×
ESC
Menu
 
 
 

Your privacy and trust are important to us.

This Privacy Center will help you understand how Worldpay uses your personal data and how you can exercise your privacy rights.

Click on a topic from the menu above to load the policy content you would like to view.

Who we are

Worldpay, LLC and its subsidiaries and related entities, collectively known as “Worldpay” is an industry leading payments technology  and solutions company with unique capabilities to power omni-commerce across the globe. Our processing solutions allow businesses of all sizes to take, make and manage payments in-person and online from anywhere in the world. Annually, we process over 40 billion transactions across 146 countries and 135 currencies. We help our customers become more efficient, more secure and more successful. Worldpay is headquartered in Cincinnati, Ohio, United States. However, Worldpay and its subsidiaries operate in multiple jurisdictions located around the globe.
 
In our payments products and in processing the personal data of our staff, Worldpay acts an independent controller when processing personal data. When we are offering our merchant clients certain services, such as Pazien, we act as a data processor, processing personal data on the instructions of our client. 

Definitions

Please click here for a description of the terminology used in this Worldpay Privacy Center, including our privacy notices.

Privacy Notices

Sharing your personal data

We take care to allow your personal data to be accessed only by those who really need to in order to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. We disclose your personal data to the following categories of recipients.

Exercising your rights

Depending on your location, you have certain rights under privacy and data protection laws related to the data we process about you. You may exercise those rights through the form accessible here or by sending us an email at DataRights@fisglobal.com.

We aim to respond to your request within 1 month or the specific timeframe required by the applicable laws, upon verification of your identity. We will honor the requests you make related to your rights as the law allows, which means, in some cases, there may be legal or other reasons we may not be able to address the specific request you make related to your rights.

Details of your rights are set out here.

Where we process your data and international data transfers

Worldpay is headquartered in the United States of America, and almost all data we process will be transferred to or accessed from the United States. Our subsidiaries and third-party service providers operate in the European Economic Area (“EEA”), the United Kingdom (“UK”), and multiple other countries around the world.

We may transfer, access, or store personal data about you outside of the EEA, Switzerland, the UK, China, Japan, or another country that requires legal protections for international data transfer. When we do, we will make sure an adequate level of protection is provided for the personal data by using one or more of the following approaches:

  • We may transfer personal data to countries that have privacy laws that have been recognized by the country from which the data is transferred as providing similar protections for the data (“adequacy”).
  • We may enter into written agreements, such as standard contractual clauses and other data transfer agreements, with recipients that require them, in substance, to provide the same level of protection for the data.
  • We may seek your consent for transfers of your personal data for specific purposes.
  • We may rely on other transfer mechanisms approved by authorities in the country from which the data is transferred.

When we share personal data within and among Worldpay affiliates, we make use of the Standard Contractual Clauses (as approved by the European Commission), the UK International Transfer Addendum, as well as model clauses issued in other countries to legitimize data transfers.

For Japanese individuals, information about the personal information protection system of various foreign countries where your data may be processed is available here. An overview of data protection and privacy legislation worldwide is available here.

Retention

We will retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it, or, if this is not possible, for example, because your personal data has been stored in backup archives, we will securely store your personal data and isolate it from any further processing until deletion is possible.

Methods of destruction: Worldpay workforce and vendors with access to personal data are required to comply with secure deletion standards in alignment with the latest NIST Guidelines for media sanitization.

Security

We use appropriate technical and organizational measures to protect the personal data we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.

Please read our Security Statement that summarizes Worldpay's information security policies, procedures, and standards including its technical and organizational measures for the security of data.

While we do our best to protect your personal data, privacy incidents are unfortunately becoming more common. In addition to the steps we take to protect your personal data, we believe there are measures you should take to protect yourself as well. We advise you to not share any personal data with others unless you clearly understand the purpose of the individual requesting the information, and you have confirmed you are dealing with a legitimate contact. We also recommend you not share any significant personal data via email or voicemail.

While we take precautions to protect your personal data from loss, theft, alteration, or misuse, no system or security measure is completely secure. Any transmission of your personal data is at your own risk, and we expect you will use appropriate measures to protect your personal data as well.

Data Processing Agreement

Worldpay’s Personal Data Processing Annex, which supplements our client contracts, is available here.

Cookies

Change your cookie preference at any time in our cookie preference center at the bottom left hand corner of this page.

Please read our Cookie Notification for worldpay.com for more information about our use of cookies.

Please note that our websites and mobile apps are not designed to respect "do not track" browser settings.

Direct Marketing

Please read our marketing privacy notice to understand how Worldpay processes personal data for direct marketing purposes.

Click here to adjust your settings or unsubscribe from marketing communications.

Sale of Information

Please read our CCPA / CPRA Sale of Information statement here.

Law enforcement

Worldpay may be required by law to provide information to government, law enforcement, and parties in civil lawsuits. This means we comply with court orders, subpoenas, lawful discovery requests, and other legal requirements. To protect clients and their customers’ rights, we only provide client information when we reasonably believe there is a legal requirement to do so and after comprehensive legal review. Click here to learn more.

Changes to our Privacy Center

We will update this page from time to time in response to legal, technical, and/or business developments. We will obtain your consent to any material changes if and where this is required by applicable data protection laws.

You can see when this page was last updated by checking the “last updated” date displayed at the end of this page.

Last update: February 1st, 2024

Store owner talks on phone while writing in ledger

Definitions

  • Personal Data is any information relating to an identified or identifiable natural person. In some jurisdictions, such as Switzerland and South Africa, personal data also includes data of legal entities. Personal data is also known as Personal Information or Personally Identifiable Information.
  • Processing of personal data refers to any operation or set of operations which is performed on personal data, whether or not by automated means. Examples are the collection, recording, storage, use, disclosure, erasure or destruction of personal data.
  • What is considered sensitive personal data (also referred to as special category data) varies from country to country, but it generally includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. Additional categories considered sensitive/special in certain jurisdictions are data relating to criminal convictions or offences/criminal records, financial data, bankruptcy details, data relating to drug problems and infidelity, personal data of children, personal identifiers (for example passport details, social security numbers, social insurance numbers, resident registration numbers, or state ID numbers), work performance information, citizenship / immigration status, driver’s license numbers, precise geo-location data, membership of a trade association, biometric templates, information concerning an individual’s ideology or faith, membership of a political party, health or medical treatment information, communal origin, etc.
  • Data Processing Agreement, or Data Processing Annex / Data Processing Addendum refers to an agreement that supplements Worldpay's contracts with clients and suppliers, which agreement sets out parties mutual obligations with regard to the processing of personal data.
  • CRM database refers to Worldpay's Client Relationship Management system(s).
  • GDPR refers to the (EU and/or UK) General Data Protection Regulation.
  • PIPL refers to the Chinese Personal Information Protection Law.

We believe everyone has a right to privacy, wherever they live in the world, and our commitment to privacy goes beyond legal compliance. As a result, our privacy and data protection compliance program applies globally, irrespective of whether there are local privacy and data protection laws. Our compliance program is based on the European Union General Data Protection Regulation (GDPR) and establishes a framework within which local privacy and data protection laws are respected, and it sets a baseline for those jurisdictions where there are no specific legal requirements.

When processing personal data, we apply the following principles:

  • Fairness and lawfulness: we comply with privacy and data protection laws and act with integrity and fairness.
  • Transparency: we communicate openly and transparently about our personal data processing operations.
  • Purpose limitation: we only use personal data for defined, appropriate purposes.
  • Choices and rights: we give individuals the ability to make simple and meaningful choices about their privacy and allow individuals, where appropriate, to access, update, or delete their personal data.
  • Privacy by design: we maintain a respect for privacy as a key component in the design, development, and delivery of our products and services.
  • Responsible data management: we apply appropriate data management practices to govern the processing of personal data. We carefully select external vendors and partners, and we limit disclosure of personal data to what is described in our privacy notices or to what has been authorized by our clients. We also store personal data for no longer than what is necessary or as is required by applicable laws and to maintain accuracy of data.
  • Security: we implement appropriate technical and organizational security measures to protect personal data against unauthorized access, use, modification, or loss.
  • Accountability: we are accountable for living up to our commitments throughout the Worldpay organization.
  • Training: all Worldpay employees are trained on an annual basis on privacy and security.

Data Protection Officer

All Worldpay Data Protection Officers (DPOs) can be contacted via Data.Protection@fisglobal.com

Chief Privacy Officer

Jeannette Gunderson
Worldpay, LLC
8500 Governors Hill Dr
Cincinnati, OH 45249
privacyoffice@fisglobal.com

 

Global Data Protection Officer

Adriana Neagu

The Global DPO acts as DPO for all FIS and Worldpay entities, except for the following Worldpay entities that have appointed a local Data Protection Officer (or for South Africa: Information Officer).

People using public transportation using personal electronic devices

Individual rights under privacy and data protection law

Details of your rights are set out below:

  • You can request access, correction, updates, or deletion of your personal data;
  • You can object to our processing of your personal data, ask us to restrict processing of your personal data, or request portability of your personal data;
  • If we have collected and processed your personal data with your consent, you can withdraw your consent at any time, subject to permitted or required exceptions under applicable data protection laws. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. We will keep your name and email address on our CRM databases in order to prevent future communications. If you prefer your data is deleted from our CRM databases, please complete the relevant form here. If you decide you do not want to receive marketing content from us, please note that we may still be required to send you emails regarding factual, transactional, and/or servicing information in connection with the products and services we are providing to you or the organization through which you are known to us;
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to obtain human intervention to express your point of view and to contest such decision;
  • You have the right to complain to a data protection authority about our collection and use of your personal data;
  • For consumers who reside in the State of California, you have the right to opt-out of the disclosure of your personal data for monetary or other valuable consideration.
  • For individuals in China, you have the right to request that Worldpay explains the rules set out in this Privacy Center (right to explain processing rules). Close relatives of a deceased person have the right to access, make copies of, correct or delete personal data of the deceased person, unless the deceased person has arranged otherwise before their death.

Worldpay does not tolerate any retaliation against anyone who, in good faith, exercises any of these rights.

You may exercise any of these rights through the form accessible here or by sending us an email at DataRights@fisglobal.com.

员工隐私权声明

FIS处理员工(临时工、正式工、合同工、独立承包商、学生、退休人员以及曾在FIS担任此类职务的人员)的个人数据,以及与公司员工有关的其他人员的个人数据。

FIS员工个人数据的主要控制者是雇用、签约或聘用员工的FIS公司。如果你对收集信息的公司有任何疑问,请通过人事支持中心提交工单。

员工个人数据包括在与FIS的工作关系中收集和处理的所有个人数据。FIS还处理与员工、合同工、独立承包商、学生、退休人员和曾在FIS担任此类职务的人员有关系的亲属、受抚养人和其他人(如果其个人数据已被与FIS有工作关系的人员提供给FIS)的个人数据。

在某些司法管辖区,根据适用法律被视为“敏感个人数据”的员工个人数据可能需要根据当地法律的要求或允许(例如,为遵守平等机会法案或当地税收要求)进行收集。敏感个人数据的定义因国家/地区而异。你可在此浏览不同类别的敏感个人数据。 请注意,这并不意味着FIS将为每个员工处理所有列出的潜在敏感个人数据;只有在适用法律要求或允许的情况下,或在FIS为追求合法利益而认为必要且始终遵守适用法律的情况下,才会进行处理。在某些情况下,适用的当地法律可能要求数据主体同意处理敏感个人数据。

可处理的员工个人数据类别如下:

数据类别

示例

申请人数据

简历、求职信、申请表、面试时提供的信息、成功申请人入职时提供的信息。

建议、意见和其他评论

员工满意度调查、离职面谈。

考勤数据

缺勤、休假申请、考勤记录、带薪和无薪休假记录。

银行及财务资料

工资和/或费用报销直接存款银行信息,信用卡信息。

福利数据

员工和/或其受抚养人(如果参加了福利延续计划)参加的福利计划记录、保险、授权书等文件。

商务差旅和出差数据

旅行数据,包括旅行日程、住宿、交通工具、膳食和其他费用。

公司财产发放数据

公司发放的资产、设备和车辆的记录。

薪酬数据

基本工资、奖金和其他薪酬要素、薪酬类型、薪酬等级、薪酬水平、全职当量(FTE)、货币、薪酬请求(过去和现在)、雇佣条款、养老金计划编号和缴费、非薪酬福利、股票期权。

受抚养人信息

受抚养人和重要他人的个人联系方式和身份数据,包括出生日期和性别。

纪律处分数据

警告、训诫信、书面和口头警告。

就业相关数据

员工编号、签名、就业状态、社保号、税号、保险号码、居住国、国籍、照片、紧急联系人、护照信息、移民身份、旅行签证信息、工作和居留许可。

投诉数据

投诉、仲裁数据。

记录在公司系统、设备或文件中的信息

电子邮件、短信、网站使用情况、语音邮件记录、日历或日记条目、通信,包括员工或独立承包商在公司系统、设备或文件中包含的员工个人数据、背景和信用调查数据。

工作信息和工作指标

职位、职称、劳动合同、工资单ID、直属经理、职位等级、绩效记录、就业状态、工作时间记录、培训记录、绩效目标和发展目标。在某些情况下,FIS也可能会记录能力评估结果、安全报告和事件、专业反馈。

