Privacy Addendum for Utah Residents

Last Revised on: April 20, 2023

This Privacy Addendum for Utah Residents (“Disclosure”) provided by Sallie Mae Bank and its subsidiaries (“Sallie Mae”, “we”, “our”, or “us”)  supplements the information contained in Sallie Mae's Privacy Policy and applies solely to individual residents of the State of Utah ("consumers", "you", or “your”).

Please note that this Disclosure describes how we collect, use, disclose or otherwise process Personal Data, as defined below, of Utah residents, through our websites (our “Sites”), within the scopes of the Utah Consumer Privacy Act, Utah Code Ann.§§ 13-61-101 et seq ("UCPA"). “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual.

For the purposes of this Disclosure, Personal Data does not include:

  • Publicly available Personal Data from government records;
  • Deidentified or aggregated Personal Data;
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and
  • Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), and the Driver's Privacy Protection Act of 1994. To understand how we process Personal Data in connection with financial products and services, please review the Sallie Mae Privacy Notice.

Terms used in this Disclosure have the same meaning as provided in the UCPA. 

Categories of Personal Data Collected by us

We may have collected the following Personal Data from you:

Category of Personal Data
Collected
Disclosed for Business Purpose
Sold

Identifiers such as name, alias, address, email address, online identifiers, Internet Protocol (IP) address, Social Security numbers*, driver’s license*, passport*, or other government issued identification card*, account login*, financial account*, debit or credit card number in combination with any required security or access code.*

N/A

Protected Classification Characteristics* such as age, marital status, sex, sexual orientation, veteran or military status, racial or ethnic origin, religious or philosophical beliefs, union membership or genetic data.

N/A

Protected Health Information* such as medical history, genetic data or test results.

N/A

Commercial Information such as records of personal property, products or services purchased, obtained or considered. 

N/A

N/A

N/A

Biometric Information* such as physical or behavioral characteristics that are used or intended to be used to establish individual identity, such as for authentication or fraud prevention purposes.

N/A

N/A

N/A

Internet/Network Information such as information about your interaction with our Sites, applications or advertisements.

Geolocation Data such as the physical location of your device.

N/A

Sensory Information such as audio recordings.

N/A

N/A

N/A

Profession/Employment Information such as (for job applicants only) current or past job history.

N/A

Non-Public Education Information such as (for job applicants only) Personal Data from your educational records.

N/A

N/A

N/A

Message Content the contents of your mail, email or text messages, unless the intended recipient of such content is a business.

N/A

N/A

Inferences such as profiles generated from visits to our Sites and browsing behavior.

N/A

*This category of Personal Data is considered Sensitive Personal Data under UCPA.

Personal Data is retained in accordance with the Sallie Mae Records Retention Policy.

Sources of Personal Data Collected by us

We may have collected Personal Data from the following sources:

Sources
Examples

Directly from you

Credit card or loan applications, bank transactions, interactions with our college planning and scholarship tools, scholarship applications, Sites, and calls to our call center.

Indirectly from you

From observing your actions on our Sites and through the use of tracking technologies such as cookies.

Affiliates**

Companies (financial and nonfinancial) under common ownership or control with Sallie Mae. 

Business partners**

Institutions and other companies that refer potential applicants to our services, or that provide contact information or data append solutions.

Service providers**

Software providers, marketing companies, communication services, fraud prevention services, data analytics providers, data providers.

Third parties you directed to disclose Personal Data to us**

Payment processors, credit management programs, retailers, lenders.

Third party information and marketing partners**

Partners from whom we buy, lease, or otherwise obtain lists for marketing purposes.

Government or public sources

Publicly available data sources.

** Parties with whom we have a contractual relationship and a lawful basis for collecting this Personal Data (“Authorized Third Parties”).

Use and Disclosure of your Personal Data

See Section 3 HOW DO WE USE YOUR PERSONAL INFORMATION and Section 4 HOW DO WE DISCLOSE YOUR PERSONAL INFORMATION in the Sallie Mae Privacy Policy.
 

Disclosure of your Personal Data

We may disclose your Personal Data for our internal business operations (“Business Purposes”) to the following Authorized Third Parties: 

Authorized Third Parties
Examples

Affiliates

Other companies owned or controlled by Sallie Mae, and other companies owned by or under common ownership as Sallie Mae, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns.

Business Partners

Institutions and other companies that refer potential applicants to our services, or that provide contact information or data append solutions.

Service Providers

Third party service providers perform business or operational services for us or on our behalf, such as payment processing, website hosting, data analysis, infrastructure provisioning, IT services, customer service, email delivery services and other similar services, subject to contractual terms restricting the collection, use and disclosure of your Personal Data for any other commercial purpose.

In addition, we may disclose Personal Data to third parties with whom we partner to provide contests, scholarships or co-branded services, and such disclosure is necessary to fulfil your request or application.

Third party security providers detect, prevent, or otherwise address actual or suspected fraud, harassment, security or technical issues, violations of any law, rule, regulation or the policies of Sallie Mae.

Third party marketing partners who may have products or services we think you may enjoy.

