Privacy Policy

General Privacy Policy

1. Purpose

AR Resources, Inc. (collectively “ARR”, “us,” or “we”) is committed to protecting the privacy and the security of the information it receives from for the security of the our assets by assets by all employees of employees of ARR, (collectively, “Users“) and to protect private information regarding its consumers as a top priority. Pursuant to the requirements of the Gramm-Leach-Bliley Act (the “GLBA“) and guidelines established by the Securities Exchange Commission regarding the Privacy of Consumer Financial Information (Regulation P), this policy (the “Policy” or the “Regulation P “Regulation P Policy”) and the related procedures contained herein are designed to comply with applicable privacy laws, including the GLBA and Regulation P, and to protect nonpublic personal information of consumers. In the event that new privacy-related laws or regulations affecting the information practices of ARR are adopted by federal or state regulators, this Policy will be revised as necessary and any changes will be changes will be disseminated and explained to all personnel.

2. Scope

This Policy covers the practices of ARR and applies to all nonpublic personally identifiable information, including information contained in consumer reports, of our current and former customers and the consumers with whom we interact. All financial companies need to share personal information to run their everyday business. This Policy lists the reasons financial companies can share personal information, the reasons ARR chooses to share and whether you can limit this sharing.

3. Policy

ARR and its employees recognize an ongoing commitment to the privacy of its consumers. All employees will be expected to read, understand, and abide by this policy, as well as to follow all related procedures and to uphold the standards of privacy and security set forth by ARR.

4. Procedures

In Regulation P, the SEC published guidelines, pursuant to section 501(b) of the GLBA, that address the steps a financial institution should take in order to protect consumer information. The overall security standards that must be upheld are:

• • Ensuring the security and confidentiality of consumer records and information;
  • Protecting against any anticipated threats or hazards to the security or integrity of consumer records and information; and
  • Protecting against unauthorized access to or use of consumer records or information that could result in substantial harm or inconvenience to any consumer.                                                                                                                                                      

Responsibility

• • Each Employee has a duty to protect the nonpublic personal information of consumers collected by us.
  • Each Employee has a duty to ensure that nonpublic personal information of consumers is shared only with employees and others in a way that is consistent with ARR’s Privacy Notice and the procedures contained in this Policy.
  • Each Employee has a duty to ensure that access to nonpublic personal information of consumers is limited as provided in the Privacy Notice and this Policy.
  • No Employee is authorized to sell, on behalf of ARR or otherwise, nonpublic information of consumers.
  • Employees with questions concerning the collection and sharing of, or access to, nonpublic personal information of consumers must look to ARR CCO for guidance.
  • Violations of these policies and procedures will be addressed in a manner consistent with other disciplinary guidelines.

Information Practices

ARR limits the use, collection, and retention of consumer information to what we believe is necessary or useful to conduct our business or to offer quality products and services. ARR collects nonpublic personal information about consumers from various sources. These sources and examples of types of information collected include:

• Name, address, telephone number, social security number or taxpayer ID number, date of birth, employment status, annual income, and net worth;
• Information about transactions with us and account custodian(s), such as account balance, types of transactions, parties to the transactions.
• Information received from consumer reporting agencies, such as credit reports, prior owners of the account, government agencies and other companies.                                                                                                                                                                                                                 

Reasons we can share your personal information	Does ARR share?	Can you limit this sharing?
For our everyday business purposes – such as to process your transactions, maintains your account(s), respond to court orders and legal investigations or report to credit bureaus	Yes	No
For our marketing purposes – to offer our products and services to you	No	No
For joint marketing with other financial companies	No	We do not share
For our affiliates’ everyday business purposes – such as information about your transactions and experiences	Yes	No
For our affiliates’ everyday business purposes – such as information about your creditworthiness	Yes	No
For nonaffiliates to market to you	No	We do not share

Definitions: Affiliates are companies related by common ownership or control. They can be financial and non-financial companies.

Nonaffiliates are companies not related by common ownership or control. They can be financial and non-financial companies.

Joint marketing is a formal agreement between nonaffiliated financial companies that together market financial products or services to you. ARR does not jointly market.

 Disclosure of Information to Nonaffiliated Third Parties

ARR does not disclose nonpublic personal information to nonaffiliated third parties, except under one of the GLBA privacy exceptions, as described below.