门禁卡和门禁记录

进入和离开受控设施的日期、时间和地点,计算机和系统登录/注销审计跟踪。

兵役状况

服役军种、军衔、入伍或退伍日期、退伍状态、伤残退伍军人身份、获得的奖项或勋章、受保护的退伍军人身份。

组织内部数据

名称、公司结构、组织构架图、汇报关系、职务、简历、工作联系方式、电子邮件、会计科目明细表、雇佣条款、职位描述和薪资水平。

父母/监护人数据

16岁以下学生的父母/监护人的姓名、签名和同意。

工资处理数据

姓名、政府颁发的身份证、家庭住址、电子邮件、考勤记录、报酬、薪酬数据、入职日期、离职日期、雇佣条款、受抚养人数据、银行和财务数据、福利数据、会计科目明细表、预扣税款和扣款,以及员工出资的福利登记信息。

绩效和雇佣

绩效评估、绩效改进计划 (PIP)、绩效辅导、纪律处分、感谢信、绩效投诉的详细信息。

个人详细信息和联系方式

姓名、性别、出生日期、出生地点和国家、家庭住址、电话号码、电子邮件、政府颁发的身份证号码、公司颁发的或代表公司颁发的识别号码、签名、笔迹和照片。

照片、视频或音频记录

安全系统、闭路电视、个人照片、带照片的安全徽章、语音邮件、培训录制、会议或营销材料收集的信息。

招聘和申请数据

申请详情、申请人测试、背景调查、招聘人员编写的与申请人有关的说明以及筛选结果。

不当行为或违反政策的举报

与员工涉嫌或已确认的不当行为或违反公司政策有关的类似举报记录,无论举报是通过口头、书面、电子邮件、电话,还是通过公司道德热线网站、公司道德热线、内部威胁情报响应团队(InTIRT)、金融服务信息风险团队(FSIRT)、安全事件响应倡议和政策(SIRI-P)。

工作权/移民数据

工作权证明文件、国籍、居留权、公民身份、护照和签证信息。

软件应用程序

使用软件应用程序处理员工数据(包括与参与和协作相关的数据),以提高FIS的效率。

人才、教育和培训详情

教育、技能、工作经验、以前的工作、成就、项目、发展和培训、语言技能、技术技能、教育背景、专业认证和注册、专业机构和组织成员资格。

工作经历

聘用和/或解聘日期、职称、晋升日期、参加过的培训课程、对公司政策的签署、完成公司各种强制性培训的情况及测验分数(如适用)、离职或解聘原因、担任的公职、发表过的出版物。

工作时间表数据

计划和实际工作时间、计费和行政时间记录、雇佣条款、替代工作安排 (远程)。

工作场所安全数据

报告、照片、视频记录。

以下是一些可能被处理的员工敏感个人数据的潜在类型列表:

敏感个人数据类别

示例

生物特征和健康数据

指纹、拇指指纹、疫苗接种状态、体温扫描、面部识别和声纹。

揭示犯罪、刑事定罪的数据,或从安全措施中获得的信息

刑事诉讼、结果和判决、驾驶记录、先前工作经历、药物滥用筛查、法庭记录和背景调查信息。

揭示性生活的数据

受抚养人和重要他人的个人联系方式和身份数据、婚姻/伴侣关系状态、住宿和住房信息。

揭示个人信用和财务信息的数据

信用调查、子女抚养、债务偿还、破产、查封、工资扣除、银行账号。

揭示身体或精神健康或状况的数据

身体限制和特殊需求、残疾和所需的合理便利、现场检查、公司转介医疗或咨询支持、药物滥用检测、医疗报告、健康证明。

揭示种族或民族出身的数据

种族名称、国籍和文化认同。

揭示宗教信仰或类似性质的其他信仰的数据

与宗教组织的隶属关系、宗教团体的成员资格(例如,出于税务目的而要求)、宗教偏好或其他信仰的声明。

揭示工会成员资格的数据

工会或工会协议会记录、目录、会议文件和其他材料。

揭示政治观点的数据

专业和其他隶属关系、担任的职务、发表过的出版物和著作。

个人身份信息

护照信息、社保号或州身份证号码。

FIS处理员工个人数据的目的:

  • 人力资源管理,包括组织和个人管理,工时管理,改进和保持有效的员工管理,内部员工分析,报告和规划;
  • 薪酬和福利计划,包含员工及其受抚养人的工资、奖金、养老金、医疗福利、保险政策、休假和请假;
  • 多元化计划,包括遵守多元化目标、FIS管控的表彰和奖励计划、与就业相关的教育、培训和认知计划;
  • 全球流动计划和员工及其受抚养人的调动、搬迁和流动;
  • 人力、人员配备和继任计划;
  • 工资、薪酬和福利管理,包括提供员工福利、维持薪资、薪酬、知识产权、津贴、福利、保险、养老金和绩效评估;
  • 工资、税款和其他规定的预扣款项(如法院命令的扣款)、差旅费报销和其他可报销的业务费用;
  • 人才管理和获取,包括招聘、评估适合性和工作能力、背景调查、资格验证、获取和提供推荐信;
  • 学习与发展管理,包括认证、员工培训、执行评估和员工满意度调查;
  • 与入职和离职相关的流程,包括内部调动和解聘;
  • 病假、其他请假和休假管理;
  • 工作场所和员工健康;
  • 内部健康和安全计划,包括健康、安全和事故记录,或报告和管理流程质量;
  • 差旅和费用管理以及出差管理,包括对出差人员数据进行监测,以便在安全或医疗紧急情况下提供支持;提供差旅安全、健康和安全培训,并在自愿的基础上协助在紧急情况下提供安全支持;
  • 业务运营,包括人员配置建议、客户计费、业务过渡活动、业务谈判和交易;
  • 履行就业和社会保障法或集体协议规定的义务并行使特定权利;
  • FIS组织的内部和外部沟通;
  • FIS的代表,包括商业登记和授权委托书;
  • 组织FIS活动(包括管理和组织内部非营销相关活动、项目和会议),并对这些活动进行记录;
  • 意见和员工满意度调查;
  • 管理FIS资产,包括员工或其他人的照片和视频,这些照片和视频可在FIS的内网、网站等地方下载;
  • 财务和共享会计服务,提供记录到报告、订单到现金和采购到付款服务;
  • 重组、收购和出售业务、业务单元和公司;
  • 业务报告、统计和分析;
  • 监督和审计员工在工作场所的活动是否符合FIS的公司规定、政策、合同义务和法律要求,包括纪律处分;
  • 开展审计、审查和监管检查,以履行对监管机构的义务;
  • 对工作场所涉嫌违反政策、与工作、安全和保障问题有关的不当行为进行调查;
  • 诉讼或潜在诉讼;
  • 公司治理、风险管理和合规性,包括遵守法律、执法机构、法院和监管机构的要求,以及预防、侦查、调查和补救犯罪、欺诈或违禁活动,或以其他方式维护法律权利并建立、行使或维护法律主张;
  • 管理供应商、承包商、顾问和其他专业专家,包括联系互动、处理和履行采购和发票,以及合同生命周期管理;
  • 利用工作绩效和产品,并参考图纸、采购订单、销售订单、发票、报告等文件;
  • 工作场所和员工安全保障,例如指纹、面部识别等,用于计算机、电话、建筑物和门禁的设备和安全访问。
  • 门禁系统,为授权人员进入和/或离开有出入限制的地点提供电子控制,并在紧急情况下对现场人员进行登记;
  • 入侵检测,包括第三方对紧急情况、周边、内部安全点和辅助监控系统(用于现场维护/自动化系统)的监控;
  • 维护和保护产品、设施、服务、系统、网络、计算机和信息的安全,预防和侦查安全威胁、欺诈或其他犯罪或恶意活动,并确认业务连续性;
  • 管理IT资源,包括基础设施管理(包括数据备份)、信息系统支持和应用程序管理服务运营、终端用户支持、测试、维护、安全(事故响应、风险、漏洞、违规响应)、主数据和工作场所(包括用户账户管理、软件许可证分配、安全和性能测试以及业务连续性)。

从员工处收集的某些个人数据涉及其近亲和紧急联系人。在这种情况下,FIS将要求员工告知相关人员其个人数据将如何根据本声明进行处理。

如果公司员工在第三方的场所工作(例如在客户地点或场所),则该第三方可能需要出于其自己的目的以数据控制者的身份处理该员工的个人数据。在这种情况下,公司员工将收到或可以要求相关数据控制者发出单独的隐私声明。

接收方

出于合法的业务需求和/或流程,员工个人数据可能会被披露给以下接收方或接收方类别:FIS人力资源管理、法务部、公司合规部、风险管理部、并购团队、安全部、供应链管理和房地产部、内部审计部、财务和会计部、信息系统部、董事会成员、管理人员、FIS客户和FIS选择的服务提供商。 FIS还可能会根据授权向其他第三方提供员工个人数据,例如执法机构、税务机关、其他公共机构、FIS公司或业务的潜在和实际收购者(如果预期或发生所有权变更或业务转让)。有关FIS向哪些类别的实体披露这些信息以及披露信息的目的的更多信息,请参阅“FIS与谁共享你的个人数据”。

存储限制和其他相关信息

员工个人数据将被保留至不再有业务需求或法律法规要求为止。有关FIS数据保留标准的更多信息,请参阅公司内网 FIS&me上“FIS企业政策办公室”中的《记录管理政策》。如果你是求职者、退休人员或其他无法进入FIS内部系统查看此类政策的人员,请直接向FIS 隐私办公室 索取此类信息。

行使你的权利

请点击此处,了解你作为数据主体根据适用隐私和数据保护法所享有的权利概览,以及如何行使这些权利。

FIS处理员工及其相关人员个人数据的法律依据是:

为了履行FIS与员工签订的任何劳动合同或其他雇佣合同以及相关集体协议的义务,或者作为建立雇佣关系或其他合同关系的合同前措施的一部分

GDPR 第6.1.b条

中国个人信息保护法 第13.(2)条

在某些情况下,且仅在所在国家/地区法律允许的情况下,FIS会根据公司合法利益来处理员工个人数据,前提是这不会凌驾于个人的隐私利益之上。这些合法利益可能包括:

  • 发展和管理FIS的员工队伍;
  • 分析绩效并提供适当的薪酬
  • 平等机会监测和报告;
  • 保留商业记录,确保设施和系统安全,并将联系方式提供给相关同事和客户;
  • 推广、提供产品和服务,开拓业务机会;
  • 维护设施、系统和IT基础设施的安全和完整性;
  • 监控(例如通过IT系统)、调查和确认遵守法律、法规、标准以及FIS内部的要求和政策;
  • 预防欺诈和犯罪活动,包括调查此类活动,防止滥用FIS资产、产品和服务,并在必要和适当的情况下确认网络和信息安全;
  • 进行制裁和反洗钱筛查并履行监管要求;
  • 出于必要的内部管理目的(例如提供集中服务),在FIS集团内部传输个人数据;
  • 促进和改善健康、安全、保障和绩效

(*) 例如,在中国,根据《个人信息保护法》(PIPL),合法利益不被视为处理个人数据的法律依据。在中国,FIS根据与员工签订的劳动合同(或其他聘用合同)并按照中国法律制定的内部雇佣规则,处理上述目的处理员工个人数据。

GDPR 第6.1.f条

中国个人信息保护法第13.(2)条

在某些情况下,FIS根据法定要求(例如,根据劳动和社会保障法、津贴、税务或报告义务、监管义务、网络安全义务、与监管机构的合作义务或法定保留期限)处理员工个人数据,以便履行作为雇主或委托人的合同责任。

GDPR 第6.1.c条

中国个人信息保护法第13.(3)条

在收集个人数据时,FIS可能会征求个人的同意。如果FIS要求某人同意将其个人数据用于特定目的,相关人员可随时撤销同意,我们会告知如何撤销同意。

GDPR 第6.1.a条

中国个人信息保护法 第13.(1)条

处理敏感个人数据的法律依据:

对于特殊类别的个人数据,FIS仅会在适用法律允许的情况下和以下情况下处理此类数据:

根据适用法律,在获得明确同意的情况下进行特定活动

GDPR 第9.2.a条

中国个人信息保护法第29条

经父母责任人同意(针对16岁以下学生)

GDPR 第8.1条

中国个人信息保护法 第31条

行使基于雇佣或其他合同关系的权利, 遵循社会保障或社会保护法的规定,根据集体协议的授权进行处理,进行预防性或职业医学检查,或对工作能力进行评估

GDPR 第9.2.b条

为了确立、行使或捍卫法律主张,或遵守司法机关以司法身份作出的指示或要求。

GDPR 第9.2.f条

对于涉及刑事定罪和犯罪的个人数据,FIS仅在适用(当地)法律允许的情况下才会进行处理。

GDPR 第10条


 

Job Applicants

We process information from and about candidates in connection with employment or engagement opportunities at Worldpay. Information will be collected and used for the following purposes:

  • Assess a candidate’s skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with candidates about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.
  • Stay connected with candidates who join the Worldpay Talent Network.

