Last Updated: August 26, 2020
SCOPE OF POLICY
PURPOSE OF PROCESSING
The purpose of Processing Data Subjects’ Personally Identifiable Information is to provide the Services set forth on our Website. This may include:
- Operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services
- Fulfilling a payment or return transaction initiated by you
- Delivering electronic receipts to consumers who request them via email or text message
- Managing our relationship with you or your company
- Carrying out our obligations, and exercising our rights, under our agreement with you or your company
- Communicating with you regarding your account with us, if you have one, including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages)
- Facilitating communications between merchants’ customers and merchants regarding marketing messages and preferences
- Personalizing the manner in which we provide our products and services
- Maintaining records for merchants regarding their interactions with us
- Maintaining records for merchants of their customers’ purchase activity and history
- Checking for fraud or money laundering and/or managing either our or merchants’ risk
- Administering and protecting our business
- Providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback
- Developing or improving our products and services
- Developing and creating analytics and related reporting
- Providing information about other products or services we offer or other products or services third parties may offer
- Complying with applicable law, regulations, or rules, or lawful requests for information, such as government investigations and subpoenas
- Prevention of illegal or improper activity or harm to our interests
COLLECTION OF PERSONAL INFORMATION
We may collect certain types of Personally Identifiable Information when you create or update your Account, or when we create an Account on your behalf, such as your name, address, and email address. We may also collect certain types of Personally Identifiable Information when you use the Services, such as fingerprint scans. The purpose of colleting such information is to permit you to use the Services.
Specific types of information we may collect include the following.
When you make a payment, we collect information about the transaction, which may include personal data. Information about transactions includes the payment card used, name associated with the payment card, electronic signature, name and location of the merchant at which the transaction occurred, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.
When you make a payment, merchants may provide us with information about you. This information may include uploaded email addresses, phone numbers, and purchase history.
When you access our website or use our mobile application, we, our service providers, and our partners may automatically collect information about you, your computer or mobile device, and activity on our websites or mobile applications. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on or in our websites or mobile applications, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Certain products or services that we provide or which merchants may incorporate into their websites or mobile applications may automatically collect additional information.
Providing us with your Personally Identifiable Information is entirely voluntary. If you do not wish to consent to the collection and use of your Personally Identifiable Information, you are not required to do so. If you provide you consent to the collection and use of your Personally Identifiable Information, whether expressly or by using the Services, you may withdraw you consent at any time. To withdraw your consent, you may send us a request at firstname.lastname@example.org. However, if you do not consent to the collection and use of your Personally Identifiable Information, or if you withdraw you consent, you will not be able to use the Services, and if you do not wish to provide certain types of information, your use of the Services may be adversely affected and you may not receive certain communications.
COLLECTION OF OTHER TYPES OF INFORMATION
ACCESS TO PERSONAL INFORMATION
You may access or request access to the Personally Identifiable Information in your Account at any time through the OnePay platform or by sending a request to: email@example.com.
OnePay reserves the right to decline commercially unreasonable request to access the Personally Identifiable Information in your Account.
UPDATES TO PERSONAL INFORMATION
You may update the Personally Identifiable Information in your Account at any time through the OnePay platform or by sending a request to: firstname.lastname@example.org.
OnePay reserves the right to decline commercially unreasonable request to update the Personally Identifiable Information in your Account.
You agree to promptly update the Personally Identifiable Information in your Account if such information changes, particularly your name, address, telephone number, and email address.
USE OF PERSONAL INFORMATION
OnePay may use your Personally Identifiable Information to permit you to use the Services and for related purposes, including to communicate with you about the Services and to facilitate the operation of OnePay’s business. For example, we may send you communications to confirm the creation of your Account, changes made to your Account, and purchases made through your Account; to provide you with information about the use of the Services; to respond to your requests for customer support; to respond to your questions, comments, or complaints; to request feedback about the Services; and to send you information about updates, improvements, and/or other modifications to Services and our policies.
You may opt-out of receiving some or all types of electronic communications when you create an Account, by modifying your Account preferences, or by sending a request to email@example.com. However, if you do not consent to the receipt of any types of communications, you will not be able to use the Services, and if you do not consent to the receipt of certain types of communications, you may not receive important communications and your use of the Services may be adversely affected.
DISCLOSURES OF PERSONAL INFORMATION
We may also disclose your Personally Identifiable Information to certain third parties under the following circumstances.
DISCLOSURES TO PRODUCT/SERVICE PROVIDERS
OnePay may disclose certain Personally Identifiable Information to product and/or service providers who assist us in providing Services. For example, we may share Personally Identifiable Information with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members. The Personally Identifiable Information disclosed to such companies will be limited to information sufficient to provide the Services, to support the Services, to enhance the Services, or to verify or supplement the information in your account.
We may also disclose certain Personally Identifiable Information to affiliated companies whose products or services may be used in connection with the Services. The Personally Identifiable Information disclosed to such affiliated companies will be limited to information sufficient to contact you electronically about their services, and will be used only for the purpose of providing you with information about such services. Your Personally Identifiable Information will not be sold to such affiliated companies. You may opt-out of the disclosure of your Personally Identifiable Information to such affiliated companies at any time by contacting us at firstname.lastname@example.org.
DISCLOSURES TO OTHER ENTITIES
The disclosure of Personally Identifiable Information to third parties to comply with valid legal demands for such information is governed by OnePay’s Government Disclosures Policy.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
OnePay and the third-party product/service providers who assist OnePay in processing Personally Identifiable Information take reasonable steps to prevent destruction, alteration, disclosure, misuse, and unauthorized access to your Personally Identifiable Information.
Sensitive information, including your login information, is protected through encryption during transmission over the Internet. Servers and other devices used for processing your information at OnePay and third-party vendors are kept in controlled environments where access to your information is limited to authorized persons.
OnePay’s security policies and practices comply with HITRUST, ISO 270001, and PCI-DSS standards, and we are certified as compliant by the governing bodies for each of those standards.
CONFIDENTIALITY OF COMMUNICATIONS
You agree that, aside from any Personally Identifiable Information contained in your communications with OnePay, your communications with OnePay are not confidential. Such communications, including any communications containing any ideas, concepts, or suggestions regarding the Services, improvements to the Services, or new Services, may be used by OnePay for any purpose.
We do not knowingly collect personally identifiable information from children under the age of 13 without parental consent. If we learn that we have collected the personally identifiable information of a child under the age of 13 without parental consent, we will take steps to delete the information as soon as possible.
Questions, complaints, and other communications regarding any aspect of OnePay’s GDPR Policy should be addressed to OnePay as set forth in our GDPR Policy.