• Types of Permitted Disclosures – The Exceptions
  • In certain circumstances, Regulation P permits ARR to share nonpublic personal information about its consumers with nonaffiliated third parties without providing an opportunity for those individuals to opt out. These circumstances include sharing information with a nonaffiliated entity:
    • As necessary to effect, administer, or enforce a transaction that a client requests or authorizes;
    • In connection with processing or servicing a collection account or a service a client authorizes; and
    • In connection with maintaining or servicing a collection account with ARR.                                                                            

Service Providers

• • From time to time, we may have relationships with nonaffiliated third parties (such as attorneys, auditors, custodians, and other consultants), who, in the ordinary course of providing their services to us, may require access to information containing nonpublic information. These third-party service providers are necessary for us to provide our collection services.
  • When we are not comfortable that service providers (e.g., attorneys, auditors, and other financial institutions) are already bound by duties of confidentiality, we require assurances from those service providers that they will maintain the confidentiality of nonpublic information they obtain from or through us.
  • In addition, we select and retain service providers that we believe are capable of maintaining appropriate safeguards for nonpublic information, and we will require contractual agreements from our service providers that they will implement and maintain such safeguards.

 

Processing and Servicing Transactions

• • We may also share information when it is necessary to effect, administer, or enforce a transaction requested or authorized by our consumers.
    • In this context, “necessary to effect, administer, or enforce a transaction”: includes what is required or is a usual, appropriate, or acceptable method to carry out the transaction or service of which the transaction is a part, and record, service, or maintain the consumer’s account in the ordinary course of providing collection services.                

Sharing as Permitted or Required by Law

• • ARR may disclose information to nonaffiliated third parties as required or allowed by law.
    • For example, this may include disclosures in connection with a subpoena or similar legal process, a fraud investigation, an audit or examination.
  • By understanding how we share data with our clients, their agents, service providers, parties related to transactions in the ordinary course of business, or joint marketers, we endeavor to ensure that client data is shared only within the exceptions noted above.                                                                                                                                                                                     

Privacy Notice

• • ARR will send a Privacy Notice under Regulation P on accounts it owns consistent with this Policy.                                         

5. Auditing Procedures

ARR will periodically monitor electronic systems such as e-mail and Internet. Any direct, indirect, or attempted violation of this Policy, by or on behalf of a User, and any actual or attempted violation by a Third Party on behalf of a User, shall be considered a violation of the Policy by the User, and the User shall be held directly accountable. In the event we become aware that any User activity may have violated this Policy and/or exposed us to civil or criminal liability, ARR reserves the right to investigate such activity; monitor, collect evidence, and block access to such material; and cooperate with legal authorities and Third Parties in investigating any alleged violations of this Policy. We also reserve the right to implement technical mechanisms to prevent policy violations including electronic monitoring of systems such as e-mail and Internet. Users who violate this Policy or any other ARR -published policies or standards may be subject to disciplinary action by us, up to and including immediate termination from employment. In addition, conduct that is unlawful under applicable laws may subject Users to civil and, in some cases, criminal prosecution.

6. Links to Other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

7. How We Protect Information

ARR has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized release of or access to personal information. We employ internal and external system safeguards designed to protect confidentiality and security of personal information. The confidentiality of any communication or material transmitted to or from ARR via the website or via e-mail cannot be, and is not, guaranteed. You acknowledge that the technical processing and transmission of the website’s content may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to confirm and adapt to technical requirements of connecting networks or devices.

If any questions arise about security, please contact us using the information provided above.

8. Frequency of Training and Testing

All ARR personnel will receive training on our company policies applicable to their position upon hire or promotion. The same personnel will complete attestations and assessments on those policies upon completion of training and on an annual basis.

Questions or comments about our data practices can be submitted to:

AR Resources, Inc.
P.O. Box 1056
Blue Bell, PA 19422-0287

Or by calling us, toll-free, at (866) 301-0222.

 Privacy Policy applicable to California residents

1. Purpose

This Privacy Policy is for California residents and discloses the privacy practices of AR Resources Inc. (collectively “ARR”, “us,” or “we”). This policy supplements the information contained in the ARR Privacy Policy, which can be found at arresourcesinc.com. We adopt this policy to comply with the California Consumer Privacy Act (“CCPA”). Any terms defined in the CCPA have the same meaning used in this policy.

