Privacy Policy - What Care Costs

ILLUMIFIN WEBSITE PRIVACY POLICY

Effective Date: May 1, 2023

1. Introduction

Purpose

illumifin Corporation. ("illumifin," "we," "our" or "us") is committed to controlling the collection, use and disclosure of your personal information and protecting your privacy online.

This "Privacy Policy" describes the types of information we may collect from you or that you may provide when you visit our websites, including this website (the "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information. If you are an employee, independent contractor or job applicant of illumifin, your information collected in those contexts will be subject to a separate privacy notice that we provide to you where and when appropriate.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it before using this Website and engaging illumifin for products and services. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using our Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of our Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

Scope; Applicability to You

We are a third-party administrator for long term care, life, health, annuity and other insurance products. As part of our services, our clients may share your information with us to perform support services including, but not limited to, policyholder support services, application processing, commission administration, provider databases, underwriting, policy administration, claims and care management, and cognitive and functional assessments. To facilitate these services, we also host web portals, on behalf of our clients to provide services related to long term care needs and the insurance products sold by your carrier. When we are collecting information from you on behalf of our clients, we will only collect, use, and otherwise process your information as directed by our clients, as set forth in our contractual agreements with such clients or as otherwise permitted by applicable law. Accordingly, this Privacy Policy does not apply to the extent we process your Personal Data (as defined below) in the role of a data processor on behalf of our clients.

To this end, if you register for an account or log in to an existing account on the Website, this Privacy Policy does not apply to any information you provide as part of the registration process or that you may provide upon or after logging in to your account, as we merely collect this information on behalf of our clients. For detailed privacy information related to our collection and use of your information on behalf of the illumifin client (the insurance carrier) who uses our products and services, please reach out to the insurance carrier directly. We are not responsible for the data security practices of our clients, which may differ from those set forth in this Privacy Policy. For more information, please also see Section 6 below.

In addition, if you are accessing the Website as a policyholder or a third-party provider performing care services for a claimant ("Provider"), this Privacy Policy may not apply to the information you submit on our Website to the extent these interactions are governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the Gramm-Leach-Bliley Act (GLBA).

In the event that illumifin is not acting as a data processor, and your Personal Data is not otherwise excluded as set forth above, the following information applies to how we, collect, use, and share your Personal Data.

2. Information We Collect About You and How We Collect It

Generally

We collect the following types of information from and about users of our Website ("Personal Data"), specifically:

information by which you may be personally identified, such as name and email address;
name, email address, phone number, address, password, username, payment and tax identification information, insurance information and other profile information for Providers during registration and communications with us;
information that is about you but individually does not identify you, such as traffic data, IP-based geolocation data, which may be used to locate the city and state that you are in when you access our network (but this information cannot be used to precisely locate you), logs, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, search query (keywords entered into a search engine), communication data and the resources that you access and use on the Website; and
information about your Internet connection, the equipment you use to access our Website and usage details.

We collect this information:

directly from you when you provide it to us; and
automatically as you navigate through the Website. Information collected automatically may include usage details, equipment you use and IP addresses, and information collected through cookies and other tracking technologies.

Information You Provide to Us

The information we collect on or through our Website is:

information that you provide by filling in forms on our Website and, if you’re a Provider, when you register for an account or create or modify your profile.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

details of your visits to our Website, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website, error information, clickstream data, search query (keywords entered into a search engine) and other communication data and the resources that you access and use on the Website; and
information about the equipment you use to access our Website, usage details and your Internet connection.

The information we collect automatically may include Personal Data. It helps us to improve our Website and to deliver a better and more personalized service to you. The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Website through your computer or mobile device. A cookie is a small file or piece of data sent to your computer or mobile device when you visit a website. When you visit the website again, the cookie allows the website to recognize your browser. Cookies may store unique identifiers, user preferences and other information. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. ("Google") to collect certain information relating to your use of the Website. Google Analytics uses cookies to help the Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting "How Google uses data when you use our partners' sites or apps," (located at www.google.com/policies/privacy/partners/). For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics.

