Privacy Policy

THIS PRIVACY POLICY APPLIES TO OUR WEBSITES.

This Privacy Policy describes how Pagaya Technologies, LTD and its subsidiaries (“Pagaya,” “we,” “our” or “us”) treat personal information collected on www.pagaya.com (the “Site”). This Privacy Policy does not apply to personal information Pagaya collects offline, through information collected from business-to-business transactions, or through other sites, including affiliate and third-party websites.

Pagaya’s services through this Site is only intended for business customers and is not intended for individual consumers. It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other fair processing notices and is not intended to override them. If there is a conflict between this document and a fair processing notice for a specific transaction, the more specific fair processing notice that applies to a specific transaction or collection of data will govern your relationship with Pagaya.

1. WE COLLECT PERSONAL INFORMATION FROM AND ABOUT YOU.

We may collect, use, store and transfer different kinds of personal data/personally identifiable information about you which may include the following categories:

  • Identifiers. This may include your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, phone number, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
  • Commercial information. This may include your records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity. This may include your browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement.
  • Geolocation data. This may include your physical location or movements.
  • Sensory data. This may include your audio, electronic, visual, or similar information.
  • Professional or employment-related information. This may include your current or past job history or performance evaluations.
  • Inferences drawn from other personal information. This may include information, data, assumptions, or conclusions derived from facts, evidence, or another source of information or data reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

2. WE COLLECT INFORMATION IN DIFFERENT WAYS.

We collect information directly from you.  For example, if you register with us, sign up for our newsletters, apply for a job, or send us an email via the Site.

We collect information from you passively. We use tracking tools like browser cookies and web beacons to provide and support our Site and each of the uses outlined in this Privacy Policy. Learn more about these tools and how you can manage them, by visiting our Cookies Policy, here.

We may collect personal information as otherwise described at the time of collection on the Site.

3. WE USE INFORMATION AS DISCLOSED AND DESCRIBED HERE.

  • We use information about you to respond to your requests or questions. For example, we might use your information to contact you about employment opportunities or to process your application for a job or application for our fact sheets.
  • We use personal information to communicate with you about your account. We may contact you to fulfill your orders, to provide you with services, or for billing and invoicing purposes.
  • We use personal information to communicate with you about our relationship. We may contact you about this Privacy Policy, the Site’s Terms of Use, or the Site’s Cookies Policy.
  • We use information to administer and protect our business and this Site. We may use personal information to enforce our rights, for fraud prevention, to comply with applicable laws and regulations, or to protect our company, affiliates, our customers, or our Site, or a third-party website or platform.
  • We use information to inform you about Pagaya. For example, we might send you information about Pagaya and what we offer if you register to ‘contact with Pagaya’ through our web or email. We might tell you about new features or updates. We may also use your personal information to send you information about career opportunities if you registered in ‘careers’ through our web or email.
  • We use information about you to improve our Site and the information we provide. We might use your personal information to deliver the Site and/or customize your experience with us. For example, we may use your personal information to improve the Site, our recruiting efforts and our other internal business purposes.
  • We may use your personal information as otherwise described or permitted by law, for any other purpose as described in this Privacy Policy, or in any other manner upon notice to you.

4. WE MAY SHARE PERSONAL INFORMATION WITH THIRD PARTIES.

We may share your personal information within the Pagaya subsidiaries.

We may share your personal information for our business purposes. For example, we might share your personal information with third parties in order to provide you with services requested by you or answer your questions.

We may share personal information with third parties who perform services on our behalf. For example, we share personal information with our vendors (e.g., IT services providers and background checks vendors), partners and consultants. We may also share personal information with companies that might operate our Site.

We may share personal information if we think we have to in order to comply with the law or to protect ourselves. For example, we may share personal information to respond to a court order or subpoena. We may also share it if a government agency or investigatory body requests. We might also share personal information when we are investigating potential fraud or if we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others.