2. Scope

This Policy covers the practices of ARR with respect to California residents and applies to all nonpublic personally identifiable information, including information contained in consumer reports, of our current and former customers and the consumers with whom ARR interacts. The ARR website is not intended for individuals less than the age of eighteen and we do not knowingly collect data relating to individuals less than the age of eighteen.

Nothing in this Privacy Notice is intended to contradict your rights under the Fair Debt Collection Practices Act. ARR will not disclose any information to third parties that is otherwise prohibited by the FDCPA.

3. Policy Information We Collect About You                                                                                                                                                

We may collect and use the following personal information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer, device, or household (“personal information”). We have collected the following categories of personal information from consumers within the last 12 months:

Categories of Personal Information	Examples of Specific Types of Personal Information Collected	Collected
A. Identifiers	A real name, alias, postal address, email address, telephone numbers, Internet Protocol address, account number, Social Security number, date of birth, or other similar identifiers.	Yes
B. Personal Information categories listed in California Customer Records Statute (Cal. Civ. Code §1798.80(e))	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or Federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information.	Yes
F. Professional or employment-related information	Current or past job history.	Yes

Personal Information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.                                                                                                                                                                                                   

How Your Personal Information is Collected

We collect most of this personal information directly from our clients whom we provide services to or when we purchase your account, as well as from you by telephone, written correspondence through the mail, email or fax, by viewing your public social media/network pages, or other information available online. However, we may also collect information:

• From publicly accessible sources (e.g., property records or court records);
• From our service providers (e.g., letter vendor, skip tracing vendors, payment processing vendors, call analytics vendor, and/or electronic signature service provider);
• Directly from a third party (e.g., third parties contacted during skip tracing activities pursuant to 16 U.S.C. §1692b, such as your friends, neighbors, relatives, and/or employer);
• From a third party with your consent (e.g., your authorized representative and/or attorney); and
• From activity on our website.

 

 How We Use Your Personal Information

Personal information is collected solely for the purpose of debt recovery in a lawful manner and remains part of our records until we determine the information is no longer needed, or we are required by law to delete such information. We will collect the minimum amount of data necessary to collect a debt.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We do not sell your personal information.

We may also use or disclose your personal information for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your personal information to make a payment, we will use that information to process your payment.
• To assist in collection of your account that we purchased or that we are servicing for another party.
• To provide you with information that you request from us.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• Debugging to identify and repair errors that impair existing intended functionality.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As necessary or appropriate to protect the rights, property or safety of us, our clients, or others.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

Who We Share Your Personal Information With

We may share personally identifiable information it collects with our employees and affiliates who need to know that information to service your account. Except as provided below, we do not share or disclose any personally identifiable information to any company or marketing group external to us. We may share your personal information with third parties and service providers to the extent it is reasonably necessary to manage or service your account, verify employment, determine location, process payment, fulfill a transaction, provide customer service, or as otherwise authorized by law.

Further, we may disclose personally identifiable information (i) to another entity with which we enter or reasonably may enter into a corporate transaction, such as, for example, a merger, consolidation, acquisition, or asset purchase, (ii) to a third party pursuant to a subpoena, court order, or other form of legal process or in response to a request by or on behalf of any local, state, federal, or other government agency, department, or body, whether or not pursuant to a subpoena, court order, or other form of legal process, or in connection with litigation brought against, or on behalf of, ARR, where appropriate, (iii) to a third party if determined by ARR in its sole judgment that such disclosure is appropriate to protect the life, health, or property of ARR or any other person or entity, all in compliance with applicable law, (iv) to third parties as authorized or designated by you, or (v) to conduct any other legitimate business activity not otherwise prohibited by law. The foregoing is not intended to obviate or displace any legal obligations or duties applicable to ARR.

Except as necessary for us to provide the services, information, or products requested by a website user, or except for the disclosures identified in the preceding paragraphs, the user may opt out of having his or her personally identifiable information, which has been voluntarily provided to us through or from its website, prospectively retained by us, used by us for secondary purposes, or disclosed by us to third parties.

