Client Privacy Statement

Share:

Privacy Policy With Respect to Data Received From Clients

INTRODUCTION

Accertify, Inc. (“Accertify”) provides a hosted software data management tool that enables merchants to process and manage data associated with their consumer transactions. Accertify also provides other related offerings to its merchant clients. In connection with providing its services, Accertify receives personally identifiable information (“personal information”) from its merchant clients about a variety of online and offline consumer transactions (“transaction data”). This policy sets forth Accertify’s general privacy and security practices with respect to this personal information. While this policy sets forth Accertify’s general privacy and security practices, the detailed obligations and commitments of Accertify to our merchant clients is set forth in the contractual arrangements with merchant clients. In the event of a conflict between this policy and a merchant contract, the merchant contract prevails.

This policy does not describe how personal data is collected and processed by our merchant clients who obtain personal information directly from consumers. Consumers should review the privacy policies of the business entities with which they directly share their data to learn about such entities’ privacy practices.

For information about Accertify’s privacy and security practices relating to visits to the Accertify website, please review the Accertify Website Privacy Statement.

Accertify also has registered branch offices in England and Australia, both of which also adhere to all aspects of this Privacy Statement, including the EU-US Privacy Shield Principles and the US-Switzerland Safe Harbor Framework.

NATURE OF THE DATA RECEIVED

Accertify receives transaction data from its merchant clients, which generally are merchants selling goods or services on the Internet and in other card-not-present scenarios. Accertify does not conduct or fulfill consumer transactions, and, except as otherwise disclosed, Accertify does not collect or receive personal information directly from consumers. Rather, Accertify processes transaction data that consumers have provided to Accertify’s merchant clients.

Transaction data may relate to the purchase and sale of goods or services, website registration, chargeback requests, unauthorized use of a credit card or other form of payment, payment requests or other events relating to a merchant client’s website, property, or resources. This transaction data may include personal information, including but not limited to, a consumer’s name, billing address, telephone number(s), email address, IP geolocation information, device identification information, credit card number, behavioral analytics or other payment information.

The determination of which data elements a merchant client should provide to Accertify is made by the merchant client in consultation with Accertify personnel. Accertify only accepts data elements from merchant clients if the data are rationally related to the performance of the applicable service that a merchant client purchases from us. In general, Accertify does not accept data from merchants prior to execution of a definitive services agreement. Accertify advises merchant clients not to send data to Accertify in any manner that is outside of Accertify’s hosted software platform.

USE OF THE DATA RECEIVED

Accertify processes personal information to help its merchant clients prevent fraud related to card-not-present purchases, online scams, and policy abuse; address other transaction data management challenges; manage chargebacks, and obtain payment gateway services. Accertify may also process personal information received from its merchant clients to develop and provide other similar types of services to its merchant clients. For purposes of providing these services, Accertify retains records of commercial transactions and other interactions between Accertify’s merchant clients and individual consumers, which may contain personal information provided by a consumer in completing a transaction. Additional data elements may be added to the transaction record, through the use of third-party data services if those data services are elected by merchant clients.

The period for which personal information is retained is determined by the contract between Accertify and each individual merchant client and may vary based on the type of Accertify service.

However, specific elements of a transaction (such as an email address or phone number), believed to have been used in a fraudulent manner will be retained for longer periods consistent with Accertify’s agreements with its individual merchant clients. Consumers should contact the business entities with which they directly share their data to learn how long their transaction data may be retained. Accertify has put in place mechanisms to protect the accuracy and integrity of personal information.

In addition, subject to its agreements with merchant clients, Accertify may apply statistical analytics to aggregate data received from merchant clients, in order to identify patterns or anomalies that are useful in predicting the likelihood of fraud in any given transaction.

In certain cases, when agreed to by our merchant clients, Accertify may transfer transaction data from merchants to our corporate affiliates.

