.
To exercise your Right to Know, Right to Delete, Right to Limit, or Right to Correct, please submit a verifiable consumer request to us by:
Whether you are a customer or not a customer, to submit a verifiable consumer request, you may be asked to:
Only you (or an authorized agent) may make a verifiable consumer request for your personal information or for deletion of your personal information. You may also make a verifiable consumer request on behalf of your minor child.
Please note that we are only required to respond to your request for access to your personal information twice within a 12-month period.
We will verify you as follows:
If we suspect fraudulent or malicious activity related to your request, we will not comply with your request until we perform further verification to determine whether your request is authentic and you are the person about whom we have collected the personal information.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by the CPRA.
Generally, if we are unable to verify your identity, we will inform you of this inability and explain why we were unable to do so.
Once we receive your verifiable consumer request, we will confirm our receipt of your request within 10 days and provide you with additional information about how we will process the request. Our goal is to respond to your request within 45 days of receiving the request, beginning on the day we receive the request. However, in the event that we need more time (up to 90 days) to respond to your request, we will provide you with notice and an explanation of the reasons that we will take more than 45 days to respond. For requests to know, any personal information we provide will cover the 12-month period preceding our receipt of your verifiable consumer request. If we are unable to comply with a given request, we will provide you with a response explaining why we have not taken action on your request and identifying any rights you may have to appeal the decision.
We will not charge you to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may designate an authorized agent to make a request on your behalf. If you would like to use an authorized agent, which is an individual or business registered with the Secretary of State that you have authorized to act on your behalf, to submit a request, you must provide the authorized agent with written permission to do so and verify your own identity directly with us. We may deny a request from an agent that does not submit proof that they are authorized to act on your behalf.
We will not discriminate against you for exercising any of your CPRA rights. For example, unless otherwise permitted by the CPRA, we will not:
If you have any questions regarding this Policy, the ways in which we collect, use, and disclose your personal information, or how to exercise your rights under the CPRA, please do not hesitate to contact us at:
Postal Address: 6000 Legacy Dr., Plano, Texas 75024
Attn: CPRA Information Request
Persons with disabilities who need assistance accessing this Policy may contact us as provided for above, and depending on your individual needs, we will grant reasonable requests to furnish this Policy in an alternative format.
We are required by law to update this Policy at least once each year. This Policy was last updated on December 31, 2022.
Do you have a question, want to know more about the type of information we have collected, or if you'd like to request that your information be deleted, please fill out the form below, click "Submit" and we will contact you promptly.
By accessing the noted link you will be leaving the CSG Investments, Inc. website and entering a website hosted by another party. CSG Investments, Inc. has not approved this as a reliable partner site. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of CSG Investments, Inc. website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of CSG Investments, Inc.