The information that is processed and how it is used

The information we collect, the manner in which it is used, and the timing in which it is gathered varies depending on the country in which the Worldpay entity to which the candidate applies is located.

As general matter, the data we collect regarding all job applicants includes the information provided on resumes, CVs and/or application forms, including name, contact details, employment history and qualifications.

We use a candidate’s personal data to assess their skills, experience and suitability for roles offered by Worldpay. This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite the candidate for an interview.

Worldpay will process further information if the candidate is invited to the interview (or equivalent) stage and onward. Such information may include interview notes, assessment results, feedback and offer details. This information will be used to decide whether to offer a role and, depending on the country, may also be used for the purpose of drawing up and concluding a contract.

If Worldpay decides to make an offer, further information will be processed as part of the pre-employment background screening before the appointment is confirmed to confirm that a candidate meets internal and legal requirements relevant to the position and to confirm the information provided by the candidate. Such information may include education history, work history and references.  We will also need to confirm and/or establish a candidate’s right to work in the country in question. 

For successful candidates, we process personal data necessary for onboarding the candidate which may include processing information required to enroll the successful candidate in company benefits and to provide access to Worldpay systems. Such information may include applicable personal identity number (tax, citizenship, social security or possibly other types of individual numbers applicable due to that candidate’s country and role); data of any relevant related persons (name of spouse/partner, children, etc.); signature; bank account details; emergency contacts; insurance data; driving license number and training records.

Further information on the information processed on members of our workforce can be found here

If a candidate fails to provide information when requested, which is necessary for Worldpay to consider their application (such as evidence of qualifications or work history), we may not be able to take the application any further. 

In connection with our recruitment activities including applications and onboarding, we may also process special category data or sensitive personal data from candidates where we have a legal obligation to do so, or with the individual's explicit consent, where collecting such information is permitted by law. For example;

  • Where allowed under applicable law, we may collect information about an individual’s disabilities to determine if requested or required adjustments during the recruitment process can reasonably be accommodated.
  • Once onboarded, an individual’s provision of information regarding disabilities will also be used to provide a suitable working environment.
  • We may also conduct criminal background checks for certain candidates to assess their eligibility or suitability to work at Worldpay or for Worldpay clients.
  • In certain countries, we will also ask candidates to provide diversity information (for example about their race and/or ethnicity) for diversity monitoring and reporting purposes, although the provision of this information will in most countries be entirely voluntary. However, where a candidate does not voluntarily provide such information, we could be required by law in some countries to make our own assessment of such criteria.

Worldpay Talent Network

Candidates have the opportunity to join the Worldpay Talent Network. Joining the Talent Network enhances a candidate’s job search and application process. By joining the Talent Network, candidates will receive job alerts with new job opportunities that match their interest, relevant recruitment marketing communications and have the possibility to share opportunities with family and friends. The data required to join the Talent Network are first name, last name, email address, phone number and areas of interest. Candidates can chose to also provide their current employer and current title.

How personal information is collected

Depending on the country in which the Worldpay entity to which the candidate applies is located, Worldpay collects personal data about candidates from the following sources:

  • Directly from the candidate – for example, information that provided by the candidate when applying for a position directly through the Worldpay careers website(s) or when joining the Worldpay Talent Network;
  • From recruitment agencies – for example, when a recruitment agency contacts us to suggest an individual as a potential candidate;
  • Through publicly available sources online – for example, where a candidate has a professional profile posted online (e.g., on their current employer's website or on a professional networking site, such as LinkedIn);
  • By reference – for example, through a reference from a former employee or employer, or from a referee identified by the candidate;
  • Results of assessments or background screening checks, either conducted directly or via a reputable background check provider.  Depending on the relevant country, such checks may include criminal record check, drug tests, credit check, employment history, education and/or qualification checks, identity and right to work checks and checks against international sanctions registers.

Recipients

Candidate personal data may be disclosed to the following recipients or categories of recipients for a legitimate business need and/or process: Worldpay People Office, Legal, Corporate Compliance, Risk, M&A Team, Security, Supply Chain Management and Real Estate, Internal Audit, Finance and Accounting, Information Systems, members of the Board of Directors, management personnel, Worldpay Clients, and Worldpay-selected service providers.  Worldpay may also make candidate personal data available to other third parties as authorized, such as law enforcement, tax authorities, other public bodies, potential and actual acquirers of Worldpay companies or businesses if a change of ownership or business transfer is anticipated or occurs. For more information about the categories of entities to which we have disclosed this information, and the purposes for which we have disclosed the information, please see “With whom we share your personal data”.

Automated processing

Worldpay recruitment processes do not result in decisions based solely on automated processing, although part of the application processes are automated. For example, Worldpay will ask questions about work authorization, compensation or travel requirements so that our recruiters can easily filter applicants for review (or not) based on their responses. In some countries, where this is legally allowed, Worldpay may decline applicants based on work authorization requirements. Candidates that apply for a role in one of Worldpay’s call centers may be subject to an additional text screening capability that may automatically invite candidates to the interview process based on satisfactory responses to the text questionnaire. Candidates not meeting the requirements will be manually declined by an Worldpay recruiter.

Exercising your rights

Click here for an overview of your rights as a data subject under applicable privacy and data protection laws and how to exercise these rights.

Data retention

If you apply for a role at Worldpay, we will retain your personal data only for as long as necessary after we have communicated to you our decision about whether to appoint you to. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data.

If you join our Talent Network, we will retain your personal data (even if you had an unsuccessful application) so that we can send you job alerts with new job opportunities and relevant recruitment communications until you request us to delete your personal data.

Legal grounds for processing personal data of our job applicants are:

Explicit consent of the candidate – for example, a candidate’s information may be retained by Worldpay for the purpose of potential future recruitment opportunities within Worldpay, with the candidate’s consent.

Article 6.1.a GDPR

Article 13.(1) PIPL

Our legitimate interest in attracting, identifying and sourcing talent

Article 6.1.f GDPR

Our legitimate interest to process and manage applications for roles at Worldpay, including the screening and selecting of candidates

Article 6.1.f GDPR

Our legitimate interest to identify the most suitable candidate for the opened job position

Article 6.1.f GDPR

Our legitimate interest to hire and onboard candidates by making an offer to successful candidates and carrying out pre-employment screening checks

Article 6.1.f GDPR

Our legitimate interest to manage our career websites (including conducting statistical analyses)

Article 6.1.f GDPR

Compliance with a legal or regulatory obligation (when carrying out background checks to confirm a candidate is eligible to work in the relevant country)

Article 6.1.c GDPR

Article 10 GDPR

Article 13.(3) PIPL

In order to take steps prior to entering into a contract with the candidate

Article 13.(2) PIPL

Two colleagues having a discussion in an open office space.

Clients

If you sign up to become one of our clients by entering into an agreement with FIS, we will collect information we need to establish and perform a contract with you, including your contact information, address, ID documentation, tax information and payment details.

We use this information to set up our products and services for you, including providing you with access to our Client Portal. In addition, we use your information for our legitimate interest of managing our internal administration and for complying with our legal obligations, such as know-your-client and anti-money laundering obligations and taxation obligations.

We also collect data about your use of our products and services, including your login details, and the questions, queries, comments and complaints you send or share with us in relation to our business relationship. We process this data to be able to perform our contract with you by following up with you and providing you with support and for our legitimate interest of being able to optimize and improve our products and services.

We can also use your (company) e-mail address for: keeping you up-to-date with our products and services; making you offers tailored to your needs (meaning similar products and services you have already purchased from us); or inviting you to events.

We have an obligation to act in compliance with applicable laws and regulations and to prevent fraud, money laundering and financing terrorism. As we are active in the financial sector, we are not allowed to accept just any client without checking them and we have to determine and report when suspicious transactions take place. Therefore, if you are applying to become one of our clients and during the performance of our agreement, we will need to collect up to date information and documents to:

  • Verify your identity;
  • Identify the ultimate beneficial owners of your business;
  • Identify the purpose and intended nature of your future business relationship with us;
  • Monitor your behaviour and transactions across the FIS solutions using automated systems which detect risks and verify the origins of your capital/assets; 
  • Check whether a natural person representing you is competent to do so (and verify the identity of this person); and
  • Check whether you act on behalf of yourself or on behalf of a third party.

To carry out the above checks, we process the information (including personal data) that you have provided to us and other information created by your use of the FIS services. Which may include your name, your contact information, a copy of your identification document, your tax identification number (if legally required), the address of your legal representative and shareholders, your bank account number, information contained in correspondence between us, bank statements, your signature and an extract of your company registration document. We use third party identification and verification services (including credit reporting agencies) in order to assist us to verify your identity and the documents provided to FIS.

Legal grounds for processing personal data of clients are:

Performance of a contract

Article 6.1.b GDPR

Article 13.(2) PIPL

Compliance with a legal or regulatory obligation, including know-your-client, anti-money laundering and taxation obligations

Article 6.1.c GDPR

Article 13.(3) PIPL

Our legitimate interest in providing you with our goods and services and securing prompt payment of any fees, costs and debts in respect of our services

Article 6.1.f GDPR

Our legitimate interest in responding to questions, queries, comments and complaints you send or share with us

Article 6.1.f GDPR

Our legitimate interest in safeguarding FIS against inadvertently dealing with the proceeds of criminal activities or assisting in any other unlawful or fraudulent activities (for example, terrorism)

Article 6.1.f GDPR

Our legitimate interest in sending you direct marketing communications to keep you informed about our products and services and to invite you for relevant events

Article 6.1.f GDPR

Customer inserts chip card into a credit card terminal.

Consumers ("buyers")

FIS is a payment service provider and as such Worldpay from FIS (“Worldpay”) provides payment processing, acquiring and gateway services to its clients which operate as merchants. Being an acquirer means that Worldpay accepts payment on behalf of the relevant merchant and then transfers the funds paid by the buyer (“you”) to the merchant. Worldpay’s role is to request the relevant payment scheme, such as Mastercard, Visa or Maestro or an alternative payment method provider, to authorize the transaction and (if necessary) send this to the buyer’s bank for approval. If the necessary authorizations and approvals are given, Worldpay is notified of this by the relevant payment scheme or alternative payment method provider and makes the payment to the merchant’s bank. Worldpay may also enable merchants to pay others, like you, by sending payments to your bank account or payment card (for example, payouts of insurance claims or gambling winnings). We rely on card networks and banking partners to complete the payment to your bank account or payment card.

When we provide merchant acquiring services and other payment services to our client, Worldpay processes your personal data as an independent data controller.

Worldpay also offers its clients fraud detection services. For some of these fraud services we act as a processor on behalf of, and under the instructions of, our merchants. We recommend you read the merchant’s privacy notices for more information regarding the processing of your personal data. This notice applies to the processing of your personal data for fraud detection, prevention and monitoring where Worldpay acts as an independent controller.

Purposes for which we process buyer’s personal data and types of personal data

  • We process the data we need for our legitimate interest of providing so-called gateway, payment processing and/or acquiring services to our merchants which receive payments from you for any reason (including, without limitation, for the sale of their goods and services). This means that we receive your payment transaction data on behalf of the merchant and handle related matters around these financial transactions. In addition, when a merchant wishes to charge your card for a recurring payment and your card has expired, Worldpay may request the relevant payment scheme or lookup up your up-to-date card information on the Worldpay platform, to facilitate your payment.
  • We process the data to pay others, like you, on behalf of our merchant clients and handle related matters around these financial transactions.
  • We may process your personal data when necessary to initiate (or arrange the initiation of) payments from your bank account, if you and your bank authorize us (and/or our partners) to do so.
  • In addition, we process your data to comply with our legal obligations, such as to monitor financial transactions for the purpose of preventing money laundering and terrorist financing. For these purposes we may collect your card number (which we encrypt in accordance with PCI DSS standards), the expiry date (month and year) of your credit card, your bank account details (typically excluding your name), including IBAN and SWIFT/BIC, the amount of the transaction and the currency in which the transaction is done, the date, time and location of the transaction and the category and ID of the merchant with whom you are shopping. 
  • If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information. 
  • In addition, Worldpay processes your personal data for the following purposes:
    • To provide the service pursuant to the agreements with our clients and the specific payment schemes;
    • To comply with applicable laws and regulations;
    • To conduct analysis for statistical, strategic and scientific purposes; and
    • To protect our platform, systems and services from misuse, fraud, financial crimes or other unauthorized or illegal activity.
  • We process personal data for purposes of protecting you and our clients against fraud or unauthorized transactions and preventing and monitoring fraud across Worldpays payment solutions. This includes the identification of fraud with the payment details provided by our merchants or information about fraud from other third parties such as issuing banks, acquirers or scheme owners. Additionally, Worldpay may use and aggregate your personal data to create and run models or other methods to accurately identify, predict, prevent and mitigate fraud across Worldpays payment solutions. These models or other methods may be leveraged to offer fraud-related products and services to our merchants. For fraud detection, prevention and monitoring, Worldpay may process transaction data (such as card number and cardholder name, email address, location data, IP address, information about disputed transactions, information on confirmed fraud, merchant details, mobile devises and unique identifiers).The use of these fraud models and/or other methods may result in merchants making decisions as to whether or not to grant you access to a product or service and/or whether or not to authorize a transaction.

