Worldpay Privacy Notice
- Data Protection Officer contact details
- What Personal Information does Worldpay collect?
- For what purposes does Worldpay use Personal Information?
- With whom does Worldpay share Personal Information and for what purposes?
- Use of Worldpay family of websites
- Links to third party sites and public posting
- Information on cross-border data transfers
- Individual’s Privacy Rights (data subject rights)
- How does Worldpay ensure the security of Personal Information?
- How long does Worldpay store and retain Personal Information?
- Changes and updates to the privacy notice
- Any questions?
On January 16, 2018, Worldpay, Inc., (formerly Vantiv, Inc.) acquired Worldpay Group Plc and its subsidiaries to form the new Worldpay group of companies (together “Worldpay”). Worldpay includes within its group, Worldpay (UK) Limited, Worldpay Limited, Worldpay BV, Worldpay AP Limited, Worldpay LLC (formerly Vantiv LLC), Worldpay eCommerce, LLC (“Worldpay eCommerce”), formerly Vantiv eCommerce, LLC, Worldpay Integrated Payments, LLC (formerly Vantiv Integrated Payments, LLC), and Paymetric, Inc. (“Paymetric”).
Personal Information and Personal Data are terms used in this Privacy Notice, both of which refer to any information relating to an identified or identifiable individual. Worldpay is committed to ensuring that it collects, uses, shares and otherwise processes Personal Information in accordance with this notice. This includes, in relation to a customer or prospective or former customer of Worldpay (including individuals who maintain a card with one of our financial institution clients), any sole trader and any principals, including the managing and financial directors, any other directors and officers, shareholders, partners and beneficial owners of a customer as well as any member of staff accessing or using the Worldpay Services on behalf of a customer.
Data Protection Officer contact details
Worldpay’s global headquarters is based in Cincinnati, Ohio, United States, and its international headquarters is based in London, United Kingdom. Worldpay has appointed a Data Protection Officer for you to contact if you have any questions or concerns about Worldpay’s Personal Information policies or practices. Worldpay’s Data Protection Officer and contact information are as follows:
Data Protection Officer
The Walbrook building
What Personal Information does Worldpay collect?
Worldpay collects Personal Information relating to cardholders, merchants or other customers, suppliers and other business partners in order to carry out its business activities. Worldpay may collect Personal Information from various sources, including:
- Information you voluntarily provide, either directly or via our customers;
- Information automatically collected when you use our Sites and Services, including in our role as a payment processor;
- Information collected by cookies and other tracking technologies when you use our Sites; and
- Information collected from third parties, including fraud monitoring providers, commercial databases, or know your customer (KYC) providers.
This Personal Information may include:
- Contact information
- Demographic information
- National Identification information
- Merchant or other Customer identification
- Merchant or other Customer management
- Payment transaction information
- Financial and credit card information
- Credit risk information
- Technical information
Contact information, including: name (first, last and business), telephone numbers, address (home, billing and business), fax, email address and other communications;Demographic information, including: nationality, country of residence, date of birth, marital status, birth place, gender, preferred language, citizenship;National Identification information, such as: national insurance number, passport, social security number, taxpayer identification number, driver license or other form of identification to verify the cardholder, customer or potential candidate;Monitoring or Recording, including: monitoring or recording telephone calls, emails, web chats, CCTV, access control or other communications;Merchant or other Customer identification, such as: merchant or customer ID;Merchant or other Customer management, including billing, invoicing, refunds, reconciliations and reporting;Points or rewards received, for example through a loyalty scheme;Information related to items purchased, including: location of the purchase, value, time, method, any feedback that is given in relation to such purchase;Payment transaction information, including: Alternative Payment Methods (“APMs”), transaction monitoring, fraud monitoring, products/services, trend analysis, analytics;Financial and credit card information, including: payment account number (PAN) or account number, card expiration date, CVC details, bank and/or issuer details;Credit risk information, including: information obtained about you from credit reference or fraud prevention agencies, credit history, credit score, fraud monitoring;HR information, including: information which you provide in a job application form or any other information obtained or provided by you during the course of your registration and application and email alerts of future vacancies;Technical information, including: the Internet protocol (IP) address used to connect your computer or device to the Internet, your device ID, login information (username/password), browser type and version, time zone setting, browser plug-in types and versions, device operating system platform, mobile carrier, location or GPS/geo-location;Information about your visit or whether you opened an email, including: the full Uniform Resource Locators (URL) clickstream to, through and from Worldpay’s site (including date and time), products or services you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the site page, any phone number used to call Worldpay’s customer service number;Photographs and videos of you, from Worldpay events, through identity verification or as part of an interview;Publically accessible comments and opinions reviewed and used by Worldpay, through Internet searches or posted on social networking sites, such as Facebook and LinkedIn;Insights gained through Worldpay gatherings from sessions that you participate in and contribute at Worldpay events(anonymized basis);Social media posts on Worldpay social media sites or made publically about Worldpay on social media;Event participant details from a Worldpay event, including: name, title and company from a Worldpay app for the event which is available to registered delegates; andApplications, if you download or use mobile or desktop applications, including information about your location, your device or the service you are using (including where a payment transaction takes place).