E-mail posted or sent to us may not be secure against interception by unauthorized individuals. To protect against interception by unauthorized individuals, or because we can not verify your identity, we may be unable to respond to e-mail requests concerning accounts placed for collection unless you have requested or authorized us to do so.

Sharing your information with Consumer Reporting Agencies

Consumer Reporting Agencies (CRAs) collect and maintain information on consumer and business credit profiles on behalf of organizations in the United States. We may share information about you with CRAs and may carry out periodic searches with them to verify your identity or manage your account.

Details of your account(s) with us may be sent to CRAs and recorded by them. This information may be supplied by CRAs and may be used and searched by us and other organizations, such as debt collection agencies, in order to:

• consider applications for credit and credit related services;
• locate debtors and recover debts; and
• manage your accounts.
• ARR may furnish account information to Experian, Equifax, and Trans Union. You have a right to obtain an annual copy of your credit file from CRAs by visiting annualcreditreport.com.                                                                                                                        

Your Rights

You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About You

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we have collected about you.
• The categories of sources from which the personal information is collected.
• Our business or commercial purpose for collecting or selling personal information.
• The categories of third parties with whom we share personal information, if any.
• The specific pieces of personal information we have collected about you.

Please note that we are not required to:

• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.                                                                                        

Disclosure of Personal Information Sold or Used for a Business Purpose 

In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know:

• The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and
• The categories of personal information that we disclosed about you for a business purpose.                                                                

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent.
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
• Comply with an existing legal obligation.
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.                                                                                                                                                                                             

Protection Against Discrimination 

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate, or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to you by your personal information.

Authorized Agent

You can designate an authorized agent to make any of these requests by providing your express written authorization. We must be able to verify your identity and the authorization must include the authorized agent’s name, address, telephone number, and email address (for providing the personal information collected or to respond to a request for deletion).

How to Exercise Your Rights

To exercise the access, data portability, and deletion rights described herein, please submit a verifiable consumer request to us by either:

• Calling us, toll-free, at (866) 301-0222; or
• Write to us at P.O. Box 1056, Blue Bell, PA 19422-0287.

Please note that you may only make a data access or data portability disclosure request twice within a 12-month period.

Verifying Your Identity (i.e., verifiable consumer request)

If you choose to contact directly by phone or in writing, you will need to provide us with:

• Enough information to identify you (e.g., your full name, address and customer or matter reference number);
• Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
• Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to our Privacy Notice

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will notify you by email or through a notice on our website homepage.

4. Auditing Procedures

ARR will periodically monitor electronic systems such as e-mail and Internet. Any direct, indirect, or attempted violation of this Policy, by or on behalf of a User, and any actual or attempted violation by a Third Party on behalf of a User, shall be considered a violation of the Policy by the User, and the User shall be held directly accountable. In the event that ARR becomes aware that any User activity may have violated this Policy and/or exposed ARR to civil or criminal liability, ARR reserves the right to investigate such activity; monitor, collect evidence, and block access to such material; and cooperate with legal authorities and Third Parties in investigating any alleged violations of this Policy. ARR also reserves the right to implement technical mechanisms to prevent policy violations including electronic monitoring of systems such as e-mail and Internet. Users who violate this Policy or any other ARR -published policies or standards be subject to disciplinary action by ARR, up to and including immediate termination from employment. In addition, conduct that is unlawful under applicable laws may subject Users to civil and, in some cases, criminal prosecution.

5. Links to Other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

6. How We Protect Information

ARR has implemented physical, electronic, and procedural security safeguards to protect against the unauthorized release of or access to personal information. We employ internal and external system safeguards designed to protect confidentiality and security of personal information. The confidentiality of any communication or material transmitted to or from ARR via the website or via e-mail cannot be, and is not, guaranteed. You acknowledge that the technical processing and transmission of the website’s content may be transferred unencrypted and involve: (a) transmissions over various networks; and (b) changes to confirm and adapt to technical requirements of connecting networks or devices. If any questions arise about security, please contact us using the information provided above.

7. Frequency of Training and Testing

All ARR personnel will receive training on our company policies applicable to their position upon hire or promotion. The same ARR complete attestations and assessments on those policies upon completion of training and on an annual basis.