We may share personal information with any successor to all or part of our business. For example, in the event of a merger, acquisition, divestiture, change of control, or liquidation of Pagaya or part of its business or subsidiaries (or in anticipation of such an event) we may share your personal information as part of that transaction.

We may share personal information for other reasons we may describe to you or as permitted by law.

5. YOU HAVE CERTAIN CHOICES ABOUT OUR MARKETING TOOLS.

You can opt out of receiving our marketing emails. If you receive emails from Pagaya due to your registration to ‘contact with Pagaya’ or ‘careers’ and you wish to stop receiving our emails, simply use the opt-out or unsubscribe method provided in emails you receive from us or contact us at [email protected].

6. INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC ASSOCIATION (EEA).

Controller (for EEA Customers). This Privacy Notice is issued on behalf of Pagaya Technologies, LTD and its subsidiaries, having its registered office at 121 Menachem Begin Rd., 54th floor, Tel-Aviv, Israel. Pagaya Technologies, LTD is the controller for the purposes of this Privacy Notice and responsible for this website. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact [email protected].

You have the right to make a complaint at any time to the appropriate supervisory authority in your country of residence. We would, however, appreciate the chance to deal with your concerns directly, so please contact us in the first instance.

Lawful basis for using your personal data (for EEA Customers). We will only use your personal data as permitted by law. Most commonly, we will use your personal data where:

  • we need to perform the contract we are about to enter into or have entered into with you;
  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you. You have the right to withdraw consent to marketing at any time by contacting us at [email protected].

Purposes for which we will use your personal data (for EEA Customers). Certain jurisdictions, most notably those subject to the General Data Protection Regulation (GDPR), require that there be a lawful basis to process personal data.  We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so for those jurisdictions that require a legal basis. We have also identified what our legitimate interests are where appropriate.

Note that in those jurisdictions that require a legal basis in order to process your personal information, we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at [email protected] if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To respond to your requests or questions

 

(a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Sensory data

(e) Professional or employment-related information

Performance of a contract with you
To communicate with you about your account

(a)   fulfilling orders

(b)  providing services

(c)   billing and invoices

 

(a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Sensory data

(e) Professional or employment-related information

Performance of a contract with you
To communicate with you about our relationship (including to notify you of changes to this Privacy Policy, our Terms of Use, or our Cookie Policy)

 

(a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Sensory data

(e) Professional or employment-related information

(f) Inferences drawn from other personal information

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services and develop our offerings)

To administer and protect our business and this Site (including to enforce our rights, for fraud prevention, to comply with applicable laws and regulations, or to protect our company, affiliates, our customers, or our websites, or a third-party website or platform) (a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Geolocation data

(e) Sensory data

(f) Professional or employment-related information

(g) Inferences drawn from other personal information

(a) Necessary to comply with a legal obligation

(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

To inform you about Pagaya (including information about Pagaya and what we offer, new features or updates, or information about career opportunities if you registered in ‘careers’ through our web or email)(a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Geolocation data

(e) Sensory data

(f) Professional or employment-related information

(g) Inferences drawn from other personal information

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
To improve our Site and the information we provide(a) Identifiers

(b) Commercial information

(c) Internet or other similar network activity

(d) Geolocation data

(e) Sensory data

(f) Professional or employment-related information

(g) Inferences drawn from other personal information

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)

Change of purpose (for EEA Customers). We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at [email protected].

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

Your legal rights (EEA Customers only). Under certain circumstances, you have rights under data protection laws in relation to your personal data. Specifically, you may:

  • Request access: to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction: of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure: of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have a compelling legitimate ground to process your information which overrides your rights and freedoms.
  • Object to automated decision-making: of your personal data when we use automated processing to reach decisions that produce legal or similarly significantly effects upon you. In some instances, Pagaya may use machine learning technologies and analytics to assist its business partners in deciding whether and on what terms to offer financial products to consumers. In the event that you choose to exercise this right, you may contest the automated decision, and a human will intervene in the decision-making.
  • Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer: of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain offerings to you. We will advise you if this is the case at the time you withdraw your consent.
  • Not to be subject to decisions based solely on automated processing: of your personal data. This applies to decisions that produce legal or similarly significantly effects upon you. In the event that you choose to exercise this right, you may express your point of view and contest the automated decision, and a human will review your situation.

