Updated: February 7, 2023
1. Who We Are
Project Midas, Inc., d/b/a “Orum” (hereafter, “Company,” “we,” “us,” and/or “our”) is a company based in New York, U.S.A., that acts as a technology service provider for banks and non-bank financial institutions.
In our capacity as a service provider to financial institutions, we process a variety of forms of data. We do not use this data for any uses other than those for which it has been provided to us to perform, and we do not sell this data to any third parties. Instead, the uses of this data are set out by the financial institutions that provide the data to us for processing.
5. Personal Information We Collect
The following is a description of: (i) the categories of Personal Information we may have collected in the preceding 12 months; (ii) the sources from which we may have collected it; and (iii) the business purposes for which we may have collected it. We do not knowingly solicit, collect, or receive information from or about minors under the age of 18 or from persons residing outside of the U.S.A., through the Site or otherwise.
6. Information You Provide Directly.
The Personal Information we may collect directly from you from these sources includes your:
- First and last name
- E-mail Address
- Physical Address/Mailing Address
- Home Phone Number
- Cell Phone Number
If you contact or correspond with us by phone or email, we may keep a record of your contact information and correspondence, and we reserve the right to use your contact information, and any other information that you provide to us in your message, to respond thereto. If you wish to change or correct any information you have voluntarily submitted to us, please do so by contacting us at the email address listed in Section I.
7. Information From Third Parties Acting On Your Behalf.
The Company may receive and maintain Personal Information (e.g., name, address, email address, telephone number, date of birth, social security number, account information, financial information, attorney information, court records, etc.) contained in communications with someone other than you, such as your spouse, power of attorney, attorney, or other authorized representative, in connection with the servicing or management of your account.
8. Information Provided To Us By Others.
Orum acts as a Service Provider for various financial institutions, such as national banks and non-bank financial institutions (“Clients”). In its role as a Service Provider, the Company receives Personal Information regarding customers of the Company’s Clients. The Personal Information received by Orum may include:
- customer information, including User ID, IP address, mobile device identifier, and type of browser;
- customer account information, including account ID, account number, account type, balance history, transaction history, and transfer history;
- user information, including IP address, mobile device identifier, date/time of login, and type of browser;
- information regarding account transfers, including transfer balance, date/time of transfer, status of transfer, transfer ID, transfer method, direction of money movement, days funds were held, and NACHA code if transfer was returned;
- information regarding recipient information, including external financial institution ID, type of account, routing number, transfer balance, date/time of transfer, status of transfer, transfer ID, transfer method, direction of money movement, and balance history;
- KYC or fraud score, date/time that score was received, and name of institution providing the score;
- customer service engagement, including date/time of customer service contact, means by which customer service was contacted, and customer satisfaction score; and
- collections engagement, including date/time of customer service contact and means by which customer service was contacted.
9. Information Automatically Collected by Your Use of This Site.
You may use this Site without disclosing to us any personally identifiable information. We do not automatically collect any personally identifiable information from you (e.g., name, address, telephone number, email address, social security number, account numbers, or financial information) when you use the Site. The Site can only collect such information if it is affirmatively provided by you, such as through the “Contact Us” form.
Like most websites, however, the Site automatically collects certain non-personally identifiable information during a user’s visit. That information may include the internet protocol (IP) address of your device, the location where the device is accessing the internet, browser type and language, internet service provider, type of computer/operating system, date/time stamps, user interface interaction data (e.g., mouse clicks or navigation through the Site), and other information about the usage of the Site, including a history of pages viewed and or uniform resource locator (URL) information (showing where you came from or where you go to next). We use this information to improve the Site’s design, estimate user volume and usage patterns, speed up searches, and improve the user experience. We may also use this information to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
(i) IP Address
Each time a user visits the Site, we may automatically collect an internet protocol (IP) address and the web page from which the user was directed to the Site. In order to administer and optimize the Site and to diagnose and resolve potential issues or security threats to our Site or to the Company, we may use an IP address to help identify users and to gather broad demographic information about them.
(ii) Cookies, Pixel Tags, And Web Beacons
Our Site may incorporate “pixel tags,” “web beacons,” or similar tracking technologies (collectively, “pixel tags”) that track the actions of Site users. Pixel tags are used to collect information, such as the internet service provider, IP address, the type of browser software and operating system being used, the date and time the Site is accessed, the website address, if any, from which a user linked directly to the Site and/or the website address, if any, to which the user travels from the Site and other similar traffic-related information.
We may aggregate information collected from Site visits by various users to help us improve the Site and the services that we provide through the Site.
(iii) Do Not Track
Our Site tracks when visitors enter through a marketing landing page. The Site also keeps a record of third-party websites accessed when a user is on our Site and clicks on a hyperlink. But we do not track users to subsequent sites and do not serve targeted advertising to them.