Recipients

In some jurisdictions, we may need the help of third parties to be able to offer you our acquiring or issuing services, for example payment schemes such as Mastercard and VISA. It will depend on your location, payment method and issuing bank which of these payment schemes is used. Additionally, we share your information with the merchant with whom you are shopping. We may also share some of your information with competent authorities and/or regulators in case this is required to comply with legal obligations to which Worldpay is subject, for example for the purpose of preventing money laundering and terrorist financing.

We use third-party service providers to support us in providing acquiring and fraud detecting services. These include risk, fraud, and compliance service providers (e.g. for transaction risk monitoring); debt service providers (e.g. for debt collection analysis or management); and for business analytics (e.g. for data aggregation, visualization and reporting).

Otherwise, we will not share your identifiable information with any third party, unless we have your permission, where this is necessary in connection with the purposes above or with legal claims or when we have a legal obligation to do so.

Exercising your rights

Click here for an overview of your rights under applicable privacy and data protection laws and how to exercise these rights.

Legal grounds for processing personal data of “buyers” are:

Our legitimate interest in providing payment processing, acquiring and gateway services to merchants pursuant to the agreements with our clients and the relevant payment schemes

Article 6.1.f GDPR

Our legitimate interest in conducting analysis for statistical, strategic and scientific purposes

Article 6.1.f GDPR

Our legitimate interest to protect FIS from misuse, fraud, financial crimes or other unauthorized or illegal activity

Article 6.1.f GDPR

Compliance with a legal obligation

Article 6.1.c GDPR

Article 13.(3) PIPL

Suppliers

We process personal data about our suppliers (including subcontractors, and individuals associated with our suppliers and contractors) in order to manage our relationship and contract and to receive services from our suppliers.

The personal data we process is generally limited to contact information (name, name of supplier, phone, email, and other contact details) and financial information (payment-related information).

Before we take on a new supplier, we perform compliance searches that could include – depending on the risk level - for example anti-money laundering, anti-bribery and anti-corruption checks, modern slavery audits, adverse media checks, Politically Exposed Persons (PEPs) searches, and/or Sanction Lists checks.

Legal grounds for processing personal data of our suppliers are:

Performance of a contract

Article 6.1.b GDPR

Article 13.(2) PIPL

Compliance with a legal or regulatory obligation

Article 6.1.c GDPR

Article 13.(3) PIPL

Our legitimate interest in managing payments, fees, and charges, and to collect and recover money owed to Worldpay

Article 6.1.f GDPR

Our legitimate interest in safeguarding against Worldpay inadvertently dealing with the proceeds of criminal activities or assist in any other unlawful or fraudulent activities (for example, terrorism)

Article 6.1.f GDPR

Processing personal information which has been publicly disclosed or legally disclosed, within a reasonable scope.

Article 13.(6) PIPL

Visitors to our offices

When you visit an Worldpay office, we process your personal data to provide you with certain facilities (such as access to our buildings, our conference rooms, and Wi-Fi), to control access to our buildings, and to protect our offices, personnel, goods, and confidential information.

The personal data we collect is generally limited to your name, contact information, location, vehicle registration (if you use our car park), and the time you enter and leave our building. In some jurisdictions, we may also request you to show proof of identification in the form of a valid government issued photo ID.

Visitor records and access badges

We require visitors to our offices to sign in at reception, and we keep that record of visitors for a short period of time. Visitors to our buildings are provided with a temporary access badge to access our building. Our visitor records will be used to verify that access badges are returned, to look into a security incident, and for emergency purposes (for example, if an office needs to be evacuated).

Wi-Fi

We monitor and log traffic on our Wi-Fi networks. This allows us to see limited information about a user’s network behavior but will also include being able to see at least the source and destination addresses the user is connecting from and to.

CCTV

Worldpay uses CCTV monitoring where permitted by law. CCTV images are securely stored and only accessible on a need-to-know basis (for example, to investigate a potential incident). We are allowed to disclose CCTV images to law enforcement bodies. We will also share CCTV images with our insurers for purposes of processing an insurance claim as a result of an incident. CCTV recordings are typically deleted or automatically overwritten after a short period of time unless an issue is identified that requires further investigation.

Exercising your rights

Click here for an overview of your rights under applicable privacy and data protection laws and how to exercise these rights.

Legal grounds for processing personal data of visitors to our building are:

Our legitimate interest in protecting our offices, personnel, goods, and confidential information

Article 6.1.f GDPR

Our legitimate interest in preventing and detecting crime, and establishing, exercising, and defending legal claims

Article 6.1.f GDPR

Consent of the visitor

Article 6.1.a GDPR

Article 13.(1) PIPL

Visitors to our websites and other digital channels

Personal data that we collect about you when you visit our website (“site”) and other digital channels (hereinafter referred to as ‘our site’) falls into several categories.

Information that you provide voluntarily

We collect personal data you provide voluntarily through our site, for example, when completing online forms to contact us, subscribing to a newsletter, subscribing to receive marketing communications from us, participating in surveys, or registering for events we are organizing. The information we collect about you includes the following:

  • Name
  • Job title, job level or job function, role
  • Education
  • Company or organization
  • Company data
  • Contact information, including primary email, email address, and telephone numbers
  • Demographic information, such as industry, country, postcode, preferences, and interests
  • Other information relevant to client surveys or similar research
  • Information relating to events captured through event-related forms, such as dietary restrictions, hotel and flight information, registration/participation status, media interview attendance, previous event experience, and gender 
  • Information pertinent to providing goods and services to you
  • Any other personal data you voluntarily choose to provide to us

We do not intentionally collect sensitive personal data, unless you provide us with such data. While there may be free text boxes on the site where you are able to enter any information, we do not intend to process sensitive personal data. You are not required to provide, and should not disclose, sensitive personal data. If you choose to provide any sensitive personal data in this manner, you acknowledge you consent to the collection and processing of this sensitive information.

If you register on our website, your personal data will be stored in our Client Relationship Management (CRM) system. If you have opted out of receiving marketing communications, your basic contact details will remain on our opt-out list.

Information we collect automatically

When you visit our site, we collect certain personal data automatically from your device. Specifically, the data we collect automatically includes information, such as your IP address, pixel ID, device type, unique device identification number, browser type, operating system, broad geographic location (e.g., country or city-level location), and other technical information. We also collect information about how your device has interacted with our site, including the pages accessed, current URL, time you visited the site, and links clicked. Collecting this information enables us to better understand the visitors who come to our site, where they come from and what content on our site is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our site to our visitors.

Information will be collected using cookies and similar tracking technology, as explained further in our Cookie Notification.

Purposes for which we process your personal data as a visitor to our site are:

  • To administer and manage our site, including to confirm and authenticate your identity, and prevent unauthorized access to restricted areas of our site (for example, we may confirm your IP address matches the location entered into our online forms or may confirm you are not listed as a restricted party with whom we are legally prohibited from doing business);
  • To personalize and enrich your browsing experience by displaying content (including targeted advertising) that is more likely to be relevant and of interest to you
  • To analyze the data of visitors to our site and site traffic information
  • To capture web metrics about the journey of users within our site
  • To determine the company, organization, institution, or agency you work for or with which you are otherwise associated
  • To develop our business and services
  • To deliver products and services to our clients to provide them with information about such products or other legitimate business purposes
  • To provide you with marketing communications
  • To conduct benchmarking and data analysis (for example, regarding usage of our site and demographic analyses of visitors of our site)
  • To understand how visitors use the features and functions of our site
  • To monitor and enforce compliance with applicable terms of use
  • To conduct quality and risk management reviews
  • To enable the better management of our events
  • To enable teams managing events to coordinate their email campaigns and event notifications more effectively
  • To allow for event and webinar sign-up
  • To allow for content download and lead capturing
  • To allow services and information to be delivered effectively to you
  • Any other purpose for which you provided information to Worldpay

 

When you contact us or request us to contact you

Via our website, or other digital channels, you can contact us or ask us to contact you regarding questions, queries, (support) requests, comments or complaints, fill out an application to become a client, merchant or a partner or sign up for an account. When you do this, we collect the information you supply, including your name, company, contact details, the reason you are contacting us, verification you are not a robot and other information you provide us with. You can also contact us by calling us or e-mailing us using, for example, the contact details listed on our website. If you do so, we will collect your name, company, and any other information we need to be of further assistance to you and/or communicate with you.

We use the aforementioned data to answer your questions, comments, complaints, respond to your queries and (support) requests, and to assess your application to become a client or partner. As such, this data is used by us to establish or perform our (future) contract with you and for our legitimate interests in following up with you. We also use the data above for our legitimate interest of conducting business with you and managing our internal administration, for training purposes, for establishing and performing our contract with you, for our legitimate interest of conducting marketing research, so we can improve our products and services and to offer our (future) clients tailored products and services.

Geolocation data

When you use our mobile apps, we collect and use geolocation information linked to your device, with your permission, and where permitted by local law.  Worldpay uses this data as part of its processes to prevent and detect fraudulent card use and send alerts. Worldpay retains geolocation information processed as part of a transaction for 180 days. Where permitted by local law, Worldpay may monitor your geolocation information in the background while the mobile app is being used. You may change location permissions at any time either directly in the mobile app or in your device settings.

Children’s privacy

Worldpay does not knowingly solicit or collect personal data from children under the age of thirteen (13) without verifiable parental consent. If Worldpay learns that a child under the age of thirteen (13) has submitted personal data without parental consent, Worldpay will take all reasonable measures to delete such information from our databases and not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware that we have collected any personal data from children under the age of thirteen (13), please contact us at datarights@fisglobal.com.

Worldpay website(s) are not directed at persons under the age of 18. Worldpay does not knowingly collect, maintain, or use personal data from persons under the age of 18 on any Worldpay website. If you are under the age of 18 years, please do not register or otherwise provide information to Worldpay on an Worldpay website. Minors under 18 years of age may request to have the personal data they have provided to us deleted by sending an email requesting deletion to datarights@fisglobal.com

Please note, while we make reasonable efforts to comply with such requests, deletion of your personal data does not confirm complete and comprehensive removal of that data from all Worldpay systems.

Cookies and tracking on Worldpay websites and apps

When visiting Worldpay's corporate website, https://www.worldpay.com, users are not immediately tracked and have the option to accept cookies by selecting “Accept”. By not selecting the “Accept” option or by blocking specific types of cookies, Worldpay will not install non-essential cookies.

Worldpay websites may be linked to other websites

Worldpay websites may contain links to other websites. As you navigate our websites, you may click on links that take you to websites that belong to other business units or business partners affiliated with Worldpay. In addition, we may include links to third-party websites, which are not Worldpay business units or Worldpay affiliates. Worldpay is not responsible for the content or privacy practices of other non-Worldpay websites to which our websites link. If you are asked to provide information on one of these websites, we encourage you to carefully review their privacy policies before doing so.

Managing your preferences

Worldpay strives to provide you with choices and preferences regarding certain personal data uses, particularly around marketing and advertising. You may change your preferences or opt-out of receiving communications about Worldpay products and services by visiting our subscription preference center at any time.

Exercising your rights

Click here for an overview of your rights under applicable privacy and data protection laws and how to exercise these rights.

Legal grounds for processing personal data of visitors of our site are:

Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses

Article 6.1.f GDPR

Our legitimate interest in responding to questions, comments, complaints, respond to queries

Article 6.1.f GDPR

Our legitimate interest in developing and improving our sites and digital channels and your user experience

Article 6.1.f GDPR

Explicit consent of the visitor

Article 6.1.a GDPR

Article 13.(1) PIPL

Compliance with a legal obligation

Article 13.(3) PIPL

Processing personal information which has been publicly disclosed or legally disclosed within a reasonable scope

Article 13.(6) PIPL

Cookies and other similar tracking technologies

You can accept or reject cookies for our websites and other digital channels through the cookie preference center made available on these sites. You can also do so by adjusting your web browser controls. Please read our Cookie Notification for more information about our use of cookies on www.worldpay.com.

Legal grounds for processing cookies are:

Non-essential cookies: consent

Article 6.1.a GDPR

Essential cookies: our legitimate interest in making sure our websites and digital channels function properly

Article 6.1.f GDPR

Essential cookies in China: compliance with legal obligation (cybersecurity obligation), and/or processing is necessary to provide our products or services.

