Privacy Policy

FreedomPay Privacy Policy

Version: 2.0
Date: May 1st, 2017

I. Purpose

We recognize the importance of protecting your privacy and we work hard to safeguard your personal information. Our Privacy Policy is designed to assist you in understanding how we collect, use and store the information you provide to us when using any of our Services.

Our Privacy Policy explains:

What information we collect

How we use, disclose, share and protect collected information

How you can control, access and update any of your personal information

Adherence to Privacy Shield Framework

Please take a moment to review and become comfortable with our policy, key definitions are in Appendix 1 to assist you with your review.

II. Notice

Participation in the Privacy Shield Framework

FreedomPay complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. FreedomPay has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

FreedomPay is subject to the jurisdiction and enforcement authority of the U.S. Federal Trade Commission (FTC).

FreedomPay’s subsidiary, FreedomPay World Europe Limited, located at 16 Great Queen ST., Covent Garden, London WC2B 5AH, United Kingdom, also adheres to the EU-US Privacy Shield Framework and FreedomPay and its subsidiaries will abide by the terms and principles of this privacy policy as well as the Privacy Shield Framework, including the use of personal data received from the EU.  This Privacy Policy may be updated periodically, with change history provided in section I. Revision History.

Information We Collect

FreedomPay collects information to allow customers to utilize its Services, and to enable us to effectively support our customers.  As a payment gateway, FreedomPay transmits and may collect information related to credit card transaction data including full credit card track data, which may include full name, credit card number (PAN), expiry date, CVV security code, card type (e.g., credit, debit, etc.), service code, and discretionary data.  Per PCI Data Security Standard requirements, FreedomPay does not and will never store data defined as Sensitive Authentication Data (SAD), which includes CVV security code and PIN/PIN block, and will only transmit that data as part of the credit card authorization process.

We may share or permit access to personal information with persons we employ directly or as contractors or agents, partners, or affiliates at our direction, for purposes of administering our Services, processing information, marketing our Service and providing customer support. We share personal information with certain third parties such as banks, processors, card networks, phone centers and other suppliers and vendors to provide the Services and to help us process the Services you request. FreedomPay may require such third parties to maintain confidentiality of your personal information.

We release account and other personal information when we believe release is appropriate to comply with the law; protect the rights, property or safety of FreedomPay, our users or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Certain federal, state and local laws or government regulations may require us to disclose non-public personal information about you to respond to court orders or legal investigations. Note that this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Policy.

We may also aggregate and disclose this aggregated information that is not personally identifiable. Generally, this aggregated information is used in statistical analysis.  If FreedomPay sells all or substantially all of its assets, or completes a business transaction such as a merger, acquisition by a third party or a seal of all or a portion of our assets, your personal information may be one of the transferred assets.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Contacting Us

In compliance with the EU-US and Swiss-US Privacy Shield Principles, FreedomPay commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact FreedomPay at compliance@freedompay.com

(INSERT contact information for your organization’s internal complaints mechanism)

 Independent Dispute Resolution

FreedomPay has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

III. Choice

As stated in III. Notice, Information We Collect, FreedomPay collects certain data that is required for performance of its Services.  Separate from the performance of its Services, FreedomPay may aggregate and disclose aggregate data that is not personally identifiable to its partners or third parties.  This aggregated, non-identifiable data may be used in statistical analysis or for other similar purposes.

For data defined as sensitive information, such as health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of an individual, FreedomPay must obtain written express consent from its customer to share this data for any purpose outside of performing its Services.  Please note, that FreedomPay does not collect this type of sensitive information as part of its Services, but this section has been included as part of the E.U.-U.S. Privacy Shield Framework.

IV. Accountability for Onward Transfer

Transfer of Personal Information

Should FreedomPay enter into an agreement with a third-party organization acting as a controller, FreedomPay agrees that it will, to the best of its ability, require the third party controller to agree to the terms listed in section III. Notice, IV. Choice, and VI. Security, as well as meet the then-minimum security standards of FreedomPay including, but not limited to, PCI DSS compliance.  FreedomPay agrees to also require that, if entering into an agreement with a third-party controller, that the controlling entity be required to cease processing data that falls within scope of this privacy policy and/or take immediate steps to remediate should the determination be made that the entity is unable to abide by this policy. FreedomPay may be liable for the appropriate onward transfer of personal data to third parties.

Transfer of Personal Data

FreedomPay may utilize third party organizations as agents to perform its Services.  If FreedomPay utilizes a third-party agent to assist in performing its services and provides agent with customer’s Personal Data, FreedomPay agrees that it will:

  1. 1. Transfer such data only for limited and specified purposes;
  2. 2. Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
  3. 3. Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
  4. 4. Require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the   same level of protection as is required by the Principles;
  5. 5. Upon notice, including under (4), take reasonable and appropriate steps to stop and remediate unauthorized processing; and
  6. 6. Provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
  7. 7. Note that FreedomPay may be required to share personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.

V. Security

FreedomPay transmits, processes and stores customer data and takes appropriate measures to protect customer data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.  Annually, FreedomPay undergoes security audits which include, but are not limited to, Payment Card Industry Data Security Standard (PCI DSS), SSAE16/SSAE18 SOCII Type II, and Payment Card Industry Point-to-Point Encryption (PCI P2PE).  As a service provider per PCI DSS standards, FreedomPay also undergoes regular security testing of its environment by independent 3rd party organizations to test the security of its environments.  Upon request, FreedomPay will provide documented evidence of its compliance with relevant security standards.  For questions or inquiries regarding FreedomPay’s security and compliance requirements, please contact compliance@freedompay.com.

VI. Data Integrity and Purpose

FreedomPay’s use of personal information and data collected from its customers will be limited to data that is 1) required for satisfactory performances of its Services or 2) collected and utilized to enhance the user experience of the Services.  FreedomPay limits the information that it collects to data that is relevant for the satisfactory delivery and performance of FreedomPay’s Services, and does not process personal information or data that is incompatible with its intended use as described above or as required by legal or regulatory bodies.

FreedomPay’s use of personal information is retained in a customer-identifiable form only so long as needed to perform its Services, as required by legal or regulatory bodies, or as needed for reasonable means such as statistical analysis.  Following that period, stored data is aggregated and no longer identifiable to a specific transaction or user.

VII. Access

FreedomPay acknowledges the individual’s right to access the personal data we hold about them.  Individuals wishing to review, amend, or correct their personal data may do so by contacting the merchant that accepted the individual’s payment card in payment for goods or services. As a payment processor, FreedomPay provides its merchants access to customer transactional data, but only in truncated formats in an effort to protect customer data from potential breach or compromise.  FreedomPay receives customer data through the normal credit card transaction payment process, and transmits, stores and processes transactional data to perform its services.  Customers do not have access to the FreedomPay transaction processing system due to the security and regulatory requirements required of payment processors.  Providing customers access to their data introduces a disproportionate risk to both FreedomPay and the customer data, and therefore FreedomPay does not offer access to this highly sensitive data.

VII. Recourse, Enforcement, and Liability

FreedomPay has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Note that as a last resort and under limited circumstances EU and Swiss individuals with unresolved complaints may invoke a binding arbitration option before a Privacy Shield Panel.

newspaper templates - theme rewards