Privacy Policy Overview

This Privacy Policy discloses the privacy practices of Central Portfolio Control (“CPC”, “us,” or “we”). CPC is committed to protecting and respecting your privacy. We maintain a compliance management system that directs and monitors policies and procedures and employees’ debt collection activities to ensure conformance with all applicable rules and regulations. In addition, CPC has developed policies and procedures to assist its employees in performing business operations. We believe that making you aware of how we collect and use your non-public personal information (Personal Information), and to whom it is disclosed will form the basis for a relationship of trust between the public and us.

CPC’s website is located at https://cpcrecovery.com/ (its “website”) and is not intended for individuals less than the age of eighteen. CPC does not knowingly collect data relating to individuals less than the age of eighteen.

Nothing in this Privacy Notice is intended to contradict your rights under the Fair Debt Collection Practices Act. CPC will not disclose any information to third parties that is otherwise prohibited by the Fair Debt Collection Practice Act (“FDCPA”).

Data Controller

CPC is the data controller and responsible for your personal data.

Questions, comments, and complaints about CPC’s data practices can be submitted to:

10249 Yellow Circle Drive
Suite 200,
Minnetonka, MN 55343

Toll-free Telephone Number: 1-800-606-6841

E-Mail: Compliance@cpcrecovery.com

Information We Collect

Nonpublic Personal Information. Nonpublic personal information is defined as any personally identifiable financial information provided by the consumer to obtain a financial product; or resulting from transactions with that product; or information a financial institution obtains about the consumer in connection with that product (e.g., credit bureau information). For example: Social Security number; driver’s license numbers (in some states); place of employment or work telephone number; non-listed home phone; where the consumer banks; details about the particular account. Other examples of nonpublic personal information include: account balances; payment histories; transaction history; or any information that discloses that this individual has a financial relationship with the institution.

Public Personal Information. Public personal information (or information which a financial institution reasonably believes is publicly available) can be disseminated without restriction under the Act and regulations; this type of information includes:

Motor vehicle ownership, drivers’ license information (in some states) and real estate ownership data, which have been, derived from public records; addresses and phone numbers from paper or electronic. Information obtained from any website which can be accessed by anyone without restriction (paying a fee for this information is not a restriction). Presumably, and the regulations do not mention it, information about a debtor that is publicly available in court records (e.g., banks successfully garnished for a debtor; employers successfully garnished for a debtor; existence of a debtor’s Chapter 7 or Chapter 13 filings) are examples of “public personal information” not subject to this regulatory regime.

However, we cannot disclose data about the debt or financial relationship to third parties unless that transaction is a matter of public record (for example, real estate mortgages).

These “public” data can be exchanged with third parties without privacy notices because the data is not “nonpublic personal information.” HOWEVER, as a “debt collector” under the Fair Debt Collection Practices Act (“FDCPA”), there are other restrictions on disclosure of any data about a debtor and his/her debt that are NOT supplanted or superseded by the privacy regulations.

We may have collected the following categories of personal information from consumers within the last 12 months. Inclusion of a category indicates that we may collect some information in that category. It does not mean that we collect all information listed in that category in all situations.

Categories of Personal Information	Examples of Specific Types of Personal Information Collected	Collected	Purpose
A. Identifiers	A real name, alias, postal address, email address, telephone numbers, Internet Protocol address, account number, Social Security number, date of birth, or other similar identifiers.	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests (d) Prevent fraud
B. Personal Information categories	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests (d) Prevent fraud
C. Protected classification characteristics	Age (40 years or older), veteran or military status	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests
D. Internet or other electronic network activity information	Information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests
E. Professional or employment-related information	Current or past job history.	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests
F. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	Yes	(a) Necessary to provide the services (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate business interests
G. Non-California Residents Sensitive Personal Information	Financial account details that allow access to an account, such as a credit card number and access code, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, contents of mail email or text messages, biometric data related to your unique identification,	No	(a) Necessary to provide the services (b) Maintain and service your account (c) Process payments d) ensure security and integrity regarding the use of such personal information (e) verify or maintain the safety and quality of the services (f) Necessary to comply with a legal obligation (g) Necessary for our legitimate business interests
H. California Residents – Sensitive Personal Information	Government-issued identifying numbers, such as a driver’s license, passport or social security number, financial account details that allow access to an account, such as a credit card number and access code, Genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, contents of mail email or text messages, biometric data related to your unique identification.	Yes	(a) Necessary to provide the services (b) Maintain and service your account (c) Process payments d) ensure security and integrity regarding the use of such personal information (e) verify or maintain the safety and quality of the services (f) Necessary to comply with a legal obligation (g) Necessary for our legitimate business interests

How We Use Your Information

Personal information is collected solely for the purpose of debt recovery in a lawful manner and remains part of our records until we determine the information is no longer needed, or we are required by law to delete such information. We will collect the minimum amount of data necessary to collect a debt.

