Savana's Privacy Policy

Purpose:

The purpose of the Privacy Policy is to inform visitors to our website, including but not limited to potential and existing customers, partners, vendors, and job seekers, of the ways we gather, collect, store, use, transfer, manage, disclose, and delete any data that is collected from them.

All information collected may be used.

In the cases where information is used, it will be used in the spirit for which it was collected and will always only be used as permitted by law.

Any personal data that is collected for reasons other than website visit analytics, that Savana has been given permission to gather, collect, store, use, transfer, manage or disclose will be deleted at the written request of the person or entity that has reversed their permission to that data. Written confirmation of the permanent deletion will be given if requested and applicable.

 

Policy:


Website:

Savana collects information from website visitors to include, but not limited to potential and existing customers, partners, vendors, and job seekers when they visit our website.

We may collect data such as but not limited to IP addresses, login information, browser type, version, url clickstream, time and duration of visit, pages viewed, page response time, download information, upload information and any other interaction with the page using cookies. For candidates entering information such as resume and/or work experience, that information will also be stored, shared internally as appropriate for the purposes it was submitted.

We also may collect name, email address and any information that the website visitor chooses to enter in free text in a message to Savana or by completing a form on the Savana website.
That information may be used for any variety of marketing campaigns such as to alert previous visitors about offers, product updates, service updates, and for website optimization and our own analytics and may be saved indefinitely unless Savana has received explicitly written request to remove such data (see below).
Savana will not sell this personal information and it will only be shared with the appropriate internal and third parties in which to do our business.

Any person who enters their data / entity data through the Savana’s website that wishes to have their data updated in any way or purged from our files must contact: [email protected].

Upon receipt of such request, the requested update or data deletion will take place and the requestor of the change will receive a confirmation email, if there is an email for such person on file, that the change has taken place. After that confirmation has been sent and if the request was to delete all information including email, that email and all other information will be purged as requested.

 

Third Party Websites for Job Seekers:

Both Savana and our third-party partners collect information from potential job seekers when they enter any information, including but not limited to their contact information, resume, career related information and any other personal information that they choose to enter, into Savana’s Careers Page located on its third-party partner’ s website, ADP, as well as for other third-party websites such as LinkedIn.

Third parties’ sites that Savana partners with have their own privacy policies that govern the information that they track and keep, which each visitor to the site is made aware of and needs to accept or not. Savana will gather, collect, store, use, transfer, manage and disclose, and delete information as outlined above, or as outlined by each site.

 

Savana’s Solution:

Savana’s solution is a core agnostic platform that is designed to seamlessly unify any modern or legacy technology ecosystem, unlocking operational efficiency, customer engagement, and future innovation for financial institutions.
Because Savana’s solution is not a banking core, Savana is neither the collector nor controller of the information that may be accessible within the solution.

In compliance with regulatory obligations, our customer, a financial institution, must notify their consumer of the personal information they collect, the purpose for which they collect the consumer’s personal information, and the manner in which the consumer’s personal information is intended to be used by the financial institution.

Personal information is any information that a financial institution obtains about a consumer in conjunction with providing a financial product or service and includes information provided during any financial transaction such as consumer’s full name, address, phone number, date of birth, credit and debit card information, social security number, consumer account numbers, bank records, financial data, driver’s license number, passport data, birth certificates, and other sensitive consumer information.
As agreed upon in each fully executed master agreement between Savana and a financial institution, it is incumbent upon the financial institution, to obtain the consumer’s consent for any personal information collected that may be stored within the financial institution’s core and may be accessible within the Savana solution.

It is also the financial institution’s responsibility to ensure all data accessible within the Savana solution are accurate. Savana accepts no responsibility for the accuracy of any data entered into our solutions by our customers or their end users. Data belonging to the financial institution’s customers is very clearly outlined in executed agreements between Savana and each financial institution as being owned by and the responsibility of the financial institutions.

