Additional document Privacy Notice
Additional document Privacy Notice
Effective as of November 1, 2022
We take our responsibility to protect the privacy and confidentiality of any information you give us, including personal information, sensitive data, and confidential information very seriously. We maintain an entire IT security team that regularly updates our physical, electronic, and procedural safeguards that comply with the legal standards to secure information from unauthorized access, accidental or unlawful alteration and destruction, and any other unlawful or unauthorized forms of processing. We also have strict employee policies, procedures, and rules concerning the safe handling and use of your private and confidential information.
To give our customers the best products we can offer, we collect various types of information. We want you to know what we may collect and how we use it.
To make a Privacy Request online, please use our Privacy Request Form located here.
The types of personal information we collect from you when you visit or use our online services include your name, email address, mailing address, telephone number(s), account numbers, limited location information, username, and password. We may also collect payment card information, Social Security numbers, driver’s license numbers (or comparable numbers), and your gender, race, and nationality when you provide it directly to us while using our online services and where we believe it is reasonably required for ordinary business purposes. In some instances, we create personal information about you, such as records of your interactions with us, and details of your accounts.
We do not seek to collect or process sensitive personal information unless it is required or permitted by law; necessary for the detection or prevention of crime; necessary to establish, exercise or defend legal rights; or we have your prior explicit consent to do so.
In addition to the personal information described above, we also collect certain information about your use of our online services. For example, we may capture the IP address of the device you use to connect to the online service, the type of operating system and browser you use, and information about the site you came from, the parts of our online service you access, and the site you visit next. As explained in more detail in our Cookies Policy.
We use and otherwise process the information we collect from you to help us deliver our online services; to administer, evaluate and improve our business (including developing new products and services, improving existing products and services, performing data analytics and other research tasks, communicating with you, and performing accounting, auditing and other internal functions); manage our risks; to market our services and products; and to comply with and enforce applicable laws and regulations, relevant industry standards, contractual obligations, and our policies. We also use data that we collect on an aggregate or anonymous basis (such that it does not identify any individuals or clients) for various business purposes and allow other third parties to do the same, where permissible under applicable laws and regulations.
By submitting data on our website, you are providing explicit consent to transmission of data collected on the website.
We take reasonable steps to ensure that the personal information we process is limited to what we require in connection with the purposes set out in this Policy; accurate and, where necessary, kept up to date; and erased or rectified without delay if it is inaccurate. From time to time, we may ask you to confirm the accuracy of your personal information.
For some of our online services, you can review or update certain account information by logging in and accessing a user profile section. If you cannot change the incorrect information online, or you prefer to request changes offline, please contact your Acra Lending representative using the contact information listed on your account statements, records, or other account materials.
Although our website is intended for United States users, we take privacy seriously for all and may sometimes contact you while you are in another Country. In those instances, our international policies are outlined below.
For customers located in the United Kingdom, please see our DPA disclosure.
For customers located in the European Union, please see our GDPR disclosure.
For customers located in Canada, please see our Privacy Act of Canada disclosure.
For customers located in the People’s Republic of China, please see our PIPL disclosure.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information also depends on you. We urge you to be careful about giving out information in public areas of the website and/or social media. The information you share in public areas may be viewed by any user of the website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to or from our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.
Depending on how and where you interact with us, you may have a right to one or more of the following with respect to your personal information we process or control:
To exercise one or more of these rights or to ask a question about them, please use the contact details provided below in the “Contact Information” section.
In addition to the rights you may have under applicable data protection laws, we may also give you choices regarding the sharing of personal information with affiliates and third parties based on your relationship(s) with us as a financial institution. Choices you have about the sharing of your personal information will be described in the privacy policies or notices you receive from us, such as those provided in connection with particular financial products or services you obtain from us.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances in accordance with applicable law.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests during that same time period. In this case, we will notify you and keep you updated.
We will retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide our services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether we need to retain the Personal Information for our legal purposes (statutes of limitations, litigation or regulatory investigations).
We will retain copies in a form that permits identification for as long as we deem necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period.
Our website is for financial services and therefore not intended for children under 18 years of age. We do not knowingly collect personal information from anyone under the age of 18 without parental consent. No one under age 18 may provide any personal information to or on the website. If you are under 18, do not attempt to register on the website or send any personal information about yourself to us, including your name, address, telephone number, or email address.
Acra Lending does not allow unaffiliated third parties to collect personal information about your online activities when you visit or use our online services. Nor do we use personal information collected across non-affiliated websites for the purpose of serving you advertising related to your browsing behavior. If we engage in this practice in the future, we will provide appropriate notice and choices so that you can opt-out of the practice.
If you have any questions or comments about our privacy practices, including any disclosures for direct marketing purposes, please contact your regular Acra Lending representative or write to us at [email protected], or contact us:
By Phone: (949) 900-6630 or (888) 800-7661
By Postal Address:
Citadel Servicing Corporation
3 Ada Parkway, Suite 200A
Irvine, CA 92618, USA
Under the Shine the Light law, California customers may request information about whether a business has disclosed personal data (as defined in that law) to any third parties for their direct marketing purposes. We don’t do that without your permission.
Do Not Track signals are a web browser setting or mechanism used to indicate that you do not want your online activity tracked. Because there is no universal standard of how to apply that setting, we currently do not honor them.
If you have any questions about this Online Privacy Notice, including any requests to exercise your legal rights, please contact us at [email protected].
Acra Lending is a dba name of Citadel Servicing Corporation
You have clicked on a link which leaves Acra Lending website, and you will be redirected to the Citadel Servicing website which is the servicing channel of
Social Security Numbers
Social Security numbers are treated as “confidential” and may only be accessed by and disclosed to our employees and others with a legitimate business need in accordance with applicable laws and regulations. Social Security numbers, whether in paper or electronic form, are subject to safeguards, and must be stored, transmitted, and disposed of in accordance with our internal policies created and maintained to protect confidential information from unlawful disclosure and to limit access. These restrictions apply to all Social Security numbers collected or retained by Acra Lending and related service providers and vendors.