We may use your personal information for one or more of the following business purposes:

To fulfill or meet the reason you provided the information. For example, if you share your personal information to make a payment, we will use that information to process your payment.
Performing services on behalf of the business or service provider, including maintaining or servicing records, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, or providing similar services on behalf of the business or service provider.
To provide you with information or services that you request from us.
To respond to law enforcement requests and as otherwise permitted by applicable law, court order, or governmental regulations.
To Ensure security and integrity to the extent personal information is reasonably necessary and proportionate to these purposes;
To verify or maintain the quality or safety of the services or account, or to prevent fraud.

Sensitive personal information is collected only as necessary to perform our services, process payments, maintain or service your account, to ensure security and integrity regarding the use of such personal information, and to verify or maintain the safety and quality of the Services. Sensitive personal information is not collected with the purpose of inferring characteristics about you.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We do not sell and will not sell your personal information. We also do not “share” your personal information as that term is defined in the California Privacy Rights Act.

How We Collect Your Information

We collect most of this personal information directly from our clients for whom we provide services to, as well as from you by telephone, written correspondence through the mail, email or fax, by viewing public social media/network pages, or other information available online. However, we may also collect information:

From publicly accessible sources (e.g., property records or court records);
From your transactions with us;
From our service providers (e.g., letter vendor, location vendors, payment processing vendors, call analytics vendor, and/or electronic signature service provider);
Directly from a third party (e.g., third parties contacted during location activities pursuant to 15 U.S.C. 1692b, such as your friends, neighbors, relatives, and/or employer);
Consumer reporting agencies (CRAs)
From a third party with your consent (e.g., your authorized representative and/or attorney); and
From activity on our website.

How We Share Your Information

CPC may share personally identifiable information it collects with its employees who need to know that information to service your account. Except as provided below, CPC does not share or disclose any personally identifiable information to any company or marketing group external to CPC. CPC may share your personal information with third parties to the extent it is reasonably necessary to manage or service your account, verify employment, determine location, process payment, fulfill a transaction, provide customer service, or as otherwise authorized by law.

Further, CPC may disclose personally identifiable information (i) to another entity with which CPC enters or reasonably may enter into a corporate transaction, such as, for example, a merger, consolidation, acquisition, or asset purchase, (ii) to a third party pursuant to a subpoena, court order, or other form of legal process or in response to a request by or on behalf of any local, state, federal, or other government agency, department, or body, whether or not pursuant to a subpoena, court order, or other form of legal process, or in connection with litigation brought against, or on behalf of, CPC, where appropriate, (iii) to a third party if determined by CPC in its sole judgment that such disclosure is appropriate to protect the life, health, or property of CPC or any other person or entity, all in compliance with applicable law, (iv) to third parties as authorized or designated by you, or (v) to conduct any other legitimate business activity not otherwise prohibited by law. The foregoing is not intended to obviate or displace any legal obligations or duties applicable to CPC.

Except as necessary for CPC to provide the services, information, or products requested by a website user, or except for the disclosures identified in the preceding paragraphs, the user may opt out of having his or her personally identifiable information, which has been voluntarily provided to CPC through or from its website, prospectively retained by CPC, used by CPC for secondary purposes, or disclosed by CPC to third parties.

E-mail posted or sent to CPC may not be secure against interception by unauthorized individuals. To protect against interception by unauthorized individuals, or because we can not verify your identity, we may be unable to respond to e-mail requests concerning accounts placed for collection unless you have requested or authorized us to do so.

Sale of Personal Information

We do not sell and will not sell your personal information. We also do not “share” your personal information as that term is defined in the California Privacy Rights Act.

Sharing your information with Consumer Reporting Agencies

Consumer Reporting Agencies (CRAs) collect and maintain information on consumer and business credit profiles on behalf of organizations in the United States. We may share information about you with CRAs and may carry out periodic searches with them to verify your identity or manage your account.

Details of your account(s) with us may be sent to CRAs and recorded by them. This information may be supplied by CRAs and may be used and searched by us and other organizations, such as debt collection agencies, in order to:

locate debtors and recover debts; and
manage your accounts.

CPC may furnish account information to Experian, Equifax, and Trans Union. You have a right to obtain an annual copy of your credit file from CRAs by visiting https://www.annualcreditreport.com.

How We Use Cookies

CPC may collect certain computer and browser information through automated technologies such as cookies and web beacons when you visit our website. Cookies are small pieces of (text) information that are sent to your browser when you visit the website to identify the browser or to store information or settings in the browser. They are then stored on the hard disk or in the memory of your equipment. The browser can send this information back on your next visit to the website. The cookies placed via the website cannot damage your equipment or the files stored on it.

