PRIVACY AND SECURITY NOTICE

Enact Mortgage Insurance Corporation, Enact Financial Services, Inc. and other subsidiaries of Enact Mortgage Holdings, LLC understand the importance of protecting the privacy of your borrowers. We recognize that your borrowers' nonpublic personal information (“NPI”) belongs to you, and our goal is to treat this sensitive data carefully and in accordance with applicable law and this privacy notice.1

COLLECTION OF NONPUBLIC PERSONAL INFORMATION

Generally, we rely upon the information you provide to us, and do not obtain NPI from other sources, except from a consumer reporting agency to supplement and confirm the information you have provided to us. The information we collect includes a broad array of consumer data that enables us to evaluate your customers' eligibility for a loan program or for mortgage insurance, such as (but not limited to) employment history, credit history and credit score, income, assets and liabilities, and similar financial information. In addition to NPI, we also collect information relating to the real property securing the loan. In limited situations, after the origination of an insured loan, we may obtain additional NPI directly from the borrower, from consumer reporting agencies, or other third parties.

USE AND SHARING OF YOUR BORROWERS' NONPUBLIC PERSONAL INFORMATION

Enact will not share your borrowers' NPI with affiliated companies or third parties, except as permitted by applicable federal and state privacy laws and regulations, and as further described and limited by this notice. Enact will use and share such information only as needed to provide the services your company has requested, which may include loan underwriting, mortgage insurance underwriting and policy servicing, claims administration, and loss mitigation and recovery efforts. Enact may disclose NPI to approved vendors who help Enact perform the functions described above. Enact will require all third parties with whom it shares NPI to maintain the confidentiality of such information and to use it only for the specific business purpose for which it was provided. Enact does not share or sell your borrowers’ NPI to third parties for marketing purposes.

Periodically, borrower data that is not personally identifiable may be shared with third parties, including consultants, regulators, and industry trade groups for purposes of risk management, industry reporting, or other analytical purposes. Additionally, we will share your borrowers' personal information as required by applicable federal and state laws and regulations, including as required to comply with subpoenas, regulatory inquiries or examinations. We may also share borrower data with Fannie Mae and Freddie Mac in the course of administering the insurance coverage for loans where those entities are the beneficiaries of our insurance.

BORROWERS' ACCESS TO THEIR DATA

Please note that upon written request, your borrowers have the right to obtain a copy of the personally identifiable information we maintain concerning them, and they may request correction or deletion of any disputed information pursuant to a process described in the North Carolina Insurance Information and Privacy Protection Act.

EMPLOYEE TRAINING

To promote heightened awareness of privacy issues, we train our employees on permissible use of all NPI, and on security procedures intended to minimize the risk of unauthorized access or disclosure. Our training includes a review of the requirements of applicable privacy laws and this privacy notice.

ADDITIONAL PRIVACY INFORMATION FOR RESIDENTS OF CALIFORNIA

This Privacy Notice (“Notice”) is in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) which became effective on January 1, 2020. This Notice provides how Enact and its subsidiaries and affiliates (collectively, “Enact”) collects, uses, and discloses personal information about California residents. Personal information is defined by the CCPA to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. However, please note that not all personal information collected, used or disclosed by Enact is subject to the CCPA. For example, the CCPA does not apply to information protected by the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act (“HIPAA”), or the Fair Credit Reporting Act (“FCRA”).

California Resident is referred to in this Notice as “you” and “your” and Enact is referred to in this Notice as “we”, “us,” and “our.”

I. Information We Collect

Over the past 12 months, we may have collected the following personal information about you depending on our specific transaction with you:

  1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers that are capable of being associated with a particular individual.
  2. Characteristics of protected classifications under California or federal law, such as your race or sex.
  3. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  4. Biometric information, such as voice prints.
  5. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement.
  6. Geolocation data, such as device location.
  7. Audio, electronic, visual, thermal, olfactory, or similar information, such as call recordings.
  8. Professional or employment-related information, such as your employment history.
  9. Education information, such as your school records or degrees earned.
  10. Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Enact may receive this personal information directly from you or indirectly from you through your use of our websites or your other interactions with us. We may also receive this information from our affiliates, subsidiaries, vendors, or service providers. Enact collects this information for the following business or commercial purposes:

  1. Marketing our products and services to you, including responding to your requests for product or service information.
  2. Researching and analyzing our marketing efforts.
  3. Responding to legal requests and complying with regulatory requirements.
  4. Auditing our interactions and concurrent transactions with you, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity.
  6. Debugging to identify and repair errors that impair existing intended functionality of our websites and other interactions with you.
  7. Short-term, transient use, when your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction.
  8. Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.
  9. Undertaking internal research for technological development and demonstration.
  10. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

II. Information We Share

Over the last twelve (12) months, we may have disclosed your personal information to a third party for a business or commercial purpose. The types of personal information and the business and commercial purposes are consistent with what is described in Section I of the Notice.

III. Your Rights

Once we receive a verifiable request from you, you have the right to request that we provide you with the following:

  1. The categories of personal information we have collected about you.
  2. The categories of sources from which the personal information is collected.
  3. The business or commercial purpose for collecting personal information.
  4. The categories of personal information that we have disclosed about you for a business purpose.
  5. The categories of third parties with whom the business shares personal information.
  6. The specific pieces of personal information we have collected about you.

