Last Updated: December 20, 2019
Heartland Payment Systems, LLC (“Heartland,” “us”, “we” or “our”), through our MicroPayments Service (“MicroPayments” or the “Service”), provides cashless payment systems to a variety of organizations, including laundry facilities, hotels, cruise ships, corporate campuses, and correctional facilities (our “Customers”), which allow individuals (“End Users”) to make purchases in both attended and unattended point of sale locations.
This Policy applies to the MicroPayments Sites and Apps provided by Heartland on its own behalf or in combination with one of its parents, affiliates, or subsidiaries.
In this Policy, we provide information about:
Please be aware that not all of the information in this Policy will be directly applicable to our handling of your personal information. For our Customers, information about disclosures, transfers and other processing of personal information as part of our payment processing function is set out in the documentation provided at or before onboarding and is outside of the scope of this Policy, which relates only to information we collect through our Sites and Apps. This Policy provides an overview of the possible circumstances in which we interact with your personal information through our Sites and Apps. If you have any questions about our processing of your personal information, please contact us at firstname.lastname@example.org.
PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
Micropayments collects End User information through our Apps on behalf of our customers, and only uses such information to provide the Service to our Customers in accordance with their instructions. If you are an End User who has a relationship with one of our Customers and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact the Customer directly.
Through our Sites and Apps, and subject to your consent if required by law, we may collect the following categories of personal information as relevant and as voluntarily supplied to us by you:
- Identifiers (including name and contact information including telephone number, email address, or postal address)
- Information protected against security breaches (such as financial account information and username and password)
- Commercial information(such as your access and purchase history or information you provide in any communication with us, such as if you report a problem with our App or Site)
- Internet/electronic activity (see “Cookies” for additional information)
How we use your personal information. Subject to your consent if required by law, we may use your personal information collected through our Sites and Apps to:
- Create, maintain or provide service for your account
- Process or fulfill requests from you
- Respond to customer service requests from you
- Verify your information
- Process payments
- Undertake activities to maintain the quality, safety or integrity of the Sites and Apps
- Maintain data security including detecting and responding to security incidents and protecting you, and us, from fraud
- Monitor our Sites and Apps,including gathering usage data and other analytic information that enables us to maintain and improve the Services
- Other uses that are required for us to meet our legal, contractual or regulatory requirements
- For internal record keeping and administration of records
- For statistical analysis (see “Data Anonymization and Aggregation below)
Sources of personal information. The sources of personal information that we collect and the purpose for our collecting such information is as follows:
- Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, use our Sites or Apps, or communicate with us. For example, if you register for an online account with us, then we may request your name, contact information and payment information. Providing us with personal information about yourself is voluntary, and you can always choose not to provide certain information, but then you may not be able to take advantage of or participate in some of the Services' features.
- Information collected through technology: When you visit our Sites or Apps, we may collect certain information about your location, usage, computer or device through technology such as cookies (see below for more information on cookies).
The business purpose for our processing your personal information. Our primary business purpose for processing your personal information is to provide the Services consistent with the contract terms between us and our Customer. We may also use your personal information to enable the following additional business purposes: (1) detecting and managing security incidents or fraudulent activity, (2) providing customer service, fulfilling requests, and other functions directly related to the Services, (3) maintaining our software including debugging and repairing errors, and (4) maintaining the quality of the Services and developing enhancements and improvements to meet our customer needs.
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may share anonymized or aggregated data with our parents, subsidiaries, affiliates or with other third parties.
This Policy does not restrict our use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.
HOW WE SHARE PERSONAL INFORMATION
We share your personal information in the manner and for the purposes described below:
- With Heartland affiliates where such disclosure is necessary to provide you with our Services or to manage our business.
- With third-party service providers. For example, we share personal information with IT service providers who help manage our back office systems or administer our Apps. These third-party service providers have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, solely for the purpose of providing the contracted service to us.
- With our Customer with whom you are also engaging when you use the Services. For example, you may be using a MicroPayments App provided to you through a laundry service provider to engage in a purchase. Heartland may share the personal information you provide with the laundry service provider in order to fulfill your request. You may also receive communications from the laundry service provider. Each such customer operates independently from Heartland and their collection and use of your personal information is not subject to this Policy but to their own privacy notices.