No Information from Children Under the Age of 18

Our Website is not intended for children under 18 years of age. We do not knowingly collect or solicit Personal Data from children under 18. If you are under 18, do not use or provide any information on our Website including, but not limited to, your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 18, please contact us at compliance@illumifin.com.

3. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Data:

to fulfill or meet the reason you provided the information;
to provide, support, personalize, develop and improve our Website, products, and services;
to enable you to participate in the interactive features of our Website;
to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
to maintain, customize, and secure your account with us (such as to provide you with notices about your account);
to process your requests, purchases, transactions, and payments and/or to prevent transactional fraud;
to help maintain the safety, security, quality, and integrity of our Website, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality;
for testing, research, analysis, and product development and demonstration, including to develop and improve our Website, products, and services;
to perform services on behalf of a third-party;
to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of illumifin’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by illumifin about our Website users is among the assets transferred;
in any other way we may describe when you provide the information; and
as described to you when collecting your Personal Data or as otherwise permitted by applicable law.

4. Disclosure of Your Information

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy or any applicable state-specific addenda to this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

To affiliates, contractors, service providers, and other third parties we use to support our business;
to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by illumifin about our Website users are among the assets transferred;
to the insurance carrier who has ordered illumifin’s products or services;
to fulfill the purpose for which you provide it;
for any other purpose disclosed by us when you provide the information; and
with your consent.

We may also disclose your Personal Data:

to comply with (i) federal, state, or local laws, or to comply with a court order or subpoena to provide information; (ii) civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; and/or (iii) certain government agency requests for emergency access to your personal information if you are at risk or danger of death or serious physical injury;
to cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law;
to exercise or defend legal claims;
to engage in any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, dissolution or restructuring of (or similar transaction involving) all or part of our business;
to enforce or apply our Terms of Use and
if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of illumifin, our clients, or others.

If you have questions or concerns about the disclosure of your personal information, or if you believe your information has been improperly disclosed by illumifin, please contact us at the contact information below.

5. Choices About How We Use and Disclose Your Information

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

Tracking Technologies and Advertising. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. However, if you choose to refuse cookies you may be unable to access certain parts of our Websites. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative ("NAI") on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info).

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

SMS/Text Communications. By providing a mobile phone number to us, you consent to receive communications at that number via SMS, text message, or other electronic means from or on behalf of illumifin. For more information regarding our SMS communications, including how to opt-out of receiving these communications, see our Terms of Use.

We may share the mobile phone number you provided to us with service providers who support these services, but we will not share your mobile phone number with third parties for their own marketing purposes without your consent. Text messages are distributed via third party mobile network providers and, therefore, we cannot control certain factors relating to message delivery. Depending on the recipient’s mobile carrier, it may not be possible to transmit the text message to the recipient successfully; nor is content available on all carriers. We do not claim or guarantee availability or performance of this service, including liability for transmission delays or message failures.

6. Your Rights Regarding Your Information and Accessing and Correcting Your Information

You may notify us at the contact information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if we don’t maintain sufficient Personal Data to validate you.

As described above, we may also process Personal Data submitted by or for a client to our cloud products and services, including web portals. To this end, if not stated otherwise in this Privacy Policy, in any state-specific addendum to this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of our clients (and/or its affiliates) who is the responsible controller of the Personal Data concerned. We are not responsible for and have no control over the privacy and data security practices of our clients, which may differ from those set forth in this Privacy Policy. If your data has been submitted to us by or on behalf an illumifin client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly.

7. State-Specific Privacy Rights

The law in some states may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Policy.

Your California Rights

If you are a California resident, you have the additional rights described in the California Addendum

8. Security of Your Information

illumifin is committed to the security of your personal information and illumifin has policies and procedures in place to protect the privacy of your Personal Data. Personal Data shall be protected in a manner commensurate with its sensitivity and reasonable steps will be taken to secure it from accidental loss, and from unauthorized access, use, alteration and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

9. Do Not Track

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they "do not track" your online activities. However, there is no accepted standard for how a website or online service should respond to this signal and at this time, we do not take any action in response to such a signal.

10. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Website’s home page. If we make material changes to how we treat our users’ Personal Data, we will notify you by email, if applicable, to the email address specified, or through a notice on the Website’s home page. You are responsible for periodically visiting our Website and this Privacy Policy to check for any changes.

11. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may do so by emailing compliance@illumifin.com, or writing to us at:

illumifin Corporation
Attn: Privacy Officer
11000 Prairie Lakes Drive, Suite 600
Eden Prairie, MN 55344

ILLUMIFIN CALIFORNIA ADDENDUM TO PRIVACY POLICY

Effective Date: May 1, 2023

This Privacy Addendum for California Residents (the "California Addendum") supplements the information contained in illumifin Corporation’s ("illumifin," "we," "our," or "us") Privacy Policy above and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this California Addendum to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CPRA") and, unless defined in this California Addendum or the Privacy Policy, any terms defined in the CPRA have the same meaning when used in this California Addendum. If you are a California resident with disabilities and need to be provided with an accessible version of this California Addendum, please contact us at the information below.

Applicability

Generally, illumifin acts as a service provider or contractor (as defined by the CPRA and collectively referred to herein as "service provider") and assists insurance carriers by acting as a third-party administrator for long-term care, life, health, annuity, and other insurance products. As part of our services, our clients may share your information with us to perform administrative support services including, but not limited to, policyholder support services, application processing, commission administration, provider databases, underwriting, policy administration, claims and care management, and cognitive and functional assessments. To facilitate these services, we also host web portals, on behalf of our clients to provide services related to long term care needs and the insurance products sold by your carrier.

To this end, if not stated otherwise in this California Addendum, our Privacy Policy above, or in a separate disclosure, we process your CPRA Covered Personal Information (as defined below) in the role of a mere service provider on behalf of our clients (and/or its affiliates) who are the responsible business for your CPRA Covered Personal Information. When acting as a service provider, we will only collect, use, and otherwise process your CPRA Covered Personal Information as directed by our clients, as set forth in our contractual agreements with such clients and as otherwise permitted by the CPRA and applicable law. If your data has been submitted to us by or on behalf of our client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly (i.e., the insurance carrier).

For detailed privacy information related to our collection and use of your data on behalf of the illumifin client who uses our products and services, please reach out to the insurance carrier directly. We are not responsible for and have no control over the privacy and data security practices of our clients, which may differ from those set forth in our Privacy Policy and California Addendum.

Additionally, this California Addendum does not apply to employment-related CPRA Covered Personal Information collected from or about our California-based employees, job applicants, contractors, or similar individuals ("Personnel"). Please contact us at the contact information below or your local human resources department if you are part of our California Personnel and would like additional information about how we process your CPRA Covered Personal Information.

Further, this California Addendum does not apply to information or organizations excluded from the CPRA’s scope, including:

Medical information governed by the California Confidentiality of Medical Information Act (CMIA), protected health information collected by a covered entity or business associate governed by HIPAA, or a provider of health care governed by the CMIA or covered entity governed by HIPAA to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information under the CMIA or HIPAA, respectively;
Personal information collected, processed, sold, or disclosed subject to the federal GLBA and implementing regulations;
Publicly available information from government records;
Deidentified or aggregated consumer information; and
Other exclusions as set forth under applicable California law.

If you are accessing the Website as a policyholder or a Provider, this California Addendum may not apply to the information you submit on our Website to the extent these interactions are governed by HIPAA or the GLBA.