You also have the right to request that we delete personal information about you.

Please note that we may not be able to honor all requests. The reasons we may not be able to honor your requests include, but are not limited to, the following:

  1. We may not be able to verify your identity;
  2. We may not be able to verify you have the authority to request on behalf of someone else;
  3. The information you request is exempt from the requirements of the CCPA or to the CCPA requirements of requesting to know or delete; or
  4. You have requested this information more than twice during a twelve (12) month period.

Further, we are not required to provide you with information about any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained. We are also not required to reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.

IV. How to Make a Request to Know or to Delete Personal Information

If you would like to make a request to know the personal information we have collected or maintained about you or if you would like to request we delete your personal information, please submit your request using our Online Form or please call the ActionCenter at 800-444-5664 Monday through Friday 8:00 AM to 8:00 PM ET. If using the contact form, please put in the comments section either “CCPA – Request to Know” and/or “CCPA – Request to Delete” along with details of your specific request.

You will also need to indicate whether you are acting on another’s behalf and indicate in what capacity you are acting. For example, if you are acting as attorney-in-fact pursuant to a power of attorney, we will require you to provide us with a copy of the power of attorney. If not acting as an attorney-in-fact or in a manner ordered by a court, you will need to provide us with notarized written permission from the individual. If submitting an online request, you will not need to submit these documents in the initial request. We will reach out to you separately with instructions.

Based on the information you provide us in the contact form or over the phone, we may need additional information to verify your identity. If we have questions regarding your identity after we receive your request, we will contact you for additional information.

V. Specific Rights for Employees and Contractors

As a job applicant, employee or contractor of Enact, you have certain rights under the CCPA. Among those rights include knowing the categories of information we collect about you and the purpose for which we will use your personal information. Also, we cannot collect additional categories of personal information about you or use your personal information for additional purposes without providing you with an additional notice. However, the CCPA does not provide you with the right to submit a request to know or a request delete personal information as stated in Sections III and IV of this Notice. Please see below for the categories of personal information Enact collects as well as the purposes for which we collect that information.

The categories of information we collect about job applicants, employees, and contractors may include the following:

  1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers that are capable of being associated with a particular individual.
  2. Personal Information, such as your financial, medical or health insurance information.
  3. Characteristics of protected classifications under California or federal law, such as your race or sex.
  4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  5. Biometric information, such as voice prints.
  6. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement.
  7. Geolocation data, such as device location.
  8. Audio, electronic, visual, thermal, olfactory, or similar information, such as call recordings.
  9. Professional or employment-related information, such as your employment history.
  10. Education information, such as your school records or degrees earned.
  11. Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

The purposes we collect the above categories of personal information include:

  1. To properly review and assess your job application or contract.
  2. To review and manage your role and performance as an employee or contractor, including any correspondence between you and Enact.
  3. To manage and administer your pay and applicable benefits, such as your health insurance and 401(k).
  4. To support Enact’s efforts in maintaining a safe and supportive work environment.
  5. To research, analyze and develop business or product plans.
  6. To conduct investigative criminal background checks or obtain consumer reports containing information as to your character, general reputation, personal characteristics and mode of living.
  7. To prevent, detect, and address any and all security incidents and illegal activity.
  8. To meet any legal, regulatory, or court-ordered requirements associated with your job application, employment, or contract.

VI. We Do Not Sell Your Data

We do not sell your personal information to third parties, including the personal information of minors under 16 years of age. This is also noted in our Online Privacy Policy which can be found here.

VII. Discrimination Prohibited

We will not discriminate against you because you exercised any of your rights under the CCPA.

VIII. Changes to the Notice

We reserve the right to amend this Notice at any time. Please check the “last updated” date at the end of this Notice to see when the Notice was last updated.

IX. Questions or Concerns

If you have any questions or concerns about what has been provided in this Notice, please send your question or concern to the following address or contact the ActionCenter at 800-444-5664:

Enact
Attention: Chief Compliance Officer
8325 Six Forks Road
Raleigh, NC 27615

Last Updated: February 7, 2022

We do not sell personal information to third parties.

SECURITY

In order to protect the confidentiality of your borrowers' personal information, we maintain procedures and technology designed to prevent unauthorized access to both electronic databases and paper files. These include placement of firewalls and deployment of data loss prevention and intrusion detection software. We limit access to NPI to those individuals who require such access to perform their assigned responsibilities. We also restrict access to our premises to authorized personnel via card keys and video surveillance. We will give you prompt written notice as required by law if we become aware of any unauthorized access to your data. When disposing of paper files or other tangible storage media containing NPI, such media will be shredded, mutilated, or otherwise rendered unreadable. For further details on our security protocols, you may obtain a copy of our Information Security Procedure by contacting the ActionCenter® at 800-444-5664. You may also review this document via our website at enactmi.com.

We reserve the right to modify this privacy notice, but will provide at least 30 days' prior written notice of any material change. If you have any questions or comments concerning this notice, please contact the ActionCenter® at 800-444-5664

Version date February 7, 2022

1This Privacy Policy applies only to Enact's US-based operations.

© 2022 Enact Holdings, Inc. All rights reserved.