For what purposes does Worldpay use Personal Information
Worldpay uses Personal Information internally in relation to its main processing activities, which are categorized as follows:
- Risk Management
- Transaction Processing
- Relationship Management
Worldpay uses Personal Information for purposes that are appropriate, based on legitimate interests or as authorized by applicable law. These purposes may include:
- Legal, regulatory or law enforcement purposes
- HR purposes
- Credit risk purposes
- Fraud monitoring purposes
- Security purposes
- Marketing purposes
- Product development purposes
- Customer Service/Account Management purposes
With whom does Worldpay share Personal Information and for what purposes?
Worldpay may share Personal Information with members of our corporate family, which means our subsidiaries and our ultimate holding company and its subsidiaries. We may also share Personal Information with Worldpay-approved third parties for lawful purposes, such as legal and regulatory purposes, in order to deliver and develop our and our partners’ business products and services, and in relation to mergers and acquisitions.
Before we share Personal Information, we ensure there are adequate safeguards in place to protect the processing of that data. Except where permitted, Worldpay does not sell, rent, share or otherwise disclose Personal Information to third parties for the third party’s commercial purposes.
Worldpay does not disclose information that could identify you personally to anyone, except as described in this notice, including, but not limited to:
- Any Worldpay group company;
- Any group company (such as advisers, share plan, payroll and other third party administrators, agents or contractors working on behalf of Worldpay);
- Financial institution clients;
- Service providers and other third parties under contract who help with our business operations (including, but not limited to, fraud investigations, site analytics and operations);
- Regulatory authorities, such as the UK’s Financial Conduct Authority (“FCA”), Data Protection Authorities, the U.S. Consumer Financial Protection Bureau;
- Social media sites integrated into web services that we offer;
- Governmental or quasi-governmental organizations; and
- Potential purchasers of Worldpay.
Worldpay may disclose Personal Information to third parties for the following purposes:
- Legal or regulatory purposes
- Business purposes
- Suppliers who assist Worldpay with the provision of its services
Legal or regulatory purposes, including:Where Worldpay are required or permitted to do so by law or regulations, including for tax purposes or to comply with financial services regulations;Where Worldpay deem it in the national interest or otherwise lawful to do so;In the course of litigation;Following requests from governmental or public authorities;National security;As part of a legal process; andWhen we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others.Business purposes, including:Improve and develop Worldpay’s business;Business partners (including those in which Worldpay has an investment), suppliers and sub-contractors for the performance of any contract Worldpay may enter into with them or you;Transfer information and/or assets in the event of a merger, acquisition, sale, bankruptcy filing, or other corporate restructuring;If Worldpay or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets; andIf Worldpay sells or buys any business or assets, in which case Worldpay may disclose your Personal Information to the prospective seller or buyer of such business or assets.Suppliers who assist Worldpay with the provision of its services, including:Fulfilling or processing orders or application forms i.e. for job vacancies;Processing payments;Managing credit, security, sector and fraud risk;Market research; andSurvey activities.Where Worldpay uses and/or discloses confidential or cardholder transactional data for preparing and furnishing compilations, analyses and other reports of aggregated information and anonymized information, it will do so provided it has taken reasonable measures to avoid identifying any customer of Worldpay other than the customer whose transactions were involved in the preparation of any compilation, analysis or other report. This data may be used for statistical, analytic, and administrative purposes, including for customizing our Sites and Services, analyzing trends, tailoring products and services, or conducting risk and cost analysis.
Use of Worldpay family of websites
Worldpay’s websites use “cookies” and other technologies, which store small amounts of information on your computer or device to allow certain information from your web browser to be collected.
Cookies (and similar technologies) are widely used on the internet and allow a website/portal to recognize a user’s device, without uniquely identifying the individual person using the computer.
For more information about cookies, including how to see what cookies have been set and how to manage, block and delete them, see www.allaboutcookies.org and Worldpay’s Cookies Policy. You may also be able to configure your browser not to accept cookies, although please note this may affect your ability to use the services Worldpay provides.