Article 13.(3) PIPL

Article 16 PIPL

Marketing

If you are one of our (potential) clients and, as required by applicable law or regulation, have opted in or have not elected to opt-out of receiving marketing communications, we may contact you in relation to relevant products or services via physical mail, telephone, text message and/or e-mail. We may also send you marketing communications if you have signed up and provided your consent at a trade show or conference.

If you are not one of our clients, you can sign up and select the types of content you would like to receive including events, product information and thought leadership/industry insights by providing your name and e-mail address via the subscription preferences form on our website or other digital channels. By completing and submitting this form, you indicate your consent to receive your preferred choice of content via the communication method selected including email, telephone, physical mail and/or text message. At any time, you  can unsubscribe from receiving marketing communications by following the instructions provided in the communication, contacting us via DataRights@fisglobal.com or by clicking here to unsubscribe or adjust your preference settings . Our action will be subject to applicable limitations of the laws of your home jurisdiction.

We may indirectly market to you via our website or social media. You can download content, for example white papers and research reports, from our website or social media using the forms designed for this purpose. We collect and process the data you fill out on the form, including your name, company, country and e-mail address to provide you with the content or for our legitimate interest of keeping track of who downloads our content and for the performance of a contract with you. We will not add you to our marketing distribution lists unless you have provided your consent.

We are committed to ensuring you only receive the marketing communications you want from us and will never send you unsolicited marketing communications.

Legal grounds for processing personal data for marketing purposes are:

Consent

Article 6.1.a GDPR

Article 13.(1) PIPL

Performance of a contract, if you request a copy or download of our white papers / reports

Article 6.1.b GDPR

Article 13.(2) PIPL

Our legitimate interest in developing our business

Article 6.1.f GDPR

Our legitimate interest in sending you direct marketing communications to keep you informed about products and services and to invite you for relevant events

Article 6.1.f GDPR

Events

We process personal data about participants in Worldpay meetings, conferences, events and learning sessions (events). We use various applications to manage event registration processes, which applications will contain their own privacy notices explaining why and how personal data is collected and processed by these applications. We encourage participants to refer to the privacy notices available on those applications.

As part of our event management processes, we process the following personal data (but only to the extent required for a specific event):

  • Name, age or date of birth
  • Registrant’s contact details (address, email address and phone number)
  • Company name
  • Gender
  • Home or other physical address
  • Names of employers (Worldpay or company)
  • Occupation (job title)
  • Credit or debit card number
  • Passport number
  • Personal web URL (if you have a personal website that you would like to share)
  • Event-related data such as: Dietary restrictions or special requirements, registration status, participant status/type, media interview attendance, previous event experience, arrival time/departure time, hotel check-in/check-out time, flight information (airline, arrival and departure dates)

We do not intentionally collect sensitive personal data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies or other data relating to your health necessary to provide support to participants, if needed, for example, if a wheelchair will be required).

Attendees of Worldpay events hosted at external venues may be required to bring a photo ID for identification purposes to safeguard our people, assets and information, and to prevent unauthorized people gaining access to off-site Worldpay events.

Worldpay is allowed to take photographs and make audio or video recordings in public areas of the Worldpay events. We use such media in our marketing materials. Images and voices of attendees will be recorded. Recordings will be edited, copied, exhibited, published or distributed.

Legal grounds for processing personal data of Event participants are:

Explicit consent of the participant

Article 6.1.a GDPR

Article 13.(1) PIPL

Our legitimate interest in organizing events and managing the registration process for such events

Article 6.1.f GDPR

Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people gaining access to off-site Worldpay events

Article 6.1.f GDPR

Our legitimate interest in providing information about Worldpay, our services and events we organize

Article 6.1.f GDPR

Individuals who correspond with Worldpay via email

Worldpay uses a variety of tools to maintain the security of our IT infrastructure, including our email facilities. Examples of such tools are:

  • Systems that scan incoming emails to Worldpay recipients for suspicious attachments and URLs in order to prevent malware attacks
  • Tools that provide end-point threat detection to detect malicious attacks
  • Tools that block certain content or websites

If you correspond via email with an Worldpay recipient, your emails will be scanned by the tools Worldpay operates to maintain the security of its IT infrastructure, which could result in content being read by authorized Worldpay persons other than the intended recipient.

Legal grounds for processing personal data of individuals who correspond with Worldpay via email:

Our legitimate interest in protecting our IT infrastructure against unauthorized access or data leakage

Article 6.1.f GDPR

Our legitimate interest in analyzing email traffic

Article 6.1.f GDPR

Processing personal data which has been publicly disclosed or legally disclosed within a reasonable scope.

Article 13.(6) PIPL

Consent

Article 13.(1) PIPL

Individuals who correspond with Worldpay via phone and voice mail services

When you call Worldpay personnel, only your phone number will be stored on our servers and will be delivered to the voice mail box holder via recording and/or via an email. No other personal data is collected but technical logs and reports may be stored for trouble shooting purposes.

Recording of client phone calls

Client phone calls to call centers or help desks operated by Worldpay may be recorded. Worldpay will always inform the caller that the call is being recorded and the reasons for recording. Where required under applicable law, Worldpay will obtain the caller’s consent.

Recording will be initiated for reasons of improving quality of client service, dispute resolution, regulatory and compliance, and training of staff.

Legal grounds for processing personal data of individuals who correspond with Worldpay via phone and voicemail services:

Our legitimate interest in maintaining communication networks

Article 6.1.f GDPR

Our legitimate interest in improving client service, dispute resolution, and training of staff

Article 6.1.f GDPR

Compliance with a legal obligation

Article 6.1.c GDPR

Article 13.(3) PIPL

Consent (for the processing of sensitive personal data, such as biometric data)

Article 9.2.a GDPR

Article 13.(1) PIPL

Processing personal data which has been publicly disclosed or legally disclosed within a reasonable scope.

Article 13.(6) PIPL

Voice authentication

As an additional account authentication option, Worldpay offers biometric voice recognition technology that can capture your voiceprint and use it to identify you when you call us.

Before collecting your voiceprint, we will notify you that voice authentication is available, and we will ask for your consent before enrolling you in our voiceprint program. Participation in the voiceprint program is not compulsory and you may terminate your participation at any time.

After you sign up for the voiceprint program, we’ll record a short sample of your voice using an Interactive Voice Response (IVR) system. This will pinpoint unique characteristics in the way you speak, such as pitch, language, and speech patterns, to create a mathematical formula to produce a unique identifier for your voice. This identifier is a unique code made up of a series of numbers and letters which can be used only to identify your voice.

Once you've enrolled in the voiceprint  program, whenever you call us, our phone system will confirm who you are by comparing your voice to your unique voiceprint and check details about the device and phone number that you're contacting us from. This confirms it's really you calling and you’ll then be able to speak to one of our representatives or use our self-serve features.

Our goal is to make it simpler for you to do business with us, and by using voiceprints, it protects both you and Worldpay against fraud, misrepresentations and other errors. Your voiceprint will only be used to confirm your identity and replaces other methods of verification such as questions asked by one of our representatives to validate your identity.

Your unique voiceprint cannot be used to reverse engineer, reuse or recreate your voice.  Your voiceprint is encrypted and kept in a secured database.

Exercising your rights

If you no longer want to use our voice authentication services, just let us know and we will  deregister you from the service and remove your voiceprint data from our systems.

Click here for an overview of your rights under applicable privacy and data protection laws and how to exercise these rights.

Legal grounds for processing voiceprints:

Explicit consent

Article 6.1.a GDPR

Article 9.2.a GDPR

Article 13.(1) PIPL

 

Two colleagues working in a shop.

Worldpay

Worldpay, LLC, and its subsidiaries and related entities, collectively known as “Worldpay” (“Worldpay” or “we” or “our”), recognizes and respects the privacy of individuals whose personal data it collects, uses, and stores in the course of conducting business.

This Privacy Notice explains to individuals who access or use Worldpay’s services, including those who interact with our websites, mobile sites, and applications (“Sites and Services”) (“you”), how Worldpay uses your personal data. This includes buyers, Worldpay merchants, and other Worldpay clients who trade as individuals, as well as website or app users. When Worldpay uses the word “buyer” in this Privacy Notice, this means any shopper or individual whose payment transactions may be processed using Worldpay’s Sites and Services.

This Privacy Notice is global in scope but is not intended to override any legal rights in any territory where such rights prevail.

The Worldpay entity responsible for collecting, storing, or using your personal data (that is, the “Controller” where the GDPR or the United Kingdom Data Protection Act 2018 apply) depends on why or how you interact with Worldpay and your location.

Personal data used by Worldpay

Worldpay collects personal data relating to buyers, merchants, or other clients in order to carry out its business activities. Worldpay may collect personal data from various sources, including:

  • information provided to us, either directly or via our merchants, or other clients;
  • information automatically collected when you use our Sites and Services, including but not limited to our role as a payment processor;
  • information collected from third parties, including but not limited to: fraud monitoring service providers, commercial databases, or know your client (KYC) service providers.

This personal data may include:

  • Contact information, including but not limited to: name (first, last, and business), telephone numbers, address (home, billing, and business), fax, email address, and other communications;
  • Demographic information, including but not limited to: nationality, country of residence, date of birth, marital status, birth place, gender, preferred language, citizenship;
  • National Identification information, including but not limited to: national insurance number, passport, social security number, taxpayer identification number, driver license or other form of identification to verify a buyer, merchant, or other client;
  • Monitoring or Recording, including but not limited to: monitoring or recording of telephone calls, emails, web chats, CCTV, access control, or other communications;
  • Merchant or other Client identification, including but not limited to: merchant or client ID;
  • Merchant or other Client management, including but not limited to: billing, invoicing, refunds, financial position (including debt position), reconciliations, and reporting;
  • Information related to items purchased, including but not limited to: location of the purchase, value, time, method, any feedback that is given in relation to such purchase;
  • Payment transaction information, including but not limited to: which Alternative Payment Method (“APMs”) is used (e.g. bank transfer, pre-pay service, post-pay service, eWallets, and local card schemes), transaction monitoring and fraud monitoring information (e.g. transaction values and volumes,  risk scores attributed to transactions, merchant category code, IP address from where a transaction is made (optional), buyer email address (optional)), and analytics or trend analyses related to a client’s sales or refunds (including chargebacks);
  • Financial and credit/debit card information, including but not limited to: payment account number (PAN) or account number, card expiration date, CVC details, bank, and/or issuer details;
  • Credit, fraud, sanctions, and transaction risk information, including but not limited to: information obtained about our clients from credit reference or fraud prevention agencies, including credit history, credit score, and business name, business address and any business ID (such as the registered number or VAT number), financial statements for the applicant or companies within the same group of companies as the applicant and payment transaction information from our fraud and transaction monitoring activities which relates to our clients, such as transaction types, values, and risk scores;
  • Technical information, including: the IP address used to connect your computer or device to the Internet, your device ID, login information (username/password), browser type and version, time zone setting, browser plug-in types and versions, device operating system platform, mobile carrier, location, or GPS/geo-location;
  • Information about your visit or whether you opened an email, including: the full Uniform Resource Locators (URL) clickstream to, through and from Worldpay’s site (including date and time), products or services you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the site page, any phone number used to call Worldpay’s client service number;
  • Photographs and videos of you, from Worldpay events, e.g., through identity verification;
  • Publicly accessible comments and opinions reviewed and used by Worldpay, through Internet searches or posted on social networking sites, such as Facebook and LinkedIn;
  • Insights gained through Worldpay gatherings from sessions that you participate in and contribute at Worldpay events;
  • Social media posts on Worldpay social media sites or made publicly about Worldpay on social media;
  • Event participant details from a Worldpay event, including but not limited to: name, title, and company from a Worldpay app for the event which is available to registered delegates; and
  • Applications, if you download or use mobile or desktop applications, including information about your location, your device or the service you are using, including where a payment transaction takes place.

Worldpay sharing of personal data

Worldpay may make personal data available to:

  • other parts of Worldpay, or Worldpay group companies;
  • third-party service providers, including information technology service providers (e.g., for cloud computing), credit reporting agencies, risk, fraud, and compliance service providers (e.g. for transaction risk monitoring); debt service providers (e.g. for debt collection analysis or management); and for business analytics (e.g. for data aggregation, visualization and reporting);
  • our business partners, including payment processors, payment infrastructure providers, digital wallet providers, banks, and other financial institutions;
  • advertisers (where a Worldpay client opts-in to this service);
  • our professional legal advisors (accountants, consultants, lawyers, and tax advisors);
  • law enforcement, regulatory, prosecuting, tax or governmental authorities, courts, other tribunals, or dispute resolution bodies;
  • prospective sellers or buyers as part of a sale or merger of our company, business, or assets; and
  • any other third party to the extent the disclosure is required by a law which applies to us.

As Worldpay is a global business, the above recipients may be based internationally (that is in a different country or territory to you), and some will be based outside of the European Economic Area or United Kingdom.