- With banks or to comply with the rules and regulations of any credit or debit card payment network.
Heartland does not sell your personal information to third parties.
In addition, subject to applicable legal requirements, we may share personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to another company.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
We operate on a global basis. This means that your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
We take seriously our responsibility to protect the security and privacy of your personal information. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.
When we no longer need your personal information to provide the Services, it will be securely deleted or de-identified in a manner that ensures you cannot be re-identified.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies or similar tracking technologies are used to help us remember information about your visit to our Sites or Apps, like your country, language and other settings. Tracking technologies allow us to understand who has downloaded our Apps, determine how frequently particular pages of our Sites are visited, and to determine the most popular areas of our Apps. They can also help us to operate our Sites and Apps more efficiently and make your next visit easier.
A “cookie” is a text file that is stored to your browser when you visit a website.
Unique device identifiers like IP address or UDID recognize a visitor’s computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of “remembering” computers or other devices used to access the Sites and Apps.
Cookies can be classified by duration and by source:
- Duration. The Sites use both “session” and “persistent” cookies. Session cookies are temporary - they terminate when you close your browser or otherwise end your “active” browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for “How to Delete or Block Cookies”).
- Source. Cookies can be “first-party” or “third-party” cookies, which means that they are either issued by or on behalf of Heartland or by a third-party operator of another website. Our Sites may use both first-party and third-party cookies.
The cookies that we may use on the Sites fall into the following categories:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
- Functionality Cookies. These cookies enable the Sites to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly.
How to Delete or Block Cookies
On some Sites, when technically feasible, we will enable tools to help you make choices about cookies. You may also delete or block cookies at any time by changing your browser settings. You can click “Help” in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Sites may not function properly.
Heartland may provide links on our Sites and Apps to other websites that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites.
We encourage our users to be aware when they leave our Sites and Apps and to read the privacy statements of each and every website that collects personal information. This Policy applies solely to personal information collected by us. You should read any other applicable privacy and cookies notices carefully before accessing and using other websites.
CHILDREN UNDER 18
YOUR LEGAL RIGHTS
If you are an End User who uses a MicroPayments App to make purchases from our Customers and have questions about legal rights you may have with respect to your personal information collected by our Customer, please consult the Customer with which you have registered.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, some users, including residents of the state of California, may have certain rights in relation to their personal information. These rights may include:
Right to know about personal information collected, disclosed, and sold
You have the right to request that we disclose to you what personal information we have collected, used, disclosed, or sold over the past 12 months. We have provided information about the categories of personal information we have collected,
the sources from which we collected it, the purposes for which it was collected, and the third parties with whom we may share it with above.
Right to opt-out of the sale of personal information
You may request that we do not sell your personal information to third parties.
Right to request deletion
In some circumstances, you have the right to have your personal information erased or deleted.
Right to equal service and prices (“non-discrimination”)
Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in services offered or pricing.
Changes and Updates. We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Policy, in whole or in part, at any time. When we amend this Policy, we will revise the “last updated” date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing you direct communication about such changes or providing a notification through the Services, as appropriate. If you provide personal information to us or access or use the Services after this Policy has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Policy will be available on the Sites and Apps and will supersede all previous versions of this Policy.
Choice of Law. This Policy, including all revisions and amendments thereto, is governed by the laws of the United States, State of Georgia, without regard to its conflict or choice of law principles which would require application of the laws of another jurisdiction.
Arbitration. By using the Services in any way, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against Heartland and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the "Heartland Entities") arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by JAMS and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act ("FAA"), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator's decision shall be controlled by the terms and conditions of this Policy and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable Heartland Entity's individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any Heartland Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Global Entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, Heartland agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, Heartland will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor Heartland shall be entitled to arbitrate their dispute. For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.
If you are an End User who has a relationship with one of our Customer’s and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact the Customer directly.
For other questions about this Policy, or if you want to exercise your rights as described in this Policy, you may contact us as follows:
Attention: Privacy Office
2115 Chapman Road, Suite 159
Chattanooga, TN 37421
800-332-4835, Option #2
If you designate an authorized agent to make a rights request on your behalf, we request that you notify us of such designation by contacting us using the methods listed above.