Third parties, when you have authorized or directed us to disclose Personal Data to them

We share your Personal Data with third parties with your consent or at your direction.

Government entities and others, when we disclose Personal Data for legal or necessary purposes

Regulatory and law enforcement agencies

Your Rights and Choices

If you are a Utah resident, the UCPA provides you with certain rights with respect to your Personal Data. This section describes your CPA rights and explains how to exercise those rights, subject to UCPA exceptions.

If you would like to exercise your privacy rights, you do not need to create an account. However, we may ask you to provide additional Personal Data so that we can properly identify you in our dataset to track compliance with your request.  We will only use Personal Data provided in a request to review and comply with your request.  If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

If you have provided us with Personal Data to apply for or obtain a Sallie Mae product or service, please refer to the Sallie Mae Privacy Notice to learn about our privacy practices with respect to your Personal Data and how you may opt-out of certain types of sharing with Authorized Third Parties.
 

The Right to Knowledge / Specific Information
You have the right to request the following we may have collected and disclosed about you:

  • The categories of Personal Data;
  • The categories of sources of Personal Data;
  • The purposes for collecting Personal Data;
  • The categories of third parties with whom we disclose Personal Data; and
  • If we sold or disclosed your Personal Data for Business Purposes

The Right to Access / Data Portability
You have the right to access and obtain a copy of the specific pieces of Personal Data we have collected about you, upon verification of your identity.
 

The Right to Correct
You have the right to request that Sallie Mae correct inaccurate Personal Data that we collected and maintain about you.
 

The Right to Request Deletion
You have the right to request that Sallie Mae delete your Personal Data, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
 

To Submit a Request to Exercise Your Right to Know, Access (Portability), Correct and Delete
Call us at 1-833-556-6367 Monday-Friday 8am-8pm EST or complete the Consumer Rights Request Form.

We will need to verify your identity before processing your request, and this verification may require us to obtain additional Personal Data from you. We will only use Personal Data provided to review and comply with your request. In certain circumstances, we may decline a request to exercise the rights described above.

If you wish to submit a verifiable consumer request on behalf of your minor child, the verifiable consumer request must:

  • Provide sufficient information to allow us to reasonably verify you are legal guardian or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Response Timing and Format
We will endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we are unable to process your request in such time, we will inform you of the delay in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically. 
 

Right to Appeal
If we are unable to comply with all or a portion of your request, we will explain the reason(s) we cannot comply.  You may appeal our decision by resubmitting a request and we will inform you of any action taken or not taken in response to your request and explain the reason(s) for our decision within 60 days of receiving your request.

Information provided in response to a consumer request will be provided free of charge, up to twice annually per consumer.  We reserve the right to charge a fee to process or respond to your verifiable consumer request if we determine that such request is excessive, repetitive, or manifestly unfounded. If we determine that your request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
 

The Right to Opt-Out of Targeted Advertising, Sale or Sharing of Personal Data
You have the right to direct us not to: (i) process your Personal Data for the purposes of targeted advertising; (ii) sell or share Personal Data we have collected about you with Authorized Third Parties.  You have the right to limit the use and disclosure of Sensitive Personal Data we have collected about you. 

To opt out of the potential sale or sharing of your Personal Data or to limit the use and disclosure of your Sensitive Personal Data, visit the opt-out page by following the Link below:

“DO NOT SELL OR SHARE MY PERSONAL INFORMATION” or “LIMIT THE USE AND DISCLOSURE OF MY SENSITIVE PERSONAL INFORMATION”

Minor children under age 16.
We do not sell or share the Personal Data of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from a consumer who is between 13 and 16 years of age.  Sallie Mae does not knowingly solicit, sell, share, or collect any Personal Data from anyone under the age of 13.  If we learn that we have inadvertently collected Personal Data from a child under age 13, we will delete that Personal Data promptly. Consumers who opt-in to Personal Data sales or sharing may opt-out of future sales at any time. If you believe that we might have any Personal Data from a child under 13, please contact us at 1-833-556-6367 Monday-Friday 8am-8pm EST to opt-out of future sales or sharing or to inform us if your minor child, is under the age of 13. 
 

The Right to Non-Discrimination
You have the right to be free from discrimination for exercising any of the rights described above. 

The right to non-discrimination does not prohibit us from offering you certain financial incentives that may result in different prices, rates or quality levels of products or services. In addition, please note that if the exercise of the rights described above limits our ability to process Personal Data (such as in the case of a deletion request), we may not be able to offer our products and services to you in the future.
 

Changes to This Disclosure
This Disclosure may be updated or amended at any time and from time to time and will reflect the date it was last updated or amended. Under certain circumstances, we may also elect to notify you of updates or amendments to this Disclosure by sending you an email. Please check this Disclosure each time you utilize the Sites to ensure you are aware of any changes in our practices. Your continued use of the Sites indicates your acceptance of and agreement with the changes to this Disclosure.
 

Contact Information
If you have any questions or comments in connection with this Disclosure or Sallie Mae’s Privacy Policy, please do not hesitate to contact us at:

Phone: 1-833-556-6367 toll free Monday-Friday 8am-8pm ET.
Website: SallieMae.com/legal/privacy