Skip to main content

BIEASES Privacy Policy

For the United States
Last Updated: September 3rd, 2023

Overview and Scope

The privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”) and implemented by Regulation P set specific requirements for financial institutions regarding the disclosure of consumer and customer information to nonaffiliated third parties. The GLBA requires financial institutions to provide disclosures to consumers, both at the establishment of a customer relationship and annually thereafter, explaining how their non-public personal information (“NPI”) will be used and shared with nonaffiliated third parties. The GLBA also provides consumers with the right to opt out of certain information sharing practices.

Sailing Union Capital Holding (DBA as “BIEASES” or “the Company”) recognizes the importance in satisfying the requirements of the GLBA when engaging in activity related to the collection and sharing of consumer information. While offering and providing its services, the Company collects and maintains certain personal information including NPI. BIEASES shares NPI to facilitate transactions requested by customers, for legal reasons (Such as fraud prevention or in response to a subpoena), and for its own marketing purposes. BIEASES may also share NPI with other financial companies for joint marketing purposes, or with nonaffiliates for their marketing purposes. The Company does not share information with affiliates about consumer transactions, experiences, and creditworthiness for everyday business purposes as part of providing financial services with its affiliates. It is the policy of BIEASES to maintain the privacy and confidentiality of consumer personal information in full accordance with the requirements of the GLBA that apply to its business activity, and as amended from time to time.

This Policy directs Management to develop appropriate procedures to ensure compliance with the GLBA and its implementing regulations, and controls to prevent any violations of law, regulation, statute, or other requirement. This Policy describes what personal information is collected by BIEASES and the way the Company may use and share BIEASES personal information. This Policy also sets forth the options available to consumers if they seek to limit the use and sharing of their NPI.

This Policy will refer to both the GLBA and Regulation P as “Regulation P.”

Roles and Responsibilities

BIEASES has appointed the CCO to oversee this Policy and its related procedures, ensuring that this Policy is properly adopted, implemented, and updated as often as required. This CCO will coordinate with the Management to ensure that all departments are aware of and have taken the necessary steps to implement this, Policy.

Policy Administration

At least annually, the CCO will review this Policy and recommend appropriate changes to the Board of Directors. The review will include feedback on the effectiveness of this Policy and will consider the results of any internal or external audits or examinations. And interim changes to this Policy must be submitted to the CEO to determine if the changes are material enough to require approval from the Board of Directors.

No part of this Policy should be interpreted as contravening or superseding any other legal or regulatory requirement imposed on BIEASES. Any conflicts between the standards of this Policy and BIEASES' other legal and compliance obligations should be escalated immediately to the CEO for further evaluation. If necessary, the CEO will engage internal/external legal counsel for interpretations of BIEASES obligations.

Scope and Applicability

Regulation P broadly defines “financial institution” as any entity significantly engaged in activity that is financial in nature, incidental to financial activity, or complimentary to financial activity. Because the Company offers prepaid account products and remittance transfers services to consumers, BIEASES is a financial institution as defined by Regulation P and must adhere to its privacy requirements.

This Policy governs BIEASES’ operations and thus applies to:

  • All BIEASES customers
  • All employees, both full time and temporary
  • All contract or self-employed workers, and
  • Third-party service providers

Regulation P sets specific definitions for the term’s “consumer” and “customer,” and establishes separate requirements for the treatment of each. BIEASES does not permit individuals to use its platform or financial products and services without first establishing a customer relationship with the Company. Therefore, this Policy refers to the collection and use of customer information only.

Key Terms

Affiliates

An affiliate is any company that controls, is controlled by, or is under common control with another company. For purposes of this Policy, BIEASES’ affiliates are BIEASES LTD UK, BIEASES LTD GERMANY.

Consumer

An individual who obtains or has obtained a financial product or service from BIEASES that is to be used primarily for personal, family, or household purposes, or that individual's legal representative.

Customer

A consumer who has a customer relationship with BIEASES.

Customer Relationship

A continuing relationship between a consumer and BIEASES under which the Company provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes.