For U.K., products and customers, you can learn more about the credit reporting agencies (CRA), their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs on their websites in the Credit Reference Agency Information Notice (CRAIN) document. Download a copy from any of the websites below:

Transfer of personal data

Please click here if you would like to understand what safeguards Worldpay has put in place for the international transfer of personal data.

Exercising your rights

Click here for an overview of your rights under applicable privacy and data protection laws and how to exercise these rights.

Why Worldpay processes personal data

We collect, use, and store your personal data for the reasons stated in the table below. 

We may also use your personal data so long as the use is not incompatible with the original purpose for which we obtained your personal data, and for any other purpose that we specifically tell you about.

In some cases, we may require you to provide your personal data because of a legal or contractual duty, and your failure to provide the information in these circumstances could result in us being unable to fulfil our relationship with you.

Purpose of processing

Legal ground(s) for use

Designing, evaluating, benchmarking, and administering:

Worldpay product and service offerings and their relevance for particular merchants or clients.

Worldpay relies on:

  • Consent to send promotional material (if required);

    Article 6.1.a GDPR

  • Worldpay’s legitimate interests in protecting and enforcing its rights or to send promotional material;

    Article 6.1.f GDPR

  • Worldpay’s legitimate interests in developing and improving products and services;

    Article 6.1.f GDPR

    and

  • The need to process personal data to provide a requested product or service or to fulfill a contract.

Article 6.1.b GDPR

Diversity programs, including compliance with diversity objectives

Worldpay controlled recognition and rewards programs for our merchants or other clients

Education, training, and awareness programs for our merchants or other clients

Sales and marketing campaigns

Offers of products, services, and contracts

Accounts receivable, accounts payable, bad debt and reserves; bank accounts for payments and receipts

Assembling, maintaining, and disseminating:

Client-specific job assignments for sales, marketing, and collections

Worldpay relies on:

  • Worldpay’s legitimate interests in the administration of its business or in meeting internal record-keeping requirements;

    Article 6.1.f GDPR

  • Worldpay’s legal obligations under tax, audit, or regulatory law to maintain internal records

    Article 6.1.c GDPR;

    and

  • Worldpay’s legitimate interest in assisting its merchants or other clients to understand their transactions or its contractual obligation to provide this information.

Article 6.1.f GDPR

Client directories

Emergency contact information for merchants or other clients

Identification credentials

Internal record-keeping and reporting, including reporting on credit and financial risk

Providing reports and analytics to our merchants or other clients

Supporting, monitoring, auditing, executing, and facilitating:

Business conferences and travel

Worldpay relies on:

  • Consent;

    Article 6.1.a GDPR

  • Worldpay’s legitimate interests in the administration of its business

    Article 6.1.f GDPR;

  • Worldpay’s legitimate interests in protecting the integrity of Worldpay services, facilities, and systems.

    Article 6.1.f GDPR

  • Worldpay’s legitimate interests in preserving records for business purposes, assuring security at its facilities and systems, and making merchant or other client contact information available to relevant employees;

    Article 6.1.f GDPR

  • Worldpay’s legitimate interests in promoting, developing, and improving products and services

    Article 6.1.f GDPR;

    and

  • The need to process personal data in order to provide a requested product or service or to fulfill a contract.

Article 6.1.b GDPR

Business negotiations and transactions (including due diligence)

Business operations, including client billing

Business transition activities, including mergers, acquisitions, and divestitures

Company marketing efforts, including websites, conferences, brochures, and other promotional media events and materials

Compliance with contractual obligations, client service, support, or account management

Identification for security and systems/ facility authentication

Internal and external business communications and management reporting

Complying with:

Applicable laws and regulations and industry requirements, including reporting and disclosure obligations.

Worldpay relies on:

  • Legal obligations to process personal data under applicable UK, EU, or EU Member State law;

    Article 6.1.c GDPR

  • Worldpay’s legitimate interests to comply with non-UK, EU, or EU Member State laws and regulations, or industry (e.g., card scheme or Payment Card Industry) requirements

    Article 6.1.f GDPR;

    and

  • Worldpay’s legitimate interests in protecting and enforcing its rights.

Article 6.1.f GDPR

Conducting:

Audits and accounting, financial and economic analyses (including to assess financial and insurance risks)

Worldpay relies on:

  • Legal obligations under UK, EU, or EU Member State audit, tax, or regulatory laws.

    Article 6.1.c GDPR

  • Worldpay’s legitimate interests in meeting non-UK, EU, or EU Member State audit, tax, or regulatory requirements.

    Article 6.1.f GDPR

  • Worldpay’s legitimate interests in analyzing performance, understanding Worldpay merchant or other client preferences;

    Article 6.1.f GDPR

  • Worldpay’s legitimate interests in protecting the integrity of Worldpay Sites and Services, operations, facilities, and systems

    Article 6.1.f GDPR;

    and

  • Worldpay’s legitimate interests in protecting its rights.

Article 6.1.f GDPR

In accordance with local law, investigations into alleged policy or contractual violations by merchants or other clients

Opinion and engagement surveys

Protecting:

Security of Worldpay assets, by implementation of identity authentication and other security measures, control of access to Worldpay and client workplaces and systems, monitoring of activity in Worldpay work locations, and execution of backup and storage procedures

Worldpay relies on:

  • Worldpay’s legitimate interests in protecting its rights, the integrity of Worldpay services, operations, facilities, and systems, and preventing fraud or the misuse of Worldpay services.

Article 6.1.f GDPR

Preventing, detecting, and assisting in the prevention, detection or prosecution of:

Crime, including fraud, sanctions offences and money laundering

Worldpay relies on:

  • Worldpay’s legal obligations under UK, EU, or EU Member State law;

    Article 6.1.c GDPR

  • Worldpay’s legitimate interests in conducting sanctions and anti-money laundering screening, and meeting non-UK, EU, or EU Member State legal or regulatory requirements;

    Article 6.1.f GDPR

    and

  • Worldpay’s legitimate interest in protecting and enforcing its rights and property.

Article 6.1.f GDPR

Monitoring, auditing, and reviewing:

Communications and information on company systems, including email and website usage

Worldpay relies on:

  • Worldpay’s legitimate interests in protecting the integrity of Worldpay services;

    Article 6.1.f GDPR

    and

  • Worldpay’s legitimate interests in protecting and enforcing its rights, protecting the integrity of Worldpay services, operations, facilities and systems, and staff, and preventing fraud or the misuse of Worldpay services.

Article 6.1.f GDPR

Compliance with company policies, procedures, and processes

Activity in company work locations

Preparing for, defending, participating in or responding to:

E-discovery requests for information

Worldpay relies on:

  • Legal obligations to participate in legal or complaints processes under UK, EU, or EU Member State law;

    Article 6.1.c GDPR

  • Worldpay’s legitimate interests in participating in legal or complaints processes under non-UK, EU, or EU Member State law, regulatory or industry requirements;

    Article 6.1.f GDPR

    and

  • Worldpay’s legitimate interests in protecting and enforcing its rights.

Article 6.1.f GDPR

Litigation or potential litigation and other types of dispute resolution (including complaints)

Communicating and sharing of information with FIS companies or potential or actual acquirers of FIS companies or businesses for:

 

Internal administration and business management and planning purposes

Worldpay relies on:

  • Legal obligations relating to audit, tax, or compliance requirements under UK, EU, or EU Member State law;

    Article 6.1.f GDPR

    and

  • Worldpay’s legitimate interests to structure its business appropriately and to meet non-UK, EU or EU Member State requirements relating to audit, tax, or compliance.

Article 6.1.f GDPR

Processing and administering:

Tax and other required withholdings

Worldpay relies on:

  • Legal recordkeeping and reporting obligations under UK, EU or EU Member State law;

    Article 6.1.c GDPR

  • Worldpay’s legitimate interests in protecting its rights and meeting non-UK, EU or EU Member State recordkeeping and reporting requirements;

    Article 6.1.f GDPR

    and

  • The need to process personal data to fulfil contractual obligations.

Article 6.1.b GDPR

Reimbursements for business travel and other reimbursable business expenses

Invoices, payments, cash balances, and accounting

Categories of data

With respect to data subjects whose personal data is processed by Worldpay for the purposes of the collection of accounts receivable, the processing of accounts payable, sales, marketing, vendor and client relationship management purposes, the processing may concern the following categories of data.

Data Category

Example

Advice, opinions, and other comments

Engagement surveys, exit interviews.

Bank and financial details

Payment and/or expense reimbursement; direct deposit banking information, payment card information, wire clearing information, bank account number and sort codes, invoicing details, and payment details.

Business travel and movement data

Travel data, including travel schedules, lodging, conveyance, meals, and other expenses.

Grievance data

Complaints, tribunal data.

Information recorded on or in company systems, equipment, or documents

Emails, text messages, web site usage, voicemail recordings, calendar or diary entries, correspondence, including personal data included in or on company systems, equipment, or documents by the Data Subject.

Access records

Dates, times, and locations of entry and exit from controlled facilities and systems, computer and system logon/off audit trails.

Organizational data

Name, company structure, organizational charts, reporting relationships, titles, work contact details, email, accounting code details.

Personal details and contact information

Name, gender, birth date, home and business address, phone numbers, email, government-issued identification numbers, identification numbers issued by or on behalf of the company, signatures, handwriting.

Photo, video, or audio recordings

Information collected by security systems, closed-circuit television, profile photographs, voice mail, recorded trainings, conferences, or marketing materials.

Countries

For some countries in which Worldpay has a presence, additional country specific information is available:

Argentina

The owner of the personal data has the right to access such data free of charge at intervals of not less than six months. Such six-month term may be shorter in case a legitimate interest is evidenced to that effect, as provided in paragraph 3 of article 14 of Law Nbr. 25,536.

The Agency for Public Information Access (“Agencia de Acceso a la Información Pública”), which is the competent authority under Law 25,326, has the power to deal with complaints and claims that are filed in relation to non-compliance with the personal data protection requirements.

The contact information of the “Agencia de Acceso a la Información Pública” is the following:

Address: Av. Pte. Gral. Julio A. Roca 710, 3rd floor – Autonomous City of Buenos Aires

Postal code: C1067ABP

Email: info@aaip.gob.ar

Canada

Worldpay Canada Corporation is accountable for the personal data processed in connection with the provision of merchant services in Canada. This personal data is maintained on secure servers and is accessible by authorized employees, representatives, and agents who require access for the purposes described in this Worldpay Privacy Notice. Personal data may be transferred and stored outside of Canada and therefore subject to disclosure pursuant to the privacy and data protection laws of the jurisdiction where such personal data is stored. We take care so that those we share your personal data with outside Canada protect it in a way that provides comparative safeguards to those under PIPEDA and other Canadian privacy and data protection laws.

Notwithstanding the lawful basis identified in the Appendix to this Notice, personal data is processed with consent, except as otherwise permitted or required by law. Consent can be express or implied. When we collect and process your sensitive data, we will obtain your express consent in writing or by electronic means and use it only for the purpose necessary to conduct our business in an appropriate manner or as permitted by applicable law and guidelines.

In some cases, we rely on third parties, such as merchants, to obtain consent on our behalf.

Worldpay Canada Corporation may make your personal data available to other parts of Worldpay, or FIS group companies, to facilitate the provision of the products and services and for Worldpay to comply with its legal and regulatory obligations.

China

Worldpay Marketing Consulting (Shanghai) Co. Limited is the entity responsible for processing your personal data for the purposes of any merchant services offered in China and will process personal data only on the appropriate legal ground(s) under the applicable local data protection laws.

International transfer

For Chinese data subjects, your personal data may be transferred outside of Mainland of China, except for the cases exempted by the Personal Information Protection Law of People’s Republic of China (PIPL). We take care so that those we share your personal data outside China protect it in a way that provides comparable safeguards to those under the PIPL, we will also take necessary measures such as obtaining consent to transfer personal data to third parties if required by the PIPL.

Japan

International transfer

For Japanese data subjects, your personal data may be transferred outside of Japan, except for the cases exempted by the Act on the Protection of Personal Information (APPI). We take care so that those we share your personal data outside Japan protect it in a way that provides comparable safeguards to those under the APPI, such as, via contractual data protection obligations or because the recipient is in foreign countries establishing a personal information system recognized to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests. We will also take necessary measures such as obtaining consent to transfer personal data to third parties if required by the APPI.

Joint use with group companies

Worldpay’s services in Japan are provided by Worldpay Kabushiki Kaisha (“Worldpay K.K.”). Worldpay K.K., Worldpay, LLC, and its subsidiaries and related entities may jointly use and share personal data to the extent needed to carry out its business operations.

  • Items of personal data to be jointly used are set out under “categories of data” in the Appendix to this Privacy Notice;
  • Purposes of joint use and sharing of personal data are set out under “purpose of processing” in the Appendix to this Privacy Notice.
  1. Joint use of Merchant Information

    Worldpay K.K., Worldpay (UK) Limited, and Worldpay Limited will jointly use the personal data specified below for the following purposes. 

