Aspiration is a Company Built on Trust
July 1, 2020
Please read this Policy carefully to understand what we do. This Policy also incorporates notice and disclosures as required under the California Consumer Privacy Act (“CCPA”). The CCPA addresses changes in technology, data practices, and privacy concerns by establishing rules and procedures to help empower consumers control how businesses collect, use, and share personal information. The CCPA grants California consumers robust data privacy rights and controls over their personal information, including notice of this Policy and Aspirartion’s data practices, the right to delete, the right to opt-in and opt-out of data selling practices, as well as additional protections for minors.
Aspiration collects your personal information in two ways: (1) when you voluntarily provide it by using or visiting our Services; and, (2) with automated technologies connected to those Services.
The CCPA broadly defines “Personal Information” as any information that directly or indirectly identifies, describes, relates to, is reasonably capable of being associated with, or, can reasonably link a particular consumer or household.
Over the past twelve (12) months, Aspiration’s direct and indirect collection of Personal Information has fallen into the following categories, although we may not gather, use, or disclose every specific piece of Personal Information from ever consumer:
- Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers;
- Customer Account Records: Name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, other financial information;
- Characteristics of protected classifications under California or federal law: Race, religion, sexual orientation, gender identity, gender expression, age;
- Commercial Information: Records of personal property, products or services purchased, obtained, transacted, or considered, or other purchasing or consuming histories or tendencies;
- Customer Contact Information: Records of chats conversations, call logs, request queries, and email communications;
- Biometrics: Hair color, eye color, fingerprints, height, facial recognition, voice, weight, sensory data, and other biometric data;
- Internet and Network Activity Information: Browsing history, search history, cookies, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
- Education Information: Information that is not publicly-available Personal Information under FERPA;
- Geolocation and Household data;
- Professional or Employment-related Information;
- Family, Beneficiary(s), and Referral Information;
- Inferences and meta-data drawn from providing Services to you, reflecting your preferences, characteristics, and trends.
Information not falling into these categories include publicly available information, de-identified or aggregated consumer information, information processed to or from consumer reporting agencies, personal and financial information under the GLBA, medical and HIPAA protected information, and other information excluded from the CCPA’s scope.
When you choose to open an account with Aspiration, we are required under law and by regulations to collect and maintain certain types of Personal Information, including, but not limited to, your full legal name, email address, permanent address, date of birth, social security number and information about your finances. If you do not consent to providing this information, you cannot become an Aspiration customer.
Cookies and Automated Technologies
- to recognize you as a user;
- to verify your identity;
- to tailor your experience;
- to better your experience;
- to market our Services;
- to monitor our Services;
- to improve our Services;
- to analyze patterns;
- to conduct internal research; and,
- for other legitimate business needs.
If your browser is set to reject Cookies, you may continue to use our Services, but some aspects of the Service may not function as intended and other Services may be limited. Other third-party data sharing services will be described below.
If we combine any non-personally identifiable information with Personal Information, we will treat the combined information as Personal Information.
As part of our relationship, Aspiration may from time to time produce, compile, or aggregate some of your Personal Information in certain data analysis, reports, or other interpretations or inferences of user trends and patterns for both internal and external purposes. When including, compiling, or aggregating Personal Information for such purposes, we make sure that the information is anonymized such that it is not identifiable to any particular customer.
We will only share Personal Information with third parties as described in this Policy, for any purpose to which you consent, or as required by law. In order for you to receive our Services, Aspiration shares your Personal Information with certain third-parties, affiliate partners, services providers, data aggregators, and data processors (“Partners”). Aspiration and Partners may collect, use, and share Personal Information for reasons that include but are not limited to:
- account opening and validation;
- account operations and administration;
- facilitating client referrals;
- advertising and marketing our Services;
- complying with federal, state, and local laws, including regulations;
- processing transactions;
- sending Fund information and communications to clients;
- improving Aspiration Services; and
- protecting the security and integrity of our business assets.
Partner providers may include, but are not limited to, fund accountants and accounting firms, security custodians, asset transfer agents, business associates, subcontractors, commercial and transactional processors, merchants, and client selected charities.
Over the past twelve (12) months, Aspiration has shared and/or sold Personal Information in limited cases, such as with our Partners, as appropriate, to conduct our operations and to maintain the relationships that allow us to provide you with our Services. The CCPA restricts Partners from reselling your Personal Information unless you’ve been provided notice and an opportunity to opt-out.
We may also share your Personal Information with relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, stock, or assets (including in connection with any bankruptcy or similar proceedings).
While you are using or visiting our Services, we may use and share information collected to target market you interests within or outside the scope of our Services in order to better tailor your experience. This may include Partners in order to facilitate our relationships and advertise our Services.