Any end user of the financial institution who wishes to update, change, edit or purge their data from the Savana solution licensed to the financial institution, must do so through that financial institution.

Savana’s solution is hosted in a managed environment, therefore, all data entered into our solutions may be accessed by the hosting provider as well as appropriate Savana personnel who are authorized to deploy, maintain, monitor, secure and ensure application availability within the managed hosted environment.

At the end of a contracted relationship between Savana and a financial institution, Savana will take down all related environments and permanently delete all data that was stored within the solution, according to the timelines agreed upon in the executed agreement between the two parties. Within the contracting process, customers may opt in to receive a copy of their data prior to Savana purging and permanently deleting the data. Once all data has been permanently deleted, Savana may verify that it has been done, in writing, to the customer, at the customer’s request. All actions related to the purging will be kept in Savana’s tracking system for audit purposes.

 

Third Parties Integrated into the Savana Solution:

Savana partners with many third parties to allow integrated and seamless functionality to our customers, financial institutions. In every case, each of those financial institutions will choose which vendors and functionality they would like as part of their overall solution and will consent via an agreement to their data being available to, accessed, collected, stored, used, complied, distributed, disclosed, managed and/or deleted from those services as applicable to each third-party service.

Other than described above and except as necessary to fulfill its obligations under executed agreements with customers, partners, and vendors, or as required by law, Savana does not gather, collect, store, use or disclose job seekers, potential or existing customer, partner or vendor’s non-public data.

 

Internal Access to and Use of Data to Fulfill Business Purposes:

Savana maintains physical, electronic, and procedural safeguards to restrict access to confidential or other non-public information to employees who need to know to provide services as described within individual contracts or as required by law. Savana’s solution is designed so that once the solution is licensed to the customers, data collected, used, or stored by such products are not accessible by or available to Savana, except for as follows:

  • During the onboarding process when Savana’s customer receives their license to use our solution, the financial institution is given guidance on how to give access to certain Savana employees, which would allow those with that the permitted access the ability to see and use specific data for the purposes of troubleshooting, product modifications or bug fixes.
  • Authorized Savana personnel whose role it is to deploy, maintain, monitor, secure and ensure the Savana solution is available within the managed hosted environment.

Financial institutions are instructed during their onboarding process to Savana, not to send personal data to Savana under any circumstances unless it is directly related to a troubleshooting issue.

If personal information must be sent to Savana, it must be done so in a secure way such as through an encrypted or secure email or through third party software with the means to keep the data secure.

If non-essential personal data is given to Savana in error, Savana has a procedure dictating that the information be removed from the vehicle from which was delivered to Savana, permanently delete the non-essential data, and send written communication back to the customer that the information has been deleted and to reiterate our policy of not sending non-relevant personal data.

In the event that a financial institution sends personal data to Savana because it is relevant to a business request from the financial institution, Savana will use and retain such data only as long as it is required to fulfill the business request from the financial institution, then such data are deleted from Savana’s data repositories in accordance with appropriate federal, state and local laws regarding the safe destruction of data containing personally identifiable or otherwise sensitive information.
Savana has internal policies for employees that outline:

  • Confidentiality and Proprietary Information
  • Acceptable Encryption
  • Acceptable Use
  • Data Privacy and Security
  • Information Security
  • NPI Security
  • Production Data Transmittal
  • Privacy
  • Data Retention and Destruction

Savana does not have a need to collect certain categories of personal data through our website or through our third-party partners unless it is specifically requested by us, and after receiving that consent, will only use that data for regulatory reporting or other specific reasons. Specifically, Savana does not have any need to collect information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data to uniquely identify a person or data concerning health or mental health, sexual orientation, criminal records, or other like-data. Please do not supply this data to Savana unless we specifically request it.

If you have any questions about the treatment of data you believe you have provided to Savana, please contact Nicole Venere, Chief Process & Innovation Officer at [email protected] or email the general Marketing mailbox at [email protected] to discuss your situation directly.