Worldpay respects the privacy of children and encourages all parents to supervise their children’s computer usage. We do not knowingly collect or retain Personal Information from children under the age of 18. To learn more about the Children’s Online Privacy Protect Act (COPPA) please visit the Federal Trade Commission’s website at http://www.business.ftc.gov/privacy-and-security/children's-privacy.Cookies (and similar technologies) are widely used on the internet and allow a website/portal to recognise a user’s device, without uniquely identifying the individual person using the computer. These technologies help to make it easier for you to log on and use the website, provide feedback to Worldpay as to which parts of the website you visit or viewing preferences from a previous use of our website when you return to our website, so Worldpay can assess the effectiveness of the website or communication, to provide a better user experience or to serve Worldpay advertisements to you while browsing other websites. Worldpay may also use the aggregate information from these technologies to research and understand how the Sites and Services are used.Some web browsers may send out ‘do not track’ signals. There is no industry standard currently in place as to what websites and other online services should do upon receipt of such signals. Should such a standard be developed, Worldpay will re-visit its notice, but currently takes no action upon receipt of such signals. Worldpay may offer certain features that are only available through the use of tracking technologies. Temporary cookies are used to enable you to navigate our site and use its features. These are deleted when you close your browser. IP addresses are used in conjunction with cookies for the purpose of “remembering” computers or other devices used to access our site. Analytical or performance cookies collect anonymous information about how visitors use our websites. They allow us to analyse information such as the count of visitors to our websites, what search terms our visitors are using, what pages are viewed, and the last page visited. This information is based on the visitor’s IP address, and we cannot view individual activity tied to a single person.Under this notice, information collected by cookies and similar technologies are dealt with as Non-Personal Information. To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be Personal Information under any local law and where such local law is applicable to Worldpay Services, Worldpay will manage such identifiers as Personal Information.
Links to third party sites and public posting
Worldpay’s websites may also contain links to and from third party websites, including those of partner networks, advertisers and affiliates. If you follow such a link or if you post information or content, such as commenting on content or participating in online forums or communities, or when you interact with our websites through social media sites, plug-ins or other applications, depending on your privacy settings, this information may become public on the Internet. Please note that these websites have their own privacy notices and cookies policies, and Worldpay does not accept any responsibility or liability for these third party websites.
If our websites link through to third party websites, those processes may involve the placement of third party cookies on your machine or device. Please be aware that we do not control these third party websites or any of the content contained on those websites, including the third-party cookies used for these purposes. The inclusion of links to third party websites in no way constitutes an endorsement by us of such websites’ content, actions, or policies.We may also, from time to time, partner with ad networks and other online advertising providers in order to serve ads on behalf of us or other non-affiliated parties on our websites and across the Internet. These ads may be presented to you based on products and services the advertising providers think are relevant to your interests. These preferences may be inferred based on information collected about your browsing behavior on our websites and other non-affiliated websites and apps across time. We adhere to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles. To learn more about, or opt-out of, this type of advertising from participants in the DAA, you can visit www.aboutads.info.
Information on cross-border data transfers
Worldpay has its global headquarters in Cincinnati, Ohio, United States, and its international headquarters in London, United Kingdom. Information Worldpay collects from you may be transferred, stored and processed in a country different from where the data was collected or outside of the European Economic Area (“EEA”), for example, data collected from within the EEA may be stored or processed in the United States or data collected from the United States may be stored or processed in India or Asia Pacific (Philippines).
Worldpay eCommerce complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data received from the European Union (EU) and Switzerland to the United States. Please click here to view our Worldpay eCommerce Privacy Shield Policy.
Paymetric complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data received from the European Union (EU) to the United States. Please here to view our Paymetric Privacy Shield Policy.
By using our Worldpay Sites and Services, you are permitting the transfer of Personal Information to Worldpay in the United States, which has different data protection laws that the EU and Switzerland have not deemed equivalent to those in EU member countries and Switzerland. The transfer of information will often be in furtherance of a contract to which you are a party. In other cases, the transfer of information will be consistent with the legitimate interests of Worldpay eCommerce. In other cases, we rely on your consent to the transfer of this information for the uses described in our Privacy Shield Policies and in this Privacy Notice to the extent permitted by EU and Swiss laws.Worldpay or such other third party service providers may also process payments through other financial institutions. These external organizations may process and store your Personal Information abroad and Worldpay may have to disclose your information to foreign authorities to help them in their fight against crime and terrorism. Where these organizations are based outside the EEA and Switzerland, your Personal Information may not be protected to the same standards.Worldpay also provides contact center services outside of the EEA and Switzerland.