If you wish to exercise any of the rights set out above, please contact us at [email protected].

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7. WE USE STANDARD SECURITY MEASURES.

The Internet is not 100% secure. We cannot promise that your use of our Site will be completely safe. We encourage you to use caution when transmitting personal information over the Internet. We keep personal information for as long as it is necessary or relevant for the practices described in this Privacy Policy. We also keep personal information as otherwise required by law or for internal compliance or record-keeping purposes.

8. WE STORE PERSONAL INFORMATION IN THE UNITED STATES.

Personal information we collect may be transferred to and stored within the United States. Our Sites are subject to U.S. laws, which may not afford the same level of protection as those in your country. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy. If you live outside of the United States, you understand and agree that we may transfer your personal information to the United States. You acknowledge that if you do not consent or would like to withdraw your consent to such transfer, please send us your request via email to.

9. WE MAY LINK TO OTHER WEBSITES OR HAVE THIRD PARTY SERVICES ON OUR SITES WE DON’T CONTROL.

Some of our content on the Site, especially under our ‘Blog’ will link you to third party websites, that we do not control. This Privacy Policy does not apply to the privacy practices of such third parties websites. Read the privacy policy of other websites carefully before you submit any personal information to these third party websites. We are not responsible for actions, omissions or practices of third party websites.

10. NOTICE TO PARENTS OF CHILDREN UNDER THE AGE OF 13.

Our Site is intended for general audiences and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information without parental consent, please contact us here. If we become aware that a child under 13 has provided us with personal information without parental consent, we take steps to remove such information and terminate the child’s account.

11. DATA RETENTION.

We will retain your personal information to the extent required or permitted by law and to the extent required for us to provide our services to you.

12. reCAPTCHA.

We might use in the future the reCAPTCHA service provided by Google Inc. (Google) to protect your submissions via internet submission forms on this site. This plugin checks if you are a person in order to prevent certain Site functions from being (ab)used by spam bots (particularly comments). This plugin query includes the sending of the IP address and possibly other data required by Google for the Google reCAPTCHA service. For this purpose, your input will be communicated to and used by Google. However, your IP address is previously truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area and is, as such, anonymized. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this Site, Google will use this information to evaluate your use of this service. The IP address provided by reCaptcha from your browser shall not be merged with any other data from Google.

This data collection is subject to the data protection regulations of Google (Google Inc.). For more information about Google’s privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/

By using the reCAPTCHA service, if and when needed on out Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

13. RIGHTS FOR INDIVIDUALS IN CALIFORNIA.

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, see below and visit www.oag.ca.gov/privacy/ccpa.

Your California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to: [email protected].

Online Tracking

Our Site does not support “Do Not Track” browser settings and does not currently employ any “Do Not Track” mechanisms or frameworks that would allow us to respond to requests from you regarding the collection of your personal information.

CCPA Disclosure for California Residents

The following disclosure is for California residents on the behalf of Pagaya Technologies, Ltd., Pagaya US Holding Company LLC, and its subsidiaries (“Pagaya”, “we”, “our” or “us”).

Overview

Pagaya is providing this disclosure in order to comply with the California Consumer Privacy Act (CCPA),which went into effect January 1, 2020. The CCPA is a law that provides additional data privacy rights to California residents with regards to the collection, use, and deletion of their personal information. “Personal Information” is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.

