PRIVACY POLICY

Complete ID Privacy Policy

CSIdentity Corporation (d/b/a Complete ID), a Delaware corporation (“CSID,” “we,” “us” and “our”) respects individual privacy and values the confidence of our subscribers. This Privacy Policy sets out the privacy principles that we follow with respect to processing personal information in the course of providing our products and services. We will only collect, use and disclose personal information in a manner consistent with the laws of the countries in which we operate, for example, both relevant Federal and State laws in the U.S. By using this website, you consent to the data practices described in this Privacy Policy.

Notice to California Residents – Your California Privacy Rights

1. INTRODUCTION

This Privacy Policy applies to all personal data provided to CSID from Complete ID subscribers who are Costco members applying to use our services.

CSID combines multiple layers of protection and goes beyond basic credit monitoring for 360 degrees of identity defense. We offer comprehensive protection that reviews your credit and non-credit identity records in order to protect your identity. Protecting our subscriber’s privacy is at the forefront of CSID.

If you are visiting our site from a country in the European Union (EU) please also refer to the section relating to this below.

2. WHAT INFORMATION DO WE COLLECT AND WHY?

We may collect personal information from which you can be identified, such as your name, date of birth, postal and e-mail address, phone number, national identifier or social security number (as applicable) and credit card details.

We will use this data to access and monitor various data sets that you request us to monitor as part of your identity protection service and for the prevention and detection of fraud. When you close your account, we may continue to share information about you according to our legal and regulatory requirements.

We will use the information you provide us solely for the purpose of providing you with the products and services you have requested and for administering our relationship with you, internal business purposes, our product or service development and/or statistical analysis, except as specifically noted below in Section 3 and Section 7.

In some instances, we may ask information from you about others (such as your child’s information). We will only use that information for the specific reason for which it was provided to us.

3. DO WE DISCLOSE OR SHARE YOUR PERSONAL INFORMATION?

We will share your personal information with third parties only in the ways that are described in this Privacy Policy. Except as specifically noted below and in Section 7, we do not sell your personal information to, or share such personal information with, third parties for their promotional use or for their marketing purposes.However, we will share certain information about you (such as first name, last name, email address and Costco membership number) with Costco, who may use this information for Costco’s marketing purposes. By using the services, you consent to the sharing of this information with Costco, its marketing partners and service providers, for Costco’s marketing purposes. Please refer to Costco’s privacy statement (costco.com/privacy-policy.html) for more information on Costco’s marketing practices.

In order for us to provide you with our identity protection service and for the prevention and detection of fraud, we will share your personal information with third parties who perform services on our behalf. Depending on the service you have requested, we may share your name, e-mail address, national identifier or social security number (as applicable), income, account balances, payment history and credit history with credit bureaus. We will also share your billing information with a credit card processing company in order to bill you for goods and services. These companies are authorized to use your personal information only as necessary to provide these services to us.

As may be required by law, we may also disclose your personal information, for example to comply with a subpoena, or similar legal process, when we believe in good faith that the disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In addition, in the event of a merger, acquisition, or any form of sale of some or all of our assets to a third party, we may also disclose your personal information to the third parties concerned or their professional advisors. In the event of such a transaction, the personal information held by CSID will be among the assets transferred to the buyer.

YOUR CALIFORNIA PRIVACY RIGHTS

Under California Civil Code Section 1798.83 (known as the “Shine the Light” law), Complete ID subscribers who are California residents may request certain information about our disclosure of personal information to third parties during the prior calendar year for their direct marketing purposes. To make such a request, please write to us at the following address:

CSIdentity Corporation d/b/a Complete ID

Attn: Legal Department

1501 S. Mopac Exp., Suite 200

Austin, TX 78746

Alternatively, you may send us an email at privacy@csid.com.

4. IS YOUR INFORMATION SECURE?

We have appropriate physical, technical and organizational measures in place to protect your data when held by CSID that comply with relevant legal and best practice requirements. When you enter sensitive information (such as a credit card, social security number or login credentials) as part of the enrollment process, we encrypt the transmission of that information using secure socket layer technology (SSL).

