Effective Date: January 1, 2020
We do not sell your personal information.
- The Personal Data We Collect
- Our Merchants and Business Partners
We collect information about our merchants, suppliers, service providers and business partners, in order to better provide our Services. We may create an account on behalf of a merchant, and in order for a merchant to use our Services, the merchant will need to provide detailed information, such as a business address, business type, business ID number, date of birth, bank account information and government-issued identification information where applicable, including but not limited to a Social Security Number and Driver’s License. We may also create accounts for business partners, who will provide similar information in order to use or sell our Services.
- Information We Collect from Merchants and Business Partners
We receive information about customers of our merchants that our merchants collect and send to us, or allow us to collect on the merchant’s behalf, in the context of providing merchant Services to our merchants. We also receive personal information from our business partners who sell our Services or with whom we partner to offer our Services. We receive information related to financial transactions initiated by the customer, account registrations, and in some cases information needed to verify a customer’s identity and details of products or services purchased. Where our technology is incorporated into a merchant’s or business partner’s mobile application, website, point of sale system or customer relationship management system, we also may automatically collect or receive certain information of the type described in the section below titled “Information collected via automated means.” We may also collect or receive personal information about our merchant’s customers or business partner’s customers that our merchants or business partners share with us or that our merchants’ customers or business partners’ customers provide while paying for goods or services. We use this information to provide our merchants and business partners, and each of their customers, with our Services and so that we can better process orders and better serve our merchants, business partners, and their customers. In addition, we receive detailed information about our merchant’s customers when processing debit and credit card transactions on behalf of our merchants.
- Information We Collect from Private and Publicly Accessible Sources
We and our service providers and agents may collect information about individuals that is publicly available, including by searching publicly accessible government lists of restricted or sanctioned persons (such as the Specially Designated Nationals And Blocked Persons List), public records databases (such as company registries and regulatory filings), and by searching media and the internet. We and our agents, including but not limited to third party verification providers, may also collect information from private or commercially available sources, including but not limited to by requesting reports or information from credit reference and fraud prevention agencies, to the extent permitted under applicable law.
- Information Collected Via Automated Means
When you access our websites (for PL or for PL’s Services) or use our mobile applications, we, our service providers, and our affiliates may automatically collect information about you, your computer or mobile device, and activity on our websites or mobile applications. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on or in our websites or mobile applications, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.
Our service providers and business partners may collect this type of information over time and across third-party websites. This information is collected via various mechanisms, such as via cookies, web beacons, embedded scripts, through our mobile applications, and similar technologies. This type of information may also be collected when you read our HTML-enabled emails. You can generally choose to disable cookies, depending on your web browser.
- Login Details
Subject to your consent if required by law, we will collect and process your personal information as necessary to set up and administer your sign-up to, and use of, the log-in facility available on any of or websites, apps, software or hardware. We will use "cookies" to "remember" the machine or other device you use to access our sites. Please remember that if we contact you, we will never ask you for your password in an unsolicited email, message or phone call. If you choose to use the log-in facility available on our sites and apps, you are required to adhere to the security procedures we establish in the documentation we provide you as part of the Services.
- Sensitive Personal Data
In some circumstances, we may collect information that may reveal health or medical information, such as when we process transactions at health or medical facilities or pharmacies.
- Our Merchants and Business Partners
- How We use Your Personal Data
We use your personal data for the purposes of:
- Providing our Services, which include:
- Providing, maintaining and evaluating the features and functionality of our Services.
- Fulfilling a payment transaction initiated by you or involving you .
- Managing our relationships with our merchants, service providers, and business partners.
- Carrying out our obligations, and exercising our rights, under our agreements with our merchants, service providers, and business partners.
- Communicating with our merchant’s customers or business partner’s customers regarding any account with us or any transaction that we processed, including by sending service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages)
- Personalizing the manner in which we provide our Services.
- Checking for fraud or money laundering and/or managing either our risk, or our merchant’s risk, or the risk of our business partners.