  • Items of personal data to be jointly used;
    1. Name, location, postcode and telephone number, e-mail address, bank account number and corporate registration number of the Merchant and the like, and name, address, date of birth, telephone number, e-mail address, bank account number of its representative, and other information disclosed on the application for admission or notice of change for registered items by the Merchant and the like;
    2. Date of application and admission (including a date when a settlement service is added), identification number of a Terminal, products to be sold, sales method, business category and other information related to transactions between Worldpay and the Merchant and the like;
    3. Information regarding circumstances on acceptance of the Card by the Merchant (including information relating to the Authorization Application);
    4. Card usage history of the Merchant and the like collected by Worldpay (this refers to the history of purchasing products and other transactions using the Card as a holder of the Card.);
    5. Matters mentioned in confirmation documents such as operating license, etc. of the Merchant and the like;
    6. Matters mentioned or registered in documents or information issued by public organization, such as a corporate registration (toki-bo) and a residence certificate (jumin-hyo), collected lawfully and properly by Worldpay;
    7. Publicly disclosed information by telephone directories, housing maps, official gazettes, etc.;
    8. In case of refusal of application for membership, the fact of the refusal and its reason;
    9. The fact that an investigation into the solicitation connected with a contract for a sale involving the intermediation of an individual credit purchase under Article 35-3-5 and 35-3-20 of Instalment Sales Act was made, contents of the investigation, and matters for the investigation;
    10. The fact that an investigation under item (i)(a) or (iii) of Article 60 of Ordinance for Enforcement of the Instalment Sales Act in accordance with the Instalment Sales Act was made and matters for the investigation;
    11. The fact that an individual credit purchase intermediary or a comprehensive credit purchase intermediary terminated or cancelled a contract regarding intermediation of credit purchases and related matters;
    12. Complaint raised by Cardholders to Worldpay or a Card Issuing Company or the Card Schemes and information gathered by Worldpay or the Card Issuing Company or the Card Schemes in connection with investigation made on the complaint;
    13. Information published by a governmental authority, consumer organization, or the press (including information publishing a fact of violation of the Act on the Specified Commercial Transaction), and information gathered by a merchant credit information agency (an organization whose business is to collect merchant information and provide them to participating members) or its participating members; and
    14. Contents of information provided from a detective agency to Worldpay or a merchant credit information agency, such as bankruptcy information or other credit information.
  • Purposes of joint use and sharing of personal data
  1. examining membership applications (including examination of additional applications for payment services; the same applies hereinafter) under the relevant merchant agreement with the merchant, making decision on transactions such as management following admission to membership, fulfilling the merchant investigation obligation following the execution of the merchant agreement, perform the obligations under the relevant merchant agreement or any other agreement ancillary to the merchant agreement, conducting examination pertaining to continuing business and promoting the use of the cards, gift cards and the like
  2. Business advertisement for Worldpay, a card issuing company and other merchants, and the like, including sending advertisements; and
  3. Development of new products, functions and services, etc. for Worldpay’s credit card business and other business (stipulated in Worldpay’s Articles of Incorporation).
  4. to deposit the merchant Information of(i) through 1(xiv) above to an entrustee to the extent necessary for the performance of services in the event services performed under merchant agreement are entrusted to such entrustee.

The person and entity in charge of managing joint use of personal data is:

Worldpay K.K.
Representative Director: Hideya Komori
12FL JA Building
1-3-1 Otemachi,
Chiyoda-ku,
Tokyo 100-6812, Japan

  1. Joint use with Japan Consumer Credit Association (JCCA)

     

    Japan Consumer Credit Association
    Merchant Information Exchange Center (JDM Center)

    Address

    Sumisho Nihombashi Koamicho Bldg. 6F

    14-1 Nihombashi Koami-cho, Chuo-ku, Tokyo

    103-0016

    TEL

    03-5643-0011

    Organization responsible for managing joint use

    Merchant Information Exchange Center

    Japan Consumer Credit Association

    URL

    https://www.j-credit.or.jp/

    Purpose of joint use

    The purpose is, in the merchant information exchange system operated in the course of business of the Certified Instalment Sales Association as stipulated in the Instalment Sales Act, to contribute to the sound development of credit transactions and the protection of consumers by Worldpay’s registering with the JDM Center, and providing and sharing with the member companies of the member information exchange system (“JDM Member,”) information on the acts of the JDM Members that lack, possibly lack or cannot be clearly judged to lack the protection of users or the like, and information on acts that hinder or possibly hinder the appropriate management of the Credit Card Numbers, etc., thereby improving the accuracy of the screening of the JDM Members prior to the execution of the Merchant Agreements or in the process of monitoring such members, eliminating malicious Merchants and strengthening the security measures of the Merchants.

     

    Information to be shared

    Facts and reasons of investigations necessary for the complaint procedure pertaining to the Merchants, etc. in the transactions of intermediation of comprehensive credit purchases or intermediation of individual credit purchases.

    Facts and reasons of the measures taken to prevent the occurrence of, and handle, complaints pertaining to the Merchants, etc. in the transactions of intermediation of comprehensive credit purchases

    Facts and reasons of terminating agreements on intermediation of comprehensive credit purchases or intermediation of individual credit purchases for having committed acts that lack the protection of users, etc. in the business of intermediation of comprehensive credit purchases or intermediation of individual credit purchases

    Information, which are objective facts concerning acts causing undue damage to the JDM Members, users, etc., pertaining to those that lack or possibly lack the protection of users, etc. or those which cannot be clearly judged to lack such protection

    Matters requested by users, etc. (not limited to those who have already entered into an agreement) to the JDM Members as well as said matters on acts that are judged to lack or possibly lack the protection of users or the like, or such acts as cannot be clearly judged to have been actually committed.

    Information collected by the JDM Center on the facts disclosed by administrative agencies and the contents thereof (such as information disclosed in violation of the Act on Specified Commercial Transactions)

    Facts and reasons of investigations necessary to find out the cause of incidents such as a leak of credit card information by the Merchant, or to take recurrence prevention measures, in the case of the occurrence or possible occurrence of incidents, in the transactions of intermediation of comprehensive credit purchases

    Facts and reasons of investigations necessary to find out the information on unauthorized uses or to take recurrence prevention measures when it is found that the unauthorized use of credit cards experienced by the Merchant hinders or possibly hinders the prevention of the unauthorized use of credit cards by the Merchant in the transactions of intermediation of comprehensive credit purchases

    Information on the failure of the Merchant to comply with the standards required by laws and regulations for the proper management of the Credit Card Numbers, etc. in the transactions of intermediation of comprehensive credit purchases

    Facts and reasons of why the Merchant is required to comply with the standards required by laws and regulations or to take recurrence prevention measures in relation to items (vii) through (viii) above

    Facts and reasons of terminating the credit card number management agreement because the Merchant failed to comply with the guidance on the measures in (ii) through (x) above, or has no prospects of complying with the standards required by laws and regulations

    Information on acts that lack the protection of users, etc. or hinder the proper management of the Credit Card Numbers, etc.

    Name, address, telephone number and date of birth of the Merchant concerning each of the foregoing (corporate number, name, address, telephone number, and the name and date of birth of the representative in the case of a corporation). However, the name, address, telephone number and date of birth (the name and date of birth of the representative in the case of a corporation) are excluded with respect to the information in (v) above concerning such acts as cannot be clearly judged to have been actually committed.

    Information pertaining to the preceding item that is registered with a Merchant Credit Information Institution, if any, with respect to other stores in the management of which the representative of the Merchant participates

    Term of registration

    The above information remains registered for a period not exceeding five (5) years from the date of registration, the date of completion of the necessary measures (or the date of completion of all measures if there are several measures to be taken) or the date of termination of the agreement.

    Scope of joint users

    Comprehensive credit purchase intermediaries, individual credit purchase intermediaries, brokers for third-party payments and merchant agreement administrators, which are the members of Japan Consumer Credit Association and the JDM Members, as well as the JDM Center,

    (See the above website for the names of the JDM Members.)

  2. Sensitive Data

    When we collect and process your sensitive data, we will obtain your consent in writing or by electronic means and use it only for the purpose necessary to conduct our business in an appropriate manner or as permitted by applicable law and guidelines.

  3. Data subject rights

    In accordance with the Act on Protection of Personal Information of Japan (APPI) and other applicable laws and regulations, Worldpay K.K. will disclose at your request the personal data that we hold about you according to the applicable procedures. If you inform us that your personal data is inaccurate, we will review and correct, add or delete the data as required in accordance with applicable laws, regulations and procedures.

    You have the right to request deletion of or cessation of processing of your personal data if your personal data has been used beyond the scope necessary to achieve the purpose for which it has been collected, processed or obtained by deceit or in violation of the APPI., if our use of your personal data triggers illegal acts, are no longer necessary in relation to the purposes for which they were collected, compromised or otherwise processed in a manner which could harm the rights or legitimate interest of you.

    You have the right to request cessation of transferring your personal data if your personal data is transferred to a third party in violation of the APPI or the transfer could harm your rights or legitimate interest.

    You may request us to disclose the following information (we may refuse your request to the extent we are permitted to do so in accordance with APPI or any other applicable laws and regulations):

    • data security measures we have been implemented; and.
    • in case where your data has been shared with foreign companies including Worldpay, LLC and its subsidiaries and related entities by way of joint use and foreign service providers, (i) measures so that data recipients take sufficient data security measures (the “Measures”) and the details of the Measures, (ii) measures and frequency that we audit the data recipients’ implementation of the Measures, (iii) name of the recipient country and rules of the country that could hinder the implementation of the Measures and (iv) other obstacles that could hinder the implementation of the Measures and measures that we have conducted to solve such obstacles.
  4. Worldpay Contact information

    For any inquires and complaints regarding the processing of personal data by Worldpay K.K. please contact:
    Worldpay K.K. Client Support Office
    Email: WorldpayKK_ClientSupport@fisglobal.com

  5. Contact information of Authorized Personal Information Organization

Worldpay K.K. is a member of the JCCA. For any inquires and complaints regarding the processing of personal data by Worldpay K.K., you may also contact to the JCCA.

The contact information of the JCCA is available at https://www.j-credit.or.jp/association/protection_center.html

Malaysia

In accordance with the Personal Data Protection Act 2010 (“PDPA”), Worldpay may:

a. Charge an administration fee for processing a data subject’s request for access to personal data; and

b. Refuse to comply with a data subject’s request for access or correction of the personal data.  

Worldpay shall take necessary measures as described in this Privacy Notice to safeguard any personal data transferred outside Malaysia to verify compliance with the PDPA.

In the event of any inconsistency between the English version and any other translation of this Privacy Notice, the English version shall prevail. 

South Africa

In accordance with the South African Protection of Personal Information Act, 2013 (“POPIA”), FIS Worldpay South Africa (Pty) Ltd is the entity responsible for collecting, storing, or using your personal data for the purposes of any merchant services offered out of South Africa. For any enquiries, please contact Worldpay’s South African Information Officer.

The Information Regulator is the competent authority under section 39 of POPIA to deal with complaints and claims that in relation to non-compliance with the personal data protection requirements under POPIA. The Information Regulator’s contact details are available at https://www.justice.gov.za/inforeg/contact.html.

With whom do we share your personal data

We disclose your personal data to the following categories of recipients:

Companies belonging to FIS

We share personal data with other companies within the FIS group.

 

Support providers

We transfer or disclose the personal data we collect to external support providers (and their subsidiaries and affiliates) who are engaged by us to support our internal ancillary processes. For example, we engage support providers to provide

(a) general office support including printing, document production and management, archiving, office cleaning and translation services;

(b) office security, including the installation, hosting and monitoring of CCTV;

(c) accounting, finance and billing support;

(d) IT functions including system management and security, data storage, cloud computing, analytics, business applications, voicemail and replication of systems for business continuity/disaster recovery purposes;

(e) HR functions including payroll, benefit and payment providers, global mobility providers, pension providers, training providers, recruitment agencies, search consultancy firms, background checking or other screening providers; 

(f) risk, fraud, and compliance service providers (e.g. for transaction risk monitoring and credit reporting agencies);

(g) Electronic identity verification providers;

(h) Voice recognition / voice verification service providers;

(i) debt service providers (e.g. for debt collection analysis or management); and

(j) business analytics (e.g. for data aggregation, visualization and reporting);

It is our policy to only use third-party support providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected

Business partners

Business partners, including payment processors, payment infrastructure providers, digital wallet providers, banks and other financial institutions.

Other participants in the payment ecosystem

Participants in the payment ecosystem, including financial institutions, credit card companies and merchants.

Other third party recipients

Depending on the purpose for which we collect and process your personal data, we share your personal data with the following recipients:

  • Professional advisors, such as law firms, tax advisors or auditors
  • Insurers
  • Pension funds
  • Banks
  • Regulators
  • Tax and customs
  • Regulatory and other professional bodies
  • Stock exchange and listing authorities
  • Public registries of company directors and shareholdings
  • Providers of identity verification services
  • Credit reference agencies
  • Insolvency administrators or creditors
  • Travel agents
  • Government departments and agencies

Acquirer or successor of FIS

If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal data we gather from you will be transferred in connection with such an event. Any acquirer or successor of FIS may continue to use the data as described in this Privacy Center provided that the acquirer or successor is bound by appropriate agreements or obligations and may only use or disclose your personal data in a manner consistent with the use and disclosure provisions of this notice, or unless you consent otherwise.