Nonaffiliated Third Party

A nonaffiliated third party is any person except BIEASES’ affiliate, or a person employed jointly by BIEASES and any company that is not BIEASES’ affiliate. BIEASES may interact with several non-affiliated third parties including, but not limited to, its third-party vendors, service providers, and partner financial institutions.

Non-public Personal Information

Non-public personal information (“NPI”) refers to personally identifiable financial information, and any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.

NPI does not include publicly available information (except as described below), or any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available.

NPI includes any list of individuals' names and street addresses that is derived in whole or in part using personally identifiable financial information that is not publicly available, Such as account numbers. NPI does not include any list of individuals' names and addresses that contains only publicly available information, is not derived in whole or in part using personally identifiable financial information that is not publicly available, and is not disclosed in a manner that indicates that any of the individuals on the list is a consumer of a financial institution.

BIEASES collects, retains, and uses both NPI and PII in order to administer its business, to provide its products and services to consumers, to process consumer transactions, and to properly identify and validate the identities of consumers.

Personally Identifiable Information (“PII”)

Personally identifiable information (“PII”) is any information that a consumer provides to BIEASES to obtain a financial product or service from the Company, resulting from any transaction involving a financial product or service between the Company and a consumer, or the Company otherwise obtains about a consumer in connection with providing a financial product or service to that consumer. PII does not include information that is available from public sources, Such as telephone directories or government records.

Publicly Available Information

Publicly available information means any information that BIEASES has a reasonable basis to believe is lawfully made available to the general public from Federal, State, or local government records, widely distributed media, or disclosures to the general public that are required to be made by federal, state, or local law. BIEASES must have a reasonable basis to believe that the information is lawfully made available to the general public. The Company is considered to have established a reasonable basis if it has taken steps to determine that the information is of the type that is available to the general public, and determined whether an individual can direct that information is not made available to the general public and, if so, that BIEASES’ consumer has not done so.

Collection, Use, and Retention of Non-Public Personal Information

BIEASES may collect NPI about consumers from the following sources:

  • Information, (Such as name, address, telephone number, email address, gender, occupation, nationality, identification type and number, social security number, and date of birth), obtained from consumers to register an account on the Company’s website or to conduct a transaction.
  • Information about consumer transactions with BIEASES or the Company’s providers, payers, or distribution partners (Such as account balances, and account usage, etc.)
  • Information collected through the Company’s Internet web site "cookies”
  • Information received from other lawful sources

Disclosure of Information

To the extent that BIEASES collects certain NPI about consumers while offering and facilitating its services, BIEASES will not disclose NPI to any unauthorized individual or entity, except as permitted by the below exceptions provided under Regulation P.

Exception to Opt Out Requirements for Service Providers and Joint Marketing

BIEASES is permitted to provide NPI to a nonaffiliated third party to perform services or functions on the Company’s behalf if:

  • BIEASES provides a Regulation P-compliant initial privacy notice that informs consumers of this information sharing practice, and
  • BIEASES enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the NPI other than to carry out the purposes for which the Company disclosed the information

The services a nonaffiliated third party performs for BIEASES under this exception may include marketing BIEASES’ products and services or marketing of financial products or services offered pursuant to joint agreements between BIEASES and one or more financial institution. A joint marketing agreement is a written contract pursuant to which BIEASES and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service.

Marketing Disclosures

BIEASES may share information about consumer transactions and experiences with its bank partners and program managers for its prepaid account products and remittance transfer services. This type of personal information sharing will be addressed in the contracts BIEASES establishes with these partners and is disclosed to consumers in the Company’s Privacy Notice.

In addition, BIEASES may disclose the personal information it collects, as described above, to its financial distribution partners (e.g., bank partners, payment processors, etc.) or other companies that perform marketing services on its behalf. These third parties sign agreements with BIEASES that contain confidentiality and non-disclosure provisions.