(iv) Analytics Information
Web servers for the Site may gather anonymous navigational information about where visitors go on our Site and information about the technical efficiencies of our Site and services. Anonymous information does not directly or indirectly identify, and cannot reasonably be used to identify, a particular individual. Examples of anonymous information may include certain information about the internet browser, domain type, service provider and IP address information collected through tracking technologies and aggregated or de-identified data. We use anonymous analytics information to operate, maintain, and provide to you the features and functionality of the Site, improve our services, analyze trends and administer our web applications.
- How We Use The Information We Collect or Receive
- Information Received from the Company’s Clients
As a Service Provider, Orum receives Personal Information from its Clients as outlined in Section V.C., above. Orum does not retain, use, or disclose said Personal Information except:
- For the specific purpose of performing the services specified in the contracts with each of its Clients;
- To retain and/or employ another service provider as a subcontractor;
- For internal use by the Company to build or improve the quality of its services;
- To provide to Service Providers of the Company to build or improve the quality of the Company’s services;
- To detect data security incidents and/or to protect against fraudulent or illegal activity;
- To comply with federal, state, or local laws;
- To comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
- To cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law; and/or
- To exercise or defend legal claims.
- Who We Share Your Information With
(i) No Sale of Personal Information to Third Parties for their Own Use.
The term “Third Parties” does not include our affiliates, website hosting partners, and other Service Providers who assist us in operating our Site, conducting our business, or providing services to you, so long as those parties agree to keep this information confidential and not use or further disclose it for their own purposes.
We do not sell, trade, or otherwise transfer to Third Parties for their own use any of your Personal Information. We also do not disclose to Third Parties any personally identifiable information about your visits to our Site.
Accordingly, there have been no sales of Personal Information to Third Parties for their own use or further disclosure in the past twelve (12) months. Likewise, the Company does not knowingly collect and does not, and will not, sell Personal Information of minors under 16 years of age without affirmative authorization.
(ii) Sharing Personal Information with Service Providers That Help Us Perform Our Business Purposes.
We may share your non-public Personal Information to our Service Providers. Service Providers are persons and entities that we contract with to provide us a material service in connection with our business purposes, such as bank processing companies and technology companies. Service Providers assist us in maintaining, protecting, and enhancing our Site, our communication systems, and our services. In connection with providing these business services to us, one or more of our Service Providers may have access to your non-public Personal Information. This Personal Information will not be used for any purpose other than as reasonably necessary to perform a business purpose that we authorize, and it will not be further used by the Service Provider or disclosed to any Third Party. Any Service Providers agree to keep this information confidential and not use or further disclose it for their own purposes.
(iii) Sharing Information with Third Parties at Your Direction.
We may share your Personal Information with Third Parties to whom you or your agents authorize us in advance to intentionally disclose to or allow to use your Personal Information in connection with services that we provide.
(iv) Monitoring, Enforcement, and Legal Requests.
The Company may be required by law enforcement, federal or regulatory entities, or judicial authorities to provide your Personal Information, such as in response to an audit, investigation, or subpoena. The Company will only disclose information as legally required or necessary to demonstrate compliance with the law. The Company has no obligation to monitor the Site or the use of the Site or to retain the content of any user session. However, we reserve the right, at all times, to monitor, review, retain and/or disclose any information, including Personal Information, as may be necessary to satisfy any applicable law, regulation, legal process, or governmental request or to cooperate with law enforcement and other authorities.
We may also use IP addresses to identify a Site user when we feel it is necessary to protect the Site, our service, clients, potential clients or others.
(v) Sale of the Company or Assets.
In the event of a sale, assignment or transfer of our assets or of any portion of our business, we reserve the right to transfer any and all information that we collect to unaffiliated third-party purchasers in connection with that event.
(vi) Internal Use and Research.
The Company reserves the full and unrestricted right to use and disclose de-identified information; anonymized information; aggregated information; or publicly available information that has not been combined with non-public Personal Information for purposes including, but not limited to, the Company’s own internal use, data mining, and research.
Similarly, aggregated, de-identified and non-personally identifiable Site visitor information may be provided to other parties for marketing, advertising, or other uses.
(vii) Protection Of Your Personal Information
The Company is committed to protecting your privacy. Company takes reasonable security measures and seeks to implement the best practices and procedures in data collection, storage, processing and security, to protect personal information from loss, misuse, unauthorized access, disclosure, alteration or destruction. We maintain physical, electronic and procedural safeguards designed to protect against the unauthorized disclosure of Personal Information, and Personal Information is disposed of properly and securely utilizing industry standards. Our data security policies and practices are periodically reviewed and modified as necessary,
(viii) Other Sites/Third-Party Links