- Administering and protecting our business.
- Providing support and maintenance for our Services, including responding to any service-related requests, questions, and feedback.
- For Research and Development
We use the information we collect for our own research and development purposes, which include:
- Developing or improving our Services.
- Developing and creating analytics and related reporting, such as regarding industry and fraud trends.
We may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you. In certain contexts (including but not limited to merchants inquiring about our services and filling out our merchant applications), we may contact you with marketing communications using the personal data you have provided to us, if you have actively expressed your interest in our Services and, in any case, you have not opted out of receiving marketing information, to the extent permitted by applicable law.
Where required by law, we will get your express opt-in consent before we share your personal data with any company outside PL for marketing purposes.
You can ask us to stop sending you marketing messages at any time by contacting us using the details at the Contact Us section or clicking on the opt-out link included in each marketing message.
Should you choose to opt out of receiving our marketing messages, we will continue to carry out our other relevant activities using your personal data, including sending non-marketing messages.
- Complying with Laws
We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
- Compliance, Fraud Prevention and Safety
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
- With your Consent
In some jurisdictions, applicable law may require us to request your consent to use your personal data in certain contexts, such as when we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from any of our third-party partners, you may withdraw your consent by contacting those partners directly.
- To Create Anonymous Data
We may create anonymous data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
- Use for New Purposes
We may use your personal data for reasons not described in this Privacy Notice where permitted by law and the reason is compatible with the purpose for which we collected it.
- Automated Decisions, Credit Reference Agencies and Fraud Prevention Agencies
We sometimes make automated decisions based on your personal data (whether provided by you or collected by us from third parties such as credit reference and fraud prevention agencies). We will only do this where it is required in connection with a contract, authorized by law, or based on your explicit consent. You can contact us for more information on automated decision making.
- Providing our Services, which include:
- How We Share Your Personal Data
- Our Affiliates
- Service Providers and Business Partners
- Our Clients
When PL performs services for its merchants, it may share personal data with those entities. For example, PL may collect information about a merchant’s customers from or on behalf of the merchant, such as when PL processes payment transactions, and PL may provide personal data about those customers back to the merchant. We are not responsible for the privacy practices of our merchants.
- Participants in the Transaction Processing Chain
PL shares personal data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, other debit and credit card processors, card associations, debit and credit network operators and their members.
- Credit Reference, Fraud Protection, Risk Management, and Identity and Verification Agencies
PL shares personal data with credit reference, fraud protection, risk management, and identity verification agencies to help guard against, detect, and respond to fraud or money laundering, and/or manage our or our clients’ risk, and ensure we comply with contractual, legal, or regulatory requirements.
- Professional Advisors
We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Compliance with Laws and Law Enforcement; Protection and Safety
PL may disclose information about you to government or law enforcement officials (including tax authorities) or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our products and services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
- Business Transfers
- To Other Parties with Your Permission or to Fulfill a Contract They Have With You
PL may transfer your personal data to any third party who is not otherwise covered by the other listed categories above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfil that contract.
- Our Affiliates
- Your Rights And Choices
In this section, we describe the rights and choices available to all users.
- Marketing Communications
You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.
- Do Not Track Signals
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
- Choosing not to provide Your Personal Data
Where we request personal data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we, or our merchants or other clients, may be unable to provide products or services to you. For example, we may be unable to process your transaction.
- Accessing, Modifying or Deleting Your Information
In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their personal data in some instances. You may contact us directly to request access to, or modify or delete your information. We may not be able to provide access to, modify, or delete your information in all circumstances.
If you have a complaint about our handling of your personal data, you may contact us using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that we can investigate it. We will take appropriate action in response to your complaint. We may contact you for additional details or clarification about your concern or complaint. You also may have a right to file a complaint with a national or local regulatory agency.