We may use cookies to collect non-personally identifiable information in connection with the Site. Our web pages may incorporate “pixel tags,” “web beacons,” or similar tracking technologies (collectively, “pixel tags”) that allow us or our agents to track the actions of users of our website. Pixel tags are used to collect non-personally identifiable information, such as the name of your Internet service provider, the IP address of the computer you are using, the type of browser software and operating system that you use, the date and time you access the website, the website address, if any, from which you linked directly to the website, the website address, if any, to which you travel from the Site and other similar traffic-related information. We may also aggregate your information with similar data collected from other users to help us improve the website and the services that we provide through the Site.

Your Choices

CPC offers you certain choices in connection with the personal data it collects from you, including:

Your CPC Account: You may review, update and correct your contact information, including your telephone number and email address, after logging in to the website, or by calling our office.

Your Choice to Decline Cookies: You may adjust your browser settings to decline cookies if you do not want to accept CPC’s cookies. However, declining cookies may affect proper operation of CPC’s website.

Your Payments: You can elect not to utilize the payment portal of CPC’s website and not to make payments via credit card or check.

If you have any questions regarding any of these choices, please contact CPC.

Our Contact Address is:

10249 Yellow Circle Drive

Suite 200,

Minnetonka, MN 55343

Toll-free Telephone Number: 1-800-606-6841

E-Mail: Compliance@cpcrecovery.com

How Long We Keep Your Information

CPC will retain your personal data until we determine the information is no longer needed to perform its services, or as otherwise required by law. CPC thereafter deletes or anonymizes such information in accordance with applicable laws.

How We Protect Information

CPC has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized release of or access to personal information. We employ internal and external system safeguards designed to protect confidentiality and security of personal information.

The confidentiality of any communication or material transmitted to or from CPC via the website or via e-mail cannot be, and is not, guaranteed. You acknowledge that the technical processing and transmission of the website’s content may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to confirm and adapt to technical requirements of connecting networks or devices.

We will collect the IP Address of all visitors to the CPC website for internal security and other proprietary purposes. We do not release this data outside of our corporate team nor utilize the data other than for internal purposes.

If any questions arise about security, please contact CPC using the information provided above.

Your Options

Access personal information – You may submit a verifiable request for access to your personal information that we collected about you, subject to certain exceptions. This may include the categories and specific pieces of information collected, the sources of that information and the business or commercial purpose for the collection or disclosure of that information.
Request correction of personal data we hold about you -This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request deletion of personal information – You may request that we delete your personal information, however, state and federal law may prohibit us from deleting personal information, which CPC will disclose to you. You may also ask us to delete or remove your personal data where you have successfully objected to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Object to processing of your personal data – Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms, you may object to processing of such data. You may also object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data – This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party – We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this option only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data – however, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Automated decision making and profiling – ‘Automated Decision Making’ refers to credit decisions regarding consumer lending terms or conditions predicated solely on the creditor’s automated processing of personal data. This means credit decisions may be made by a creditor, for example, using software code or an algorithm which does not require human intervention. We do not extend credit or make credit decisions for any person and we do not use your personal data as part of any such automated decision making or profiling when servicing your account.
Non-discrimination – We will not discriminate against you if you exercise any of these options.
Use of an authorized agent – You can designate an authorized agent to make any of these requests by providing your express written authorization. We must be able to verify your identity and the authorization must include the authorized agent’s name, address, telephone number, and email address (for providing the personal information collected or to respond to a request for deletion).

If you wish to exercise any of these options, please contact CPC by doing one of the following:

Submit online to: Compliance@cpcrecovery.com
By mailing a request to: Central Portfolio Control, 10249 Yellow Circle Drive
Suite 200, Minnetonka, MN 55343
Toll-free Telephone Number: 1-800-606-6841

If you choose to contact directly by [email/phone/in writing], you will need to provide us with:

Enough information to identify you [e.g., your full name, address and customer or matter reference number];
Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf. To prevent anyone other than you, or your authorized agent, from exercising the option to know or the option to delete with respect to your personal information, we follow procedures to verify your, or your agent’s, identity. These procedures seek to confirm that the person making a request is the person about whom we have collected personal information or that person’s authorized agent. The verification procedures involve matching data points that you provide with your request against information about you we already have in our records and that we have determined to be reliable for purposes of verifying your identity. We will use information you provide in your completed request form to verify your identity, and we may request additional information if necessary to complete the verification process.

You will not have to pay a fee to access your personal data (or to exercise any of the other options). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you would like to appeal of our decision with respect to your exercise of the above options, an appeal may be sent to the data controller using the same process for submitting initial requests. A response to an appeal may take up to 60 days, at which time CPC shall respond to your request.

Links to Other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Privacy Notice Changes

CPC may change this Privacy Notice at any time. Notice of any new or revised Privacy Notice, as well as the location of the new or revised statement, will be posted on the website after the change. It is the obligation of users visiting the website before the change to learn of changes to the Privacy Notice since their last visit.

If there are material changes to the privacy statement or in how we will use your personal data, we will notify you by prominently posting a notice of such changes before they take effect or by directly sending you a notification.

Last Updated: [5/1/2023]

Effective Date: 5/1/2023