Legally compelled disclosure

There are circumstances under which FIS is legally compelled to disclose your personal data. These circumstances include, among others, situations where disclosure is required by law applicable to FIS, or necessary to comply with an order of a court or governmental agency, export control, or necessary for matters of safety and security. In such cases, FIS will only provide the minimum amount of personal data permissible when responding to a request for disclosure.

CCPA / CPRA Sale of Information

Worldpay only uses personal information in accordance with applicable law, including the CCPA and the CPRA, and in accordance with contractual obligations owing to clients and other third parties. Worldpay only uses personal information provided by clients to Worldpay to provide its services and does not sell personal information to third parties if prohibited by law or contractual limitations.

Worldpay have not sold or shared personal information of any employee over the past 12 months for the purpose of cross-context behavioral advertising. 

We have disclosed personal information to our support providers for business purposes in the prior twelve months. The information we have disclosed for business purposes may include some or all of the categories listed in our Preference Center. For more information about the categories of entities to which we have disclosed this information and the purposes for which we have disclosed the information, please see “With whom we share your personal data”.

While Worldpay does not sell personal information in exchange for any monetary consideration (except where allowed under client contracts), we do share personal information for other benefits that could be deemed a “sale,” as defined by the California Consumer Privacy Act (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal information is collected and shared. You have the right to direct Worldpay to not sell your personal information. If you wish to opt-out of sale of your information, please submit your request here or contact us via DataRights@fisglobal.com. You can also submit requests by calling +1 877-776-3706, and indicating you wish to submit a California Consumer Privacy Act rights request to Worldpay.

With respect to cookies, you can customize your settings at any time. Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.

Law Enforcement

Worldpay respects the rules and laws of the jurisdiction in which it operates, as well as the privacy and rights of its clients. Accordingly, Worldpay provides client information in response to law enforcement or other public authority requests only when we reasonably believe we are legally required to do so. To protect our clients’ rights, we carefully review requests to confirm they comply with the law and are within the powers of the requesting authority or law enforcement official.

To obtain client information from Worldpay, public authority and law enforcement officials must provide legal process appropriate for the type of information sought, such as a subpoena, court order, or a warrant. For example, Worldpay will not provide non-public client data unless served with a valid search warrant, issued on a showing of probable cause by a federal or state court authorized to issue search warrants, which requires Worldpay to disclose the content.

Worldpay reviews all governmental requests for data.  Worldpay strictly construes requests for data, and seeks to limit or object to requests that are overbroad or seek a large amount of information or affect a large number of users.  Worldpay also objects where production is prohibited or where the process served is insufficient to compel production of the requested data under the Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. or other applicable law. Worldpay reserves the right to appeal any request for information, where available, and shall not disclose the requested information until required to do so under applicable procedural rules.

Worldpay occasionally does receive  requests  from  law  enforcement  agencies  in  the  United  States  and elsewhere, seeking data processed by Worldpay. More information about the requests that Worldpay has received can be found in our Transparency Reports that are available for our clients on the Worldpay Client Portal. Access to the Worldpay Client Portal can be arranged for clients via their Worldpay account manager.

How to contact us

Your rights may be limited, for example, if fulfilling a request would reveal personal data about another person, or if the processing is required by law or another compelling legitimate interest. Worldpay reserves the right, where permitted by law, to verify your identity.

Alternatively, you can write to our Chief Privacy Officer or our global Data Protection Officer:

Chief Privacy Officer
Jeannette Gunderson
Worldpay, LLC
8500 Governors Hill Dr
Cincinnati, OH 45249

Data Protection Officer
Orhideelor Road 15A
Orhideea Towers building – HotSpot Skyhub, 13th floor, rooms 13.25 & 13.26 District 6, Bucharest
Romania.

The names and contact details of Worldpay’s data protection officers are available here.

The contact details of our representatives are available here.

If you want to exercise any of your privacy rights, please complete the form accessible here or by sending us an email at DataRights@fisglobal.com.

Privacy notice related to Data Privacy Framework certification.

Fidelity National Information Services, Inc. (“FIS”) is a leading provider of technology solutions for merchants, banks and capital markets firms globally, headquartered in Jacksonville, Florida, United States.

FIS and its subsidiaries operate in multiple jurisdictions located around the globe. Its U.S.-based subsidiaries can be seen here.

FIS and its U.S. subsidiaries are called “FIS Group” for the purpose of this privacy notice.

As a fintech group with a broad portfolio of solutions, FIS and its subsidiaries fulfill many roles, including processing personal data. For example, when we act as a service provider to banks and capital markets firms, we usually act as a “processor,” processing personal data based on our clients’ instructions. However, if, for example, we provide merchant acquiring services, we act as an independent controller. For the processing of personal data of our own staff, we act as an independent controller.

Federal Trade Commission jurisdiction and Data Privacy Framework adherence:

The Federal Trade Commission has jurisdiction over FIS Group’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

FIS Group

  • Is complying with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce;
  • Has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF;
  • Has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

FIS Group is committed to the DPF Principles in connection with all personal data received from the European Union and, as applicable, the United Kingdom (and Gibraltar) and/or Switzerland in reliance on the relevant part(s) of the DPF program. If there is any conflict between the terms in this privacy notice and the DPF Principles, the DPF Principles shall prevail.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

FIS Group shall remain liable under the DPF Principles if its sub processors process such personal data in a manner inconsistent with the DPF Principles.

How to contact FIS with any inquiries or complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FIS Group commits to resolve DPF Principles-related complaints about our collection and use of personal data.

EU, U.K. and Swiss individuals with inquiries or complaints regarding how we process or handle the personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF are encouraged to first contact FIS Group using the below details:

Anna Shea - Chief Privacy Officer
347 Riverside Avenue
Jacksonville, FL 32202
United States of America
privacyoffice@fisglobal.com

Adriana Neagu- Global Data Protection Officer
Orhideelor Road 15Ar
Orhideea Towers building – HotSpot Skyhub, 13th floor, rooms 13.25 & 13.26 District 6,
Bucharestr
Romaniar
Data.Protection@fisglobal.com

Please click on this link to see the details of the relevant establishments in European Union, United Kingdom and Switzerland to who you may address any inquiry.

For additional details on how to contact us, please visit the FIS Privacy Center here: Privacy | FIS (fisglobal.com).

EU, U.K. and Swiss individuals are also entitled to contact their local data protection authorities and/or the DPF Program here: European Individuals (dataprivacyframework.gov).

Personal data processed. FIS as controller and processor

FIS Group processes personal data for a variety of purposes. Individuals may find comprehensive information about data processing activities, the purpose of processing and uses of personal data by accessing the dedicated privacy notices available on the FIS Privacy Center. FIS as a controller can share individuals’ personal data with certain types of third parties such as companies belonging to FIS, support providers, business partners, other participants in the payment ecosystem, other third-party recipients, acquirers or successors of FIS for the purposes detailed in the dedicated section on the FIS Privacy Center

FIS Privacy Center is available here: Privacy | FIS (fisglobal.com).

When any company in FIS Group is acting as a processor, it is operating under contractual requirements governing data retention, accuracy and purposes of processing determined by the controller. Such company will work with the EU, U.K. or Swiss controller to ensure that all these requirements are met. Whenever FIS is acting as a processor, FIS will share the personal data only to agreed subprocessors. Such sharing will be made based on a data protection agreement signed with subprocessors, which will ensure applicable data security and protection measures.

There are circumstances under which FIS is legally compelled to disclose individuals’ personal data. These circumstances include, among others, situations where disclosure is required by law applicable to FIS or necessary to comply with an order of a court or governmental agency, export control or necessary for matters of safety and security. In such cases, FIS will only provide the minimum amount of personal data permissible when responding to a request for disclosure.

Data subject rights

Individuals can request access, correction, updates or deletion of their personal data to object to our processing of the personal data, as well as all the other rights described in the dedicated section on the FIS Privacy Center: Privacy | FIS (fisglobal.com).

Whenever any company in FIS Group is acting as a processor, we will provide individuals with contact information of the controller to facilitate the exercise of their rights, or to allow them to work together with the controller to exercise such rights.

Individuals may exercise any of their rights through the form accessible here or by sending us an email at DataRights@fisglobal.com.

Recourse mechanism and arbitration

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FIS commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data, including the personal data processed in employment context or for recruiting purposes received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Moreover, under certain conditions, individuals may invoke binding arbitration for complaints regarding DPF compliance not resolved by us or DPAs Panel. Additional details about the binding arbitration can be found here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

Workforce notice

FIS privacy notices dedicated to staff or workforce and job applicants are available on the FIS Privacy Center here: Privacy | FIS (fisglobal.com).

Company Name

  • 11601 Roosevelt Boulevard Realty, LLC
  • AFSF II AIV Investors - D L.P.
  • AKC Insurance Company LLC
  • Armed Forces Financial Network LLC
  • Automated Securities Clearance LLC
  • Best Payment Solutions, Inc.
  • Chex Systems, Inc.
  • Complete Payment Recovery Services, Inc.
  • CPRS Holdings, Inc.
  • eFunds Corporation
  • Fidelity Information Services International Holdings, Inc.
  • Fidelity Information Services, LLC
  • Fidelity International Resource Management, Inc.
  • Fidelity National Information Services, Inc.
  • FINANCIAL INSTITUTION BENEFIT ASSOCIATION, INC.
  • Financial Insurance Marketing Group, Inc.
  • FIS Asia Pacific Inc.
  • FIS Brokerage & Securities Services LLC
  • FIS Capital Markets US LLC
  • FIS Cares, Inc.
  • FIS Derivatives Utility Services LLC
  • FIS Foundation, Inc.
  • FIS GCS LLC
  • FIS International Subsidiaries Holdings LLC
  • FIS Investment Ventures LLC
  • FIS Investor Services LLC
  • FIS Management Services, LLC
  • FIS Payments LLC
  • FIS SG International Holdings LLC
  • FIS Solutions, LLC
  • FIS Systems International LLC
  • FIS-SG Holding Corp.
  • FV General Partner, LLC
  • GoCart LLC
  • IntegraPay LLC
  • Integrity Treasury Solutions Inc.
  • Link2Gov Corp.
  • LinksPay, Inc.
  • NYCE Payments Network, LLC
  • Panther HoldCo 2, Inc.
  • Panther HoldCo, Inc.
  • Paymetric, Inc.
  • Payrix Holdings, LLC
  • Payrix Intermediate LLC
  • Payrix LLC
  • Payrix Solutions, LLC
  • Pazien, Inc.
  • People's United Merchant Services, LLC
  • RealNet Payments LLC f/k/a Metavante Payment Services, LLC
  • Reliance Financial Corporation
  • Reliance Integrated Solutions LLC
  • Reliance Trust Company
  • Rocket Partners Holdings, LLC
  • Valutec Card Solutions, LLC
  • Virtus Group, LP
  • Virtus LP Holdings, LLC
  • Virtus Trade Settlement, LLC
  • VP Fund Services, LLC
  • Worldpay Company, LLC
  • Worldpay eCommerce, LLC
  • Worldpay Gaming Solutions, LLC
  • Worldpay Integrated Payments Canada, LLC
  • Worldpay Integrated Payments Solutions, Inc.
  • Worldpay Integrated Payments, LLC
  • Worldpay ISO, Inc.
  • Worldpay Services Company
  • Worldpay US, Inc.
  • Worldpay, LLC
  • Zenmonics, Inc.

DPF- contact details of entities in EU, UK, Switzerland

EU:

Fidelity National Information Services (Netherlands) B.V.
Address: De Entrée 248, 1101 EE, Amsterdam, Netherlands
Email: Data.Protection@fisglobal.com

Worldpay BV
Address: De Entrée 248, 1101 EE, Amsterdam, Netherlands
Email: Data.Protection@fisglobal.com

UK:

FIS Banking Solutions UK Limited
Address: 1st Floor Tricorn House 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, B16 8TU
Email: Data.Protection@fisglobal.com

FIS Capital Markets UK Limited
Address: C/O F I S Corporate Governance, The Walbrook Building, 25 Walbrook, London, England, EC4N 8AF
Email: Data.Protection@fisglobal.com

Worldpay (UK) Limited
Address: The Walbrook Building, 25 Walbrook, London, EC4N 8AF
Email: Data.Protection@fisglobal.com

Switzerland:

FIS (Switzerland) S.A.
Address: Route de l'Aeroport 29-31, 3rd Floor, 01215 Geneva
Email: Data.Protection@fisglobal.com

Privacy Notice related to Data Privacy Framework certification.

Click here for more information on Worldpay data privacy framework.