Exception to Opt Out Requirements for Processing and Servicing Transactions

BIEASES is permitted to provide NPI to a nonaffiliated third party as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with:

Servicing or processing a financial product or service that a consumer requests or authorizes
Maintaining or servicing the consumer’s account with BIEASES, or
A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer

Other Exceptions to Opt Out Rights

BIEASES may engage in certain types of information-sharing, including disclosures for purposes of preventing fraud, responding to judicial process or a subpoena, or complying with Federal, State, or local laws. The following are examples of appropriate information disclosures under this exception, among others:

  • To protect the confidentiality or security of records pertaining to the consumer, service, product, or transaction
  • To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability
  • For required institutional risk control or for resolving consumer disputes or inquiries
  • To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), or from a consumer report reported by a consumer reporting agency
  • To comply with Federal, State, or local laws, rules, and other applicable legal requirements
  • To comply with legal processes Such as subpoenas or court orders
  • To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities
  • To respond to judicial process or government regulatory authorities that have jurisdiction over BIEASES for examination, compliance, or other purposes as authorized by law.

Privacy Disclosure Requirements

Initial Privacy Notices

BIEASES will provide a clear and conspicuous notice that accurately reflects the Company’s privacy policies and practices to customers not later than when BIEASES establishes a relationship with the customer. BIEASES is considered to have established a customer relationship when the Company and a consumer enter a continuing relationship.

Annual Privacy Notices

BIEASES will provide a clear and conspicuous notice to customers that accurately reflects the Company’s privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists. BIEASES may define the 12-consecutive-month period but must apply it to the customer on a consistent basis.

BIEASES is not required to deliver an annual privacy notice to existing customers if:

  • The Company provides NPI to nonaffiliated third parties in accordance with the exceptions as described above, and
  • The Company has not changed its policies and practices regarding the disclosure of NPI from the policies and practices that were disclosed to the customer in the most recently provided privacy notice.

BIEASES is not required to provide an annual notice to former customers.

Revised Privacy Notices

BIEASES will not, directly or through an affiliate, disclose any NPI about a customer to a nonaffiliated third party other than as described in the initial notice the Company provided to that customer, unless:

  • BIEASES provides to the customer a clear and conspicuous revised notice that accurately describes the Company’s policies and practices.
  • BIEASES provides to the customer a new opt out notice.
  • Before disclosing the information to the nonaffiliated third party, BIEASES gives the customer a reasonable opportunity to opt out of the disclosure, and
  • The customer does not opt out

Joint Notice with Other Financial Institutions

BIEASES may provide a joint notice from BIEASES and one or more of the Company’s affiliates or other financial institution, as identified in the notice, if the notice is accurate with respect to BIEASES and the other institutions.

Delivery of Notices

BIEASES will provide any privacy notice required by Regulation P so that each customer can reasonably be expected to receive the actual notice in writing, or if the customer agrees to receive notices electronically and the Company has complied with the Electronic Signatures in Global and National Commerce Act (“E-Sign”).

It is the policy of BIEASES to post the Company’s privacy notice on its website and to require customers to acknowledge receipt of the notice as a necessary step to obtaining a particular financial product or service.

Delivery of Annual Notices

Regarding the delivery of annual notices, BIEASES may reasonably expect that the customer will receive actual notice of the Company’s annual privacy notice if:

  • The customer uses the Company’s website to access financial products and services electronically and agrees to receive notices at the website, and BIEASES posts its current privacy notice continuously in a clear and conspicuous manner on the website, or
  • The customer has requested that BIEASES refrain from sending any information regarding the customer relationship, and the Company’s current privacy notice remains available to the customer upon request.

Delivery of Revised Notices

If BIEASES changes its information sharing practices to the extent that a revised privacy notice is required, the Company will ensure that it is updated on its website for consumers to view at any time. In addition, customer may request an updated privacy statement by calling the telephone number available on the Company’s website or emailing the company at compliance@bieases.com.

Accessibility of Notices

BIEASES will provide all initial, annual, and revised notices so that the customer can retain them or obtain them later in writing, or, if the customer agrees, electronically.

The Company’s current privacy notice is made available to customers on its website.

