Date: May 25, 2018
- What information we collect
- How we use, disclose, share and protect collected information
- How you can control, access and update any of your personal information
- Adherence to Privacy Shield Framework
FreedomPay is subject to the jurisdiction and enforcement authority of the U.S. Federal Trade Commission (FTC).
FreedomPay collects information to allow customers to utilize its Services, and to enable us to effectively support our customers. As a payment gateway, FreedomPay transmits and may collect information related to credit card transaction data including full credit card track data, which may include full name, credit card number (PAN), expiry date, CVV security code, card type (e.g., credit, debit, etc.), service code, and discretionary data. Per PCI Data Security Standard requirements, FreedomPay does not and will never store data defined as Sensitive Authentication Data (SAD), which includes CVV security code and PIN/PIN block, and will only transmit that data as part of the credit card authorization process.
In addition to the transmission and collection of credit card transaction data, FreedomPay may collect certain information related to the transaction, including name, address, occupation and email address. This information is provided to FreedomPay directly by the customer through a FreedomPay application, such as a credit application process, or through a FreedomPay partner that has integrated with a FreedomPay application.
We may share or permit access to personal information with persons we employ directly or as contractors or agents, partners, or affiliates at our direction, for purposes of administering our Services, processing information, marketing our Service and providing customer support. We share personal information with certain third parties such as the merchant of record, banks, processors, card networks, phone centers and other suppliers and vendors to provide the Services and to help us process the Services you request. FreedomPay requires such third parties to maintain confidentiality of your personal information.
We may also aggregate and disclose this aggregated information that is not personally identifiable. Generally, this aggregated information is used in statistical analysis. If FreedomPay sells all or substantially all of its assets, or completes a business transaction such as a merger, acquisition by a third party or a seal of all or a portion of our assets, your personal information may be one of the transferred assets.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link. https://www.hotjar.com/legal/compliance/opt-out
Leads and Marketing
FreedomPay also uses its corporate website to collect information provided by potential clients wishing to learn more about FreedomPay solutions. The information collected includes name, email address, phone number, state, postal code, country, and company name and is used by our sales department for contact purposes to answer any questions regarding FreedomPay or the services we provide, and by our marketing department to distribute information regarding FreedomPay news and events. This information is entered by the user through a form on our website and is imported into an internal management system for future communication. Once stored, this data may be shared with FreedomPay partners to assist potential clients with any additional questions they may have about all possible configurations of FreedomPay solutions. Individuals may unsubscribe from FreedomPay’s marketing emails at any time by clicking the unsubscribe link within the email, or by unsubscribing at the following link: http://pages.freedompay.com/UnsubscribePage.html.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage. For more information on the cookies used by Google Analytics you can visit the following link. https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
You may also opt out of Google Analytics by using a browser add-on located on the Google Application Store
As an employer, FreedomPay may collect personal information of its employees including name, address, email, date of birth, bank information, work experience, and education history. This information is provided to FreedomPay by its employees through an application form distributed once an offer has been extended. We may share this information with third parties for the completion of background screenings, payment distribution, and enrollment in health/financial benefits. FreedomPay may require such third parties to maintain confidentiality of employee personal information.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, FreedomPay commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding their personal data that is transferred into the United States under the Privacy Shield should first contact FreedomPay at email@example.com
FreedomPay has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Finally, as a last resort and under limited circumstances, EU and Swiss individuals with residual Privacy Shield complaints may invoke a binding arbitration option before the Privacy Shield Panel.
If your complaint involves human resources data transferred to the United States from the EU [and/or Switzerland] in the context of the employment relationship, and FreedomPay does not address it satisfactorily, FreedomPay commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and the Swiss Federal Data Protection and Information Commissioner, and to comply with the advice given by the DPA panel and Commissioner, with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Contact details for the Swiss Federal Data Protection and Information Commissioner can be found at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html
As stated in II. Notice, Information We Collect, FreedomPay collects certain data that is required for performance of its Services. Separate from the performance of its Services, FreedomPay may aggregate and disclose aggregate data that is not personally identifiable to its partners or third parties. This aggregated, non-identifiable data may be used in statistical analysis or for other similar purposes.