This disclosure supplements the information contained in our online privacy notices and provides California residents more information about Personal Information we may collect and disclose for a business or commercial purpose and explains how consumers can exercise those rights. Because Pagaya does not sell personal information, we have not included a description of the right to opt out of the sale of personal information. If you have any questions regarding our sharing practices, please e-mail us at [email protected].

The Policy covers Personal Information, that is collected, used, or disclosed outside of or separate from already exempted activities covered under federal law, such as when we collect Personal Information to offer you a financial product or service for personal, family, or household purposes.

Collection, Use, and Disclosure of Personal Information:
In the past 12 months, we have collected the following categories of personal information:

  • Identifiers. This may include your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
  • Personal information described in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)). This may include your name, address, and phone number.
  • Commercial information. This may include your records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity. This may include your browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement.
  • Geolocation data. This may include your physical location or movements.
  • Sensory data. This may include your audio, electronic, visual, or similar information.
  • Professional or employment-related information. This may include your current or past job history or performance evaluations.
  • Inferences drawn from other personal information. This may include information, data, assumptions, or conclusions derived from facts, evidence, or another source of information or data reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

In the past 12 months, we have collected personal information from the following categories of sources:

  • Directly from you when you provide us information or when you use our website (for example, browser cookies and web beacons).
  • From third parties (e.g., credit bureaus and consumer data resellers) that interact with us in connection with services and activities we perform.
  • Marketing list providers.

We also collect certain information from lending partners and when we purchase loans from lenders. However, with a limited exception, the CCPA does not apply to the collection, use, sharing, and disclosure of such information because this information is subject to federal privacy laws including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and/or the California Financial Information Privacy Act.

We may collect your personal information for the following business or commercial purposes:

  • Account Services: We use personal information to offer our account services, including: (1) establishing, maintaining, supporting, and servicing an account you may have opened with us and for which you provided the information or that you may have applied for or established with us; (2) providing services, products, or information you may have requested from us; and (3) performing services such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services on our own behalf or on the service provider’s behalf
  • Internal Research: We use personal information for our internal research related to technological development and demonstration.
  • Improvement of Products and Services: We use personal information to verify, maintain, and improve our products and services.
  • Legal Obligations: We use personal information to comply with legal obligations.
  • Commercial/Economic Interests: We use personal information to advance our commercial or economic interest.
  • Maintenance of Technology (e.g., debugging): To help maintain the safety, security, and integrity of our business websites, products and services, databases and other technology assets
  • Security and Fraud Detection: We use personal information for our security and fraud detection services including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity.
  • Advertising and Marketing Services: We use personal information to provide advertising or marketing services on our own behalf.
  • Audits: We use personal information to audit current interactions with you and related transactions (e.g., counting and verifying ad impressions, auditing compliance).
  • Merger/Acquisition/Bankruptcy, etc.: We may use your personal information as part of a merger, acquisition, bankruptcy, or other transaction where a third party assumes control of us.

Sharing or Disclosing Your Personal Information for a Business or Commercial Purpose

We may disclose the above categories of your Personal Information to third parties for business purposes or as required or permitted by law including with:

  • Our affiliates and subsidiaries;
  • Service providers;
  • Third parties to whom you authorize us, directly or indirectly, to disclose your personal; information in connection with products or services we provide to you; and
  • Government or regulatory authorities, as required by law

We do not “sell” personal information as defined by the CCPA and its implementing regulations, and, in the preceding twelve (12) months, we have not sold any personal information. Also, it is our business practice not to collect or sell personal information of minors under 16 years of age and we have no actual knowledge of doing so.

Your Rights Under CCPA

The CCPA provides you with certain rights regarding the collection, use, sale, sharing, and disclosure of your personal information. As we noted above, because Pagaya does not sell personal information, we have not included a description of the right to opt out of the sale of personal information. If you have any questions regarding our sharing practices, please e-mail us at [email protected]. In addition, as noted below, certain CCPA rights do NOT apply to business consumers.