Individual’s Privacy Rights (data subject rights)
Under the EU’s General Data Protection Regulation, individuals located in Europe are able to exercise rights regarding their Personal Information. You can find a more detailed summary of these rights on the Information Commissioner’s Office’s website here. These rights include:
- the right to access;
- the right to rectification;
- the right to restriction;
- the right to erasure;
- the right to object; and
- the right to data portability.
If access cannot be provided within a reasonable time frame, Worldpay will provide you with a date when the information will be provided. If for some reason access is denied, Worldpay will provide an explanation as to why access has been denied.
Individuals in Andorra, Argentina, Australia, Canada, Faroe Islands, Guernsey, Hong Kong, Israel, Isle of Man, Japan, Jersey, Mexico, New Zealand, Singapore, South Korea, Switzerland, Uruguay, and certain other jurisdictions may also exercise these or similar rights.
California’s “Shine The Light” law permits California residents free of charge to annually request and obtain a list of certain categories of Personal Information disclosed to third- parties for direct marketing purposes in the preceding calendar year and the names and addresses of such third parties and such further information sufficient to give the customer a reasonable indication of the nature of the third parties' business. Please send any such request to the contact address below, and Worldpay will respond within 30 days.
The laws of other territories applicable to your dealings with Worldpay may also be relevant (and may also impact the above rights). Any such rights can be progressed through our customer services center or via the ‘contact us’ section below. However, all cardholder requests must first be directed to the relevant customer. Worldpay will assist customers with such requests accordingly.
How does Worldpay ensure the security of Personal Information?
Worldpay works to maintain your confidence and trust in us and has therefore implemented physical, technical, and administrative measures designed to secure Personal Information from accidental loss, unauthorized access, use, alteration and disclosure. However, the safety and security of your information is also dependent upon you. We store and process your information on our servers located within the United Kingdom and the United States and use other computing facilities around the globe.
Where Worldpay has given you (or where you have chosen) a password or access code which enables you to access certain parts of Worldpay’s website/portal or mobile applications and similar, you are responsible for keeping this password and/or access code confidential. You should not share your password or access code with anyone and you should use all reasonable methods to ensure that there is no unauthorized use. You therefore authorize Worldpay to act upon instructions and information received from any person that enters your user ID and password and you agree to be fully responsible for all use and any actions that may take place during the use of your account. You also agree to promptly notify Worldpay of any information you have provided which has changed.Unfortunately, the transmission of information via the internet is not completely secure. Although Worldpay will take reasonable steps to protect your Personal Information, Worldpay cannot guarantee the security of your data transmitted to Worldpay’s site; any transmission is at your own risk.Worldpay maintains security standards that are designed to protect your information as it is transmitted from your computer to our network. This technology is called Secure Socket Layer (SSL). SSL is a leading security protocol for data transfer on the Internet and helps to protect the safety and confidentiality of your online banking information.You have a role in helping Worldpay by safeguarding your information from others. You have several options when deciding how you can best protect your Personal Information. One option is simply not to volunteer it. The Federal Trade Commission’s websites (www.ftc.gov, www.ftc.gov/idtheft, and www.onguardonline.gov) offer useful information about how to protect your Personal Information.
How long does Worldpay store and retain Personal Information?
Worldpay will store Personal Information only for the greater of as long as necessary to achieve the purposes for which it was collected and applicable law. Retention periods for transaction and other data categories may vary, depending on our obligations. For example, legal and regulatory compliance with anti-money laundering (AML) and KYC requirements, operational demands, business requirements or dates we assigned based on contracts will also need to be taken into account, and may require retention for a period of up to 7 years after the data was collected or after the merchant or other customer relationship has ended.
Changes and updates to the privacy notice
Worldpay may, from time to time, make changes to this Privacy Notice. If any material changes are made as to how Worldpay treat Personal Information, you will be notified through this notice on Worldpay’s Sites and Services.
The date the Privacy Notice was last modified is at the bottom of the page. You are responsible for ensuring you periodically visit our Sites and Services and Privacy Notice to check for any changes. By continuing to use Worldpay Services, you agree to the changes in this Privacy Notice.
This notice is global in scope, but is not intended to override any legal rights in any territory where such rights prevail. In such event, the rights and obligations set out in this Privacy Notice will apply, subject only to amendment under any applicable local law having precedence.
All comments, queries and requests relating to Worldpay’s use of Personal Information are welcomed. Please contact Worldpay’s Data Protection Officer:
Data Protection Officer
The Walbrook building
If you are in the United Kingdom and have any queries or complaints about the processing of your Personal Information, you can also contact the Information Commissioner’s Office here.
If you are in the United States and have any queries or complaints about the processing of your Personal Information, you can also contact the Federal Trade Commission here.