Privacy Notice Content Requirements

General Rule

The initial, annual, and revised privacy notices that BIEASES provides will include each of the following items, in addition to any other information the Company wishes to provide that applies to the customers who receive privacy notices:

  • The categories of NPI that BIEASES collects.
  • The categories of NPI that BIEASES discloses.
  • The categories of affiliates and nonaffiliated third parties to whom BIEASES discloses NPI, other than those parties to whom the Company discloses information under the exception for processing and servicing transactions, and other exceptions provided under Regulation P and as described above.
  • The categories of NPI about the Company’s former customers that BIEASES discloses and the categories of affiliates and nonaffiliated third parties to whom BIEASES discloses NPI about the Company’s former customers, other than those parties to whom BIEASES discloses information under the exception for processing and servicing transactions, and other exceptions provided under Regulation P and as described above.
  • If BIEASES discloses NPI to a nonaffiliated third party under the exception to opt out requirements for service providers and joint marketing under (and no other exception provided under Regulation P applies to that disclosure), a separate statement of the categories of information the Company discloses and the categories of third parties with whom BIEASES has contracted.
  • An explanation of the customer's right to opt out of the disclosure of NPI to nonaffiliated third parties, including the method(s) by which the customer may exercise that right at that time
  • The Company’s policies and practices with respect to protecting the confidentiality and security of NPI, and
  • Any disclosure that BIEASES makes related to nonaffiliated third-party under the exception for processing and servicing transactions, and other exceptions provided under Regulation P and as described above.

Description of Nonaffiliated Third Parties Subject to Exceptions

If BIEASES discloses NPI to third parties as permitted under the exception for processing and servicing transactions, and other exceptions provided under Regulation P and as described above, the Company is not required to list those exceptions in the initial or annual privacy notices.

When describing the categories with respect to those parties, it is sufficient to state that BIEASES makes disclosures to other nonaffiliated companies 1) for everyday business purposes and list all that apply (Such as to process transactions, maintain accounts, respond to court orders and legal investigations, or report to credit bureaus), or 2) as permitted by law.

The Company’s notice may include categories of NPI that BIEASES reserves the right to disclose in the future, but does not current disclose, as well as categories of affiliates or nonaffiliates to whom the Company reserves the right in the future to disclose, but to whom BIEASES does not currently disclose NPI.

Model Privacy Notice

Regulation P provides model privacy notices that meet the notice content requirements set forth above. It is the Company’s policy to use the model privacy notices.

Delivery of Privacy Notice

The Company’s Privacy Policy is posted in a clear and conspicuous manner on a page on its website, without requiring a login or similar steps or conditions to access the notice. The Privacy Notice contains the Company’s contact information for the consumer to inquire about the Company’s policy.

Opt-out Notices

When applicable, BIEASES will provide a clear and conspicuous notice to each customer that accurately explains their right to opt out. The notice will state:

  • That BIEASES discloses or reserves the right to disclose the consumer’s NPI to a non-affiliated third party
  • That the consumer has the right to opt out of that disclosure, and
  • A reasonable means by which the consumer may exercise that opt out right

Adequate Opt Out Notice

BIEASES will provide adequate notice that the consumer can opt out of the disclosure of NPI to a nonaffiliated third party if BIEASES:

  • Identifies all the categories NPI that the Company discloses or reserves the right to disclose, and all of the categories of non-affiliated third parties to which BIEASES discloses the information, and states that the consumer can opt out of the disclosure of that information, and
  • Identifies the financial products or services that the consumer obtains from BIEASES, either singly or jointly, to which the opt out direction would apply.

Reasonable Opt Out Means

BIEASES provides a reasonable means to exercise an opt out right if the Company:

  • Designates check-off boxes in a prominent position on the relevant forms with the opt out notice
  • Includes a reply form together with the opt out notice that includes the address to which the form should be mailed
  • Provides an electronic means to opt out, such as a form that can be sent via electronic mail or a process at BIEASES’ website, if the consumer agrees to the electronic delivery of information, or
  • Provides a toll-free telephone number that consumers may call to opt out

Unreasonable Opt Out Means

BIEASES does not provide a reasonable means of opting out if:

The only means of opting out is for the consumer to write his or her own letter to exercise that opt out right, or
The only means of opting out as described in any notice subsequent to the initial notice is to use a check-off box that BIEASES provided with the initial notice but did not include with the subsequent notice

Specific Opt Out Means

BIEASES may require each consumer to opt out through a specific means, as long as that means is reasonable for that consumer.