When engaging in targeting marketing, Aspiration follows standard principles for online advertising as provided by the Digital Advertising Alliance (“DAA”). If you do not wish to receive such targeted advertising, please visit the Network Advertising Initiative Consumer Opt-Out Page at networkadvertising.org/choices, the DAA Consumer Choice page at aboutads.info/consumers, or visit the websites of our Partner advertising affiliates to opt-out. To opt out in mobile apps, please download the DAA's AppChoices tool at aboutads.info/appchoices. (This will not prevent you from seeing ads; the ads simply will not be delivered through these targeting methods.)
Our Services do not necessarily respond to “do not track” applications.
The security of your Personal Information is core to Aspiration’s Services. We have diligently implemented reasonable systems to protect your data and our assets. We store and maintain data with physical, administrative, and electronic safeguards that comply with federal and state laws and regulations.
- Access Controls: We limit access to user and client data to the extent possible to those necessary employees in order to provide you with our Services. Our buildings are secure, our employees trained, and our servers encrypted.
- Technical Safeguards: We authentic access through passwords, multi-factor, and fingerprint controls. Our Partners are held accountable for adhering to strict policies and procedures to prevent any misuse or loss of your Personal Information.
- Ongoing Commitment: Aspiration’s workforce is required to attend annual training on cybersecurity risks and privacy best practices. When we periodically audit our systems, we may share your Personal Information with Partners in order to better secure our Services and business assets.
We use our reasonable best efforts to protect Personal Information, however no method of transmission or method of data storage is 100% secure. Despite our reasonable best efforts, we cannot assure that Personal Information that we collect will never be disclosed in a manner inconsistent with this Policy. If you see any unrecognized activity in your account, please contact Aspiration Security immediately at firstname.lastname@example.org or 800‑683‑8529.
When you choose to open an account with Aspiration, we are required by law and regulation to retain certain Personal Information for specific amounts of time. Failure to preserve these records could result in fines and penalties, spoliation liability, contempt issues, or reputational harm. Aspiration also maintains Personal Information to provide you with our Services and for legitimate business needs.
Aspiration may dispose of Personal Information after it’s legitimate business need has passed, in accordance with law or regulation, or by your request (if your request to delete information conflicts with a requirement to retain information, you will be notified).
Incidents and Breaches
Cyberattacks, hacks, breaches, and incidental losses of Personal Information, business assets, and computer systems are increasingly common. These attacks can be extremely damaging, particularly if Personal Information or business records have been compromised. Incidents cost companies and consumers time and money.
In the event of a Breach, Aspiration has implemented an incident response plan as required by law and regulation to document process, mitigate damage, and to notify consumers of remedial resources. Aspiration has implemented California Code requirements for data breach notifications.
The CCPA grants consumers enhanced data rights regarding their Personal Information. Aspiration has implemented CCPA requirements across our business and have extended protections to all of our US-based customers.
- Right to Access: You have the right to access collected, used, shared, and/or sold Personal Information over the past twelve (12) month period. This includes certain data portability rights.
- Right to Opt-Out: You have the right to opt-out of and/or opt-in to Aspiration’s data selling practices, but only to the extent that can be done while still providing you with our Services. Under the CCPA, Aspiration has implemented reasonable restrictions on Partners’ data sharing and selling practices.
- Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to Personal Information sales at any time by contacting us.
- Right to Delete: You have the right to request that Aspiration delete any Personal Information that we have collected and retained, subject to certain exceptions, including information needed:
- to provide you Services;
- to detect data breaches;
- to protect our Services and business assets; and,
- to comply with applicable federal and state laws, court orders, legal obligations, and regulatory requirements, including the CCPA.
- Right to Fair and Equal Treatment: You have the right to have your Personal Information be fairly and equally treated. Aspiration cannot discriminate against consumers on the basis or inference of any protected class or against consumers who have exercised their rights under this Policy.
If you have questions about any of your data rights or Aspiration’s obligations, including accessing your Personal Information, opting-out of certain practices, and/or requesting Personal Information be deleted, please send us an email at email@example.com or give us a call at 800‑683‑8529. Aspiration endeavors to respond to requests within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Aspiration’s Services are not directed toward anyone under the age of 18. We will endeavor to delete personally identifiable information provided by minor children without their parent’s or guardian’s consent upon notification by said parent or guardian in a time and manner that is commercially reasonable. Any such notification should be sent to firstname.lastname@example.org.
Aspiration will not change our data collection, use, or sharing policies and practices for materially different, unrelated, or incompatible purposes without first providing notice.