In the event that we are not acting as a service provider, and your CPRA Covered Personal Information is not otherwise excluded as set forth above, the following information applies to how we, collect, use, and share your CPRA Covered Personal Information.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("CPRA Covered Personal Information" or "personal information"). In particular, this website (the "Website"), has collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, online identifier, Internet Protocol address, email address, or other similar identifiers.	YES
B. Personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name or telephone number. *Note: Personal information included in this category may overlap with other categories.	YES
C. Internet or other electronic network activity information.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
D. Geolocation data.	Physical location or movements. We only collect IP-based geolocation data, which may be used to locate the city and state that you are in when you access our network. This information cannot be used to precisely locate you.	YES

We will not collect additional categories of CPRA Covered Personal Information without providing you notice. As further described in To Whom Do We Sell or Share Your Personal Information section of this California Addendum , we do not (i) "sell" any categories of CPRA Covered Personal Information for monetary or other valuable consideration, or (ii) "share" any categories of CPRA Covered Personal Information for cross-context behavioral advertising.

Sources of Personal Information

illumifin collects the categories of personal information listed above from the categories of sources described in our Privacy Policy

Use of Personal Information

We use all the above categories of personal information we collect for one or more of the business or commercial purposes described in our Privacy Policy

illumifin will not use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosures of Personal Information

Disclosures of Personal Information for a Business Purpose

In the past twelve (12) months, illumifin has disclosed identifiers and internet or other similar network activity to its affiliates, contractors, service providers, insurance carriers (who purchased our products or services), or other third parties we use to support our business for the following business purposes:

Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
Helping to ensure security and integrity of our products, services, and IT infrastructure to the extent the use of the personal information is reasonably necessary and proportionate for these purposes.
Debugging to identify and repair errors that impair existing intended functionality.
Performing services on behalf of us, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.
Undertaking internal research for technological development and demonstration.
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

In addition to the above, we may disclose any or all categories of personal information to any third party (including government entities and/or law enforcement entities) as necessary to:

comply with: (i) federal, state, or local laws, or to comply with a court order or subpoena to provide information; (ii) civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; and/or (iii) certain government agency requests for emergency access to your personal information if you are at risk or danger of death or serious physical injury;
cooperate with law enforcement agencies concerning conduct or activities that we (or one of our service providers’) believe may violate federal, state, or local law;
exercise or defend legal claims;
protect the rights, property, or safety of illumifin, or clients, or others;
enforce or apply our Terms of Use
engage in any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, dissolution or restructuring of (or similar transaction involving) all or part of our business;
otherwise fulfill the purpose for which you provide it.

Sales of Personal Information

illumifin does not sell consumers’ personal information and has not sold consumers’ personal information in the preceding twelve (12) months. We also have no actual knowledge that we sell the personal information of minors who reside in California and are under the age of 16 for monetary or other valuable consideration.

Sharing Personal Information

illumifin does not share consumers’ personal information and has not shared consumers’ personal information for the purpose of cross-context behavioral advertising in the preceding twelve (12) months. We also have no actual knowledge that we share the personal information of minors who reside in California and are under the age of 16 for such purpose.

Your Rights and Choices

The CPRA provides California residents with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights. You may exercise these rights yourself or through your Authorized Agent (as defined below). For more information on how you or your Authorized Agent can exercise your rights, please see Exercising Your CPRA Privacy Rights.

Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (a "Right to Know" Consumer Request). This includes: (a) the categories of personal information we have collected about you; (b) the categories of sources from which that personal information came from; (c) our purposes for collecting this personal information; (d) the categories of third parties with whom we have shared your personal information; and (e) if we have "sold" or "shared" or disclosed your personal information, a list of categories of third parties to whom we "sold" or "shared" your personal information, and a separate list of the categories of third parties to whom we disclosed your personal information to. You must specifically describe if you are making a Right to Know request or a Data Portability Request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request, you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a twelve (12) month period at no charge.
Access to Specific Pieces of Information. You also have the right to request that we provide you with a copy of the specific pieces of personal information that we have collected about you, including any personal information that we have created or otherwise received from a third-party about you (a "Data Portability" Consumer Request). If you make a Data Portability Consumer Request electronically, we will provide you with a copy of your personal information in a portable and, to the extent technically feasible, readily reusable format that allows you to transmit the personal information to another third-party. You must specifically describe if you are making a Right to Know request or a Data Portability request. If you would like to make both a Right to Know Consumer Request and a Data Portability Consumer Request, you must make both requests clear in your request. If it is not reasonably clear from your request, we will only process your request as a Right to Know request. We will not provide this information if the disclosure would create a substantial, articulable, and unreasonable risk to your personal information or the security of our systems or networks. We will also not disclose any personal information that may be subject to another exception under the CPRA. If we are unable to disclose certain pieces of your personal information, we will describe generally the types of personal information that we were unable to disclose and provide you a description of the reason we are unable to disclose it. You may make a Right to Know or a Data Portability Consumer Request a total of two (2) times within a twelve (12) month period at no charge.
Correction. You have the right to request that we correct any incorrect personal information about you to ensure that it is complete, accurate, and as current as possible. You may request that we correct the personal information we have about you as described below under Exercising Your CPRA Privacy Rights In some cases, we may require you to provide reasonable documentation to show that the personal information we have about you is incorrect and what the correct personal information may be. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect or if the personal information is subject to another exception under the CPRA.
Deletion. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your Consumer Request (see Exercising Your CPRA Privacy Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies pursuant to the CPRA. Some exceptions to your right to delete include, but are not limited to, if we are required to retain your personal information to complete the transaction or provide you the goods and services for which we collected the personal information or otherwise perform under our contract with you, to detect security incidents or protect against other malicious activities, and to comply with legal obligations. We may also retain your personal information for other internal and lawful uses that are compatible with the context in which we collected it.
Limiting Our Uses and Disclosures of SPI. You have the right to request that we limit our use and disclosure of your SPI to only those purposes specifically enumerated in the CPRA. Currently, we do not use or disclose your SPI for purposes other than those expressly permitted by the CPRA. Should this change in the future, we will update this California Addendum and provide you with methods to limit the use and disclosure of SPI.
Non-Discrimination. We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not do any of the following as a result of you exercising your CPRA rights: (a) deny you goods or services; (b) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your CPRA Rights

To exercise the rights described above, please submit a verifiable consumer request (a "Consumer Request") to us by either:

Calling: 877-431-5824
Emailing compliance@illumifin.com.
Mailing a request to: illumifin Corporation
Attn: Privacy Officer
11000 Prairie Lakes Drive, Suite 600
Eden Prairie, MN 55344

If you fail to make your Consumer Request in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above or provide you with information on how to submit the request or remedy any deficiencies with your request.

Only you, or someone that you have authorized to act on your behalf (an "Authorized Agent"), may make a Consumer Request related to your personal information. You may also make a Consumer Request on behalf of your minor child.

All Consumer Requests must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an Authorized Agent of such a person. This may include providing certain information about yourself (such as verifying your name, address, and/or telephone number).
Be described with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm which personal information relates to you or the individual for whom you are making the request as their Authorized Agent.

Making a Consumer Request does not require you to create an account with us. We will only use personal information provided in a Consumer Request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Retention of Personal Information

We retain all categories of personal information that we collect for the length of time required by applicable law or our record retention guidelines applicable to the type of personal information or category of record.

However, we may also retain any or all categories of personal information when your information is subject to one of the following exceptions:

When stored in our backup and disaster recovery systems. Your personal information will be deleted when the backup media your personal information is stored on expires or when our disaster recovery systems are updated.
When necessary for us to exercise or defend legal claims.
When necessary to comply with a legal obligation.
When necessary to help ensure the security and integrity of our websites and IT systems.

Your personal information will be deleted when we no longer require your personal information for any of the above purposes.

Changes to Our California Addendum

illumifin reserves the right to amend this California Addendum at our discretion and at any time. When we make changes to this California Addendum, we will post the updated California Addendum on the Website and update the California Addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this California Addendum, the ways in which illumifin collects and uses your information described below, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: 877-431-5824
Email: compliance@illumifin.com
Mailing Address : illumifin Corporation
Attn: Privacy Officer
11000 Prairie Lakes Drive, Suite 600
Eden Prairie, MN 55344