MemberPass, PRIVACY POLICY
Last modified August 31, 2023

INTRODUCTION
Bonifii (“Bonifii”, “Company”, “We”, or “Us”) respects your privacy. This Privacy Policy (the “Policy”) describes how We may collect, use, and share your personal data when you use the Bonifii.com or Memberpass.com websites (the “Websites”), our mobile applications, other online services such as email (collectively the Websites, mobile applications, and other online services are referred to as the “Digital Channels”), and our products and services, including our digital credential related technology and associated services (collectively, the “Services”).
ACCESSING, DOWNLOADING, OR OTHERWISE USING OUR WEBSITES OR SERVICES INDICATES THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND ACCEPT AND AGREE TO BE BOUND BY THIS POLICY IN FULL. IF YOU DO NOT ACCEPT THIS POLICY, DO NOT ACCESS, DOWNLOAD, OR OTHERWISE USE THE WEBSITES OR THE SERVICES.
APPLICATION

This Policy relates to your personal data (i.e., data about you, an individual, from which you can be identified). This Policy therefore does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual, such as anonymized data or aggregated data which cannot directly or indirectly be used to identify you as an individual (“Anonymized and Aggregated Data”). We reserve the right to generate Anonymized and Aggregated Data extracted out of any databases containing your personal data and to make use of any such Anonymized and Aggregated Data as we see fit (including publishing such data and sharing it with third parties).

CHANGES TO THIS PRIVACY POLICY
Please review this Policy each time You use the Digital Channels or the Services. We reserve the right to update or change our Policy at any time and without notice to you. An updated version of this Policy will be effective upon posting on the Digital Channels. Please check this page to review the most up-to-date version of this Policy. Your continued use of the Services or the Digital Channels after We post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.

RESPONSIBILITY FOR DATA PROCESSING
In the course of providing our technology services to our enterprise clients (“clients”), including services in connection with our digital wallets and identity verification technology, We may process personal data records of individuals who are our clients’ customers or otherwise associated with our clients. In those circumstances, We act as processors of data on behalf of our client and on our client’s instructions and the client is ultimately responsible for the processing of your personal data. If you are a customer of one of our clients and believe that We process your data on behalf of one of our clients, please refer to the client’s privacy policy for information regarding the processing of your data.
Bonifii collects and processes personal data on its own behalf where the data is collected in connection with the administration of our business and the promotion and marketing of our technology services, including in the operation of our Digital Channels. We may also collect personal data from end-users of our technologies if We market and offer our technologies directly to end-users. In those circumstances, Bonifii is the entity which is responsible for the processing of personal data. If you have any questions or concerns about Bonifii’s use of your personal data, please contact us at info@Bonifii.com.

HOW WE COLLECT AND USE YOUR PERSONAL DATA
Your digital credentials. Our digital identity technology and digital wallets are designed to provide a secure method for consumers to access and exchange identity-related information when dealing with various organizations including when they use financial and other services and when purchasing goods and services. These digital credentials are stored on the end-user’s device. Where the end-user chooses to upload his or her data to the cloud (for example for back-up purposes), We may host the data on our servers or through third-party cloud service providers. We may also hold encryption keys relating to your encrypted data. Where We provide the data hosting service, users’ data is held on our servers in an encrypted form that does not enable the identification of specific individuals, even by Bonifii itself.

Data that we receive from our clients. When providing data hosting services for our clients,
We receive encoded data from our clients relating to their customers. That data enables our clients to identify its customers when using our services.
Information That You Provide Directly or Authorize Someone Else to Give Us. We may ask you to provide certain information including, but not limited to your name, email address, and any other information You choose to provide to Us. For example, We may collect information from You when You register for and/or use our Digital Channels, contact or interact with Us, fill out a form, apply for employment, respond to a survey, and voluntarily provide Us with Your comments and/or questions and other content in connection with using our Digital Channels. When You submit a contact form on a Bonifii website, We may collect Your name, phone number, email address and any other information You choose to provide to Us.

In the MemberPass app, we may collect your personal data such as name, phone number, and email address for the purposes of verifying your personal identity. This information is never stored in a centralized database and is immediately destroyed after identity verification has been completed.

Analytics information. We collect, measure and analyze traffic and usage trends in connection with the Websites and other Digital Channels, and We use third-party analytics tools to help us. We use Google Analytics to provide analytics services. We use other third- party services to analyze personal data of users who provide Us with feedback. This allows us to understand, among other things, who is using the Digital Channels, how they are using them, and ways to improve the Services. Such third-party analytics tools and services may use cookies and persistent device identifiers to collect and store information including, but not limited to time of visit, pages visited, time spent on each page, IP address, unique device ID, advertising tags and type of operating system used.
Cookies. When you use our Digital Channels, We sometimes send one or more cookies (small text files containing a string of alphanumeric characters) to your computer or mobile device that uniquely identify your browser and enhance your navigation on the Digital Channel. A cookie may also convey information to us about how you use the Digital Channels (e.g., the pages you view, the links you click and other actions you take) and allow us or our third-party analytics tools We use to track your usage of the Digital Channels. There are at least two different types of cookies: persistent and session cookies. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent use of the Digital Channels. Persistent cookies can be removed by following your Web browser’s directions for removal of cookies. A session cookie is temporary and disappears after you close your browser. You can reset your Web browser to refuse all cookies or to notify you when a cookie is being sent. However, some features of the Digital Channels may not function properly if cookies are disabled.
Log File. Log file information is automatically reported by your browser each time you access a Web page. When you access or use the website, our servers may automatically record certain log file information, including but not limited to your Web request, Internet Protocol address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on the website, domain names, landing pages, and pages viewed.

