Effective Date: September 25, 2017
- Collection of Personally Identifiable Information.
- Use of Personally Identifiable Information Collected.
Information about you is collected directly from you and may also be provided directly by the Payor. Information collected directly from you may be collected through you calling our Customer Service, recorded communications, Web Site, and the Pay Portal. This information may include your name, home address, telephone number, personal e-mail address, your forwarding address (e.g. during a vacation), previous address(es), billing and account information (such as credit card, or bank account number), your mailing preferences, delivery instructions, transaction history, and service preferences, as well as other information defined as non-public or private information about you pursuant to applicable law. In addition, from time to time, via the Pay Portal or otherwise, you may be asked to provide more detailed information regarding your interests, occupation and background. For example, sometimes users of the Pay Portal may be asked to complete surveys in order to get a better sense of who they are and what issues, products or services may be of interest to such users.
We may use personally identifiable information to process payment transactions on Payor’s behalf, to respond to your inquiries or requests, and provide customer support.
We may also use information that we collect to improve the Web Site and the Pay Portal, and for our analyses. We may remove the elements of your information that could identify you. We may use and disclose the resulting “de-identified” information without restrictions. For example, we may create de-identified, statistical, and aggregate data to prepare reports about the Web Site and Pay Portal that do not identify any individual users.
We may also use personally identifiable information:
- to establish your identity and obtain contact information for you;
- to protect against error and fraud;
- to provide you with services to supplement the Web Site or Pay Portal, which may be offered by Payor, Us, or other service providers of Payor, including any network partners;
- to develop and manage the Web Site and Pay Portal;
- to distribute the Web Site’s or Pay Portal’s newsletters and other material to individuals on the Web Site’s or Pay Portal’s mail and e-mail lists, including via third-party mailing houses and e-mail service providers;
- to understand and respond to your needs and preferences, including to contact and communicate with you and to conduct surveys, research and evaluations;
- to manage complaints;
- to prevent potentially prohibited or illegal activity, and to enforce the Pay Portal’s Terms;
- to develop, enhance, market, sell or otherwise provide the Web Site’s and the Pay Portal’s products and services;
- as permitted by, and to comply with, any legal (including contractual) or regulatory requirements or provisions;
- to send you content or advertisements of goods or services that may be of interest to you based on your access or use of our services (“Advertisements”); and
- for any other purposes to which you consent.
We may share personally identifiable information about you with the following parties for the purposes described below:
- with your Payor. You should consult with your Payor to learn how your Payor uses any personally identifiable information, as we have no control over personally identifiable information once it is disclosed to your Payor.
- with our subsidiaries or affiliates to provide joint content, products, and services.
- with a Provider to provide information about you and your Payor necessary for such Provider to provide the Third-Party Service you elect.
- with law enforcement, government officials, or other third parties to:
- respond to law enforcement requests or where required by applicable laws, court orders, or government regulations; or
We will not sell or otherwise give information about you to other parties for their marketing purposes without your explicit consent (“Third-Party Marketing”). If such consent is provided, you may opt out at any time after such consent is provided. To opt out from us using your personal information for Third-Party Marketing or Advertisements you may submit a request in writing to firstname.lastname@example.org and put “Marketing Opt-Out” in the subject line.
Additionally, for fraud monitoring purposes, we may place “cookies” on your device to identify it in the future when you use the Pay Portal to connect with our applications. We will transmit a device identification code, as well as IP address and other technical device attributes, to a third-party service that determines whether the devices have been identified with fraudulent or abusive transactions in the past, such as reported instances of identity theft, account takeovers or malware attacks. This information helps us decide whether to accept, deny or review transactions from such personal computers, mobile phones, or other devices. We may report to the third party if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us. If you set your browser or device to reject these cookies or tokens, you may not be able to authenticate your device or conclude some transactions through the Pay Portal.
We share with the third-party service only information about the device you are using, which may also have been used or appropriated by others, and do not identify you or reveal the details of your transaction to the third party. To authenticate your device, you may be required to input a one-time code into your device. By using our service, you agree that we, or anyone else on our behalf, may send you such confirmation codes by e-mail or text message.
Your personally identifiable information is stored in Canada and the United States, and may be stored and processed in any other country where we have service providers or in the country where your Payor is located. By using the Web Site or Pay Portal or by providing consent to us (where required by law), you agree to the transfer of information to countries outside of your country of residence – including to the United States, Canada, European Union and Australia – which may provide for different data protection rules than in your country. Please see Section 11 below for information about Hyperwallet’s participation in the in the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.
We will keep personally identifiable information about you only as long as we need it to provide you services, and thereafter as permitted or required by applicable law.
You have the right to access personally identifiable information maintained about yourself and to impose certain limits on the use and disclosure of such personal data. Individuals who seek access to their personal data, or want to make a request regarding the use or disclosure of their personal data may visit the Web Site or log in to this Pay Portal and click “Profile,” then “Update” or contact us at email@example.com. However, if you decide to remove or not provide certain personal information, you may not be able to utilize the services offered on the Web Site or in the Pay Portal, including receipt of funds from the Payor. You may request details of personally identifiable information, for which we may charge a reasonable administrative fee for a providing a copy of your details. Some of the personally identifiable information in your profile may only be updated in your Payor’s system. In such case, your Payor may provide the information to us so that we may update your profile in our systems.
We take reasonable steps to protect information about you in our possession and control, such as personally identifiable information associated with the Web Site or Pay Portal, and to protect such information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mail sent between you and us may not be secure.
To learn more about the Privacy Shield program (“Privacy Shield”), and to view our certification (listed under HSI USA Inc.), please visit https://www.privacyshield.gov/.
We limit the collection and use of personal data to that which is necessary to administer our business, including to process payment transactions, protect against fraud, and provide customer service. We may disclose personal data to our service providers, business partners, payors, and others who assist us in providing our services. Hyperwallet’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Hyperwallet may be liable with respect to the onward transfer to third parties of EU and Swiss data subjects’ personal data received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, unless Hyperwallet proves that it is not responsible for the event giving rise to the damage.
Additionally, Hyperwallet collects, uses and processes human resources data in the context of an employment relationship with its current employees, applicants and former employees in accordance with the Privacy Shield Principles. In connection with its human resources operations, Hyperwallet may now and/or in the future transfer or provide personal data regarding employees in the EU and Switzerland to other countries where it operates, including the United States. Hyperwallet has further committed to cooperate with EU and Swiss DPAs with regard to unresolved complaints concerning human resources data.
Please note that in certain situations Hyperwallet may be required to disclose personal data if it is the subject of a lawful request by public authorities, including to meet national security or law enforcement requirements.
For complaints by individuals residing in the EU or Switzerland that cannot be resolved with Hyperwallet directly, Hyperwallet has chosen to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner’s authority (collectively “DPAs”) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please click here to be directed to the relevant EU DPA contacts and here for the Swiss DPA.
If neither Hyperwallet nor the DPA resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
Hyperwallet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Complaints from individuals residing in Australia that cannot be resolved with Hyperwallet directly can be sent to the Office of the Australian Information Commissioner (OAIC).
Last Updated: September 25, 2017