As a California resident, you have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months including:

  • The categories of Personal Information we have collected about you;
  • The categories of sources from which we have collected Personal Information about you;
  • The business or commercial purpose for collecting that Personal Information;
  • The business purpose for disclosing that Personal Information to third parties;
  • The categories of third parties with whom we have shared or share that Personal Information;
  • The categories of Personal Information we have disclosed or shared with a third party for a business purpose; and
  • The specific pieces of Personal Information we have collected about you.

This right does apply to business consumers.

Right to Request Deletion of Personal Information

California law gives you the right to request deletion of your Personal Information. We limit the Personal Information that we collect from you and only collect Personal Information from you for business or commercial purposes. Pagaya is providing the following methods to request deletion to comply with the CCPA. However, please keep in mind that Pagaya is not required to honor your request for deletion if the Personal Information is needed for a business purpose. In addition, this right does apply to business consumers.

Non-Discrimination Rights

You have the right to not receive discriminatory treatment for the exercise of privacy rights conferred by the CCPA.

Exercising Your Rights

If you are a California resident, you can submit a request to us by:

Only you, or a person registered with the California Secretary of State whom you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request twice within a 12-month period.

For a verifiable consumer request, you must be able to:

  • Describe your request with sufficient detail to allow us to properly understand, evaluate, and respond; and
  • Provide sufficient information to allow us to reasonably verify you are the California resident about whom we collected Personal Information or an authorized representative of such resident. The information you provide must include:
    • Confirmation of California residency;
    • Full name;
    • Address;
    • Email address; and
    • Other information that authenticates you (if a customer) or verifies you (if non-customer or authorized party).

We cannot respond to your request or provide you with personal information if we cannot verify your identity or confirm that the personal information relates to you. Submitting a verifiable consumer request does not require you to create an account with us.

Response Time and Method

Once we receive your verifiable consumer request, we will confirm our receipt of your request within 10 business days and provide you with additional information about how we will process the request. Our goal is to respond to your request within 45 calendar days of receiving the request, beginning on the day we receive the request. However, in the event that we need more time (up to 90 calendar days) to respond to your request, we will provide you with notice and an explanation of the reasons that we will take more than 45 calendar days to respond. Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. If we are unable to comply with a given request, we will provide you with a response explaining why we have not taken action on your request and identifying any rights you may have to appeal the decision.

We will not charge you to verify your identity. In addition, we will not charge you or your authorized agent a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

14. FEEL FREE TO CONTACT US IF YOU HAVE MORE QUESTIONS.

If you have any questions about this Privacy Policy or other privacy concerns, please contact us at [email protected] , 646-560-5095, or at:

Pagaya Technologies, LTD
121 Menachem Begin Rd.
54th floor
Tel-Aviv, Israel

Attn: Legal / Privacy Matters

Pagaya Pagaya US Holding Company LLC
90 Park Avenue
31st Floor
New York, NY 10016

15. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy was last updated on 09.10.2021. From time to time we may change our Privacy Policy. We will notify you of any material changes to our Privacy Policy as required by law by posting a notice on our Site prior to the change becoming effective. We will also post an updated copy on our Site once the changes are effective. Please check our Site periodically for updates. You are bound by any changes to the Privacy Policy when you use the Site after such changes have become effective.

© 2021 Pagaya technologies, LTD. All rights reserved.

Job Candidate Privacy Notice

This Job Candidate Privacy Notice (“Notice”) describes what personal data we, Pagaya, and our affiliates (“Pagaya”, “we”, “our” or “us”) – collect and process on our job candidates and applicants (“Candidates”, “you” or “you”) with respect to our application and recruitment process, why we collect it and how we use it. It also describes how candidates may exercise their rights to such data held with us.

We strongly urge you to read this Notice and make sure that you fully understand and agree to it. If you do not agree to this Notice, please avoid providing us with your data.

You are not legally required to provide us with any personal data, but without it we may not be able to process your application.