Device Identifiers. When you access or use our Digital Channels using a mobile device, We
may access, collect, monitor and/or remotely store one or more “device identifiers,” such as a universally unique identifier. Device identifiers are small data files or similar data structures stored on or associated with your device that uniquely identify your device. A device identifier may consist of data stored in connection with the device hardware, operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Digital Channel. A device identifier may remain persistently on your device to enhance your navigation on the Digital Channel. Some features of our Digital Channels may not function properly if use or availability of device identifiers is impaired or disabled.
Commercial Communications. To the extent permitted under applicable law, We may use the information We collect or receive from you (specifically through the MemberPass functionality) to communicate directly with you in relation to our services and technologies. Subject, where necessary, to obtaining your consent to receiving such communications, We may use the information to communicate with you in relation to other services that We and our affiliates offer. We may also use the information to send you service-related notices (e.g., account verification, technical and security notices).

Use of Certain Service-Type information. We may use information from cookies, log files,
device identifiers, location data, clear GIFs and other tools to: (i) remember information so that you will not have to re-enter it during your visit or the next time you use the Services; (ii) provide custom, personalized content or information to you or others; (iii) monitor the use of our Digital Channels; (iv) monitor aggregate metrics, such as total number of visitors, traffic and demographic patterns; (v) diagnose or fix technology problems; (vi) provide advertising to your browser or device; and (vii) conduct research or surveys.
Use of information with Your Consent. We may use your personal data for any other purpose for which you specifically provide Us with your consent.

Sim Swap and Bonifii

US:

You authorize your wireless carrier to use or disclose information about your account and your wireless device, if available, to Bonifii or its service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. See our Privacy Policy for how to see how we treat your data.

Canada:

You authorize your wireless operator (Telus, Bell, Rogers, or any other branded wireless operator) to disclose your mobile number, name, address, email, network status, customer type, customer file, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status and device details, if available, to our third party service provider, solely to verify your identity and prevent fraud for the duration of the business relationship.

THE PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA

The purposes for which We collect and store your personal data are the following:
a. Personal data records that We receive in providing data hosting and back-up services are processed on behalf of our clients for the purpose of supporting the client in delivering identity credential-related services and digital wallet services that the client provides to you;
b. To enable You to obtain access to information or materials that you have requested, such as white papers or updates;t
c. Personal data that We receive from you enables Us to deliver services that We offer to you (including use of our Digital Channels) and to enable you to use them efficiently;
d. Insofar as permitted under applicable law, to communicate with you in relation to our services and technologies and other services that We or our affiliates offer;
e. To personalize, test, monitor, improve and upgrade our Digital Channels;
f. To meet our legal obligations and the regulatory requirements to which We may be subject, for loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties; and
g. For our internal business purposes, such as compiling and analyzing usage information of our Digital Channels, for general operational, statistical and business purposes.

YOUR RESPONSIBILITIES
It is important that the personal data We hold about you is accurate and current. If you provided us with any details of personal data, please keep us informed if such details change.

HOW WE SHARE YOUR INFORMATION
Service Providers. We may share your personal data with third-party service providers that perform services on our behalf in connection with our Digital Channels, our Services, or with our data hosting services, such as cloud service providers that we may use or third-party analytical service providers. Where your information is shared with such third parties, We ensure that the third-party service provider will deal with your information only on our behalf and on our written instructions and solely for our benefit (and not for its own benefit).
Business Change. If We become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, We may share or transfer databases containing personal data of users including your personal data to a successor party or parties in connection with such transaction or change in ownership or legal structure.
Necessary Disclosure. Regardless of the choices you make regarding your information and to the extent permitted or required by applicable law, We may disclose information about you to third parties to: (i) enforce or apply the terms and conditions of our Services; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our users or others; violation of any terms of use, our policies or agreements; or as otherwise required by law.

Sharing information. We may share certain service-type information, including information obtained through tools such as cookies, log files, device identifiers or location data (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with our third-party service providers who may use such information for the purposes described in the section titled “How We Collect and Use Your Information.”

Aggregated data. As mentioned above, We may also aggregate or otherwise strip information of all personally identifying characteristics and may share that Anonymized and Aggregated Data with third parties or publish it. This Anonymized and Aggregated Data does not personally identify you and helps us to measure the success of the Services and its features and to improve your experience. We reserve the right to make use of any such Anonymized and Aggregated Data in our sole discretion.

