Paymetric Privacy Shield Policy
Paymetric Privacy Shield Policy
Paymetric, Inc. (“Paymetric”) complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data received from the European Union and Switzerland. As Worldpay eCommerce is a U.S. company, it has voluntarily decided to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Paymetric annually certifies its adherence to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification please visit https://www.privacyshield.gov/.
Personal Data Collected and Processed by Paymetric
Personal data means information that identifies or can identify an individual whether directly or indirectly and whether processed electronically by automatic means or manually. Paymetric receives personal data for individuals related to processing payment transactions initiated through our merchant clients. This data is collected for the purposes of completing a payment for goods and services purchased from our clients. The personal data collected can consist of payment information such as names, addresses, email addresses, card or account numbers, and CVV codes.
We may also collect your personal data from other sources, such as affiliates, or other companies.
Disclosures to Third Parties
When Paymetric receives personal data from a client for processing, we are acting as an agent for the client, and we do not control or share such data in a manner that would violate any agreement with the client. In relation to such processing, Paymetric enters into appropriate agreements with the clients providing that the clients are the data controllers and are in compliance with the applicable EU and Swiss data protection laws.
Paymetric does not transfer personal data to unrelated third parties unless lawfully permitted by our client, to a Worldpay-approved service provider or business partner, or in certain circumstances in accordance with the Privacy Shield Framework. In the event that Paymetric is directed by our client to transfer data to additional data processors, Paymetric will enter into appropriate agreements providing that the processor is in compliance with the Privacy Shield. Paymetric may be liable if it fails to meet those obligations and Paymetric is responsible for the event giving rise to the damage.
Paymetric may also share your personal data with other third parties as required or permitted by a duly authorized court order, subpoena, or request for cooperation from a regulatory, law enforcement or other government agency to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend legal claims; when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; or as otherwise required or permitted by applicable laws and/or regulations. In such events we will only disclose data relevant and necessary to the investigation or inquiry.
Paymetric may also share information with a third party that acquires all or part of Paymetric or succeeds Paymetric in carrying on all or part of Paymetric’s business by sale, merger, acquisition, or other corporate restructuring.
You can request that Paymetric no longer use or share your personal data with third parties or use your data for a purpose different from the purpose for which it was initially collected or subsequently authorized by you. If you wish to submit such a request, please submit your request via email to firstname.lastname@example.org. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required. Please note that not all requests can be honored due to existing legal and regulatory obligations. For example, in some cases such a request may not be immediately or fully executed because it is possible that we have a legal obligation to keep using your personal data. Also, you must consider that for certain purposes, the revocation of consent to use your data may impact the services we provide to you.
Access and Updates to Personal Data
An individual in the EU or Switzerland may contact Paymetric to learn whether or not personal data relating to him or her is found in Paymetric’s databases, learn how any personal data about the individual has been used or disclosed, verify the accuracy of any personal data about the individual, and request correction, amendment and deletion of personal data about the individual. Should you wish to make such an inquiry, please submit your request via email to email@example.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required.
Please note that this right only applies to personal data about the individual making the request and is subject to other limitations as defined by law and the Privacy Shield Framework, including where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual, where the rights of other individuals would be violated, where responding to or complying with an individual’s request would interfere with execution of the law or private causes of action, or where responding to or complying with and individual’s request would interfere with countervailing public interests like national security, defense, or public security. This right is also subject to reasonable limits on the number of times within a given period that access requests from a particular individual will be met.
Paymetric makes reasonable efforts to only process personal data for the purpose for which it was collected as instructed by our clients. Paymetric takes reasonable steps to help ensure that personal data is accurate, complete, current, reliable for its intended use, kept only for the period necessary and not excessive for the purposes for which the personal data is processed.
Accountability, Enforcement and Inquiries
Any EU or Swiss person who is not satisfied with Paymetric’s compliance with the Privacy Shield program may contact Paymetric to resolve such complaints at firstname.lastname@example.org. We will respond within 45 days. If any EU or Swiss person believes that such a complaint has not been resolved, he or she agrees first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://go.adr.org/privacyshield.html.
Paymetric has further committed to refer unresolved Privacy Shield complaints to the JAMS Foundation, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shieldfor more information or to file a complaint. The services of the JAMS Foundation are provided at no cost to you.
Any EU or Swiss person who remains dissatisfied may contact his or her national Data Protection Authority in the country where the person resides. Paymetric has agreed to cooperate and comply with appropriate EU and Swiss Data Protection Authorities and the Department of Commerce in resolving such disputes.
If an EU person remains dissatisfied and meets the pre-arbitration requirements of Annex I Part C of the EU-U.S. Privacy Shield Framework, the person may invoke binding arbitration pursuant to procedures in Annex I of the EU-U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework.
Paymetric uses a self-assessment approach, as well as being subject to routine Internal Audits, to ensure compliance with this Privacy Shield Policy, and verifies at least annually that the policy is accurate, comprehensive for the data intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Privacy Shield Principles.
Questions & Contact Information
Any further questions and comments regarding Paymetric’s Privacy Shield Policy or practices can be directed in writing to:
Attn: Privacy Office
8500 Governors Hill Drive,
Cincinnati, OH 45249
Or via email at email@example.com
Policy Updated: November 28, 2018