- International Transfers
PL is headquartered in the United States, and it primarily provides its Services in the United States of America. PL currently conducts some business in Bermuda and the US Virgin Islands and may provide Services outside the United States. Your personal data may be transferred to locations outside of your state or other governmental jurisdiction where we or our service providers maintain offices and where privacy laws may not be as protective as those in your jurisdiction. If we make such a transfer, we will require that the recipients of your personal data provide data security and protection in accordance with applicable law.
- How We Keep Your Data Safe
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We maintain annual compliance with global Payment Card Industry Data Security Standard (PCI DSS) adopted by the payment card brands for all companies that process, store or transmit cardholder data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- This Website May Link to Other Websites
We may also link to third-party websites, mobile applications, and other content. PL is not responsible for the privacy practices of any third party, and this privacy notice does not apply to such third party’s websites, mobile applications, or other content. PL does not guarantee, approve, or endorse any information, material, services, or products contained on or available through any linked third-party website, mobile application, or other content. PL is not responsible for any content on third-party properties to which we link. PL provides links to third-party properties or content as a convenience and visiting or using linked third-party properties or content is at your own risk.
- Marketing Communications
- How Long We Keep Your Personal Data
We will use your personal data for as long as necessary based on why we collected or received it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general terms, we will retain your personal data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards; however, we may maintain different retention periods for different products and services. There are also certain types of information which are required to be retained for a certain period by law.
- Contact Us
We also maintain a toll free number that you may call to make inquiries concerning your personal data, 888.624.3687. The toll-free number is the most appropriate contact for an urgent concern, such as to report a suspected data breach regarding your personal data; or, if you are a merchant, data of your customers. You may contact us at this number for data privacy related matters Monday – Friday, from 9am to 5pm Pacific time.
For questions about your credit or debit card or your purchase, please contact the financial institution that issued your card or the merchant with whom you transacted business.
If you are a consumer and live in California, you also have rights under the California Consumer Privacy Act (“CCPA”), to request certain information from certain businesses that collect personal information from you. In regards to consumers, we are generally a service provider of the merchants with whom you interact (for example, we’re a service provider of the restaurant where you paid for lunch with a debit or credit card). Where we are a service provider, we believe the merchant is the “business” under the CCPA and you can exercise your CCPA rights directly with the merchant.
Here are the rights that CCPA gives to California consumers that you may be able to exercise if you are a California consumer:
- Right to Know
You may have the right to request, up to twice in a 12-month period, to see the following information about the personal information a merchant has collected about you during the past 12 months:
- The categories and specific pieces of personal information the business has collected about you;
- The categories of sources from which the business collected the personal information;
- The business or commercial purpose for which the business collected the personal information;
- The categories of third parties with whom the business shared the personal information; and
- The categories of personal information about you that the business disclosed for a business purpose, and the categories of third parties to whom the business disclosed that information for a business purpose.
California law also gives you the right to ask if the business discloses your personal information to third parties for their direct marketing purposes. You also have the right to know if the business sells your personal information, and if they do, to opt out of such sale. PL does not sell your personal information to third parties.
- Right of Deletion
You can ask the business to delete the personal information they have collected from you (subject to exceptions the law provides).
- Right of Non-Discrimination
If you are a California consumer, you have the right to not be discriminated against if you exercise these privacy rights under the CCPA. The business cannot discriminate against you, deny, charge different prices for, or provide a different quality of goods or services if you choose to exercise these rights.
- Authorized Agent
A consumer may designate an authorized agent to make a request under the CCPA on the consumer’s behalf.
- How to Exercise Your Rights
To the extent we act as a merchant’s service provider (for example, when we process your debit or credit card payments on their behalf), you can exercise your CCPA rights directly with the merchant(s) you use.
- CHILDREN’S PERSONAL INFORMATION
If you are a child under 13, please don’t use our Services. Our Services are general audience services not directed at children under the age of 13. If we learn that any information we collect has been provided by a child under the age of 13, we will promptly delete that information.
- Right to Know