When you submit information to CSID through our website, you should be aware that your information is transmitted across the Internet and that no method of transmission over the Internet is 100% secure. Although we take reasonable security measures to protect your information when we receive it, you also need to ensure you take appropriate steps to protect your information.

We will obtain assurances from any agents we may use to help provide this service that they will safeguard personal information consistently with this Privacy Policy, which assurance will require the agent to provide the same level of protection as is required by the Privacy Shield Principles.

5. WILL WE SEND YOU OFFERS OF OTHER CSID PRODUCTS AND SERVICES?

Our range of identity protection products and services is constantly evolving to match the increasingly sophisticated market in which we operate. We will not send you details of other CSID products or services or those of any reputable third parties without your prior consent and you can change your mind at any time by contacting us. If you no longer wish to receive our promotional communications, you may opt-out of receiving them by following the instructions included in each communication or by e-mailing us at the e-mail address provided below or by contacting us through one of the methods listed below.

6. ARE YOU VISITING OUR WEBSITE FROM A COUNTRY IN THE EUROPEAN UNION (E.U.)?

CSID, based in the United States, maintains servers in both the United States and the United Kingdom.If you are visiting our website from outside the United States, your personal information, in some rare instances, may be transferred to, stored, and/or processed in the United States.If your personal information enters our servers in the United States, CSID will protect your data in accordance with the E.U.-U.S. Privacy Shield Framework outlined below.

CSID participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.CSID is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.

CSID is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.CSID complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, CSID is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.In certain situations, CSID may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Upon request CSID will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information.To request this information please contact us at privacy@csid.com.

You may access, correct, or request deletion of your personal information by logging in to your account, contacting us at privacy@csid.com. We will respond to these requests within a reasonable timeframe.

We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal, compliance and audit obligations, resolve disputes and enforce our agreements.

CSID’s privacy principles outlined below are based on the Privacy Shield Framework. Rest assured that your personal information experiences the same level of data protection that you enjoy in the E.U.

NOTICE, CHOICE AND DATA INTEGRITY – relevance, retention and accuracy

At the time we collect your personal data we will state clearly the purposes for which your data will be required and any third parties to whom it may be disclosed. If we ever decide to send you communications regarding other CSID products and services that you do not currently receive, we will only send you such information after acquiring your consent.

We will use the information you supply us for the purposes of providing you with the services you have requested and for administering our relationship with you, internal business purposes, statistical analysis, and as described in Sections 3 and 7.

We will take reasonable steps to ensure that all personal information is relevant to its intended use; accurate; complete; and current.

We will use your personal information for your identity protection services. Specifically, we monitor your submitted data and provide you with notifications of potential compromised data.When you deactivate your account, we may continue to share information about you according to our legal and regulatory requirements.

We will keep your personal information only as long as needed for the purposes for which we collected it, or as necessary to comply with our compliance requirements, legal obligations, resolve disputes, and enforce our agreements.

ACCESS AND CORRECTION

If your personal information changes, you may correct, update, or amend it by making the change on your subscriber profile page.

If you no longer desire to use our services, you may deactivate your account by contacting us.

You may request a copy of the information we hold about you in writing so you can correct or amend information that may be inaccurate or incomplete. In addition, we will ask you to provide sufficient evidence of your identity for your own protection so we can ensure that information is being released to the correct person. We will respond to your request within 30 days.

To request the deletion of your information, please contact us through one of the methods listed below. In some cases, our business requirements and legal obligations may prevent us from being able to delete your information.

DATA SHARING AND INTERNATIONAL TRANSFERS

Except as described in this Privacy Policy, we will not share your personal information with third parties without your consent.

If we transfer your personal information to another country, we will take appropriate measures to protect your privacy and the personal information we transfer.

ENFORCEMENT

We will verify adherence to this Privacy Policy via in-house and third party compliance audits. In addition, if necessary, we will cooperate with an independent third party as a means of providing you with a mechanism by which any complaints and disputes can be investigated and satisfactorily remedied.