For data defined as sensitive information, such as health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of an individual, FreedomPay must obtain written express consent from its customers or employees to share this data for any purpose outside of performing its Services. Please note, that FreedomPay does not collect this type of sensitive information as part of its Services, but this section has been included as part of the Privacy Shield Frameworks.
FreedomPay utilizes third party organizations as agents to perform its Services. These agents include:
- Acquiring Banks
- Fraud Management Providers
- Dynamic Currency Conversion Providers
- Chargeback Providers
For each of these providers, explicit consent must be received by the merchant as part of an overall agreement before this information can be shared.
FreedomPay agrees that for existing and future third party agents assisting in performing services its services involving the sharing of personal data it will:
- Transfer such data only for limited and specified purposes;
- Contractually provide that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
- Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
- Require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
- Upon notice, including under (4), take reasonable and appropriate steps to stop and remediate unauthorized processing; and
- Provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.
- Note that FreedomPay may be required to share personal data transferred under the Privacy Shield Frameworks in response to lawful requests from public authorities including to meet national security and law enforcement requirements.
FreedomPay transmits, processes and stores customer and employee data and takes appropriate measures to protect this data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data. Annually, FreedomPay undergoes security audits which include, but are not limited to, Payment Card Industry Data Security Standard (PCI DSS), SSAE16/SSAE18 SOCII Type II, and Payment Card Industry Point-to-Point Encryption (PCI P2PE). As a service provider per PCI DSS standards, FreedomPay also undergoes regular security testing of its environment by independent 3rd party organizations to test the security of its environments. Upon request, FreedomPay will provide documented evidence of its compliance with relevant security standards. For questions or inquiries regarding FreedomPay’s security and compliance requirements, please contact firstname.lastname@example.org.
FreedomPay’s use of personal information and data collected from its customers and employees will be limited to data that is 1) required for satisfactory performances of its Services or 2) collected and utilized to enhance the user experience of the Services. FreedomPay limits the information that it collects to data that is relevant for the satisfactory delivery and performance of FreedomPay’s Services, and does not process personal information or data that is incompatible with its intended use as described above or as required by legal or regulatory bodies.
FreedomPay’s use of personal information is retained in an individual-identifiable form only so long as needed to perform its Services, as required by legal or regulatory bodies, or as needed for reasonable means such as statistical analysis. Following that period, stored data is aggregated and no longer identifiable to a specific transaction or user.
FreedomPay acknowledges the individual’s right to access the personal data we hold about them pursuant to the Privacy Shield Frameworks. Customers wishing to review, amend, or correct their personal data may do so by contacting the merchant that accepted the individual’s payment card in payment for goods or services. If a customer contacts FreedomPay for this purpose, FreedomPay will direct that customer to contact such merchant. As a payment processor, FreedomPay provides its merchants access to customer transactional data, but only in truncated formats in an effort to protect customer data from potential breach or compromise. FreedomPay receives customer data through the normal credit card transaction payment process, and transmits, stores and processes transactional data to perform its services. Customers do not have access to the FreedomPay transaction processing system due to the security and regulatory requirements required of payment processors. Providing customers access to their data introduces a disproportionate risk to both FreedomPay and the customer data, and therefore FreedomPay does not offer access to this highly sensitive data.
Potential or existing clients who wish to review, amend, or delete the contact information stored in FreedomPay’s marketing, Customer Relationship Management (CRM), or other platforms can submit a request at https://corporate.freedompay.com/gdpr/. Following validation, a member of the FreedomPay compliance team will execute the request and provide any accompanying documentation.
Human Resources Data
Employees wishing to review, amend, or correct their personal data may do so manually by accessing the appropriate web portals. Using these portals, FreedomPay employees have the ability to view and edit any information provided to the Human resources department. Some information may be stored in systems that do not offer an externally facing method for review, amendment, or correction. In these instances, employees may contact FreedomPay’s Human Resources Manager for assistance. Due to financial and legal requirements, as long as an individual is employed at FreedomPay, not all employee data can be deleted without terminating the existing employment arrangement.