APPLICATION PRIVACY STATEMENT
Last Revised February 10, 2019
Heartland provides payment products and services for commercial and non-commercial enterprises. Those products and services vary by country, but may include payment card processing, check recovery, cash access services, point-of-sale terminal management and support, merchant accounting and funds transfer. As a part of our payment processing function, we routinely collect and retain personal information about our customers and the third parties with whom our customers do business. For our customers, information about disclosures, transfers and other processing of personal information as part of our payment processing function is set out in the documentation provided to them at the onboarding stage and is outside of the scope of this policy, which relates only to information we obtain through this Application.
Select one of the links below to jump to the relevant section:
➢ Personal information we collect
➢ How we use the personal information we obtain
➢ Disclosures of the personal information we collect
➢ Our relationship with affiliate companies
(including disclosures and transfers)
➢ Login details and your responsibility
➢ Managing your preferences
➢ Obtaining copies of or access to your
personal information and updating us
➢ Data anonymization and aggregation
➢ Commitment to security, privacy and standards
➢ IP addresses
➢ External links
➢ Changes and updates
➢ Region-specific information
Personal Information We Obtain
Through this Application, subject to your consent if required by law, we may collect personal information, including without limitation the following types of personal information, as relevant and as is voluntarily supplied to us by you:
- Names and contact details including telephone number, email address and postal address;
- Your username (currently, your email address) and password, both of which you will use to log in to this Application (see “Login Details and Your Responsibility” below);
- Products and related services which are of interest to you, as relevant to your preferences (see “Managing Your Preferences” below);
- Information you provide if you report a problem with our Application; and
- Records of any correspondence we have with you.
Providing us with personal information about yourself is voluntary, and you can always choose not to provide certain information, but then you may not be able to use the Application or take advantage of or participate in some of the Application’s features.
How We Use the Personal Information We Obtain
Subject to your consent if required by law, we may use your personal information for various reasons, including without limitation the following reasons:
- To contact you regarding any inquiry you make or to fulfil a request, such as, for example, a request for information about our products and services;
- To contact you by email and, if you have signed up for the service, to share e-newsletter or any other updates, communications or publications;
- To improve and personalize your experience when you use this Application;
- To improve our products and services and for the development of future products and services;
- For internal record keeping and administration of records;
- For statistical analysis (see “Data Anonymization and Aggregation” below);
- For direct marketing purposes subject to your consent if required by applicable law (see “Managing Your Preferences” below);
- As necessary to set up and administer your sign up to, and use of, the log in facility available on this Application; and
- For compliance with applicable laws and/or regulations and as otherwise required or permitted by applicable laws and/or regulations.
Disclosures of the Personal Information We Collect
We are a multinational business headquartered in the United States, with subsidiaries and affiliates in various countries around the world. Your personal information may be disclosed to recipients located outside of your country, including our global subsidiaries and affiliates (see “Our Relationship with Affiliate Companies” below), as well as other types of third parties engaged to help us run our business, subject to your consent if required by law. These types of third parties may include distributors of our products and services, service providers retained to perform functions on our behalf or to provide services to us, including (without limitation) legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business. Portions of our services may be provided by organizations with which Heartland has a contractual relationship, including subcontractors, and, accordingly, your personal information may be disclosed to them. We take steps aimed at ensuring that all such persons process your personal information as disclosed by us only as necessary for their service delivery and for no other purpose.
We also may disclose your personal information in order to obtain commercial and credit information to establish, maintain or renew a customer’s contract(s), as may be required to provide any of the services for which a customer has subscribed, to comply with the rules and regulations of any credit or debit card payment network or otherwise in accordance with this policy.
We may also disclose your personal information:
- In response to a court order or a request for cooperation from a regulatory, law enforcement or other government agency; to establish or exercise our legal rights; to defend legal claims; or as otherwise required or permitted by applicable laws and/or regulations;
- When we believe that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; to protect and defend the rights, property or safety of Heartland, its customers, staff, suppliers or others; and
- To purchasers and, subject to local legal requirements, prospective purchasers in the event that Heartland and/or its global affiliate companies (as applicable) disposes of, or considers the disposition of, any of its/their business or assets.
We do not make a practice of selling, sharing, trading or renting your personal information to others in ways different from what is disclosed within this policy, agreed to contractually by our customers or otherwise with their permission; provided, if you were referred to Heartland for services via a third party, such as another independent services provider, we may share information with such third party in accordance with our business relationship with you and that third party.
Heartland uses modern technological efforts to ensure the safety of your sensitive information. No website, internet transmission, computer system or wireless connection is completely secure. Heartland cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. Your use of the Application is at your own risk. Whenever you give Heartland sensitive or confidential information, Heartland will take commercially reasonable steps to protect the information by establishing a secure connection with your web browser. Heartland uses an industry standard security protocol for encrypting sensitive information. Unfortunately, no security measures are perfect or impenetrable and data transmission over the Internet cannot be guaranteed 100% secure. We cannot and do not ensure or warrant the security of any information you transmit to Heartland and you do so at your own risk.