7. HOW DO WE USE COOKIES?

We, and the third parties we engage to perform analytics services, automatically collect certain general information when you access our website, via Cookies, Log Files, Web Beacons, Flash LSOs and other tracking technologies (the “Tracking Technologies”). We and the third parties we engage use these Tracking Technologies to administer and improve our website and the content on it, including to track user movements around the website, to gather usage information and statistics about how our website is used, to permit users to log in or enroll in our services, to store user preferences, and to customize content.

We may combine the information we have automatically collected from you with other information we collect about you. We do this to improve website functionality and services we offer you, for analytics purposes, and to develop new products and services. The following are some examples of information we may collect:

- CSID Website pages you view

- Emails that you open or forward

- Links you click on

- Forms you complete

In connection with the website, for example during the enrollment process or upon log into the website portal, information about your computer, such as the device ID and other accompanying technical attributes and characteristics, may be accessed, retained and used by us or our service providers to analyze trends, track users’ movements on the website, and to gather demographic information about the user base as a whole. If you access our website through a mobile device, we also may collect information about your device, such as the device ID or another identifier as permitted by the manufacturer.

CSID and our clients have access to reports produced by these service providers that contain anonymized trends and statistics about website usage on CSID’s proprietary platforms. However, neither CSID nor any other third parties are able to tie any of the anonymized analytics data to your personal information. CSID may use cookies to determine whether you are already a member of the identity theft protection program and may share this information with Costco, its marketing partners and/or service providers so that Costco and/or its marketing partners and service providers can provide you with relevant information about other Costco products and services.The use of cookies by our partners and the third parties we engage to perform analytics services is not covered by our Privacy Policy.

We, and the third parties we engage to perform analytics services, use both session ID cookies and persistent cookies. Specifically, we use session-based cookies to store language and other country specific preferences such as support contact information. CSID may also utilize cookies to track internal metrics of site usage. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our site. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.

Third parties with whom we partner to provide certain features on our website also use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.

WHICH INTERNET ADVERTISING PROGRAMS WE ENGAGE

We use third-party marketing partners and service providers to serve advertisements (banners or links) on our behalf across the Internet. These advertising marketing partners and service providers collect non-personally identifiable information about your visits to our website, and your interactions with our products and services. Such non-personally identifiable information does not include your name, address, email address or other personal information. The information is collected through the use of cookies and pixel tags (also known as action tags), which is industry-standard technology used by most major websites. In addition to the information about your visits to this website, our marketing partners and service providers also use the information about your visits to other websites to target advertisements for this website.

We use third party-placed tracking pixels and cookies from Google. You may manage your advertising preferences by visiting Google’s Ads Settings.

As a participating company in the Digital Advertising Alliance (DAA), Experian (which includes CSID, a wholly-owned subsidiary of Experian Holdings, Inc.) may share anonymous or de-identified information with other companies for the purposes of delivering targeted advertising. The DAA has developed an opt-out tool with the express purpose of allowing consumers to "opt-out" of the targeted advertising delivered by participating companies. You may visit the DAA opt-out page and opt-out of this cookie tracking if you do not wish to receive targeted advertising. To learn more about this practice, you can visit: http://www.aboutads.info/choices/ or click on the “Ad Choices” link at the bottom of our home page.

8. LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

9. SOCIAL MEDIA WIDGETS

Our Website: www.csid.com includes Social Media Features, such as the Facebook and Twitter buttons or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing them.

10. AMENDMENTS

In the future, we may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will update you by means of a notice on this Site prior to the changes taking effect. We encourage you to periodically review this page for the latest information on our privacy practices and this Privacy Policy.

11. CONTACT

If you have questions, comments, and/or complaints regarding CSID’s Privacy Policy or how we collect, transmit, and process data please contact us by:

PHONE

855.890.CSID (2743)

E-MAIL

privacy@csid.com

MAIL

CSIdentity Corporation d/b/a Complete ID

Attn: Legal Department

1501 S. Mopac Exp., Suite 200

Austin, TX 78746

Effective Date: January 8, 2018