DISCLOSURES TO THIRD PARTIES

Accertify shares transaction data with third parties only in the following limited circumstances: (1) personal information may be accessible to third-party service providers processing data on behalf of Accertify; however, any such service providers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the US-Switzerland Safe Harbor; (2) personal information may be disclosed to third parties as directed by the merchant client which sent the information to Accertify, including to third-party services used to validate data elements (a list of select third-party services and service providers is available here); (3) Accertify may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements;  and (4) personal information may be provided to a third party to the extent Accertify enters into a transaction for the acquisition of all or substantially all of Accertify’s assets.

In addition, as part of one or more of Accertify’s discrete service offerings, such as RiskID or Accertify Index, elements of data may be retained and accessed in a limited manner by other clients of Accertify solely for the purpose of validating a consumer’s identity (specifically, to validate elements of data independently collected by such client) and only as directed by the merchant client that sent the information to Accertify. Accertify faces potential liability when we onward transfer to third parties.

ACCESS, CHOICE, CORRECTION AND DELETION OF PERSONAL DATA

Data subjects whose data is received by Accertify have the right under the Privacy Shield and Safe Harbor to access, correct or delete their personal data. They may do so by contacting Accertify’s merchant client that collected their data, or by contacting Accertify directly at the contact information noted below.

E-mail:                           legal@accertify.com (put “Privacy Compliance” in subject line)

Mailing address:          Legal/Privacy Compliance

                                      Accertify, Inc.

                                      2 Pierce Place, Suite 900

                                      Itasca, Illinois, 60143 USA

Telephone:                  +1 (630) 735-4400 (ask for Legal/Privacy Compliance)

EU-US PRIVACY SHIELD FRAMEWORK

Accertify complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries with respect to personal information we receive from our merchant clients. Accertify has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

U.S. – SWITZERLAND SAFE HARBOR FRAMEWORK

Accertify complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Accertify has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/

PRIVACY COMPLAINTS BY EUROPEAN UNION (EU) OR SWISS INDIVIDUALS

EU Individuals:

In compliance with the EU-US Privacy Shield Principles, Accertify commits to resolve complaints about consumers’ privacy and our collection or use of consumers’ personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Accertify at the contact information noted below.

E-mail:                           legal@accertify.com (put “Privacy Compliance” in subject line)

Mailing address:          Legal/Privacy Compliance

                                      Accertify, Inc.

                                      2 Pierce Place, Suite 900

                                      Itasca, Illinois, 60143 USA

Telephone:                  +1 (630) 735-4400 (ask for Legal/Privacy Compliance)

Accertify has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Under certain limited condition, individuals may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Swiss Individuals:

In compliance with the US-Switzerland Privacy Shield Principles, Accertify commits to resolve complaints about consumers’ privacy and our collection or use of consumers’ personal information. Accertify seeks to resolve consumer complaints about privacy and our collection or use of your personal information as soon as is practicable. Swiss individuals with inquiries or complaints regarding this privacy policy should contact Accertify at:

E-mail:                          legal@accertify.com (put “Privacy Compliance” in subject line)

Mailing address:         Legal/Privacy Compliance

                                     Accertify, Inc.

                                     2 Pierce Place, Suite 900

                                     Itasca, Illinois, 60143 USA

Telephone:                 +1 (630) 735-4400 (ask for Legal/Privacy Compliance)

Accertify has further committed to refer unresolved privacy complaints under the US-Switzerland Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

ENFORCEMENT

Accertify has implemented internal mechanisms to verify ongoing adherence to this policy. We periodically verify that this policy remains accurate, comprehensive for its intended purpose, and is accessible in accordance with applicable law. Accertify is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

AMENDMENTS

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield and Safe Harbor. Accertify will post any revised policy on this website.

CONTACT FOR QUESTIONS

Any questions about the accuracy, use, processing or storage of data received by Accertify should be directed to legal@accertify.com.

EFFECTIVE DATE: September 1, 2016