Our Relationship with Affiliate Companies (Including Disclosures and Transfers)
Subject to your consent if required by law, we may appoint an affiliate company to process personal information in a service provider role for and on our behalf. This could be the case if, for example, we permit customers to access electronic statements for their accounts. In that scenario, if there is a charge for the service, customers will pay us for the online access service, but it may be an affiliate company, which processes the relevant personal information. In most cases, we will remain responsible for that company’s processing of your personal information pursuant to applicable data privacy laws.
Login Details and Your Responsibility
Subject to your consent if required by law, we will collect and process your personal information as necessary to set up and administer your sign up to, and use of, the log-in facility available on this Application. . Please remember that if we contact you, we will never ask you for your password in an unsolicited email, message or phone call. If you choose to use the log in facility available on this Application, you are required to adhere to the following security procedures in relation to your username (currently, your email address) and password, which are referred to as “login information”:
- Keep your login information secret and secure at all times and do not disclose it to any other person or allow any other person to use it;
- Do not write down or record in any form your login information or store it on any software, including a password save feature;
- Destroy any notice from us concerning your login information as soon as you have read and understood it;
- Should you become aware or have reason to suspect that your login information has been lost or disclosed to, or seen or accessed by, someone other than yourself, immediately notify Heartland at the email address provided above;
- Do not leave your computer or other device unattended while you are using the log in facility available on this Application or let anyone else use your computer or other device unless and until you have logged out; and
- Use particular caution if you access the log in facility available on this Application from a public or shared computer, to ensure that other people are not able to see seen your login details.
Managing Your Preferences
Subject to your consent if required by applicable law, we may use your personal information to provide you with direct marketing information about our products and services as well as those of our global affiliates and third parties, and we may permit those affiliates or other third parties to send their own direct marketing to you. Our direct marketing may be by email, telephone, post or SMS or such other method(s) as may become relevant. In addition, Heartland may provide direct marketing information and permit others to do that as allowed by our customers’ respective contracts.
We will take steps to seek to ensure that any direct marketing from us and which is sent by electronic means will provide a simple means for you to stop further communications, in accordance with applicable law. For example, in emails, we may provide you with an “unsubscribe” link, or an email address to which you can send an opt-out request. In addition, if we need your consent for direct marketing communications under applicable law, and if you provide your consent, you will be able to change your mind at any time.
Obtaining Copies of or Access to Your Personal Information and Updating Us
You may have the right to obtain copies of or access to your personal information from us. Please contact us for further details. We may request payment of a small fee, in accordance with applicable law. If you believe that any information we have about you is incorrect or incomplete and should be updated, please inform us as soon as possible. Please be aware that we will process your request as quickly as we reasonably can, and consistently with any applicable local laws, but it may not be possible to update our systems immediately in all cases.
Data Anonymization and Aggregation
Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessment and analysis of costs and charges in relation to our products and services. We may share anonymized or aggregated data with our global affiliates and with other third parties.
This policy does not restrict Heartland's use or sharing of any non-personal, summarized, derived, anonymized or aggregated information (i.e., volumes, totals, averages, etc.).
Commitment to Security, Privacy and Standards
We take seriously our responsibility to protect the security and privacy of the information we receive via this Application. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide via this Application against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us through this Application in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through this Application.
An IP address is a number which recognizes the computer or other device used to access the internet. Typically, a web server automatically collects IP addresses and uses them to administer a website.
Heartland may provide links on this Application to other websites that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites. We make no representation regarding your use of such websites.
Please be aware that we are not responsible for the privacy practices of the operators of other websites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information. This policy applies solely to information collected by us. You should read any other applicable privacy and cookies policies carefully before accessing and using such other websites.
Changes and Updates
We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Privacy Statement, in whole or in part, at any time. When we amend this Privacy Statement, we will revise the “last updated” date located at the top of this Privacy Statement. For changes to this Privacy Statement that we consider to be material, we will place a notice on the Heartland website located at https://www.heartlandmicropayments.com/en/privacy-statement by revising the link to read substantially as “Updated Privacy Statement” for a reasonable amount of time. If you provide information to us or access or use the Application in any way after this Privacy Statement has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Privacy Statement will be available on the Application and will supersede all previous versions of this Privacy Statement.
Choice of Law
This Privacy Statement, including all revisions and amendments thereto, is governed by the internal laws of the United States, State of Georgia, without regard to its conflict or choice of law principles, which would require application of the laws of another jurisdiction.
This Application is not intended for use by children. We do not solicit or knowingly accept any personal information from persons under the age of 18. Please do not use this Application if you are under the age of 13.
Region Specific Information
California residents are entitled once a year to request and obtain certain information regarding our disclosure, if any, of personal information to third parties for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2018 will receive information about 2017 sharing activities). As set forth in this Privacy Statement, we comply with this law by offering our visitors the ability to tell us not to share your personal information with third parties for their direct marketing purposes. To make such a request, send us a message at firstname.lastname@example.org. You must include this Application as the subject line, and your full name, e-mail address, and postal address in your message. Please note that under California law, businesses are only required to respond to a customer request once during any calendar year.