1. Collection of Personally Identifiable Information
Information about you is collected directly from you through the Pay Portal and may also be provided directly by the Payor. This information may include your name, home address, telephone number, personal e-mail address, your forwarding address (e.g. during a vacation), previous address(es), billing and account information (such as credit card, or bank account number), your mailing preferences, delivery instructions, transaction history, and service preferences as well as other information defined as non-public or private information about you pursuant to applicable law. In addition, from time to time, via the Pay Portal or otherwise, you may be asked to provide more detailed information regarding your interests, occupation and background. For example, sometimes users of the Pay Portal may be asked to complete surveys in order to get a better sense of who they are and what issues, products or services may be of interest to such users.
2. Use of Personally Identifiable Information Collected
We may use personally identifiable information to process payment transactions on Payor’s behalf, to respond to your inquiries or requests, and provide customer support.
We may also use information that we collect to improve the Web Site and the Pay Portal, and for our analyses. We may remove the elements of your information that could identify you. We may use and disclose the resulting “de-identified” information without restrictions. For example, we may create de-identified, statistical, and aggregate data to prepare reports about the Pay Portal that do not identify any individual users.
We may also use personally identifiable information:
- to establish your identity and obtain contact information for you;
- to protect against error and fraud;
- to provide you with services to supplement the Pay Portal, which may be offered by Payor, Us, or other service providers of Payor, including any network partners;
- to develop and manage this Web Site and the Pay Portal;
- to distribute this Web Site’s newsletters and other material to individuals on this Web Site’s mail and e-mail lists, including via third party mailing houses and e-mail service providers;
- to understand and respond to your needs and preferences, including to contact and communicate with you and to conduct surveys, research and evaluations;
- to prevent potentially prohibited or illegal activity, and to enforce this Web Site’s Terms;
- to develop, enhance, market, sell or otherwise provide this Web Site’s products and services;
- as permitted by, and to comply with, any legal (including contractual) or regulatory requirements or provisions; and
- for any other purposes to which you consent.
3. Disclosure of Personal Information
We may share personally identifiable information about you with the following parties for the purposes described below:
- with your Payor. You should consult with your Payor to learn how your Payor uses any personally identifiable information, as we have no control over personally identifiable information once it is disclosed to your Payor.
- with our subsidiaries or affiliates to provide joint content, products, and services.
- with law enforcement, government officials, or other third parties to:
- respond to law enforcement requests or where required by applicable laws, court orders, or government regulations; or
4. Marketing and Opt-Out
We will not sell or otherwise give information about you to other parties for their marketing purposes without your explicit consent. We may use your personal information to improve and personalize Pay Portal, content, and advertising. You can also opt out from us using your personal information to send marketing communications by submitting a request in writing to firstname.lastname@example.org.
5. Cookies / Passive Information Collection
6. Cross Border Transfer
Your personally identifiable information is stored in Canada and the United States, and may be stored and processed in any other country where we have service providers or in the country where your Payor is located. By using the Web Site or by providing consent to us (where required by law), you agree to the transfer of information to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. Please see Section 11 below for information about Hyperwallet’s participation in the in the EU-U.S. Privacy Shield framework.
7. Data Retention
We will keep personally identifiable information about you only as long as we need it to provide you services, and thereafter as permitted or required by applicable law.
8. Data Access, Correction, and Deletion
You have the right to access personally identifiable information maintained about yourself and to impose certain limits on the use and disclosure of such personal data. Individuals who seek access to their personal data, or want to make a request regarding the use or disclosure of their personal data may log in to this Web Site and click “Profile”, then “Update or contact us at email@example.com. However, if you decide to remove or not provide certain personal information, you may not be able to utilize the services offered in the Pay Portal, including receipt of funds from the Payor. You may request details of personally identifiable information, for which we may charge a reasonable fee. Some of the personally identifiable information in your profile may only be updated in your Payor’s system. In such case, your Payor may provide the information to Us so that We may update your profile in our systems.
9. Security Measures and Communicating with Us
We take reasonable steps to protect information about you in our possession and control, such as personally identifiable information associated with the Web Site, and to protect such information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mail sent between you and us may not be secure.
11. EU-U.S. Privacy Shield framework
Hyperwallet participates in the EU-U.S. Privacy Shield framework, and therefore has committed to adhere to the Privacy Shield Principles regarding the collection, use, and retention of personal data transferred to the United States from the European Union.
To learn more about the Privacy Shield program, and to view our certification page, you may visit the Department of Commerce’s Privacy Shield list at https://www.privacyshield.gov/list.
We limit the collection and use of personal data to that which is necessary to administer our business, including to process payment transactions, protect against fraud, and provide customer service. We may disclose personal data to our service providers, business partners, payors, and others who assist us in providing our services. Hyperwallet’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Hyperwallet may be liable with respect to the onward transfer to third parties of EU data subjects’ personal data received pursuant to the EU-U.S. Privacy Shield, unless Hyperwallet proves that it is not responsible for the event giving rise to the damage.
Please note that in certain situations Hyperwallet may be required to disclose personal data if it is the subject of a lawful request by public authorities, including to meet national security or law enforcement requirements.
Questions, Complaints, Recourse, and Contact Information
For complaints by individuals residing in the EU that cannot be resolved with Hyperwallet directly, Hyperwallet has chosen to cooperate with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA contacts.
If neither Hyperwallet nor the DPA resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
Hyperwallet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Last Updated September 29, 2016