HOW WE PROTECT YOUR INFORMATION
We take measures to protect personal data you provide through the Services against loss, theft, and unauthorized access, use, disclosure or modification. These include physical, technological and administrative measures. However, We cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Services may not be accessed, disclosed, altered or destroyed. Email sent to or from the Services may not be secure. You should use caution whenever submitting information online and take special care in deciding what information you send to us via email.
We cannot guarantee that transmissions of your personal data will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners.

WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS OR CAUSES BEYOND OUR CONTROL.

YOUR CHOICES ABOUT YOUR INFORMATION
Controlling Your Settings. You can limit your browser or mobile device from providing certain information by adjusting the settings in the browser, operating system or device. Please consult the documentation for the applicable browser, operating system or device for the controls available to you. You can also stop receiving promotional emails from us by following the unsubscribe instructions in those emails.
Changing Your Information. To change Your information, please contact Us at info@Bonifii.com.
Email Communications. You can make changes regarding opting out of or otherwise receiving email communications from Us by contacting Us at info@memberpass.com.
Do Not Track. At this time, We do not recognize “do not track” signals sent from Web
browsers. In some cases, your browser may offer a “Do Not Track” option, which allows you to signal to operators of Websites, mobile applications, and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different Websites and mobile applications and services. Disabling tracking mechanisms may disable certain features of the Services. To disable tracking, please consult the documentation for your browser, operating system or mobile device. For some devices, it may not be possible to disable tracking mechanisms. You may also disable tracking by certain third-party services by opting out:
Google Analytics https://tools.google.com/dlpage/gaoptout/

Opt-Out. All MemberPass users have the option to stop using MemberPass at any time. To discontinue using your MEMBERPASS digital ID, please contact your credit union directly or email us at info@memberpass.com.

HOW LONG WE KEEP YOUR INFORMATION
We will only retain your personal data for as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal requirements.

CHILDREN’S PRIVACY
Our Websites are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Websites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Websites, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as provided at the bottom of this policy.

THIRD-PARTY SITES AND SERVICES
Our Digital Channels may reference or provide links to other websites, applications, or resources. If you access any website, application, or resources provided by a third-party, our Policy will not apply. Your interactions with such websites, applications, and resources are subject to the privacy policies of the third parties that operate them. Please review those policies carefully to understand how those parties will treat your information.

CALIFORNIA PRIVACY RIGHTS
The Policy describes the personal information that We collect, the sources from which We collect it, the purposes for which We use it, the limited circumstances under which We share personal information, and with whom We share it. The additional disclosures under this subheading are required by the California Consumer Privacy Act (the “CCPA”).
Categories of personal information collected, only for the website. The personal information that We collect, or have collected from consumers in the twelve months prior to the effective date of this Policy fall into the following categories established by the CCPA:
● identifiers such as your name, address, unique personal identifier, phone number, IP address, email address, social security number, passport number or similar identifiers are collected to provide the Services to you and to respond to your inquiries;
● commercial information such as products or services purchased, obtained or considered or other purchasing or consuming histories or tendencies are collected to provide the Services to you and to market additional Services We offer;
● personal information such as a credit card number may be collected if you purchase Services directly from us;
● Internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details is collected to provide the Services and to improve the quality of the Services; and
● geolocation data, such as the location of your device or computer is collected to provide the Services and notify you of other Services that may be available to you.
Categories of personal information disclosed for a business purpose. The personal information that We disclosed about consumers for a business purpose in the twelve months prior to the effective date of this Policy fall into the following categories established by the CCPA:
● identifiers such as your name, address, phone numbers, or IP address, in order to provide the Services;
● personal information, such as a credit card number, for example if we use a third party payment processor;
● commercial information, such as the details of a product or service you purchased if a third party service provider is assisting to provide that product or service to you;
● internet or other electronic network activity information, such as if we use a service provider to help us gather crash reports for analyzing the health of our devices and services; and
● geolocation data if needed to help us or our client deliver services to you.
Right to Request Access to or Deletion of Personal Information. You may have the right under the CCPA to request information about the collection of your personal information by Bonifii, or access to or deletion of your personal information. If you wish to do any of these things, please contact us using the information provided below.
No sale of personal information; use by third parties. In the twelve months prior to the effective date of this Policy, Bonifii has not sold any personal information of consumers, as those terms are defined under the CCPA. Bonifii will not sell your personal information without your consent. Bonifii will not provide your personal information without your consent to third parties, except (a) to our third party service providers for the purpose of assisting us with providing the Services and with operating the Digital Channels, (b) to our clients with whom you do business for purposes of providing the Services, and (c) when we believe release is appropriate to comply with law, enforce our site policies, or protect our or others rights, property or safety.
No Discrimination. Bonifii will not discriminate against any consumer for exercising their rights under the CCPA.

QUESTIONS/CONTACTING US
If you have any questions regarding this Policy, you may email us at info@memberpass.com or contact us by mail at:
Bonifii, 9249 S. Broadway #200-407, Littleton, Colorado 80129

© Copyright 2018-22 Bonifii, LLC. All Rights Reserved