Same Form as Initial Notice Permitted

BIEASES may provide the opt out notice together with or on the same written or electronic form as the initial notice the Company provides.

Initial Notice Required When Opt Out Notice Delivered Subsequent to Initial Notice

If BIEASES provides the opt out notice later than required for the initial notice, the Company will also include a copy of the initial notice with the opt out notice in writing or, if the consumer agrees, electronically.

Joint Opt Out Notices

When two or more consumers jointly obtain a single product or service from BIEASES, Regulation P allows the Company to provide only one notice, provided certain conditions are met. At present, BIEASES does not offer products or services that can be jointly obtained by two or more consumers. Should this practice change, BIEASES will modify this Policy and the Company’s opt out notices accordingly.

Opt Out Timing and Delivery

BIEASES must comply with a consumer's opt out direction as soon as reasonably practicable after the Company receives it. A consumer may exercise the right to opt out at any time. A consumer's direction to opt out under Regulation P is effective until the consumer revokes it in writing or, if the consumer agrees, electronically.

When a customer relationship terminates, the customer's opt out direction continues to apply to the nonpublic personal information that BIEASES collected during or related to that relationship. If the individual subsequently establishes a new customer relationship with the Company, the opt out direction that applied to the former relationship does not apply to the new relationship.

When BIEASES is required to provide opt out notices, the Company must do so in accordance with the timing and delivery method requirements for initial, annual, or revised privacy notices.

Model Opt Out Notice

Regulation E provides model opt out notices that meet the notice content requirements set forth above. It is the Company’s policy to use the model form to ensure safe harbor.

GLBA Safeguards Rule & Information Security Program

BIEASES restricts access to NPI about consumers to its employees and partners who have a business reason to know BIEASES information (e.g., to process transactions or provide services). The Company maintains physical, electronic, and procedural safeguards that align with federal standards to guard consumer information. To ensure the protection of this information, BIEASES will implement an information security program that is compliant with the GLBA Safeguards rule in accordance with Section 15 USC §6801(b):

  • To ensure the security and confidentiality of consumer records and information
  • To protect against any anticipated threats or hazards to the security or integrity of BIEASES records
  • To protect against unauthorized access to or use of BIEASES records or information which could result in substantial harm or inconvenience to any consumer.

For morning information on how BIEASES complies with the GLBA’s Safeguards Rule, refer to the Company’s Information Security Policy.

Effect of State Law

In general, the legal standards set forth by Regulation P supersede State law. However, in cases where State law offers more protections to consumers than Federal law, State law will prevail. To ensure all State privacy requirements and considerations are adequately addressed, the CEO will engage legal counsel as necessary.

California Consumer Privacy Act

Enacted in 2018, the California Consumer Privacy Act (“CCPA”) provides consumers with more control over the personal information that businesses collect about them. Under the CCPA, residents of California may exercise any of the following:

  • The right to know about the personal information BIEASES collects about them and how it is used and shared
  • The right to delete personal information collected from them (with some exceptions)
  • The right to opt-out of the sale of their personal information, and
  • The right to non-discrimination for exercising their CCPA right

BIEASES provides consumers with an Online Privacy Notice informing them of the Company’s privacy and information sharing practices, and includes special disclosures related to California residents’ rights under the CCPA. Refer to BIEASES' Online Privacy Notice for more information.

Record Retention

BIEASES will maintain all documentation related to this Privacy Policy for a period of at least five years, including but not limited to all policies, procedures, communications, and training.

Enforcement, Penalties, and Liabilities

Failure to comply the regulatory requirements set forth in this Policy may result in civil liability and penalties and/or criminal liability.