California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA)

Frequently Asked Questions

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a privacy law that applies to certain businesses that collect personal information of California residents. The Act also applies to certain parent companies and subsidiaries of those businesses, and to service providers that process personal information on behalf of those businesses and to whom the personal information is disclosed. The CCPA applies to TMS. It is effective beginning January 1, 2020.

Who is covered under the CCPA?

The CCPA gives certain rights to “consumers.” Under the Act, a consumer is a natural person who is a California resident. That includes every individual who is in California for other than a temporary or transitory purpose, and every individual who is domiciled in California who is outside the State for a temporary or transitory purpose. All other individuals are nonresidents.

For TMS purposes, any borrower, applicant, or consumer who otherwise transacts with TMS, who resides in the state of California or has a property address in the state of California is considered covered by the CCPA.

What rights does a California consumer have under the CCPA?

California consumers have the right to request that a business that collects a consumer’s personal information disclose to that consumer the categories and specific pieces of personal information the business has collected.

California consumers also have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer, subject to certain exceptions.

California consumers have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to the consumer: (1) the categories of personal information that the business collected about the consumer, (2) the categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, and (3) the categories of personal information that the business disclosed about the consumer for a business purpose. If a business sells the consumer’s personal information to third parties, the consumer has the right to direct the business not to sell the consumer’s personal information.

California consumers also have the right to equal service and price, regardless of whether they exercise their rights under the CCPA. A business may not discriminate against a consumer because the consumer exercises any of its rights under the CCPA.

What is considered personal information under the CCPA?

Personal information includes, but is not limited to, the following:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric information.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information.
  • Education information.
  • Inferences drawn from any personal information to create a profile about a consumer.

Personal information does not include publicly available information.

What information can I request from TMS?

If you’re a California consumer, you have the right to request that TMS disclose the following for the previous 12-month period:

  • The categories of personal information TMS has collected about you.
  • The categories of sources from which the personal information is collected.
  • The business or commercial purpose for collecting or selling personal information.
  • The categories of third parties with whom TMS shares personal information.
  • The specific pieces of personal information TMS has collected about you.
  • The categories of personal information that TMS sold about you, if any, and the categories of third parties to whom the personal information was sold, if any.
  • The categories of personal information that TMS disclosed about you for a business purpose.

Most of this information can be found on our Privacy Policy webpage, which includes a link to both our Federal Privacy Notice and our California Important Privacy Choices for Consumers Notice.

Do I have the right to request deletion of my information?

Yes, if you are a California consumer you are free to request TMS delete your personal information, but we may not be required to. Read on below to understand why.

Under the CCPA, a business that receives a verifiable request from a consumer to delete the consumer’s personal information must delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.

However, the business or service provider are not required to comply a deletion request if one of the following exceptions applies:

  • The information is necessary to complete the transaction for which it was collected, provide a good or service requested by the consumer, or is reasonably anticipated to be required within the ongoing business relationship with the consumer.
  • The information is necessary to detect security incidents or fraud.
  • The information is necessary to identify and repair errors that impair existing intended functionality.
  • The information is necessary to exercise free speech or ensure another’s exercise of free speech.
  • The information is necessary to conduct research in the public interest.
  • The information is necessary to comply with legal obligations.
  • The information is necessary to enable internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.

It’s also important to know that the CCPA doesn’t apply to personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act and its implementing regulations, to the extent it conflicts with that law. If TMS has collected your personal information as part of a mortgage transaction, the majority of the personal information collected has been collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act.

If TMS has collected your personal information as part of a mortgage transaction, it is also likely subject to retention for legal obligations, including Home Mortgage Disclosure Act (HMDA) reporting and federal and state record retention obligations under the Real Estate Settlement Procedures Act (RESPA), the Truth in Lending Act (TILA) and other state specific laws and regulations. If TMS is your loan servicer, we also likely require the retention of your personal information in order to continue servicing your loan under federal, state, and agency/investor requirements.

How do I make a verifiable consumer request?

First, before TMS is required to provide any information to you, we must receive a verifiable consumer request. This will help us determine that you are who you say you are before we release any potential personal information to you, and will also help us determine if you are covered under the CCPA.

To make a verifiable request, you may:

  • Call our Customer Care Center at 1-866-867-0330. Our menu will prompt you through your choices.
  • Write to us at: The Money Source Inc. ATTN: Customer Care CCPA Request 500 South Broad Street, Suite 100A, Meriden, CT 06450
  • Or Click here to submit an electronic request
What must I include in my request?

In order to process your request, you’ll need to provide sufficient information to us so that we may verify your identity. This may include your full name, date of birth, property address, last four digits of your social security number, email address, IP address, or other unique identifying information. We will not be able to process your request until we are able to authenticate you.

We’ll also need you to tell us exactly which rights under the CCPA you would like to exercise – 1. Tell us what information or categories of information you’re requesting and 2. Tell us if you’re requesting that we delete any of your data.

Finally, we’ll need you to tell us how to contact you, and how you would like to receive a response back (by encrypted email or by U.S. mail).

Note: If you make a request for TMS to delete your data, you may be required to separately confirm that you want your personal information deleted before your request will be processed.

What happens after I submit a request?

After we receive your request and verify your identity, we will deliver the requested information in writing within 45 days. If necessary, TMS can extend this timeframe for an additional 45 days, provided we give you notice within the first 45-days. Based on our rock solid service, we don’t anticipate this will happen, except in extenuating circumstances. The information we provide will cover the 12-month period preceding our receipt of your request.

Note: TMS is not required to provide personal information to a consumer more than twice in a 12-month period.

Do Not Sell My Personal Information. What is this and what does it mean?

Under the CCPA, a California consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right is referred to as the right to opt out. TMS may sell limited information about its consumers, including basic contact information, date of birth, residence purpose and type, loan balance and monthly mortgage payment, and insurance policy details, where allowable. This is disclosed in our Federal Privacy Notice, which we sent you at the beginning of our relationship, and which we continue to send you annually. If you’d like to reference it, a copy is always available on our Privacy Policy website here.

If you’d like to opt out, you may do so by:

To ensure you are fully opted out of any potential sale of information, you’ll want to opt out of both the “For joint marketing with other financial companies” and the “For non-affiliates to market to you” categories.

CCPA Electronic Request Form

*Required field