1. What data do we collect, how do we collect it, and how do we use it?

Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, resume/CV, work-related data, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as recruitment agencies, background check services (as applicable and subject to applicable law), or your references.

We will only use your personal data when the applicable law allows us to. Most commonly, we may use such data to assess our Candidates’ skills, qualifications and overall to verify, consider and process their application and candidacy for any of our positions, and to communicate with them regarding such processes. We may also use it to manage risk and enhance our security and anti-fraud measures, and to create aggregated statistical or inferred data regarding our Candidates, for further development and improvement of our recruitment processes.

In addition, we may use it to act as permitted by, and to comply with, any legal or regulatory requirements. Should we wish to conduct any additional activities that may require the use of your data, we will request your specific consent in advance.

2. Where do we store our Candidates’ data?

Your personal data will be maintained, processed and stored by Pagaya and our Service Providers (as defined in Section 5 below) in Pagaya’s different offices worldwide including Israel, and the United States, in the applied position’s location(s), and other jurisdictions, as necessary for the proper handling of your candidacy.

While privacy laws may vary between jurisdictions, Pagaya, its affiliates and Service Providers processing personal data on our behalf are each committed to protect personal data in accordance with this Notice, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

3. For how long may we keep your data?

We may retain Candidates’ data even after the applied position has been filled or closed. This is done so we could reconsider Candidates for other positions and opportunities at Pagaya; so we may use their personal data as reference for future applications submitted by them; in case the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.

4. How will we secure your data?

Pagaya has implemented security measures designed to protect the personal data of our candidates, including physical, procedural and electronic measures. These measures provide sound industry standard security, confirmed also by Pagaya’s SOC 2 type II certification. We also regularly seek new ways and tools for further enhancing the security of our system and the integrity of the personal data that we hold. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us.

5. Who will have access to your data?

Pagaya will share your personal data with several selected Service Providers, whose services and solutions complement, facilitate and enhance our own. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, recruitment software providers, background checks providers, data and cybersecurity services, web analytics, and our business, legal, compliance and financial advisors (collectively, “Service Providers“). Such Service Providers may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes.

Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Pagaya, any of our customers or employees, or any member of the general public.

Finally, we may share personal data internally within our family of companies, for the purposes described above. In addition, should Pagaya undergo any change in control, including by means of merger, acquisition or purchase of all or part of its assets, your personal data may be shared with the parties involved in such event.

6. Which cookies and tracking technologies do we use?

Pagaya uses certain monitoring and tracking technologies, such as “cookies” and other downloaded data files, including ones offered by our Service Providers. These technologies are used to maintain, provide and improve our processes and operations on an ongoing basis, and in order to provide a better experience to our website visitors and Candidates.

For example, these technologies enable us to better secure our website and services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our services and processes.

To learn more about our cookies practices, please visit our Cookie Policy.

7. How can you access your data or request to delete it?

If you wish to exercise your rights under applicable law to request access to your data, to rectify it, to erase it, or to port it, or to object to its processing, or to withdraw consent with respect to the data you shared with us, or to exercise any similar rights afforded to data subjects under the laws that apply to you – please send us an email to [email protected], and we will respond within a reasonable timeframe and in accordance with applicable laws.

Please note that we may require additional information, including certain personal data, in order to authenticate and process your request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with Section 3 above. We may redact from the data which we will make available to you, any personal data related to others.

Please also note that such rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal data that we hold about you. In the event that we cannot accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

8. Will this Notice be updated?

We may update this notice to reflect changes in our privacy practices. If we make any changes that we deem as “material”, we will update this page prior to the change becoming effective.

9. What if you have any questions?

if you have any comments or questions regarding our data practices or your privacy, or if you have any concerns regarding your personal data held with us, or if you wish to make a complaint about how your personal data is being processed by Pagaya, you can contact our Data Protection Officer at [email protected].

Last updated: October, 2021

Contact