GDPR PRIVACY NOTICE

This Privacy Notice describes how Easy Pay Solutions collects and uses the information you provide to us when using the Aspen Card Processing system or any other product or service we provide. It also details the steps you can take to access this information and to request that we correct or delete it.

If you have questions or concerns regarding this Privacy Notice or Easy Pay Solutions handling of your information collected, contact the Easy Pay support department at:

Privacy Policy Questions: support@easypaysolutions.com
Easy Pay Solutions – Customer Service, P.O. Box 2380, South Portland, ME 04116, (877) 724-8472

How We Collect and Use Your Information

Information You Provide Us Directly

• Our customers are business or other non-person legal entities. Therefore, most of the information we receive and collect is not of a personal nature. However, portions of the information we receive from our business customers may include public and non-public information about our customers, persons, and businesses
• When you utilize or are employed by an organization that uses the Easy Pay Aspen processing system or any of our products or services: we may collect your name, phone number, and/or email address. We will collect and process your payment card and cardholder data.

Personal information collected

• Easy Pay Solutions collects only the data necessary to process a credit card transaction: Name, Address, credit card number
• Some merchants may use the standard fields to collect other information defined on the input screens. – This data is included in any requests to remove your personal data from our systems

The information you provide us is used to:

• Process your credit card data to assist in the purchase of goods and services
• Providing technical support assistance on our products & services
• Access to our online portal system for update files and other user-based documentation
• Respond to your inquiries regarding products or services you may be interested in.

How We Share Your Information – The type or identity of third parties to which it discloses personal information, and the purposes for which it does so:

• Easy Pay only shares personal data with other entities involved with the transaction at the time of the transaction in accordance with our banking and network contracts and only under the PCI guidelines and restrictions.
• Easy Pay Solutions does NOT share, sell, or use any data acquired from a credit card transaction for purposes of marketing, surveys, product offers, etc..
• Easy Pay Solutions will disclose limited personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

How we store your data

• All data is encrypted, stored and maintained within PCI requirements – guidelines
• A daily review of security events and logs to ensure cardholder data is appropriately controlled.

Use of cookies

• Cookies and security tokens may be used to manage user sessions and security.
• These cookies are not used to store any personal information nor are they used for marketing
• Cookies are not sold or exchanged with any other parties

Your Data, Your Choice – Rights to Access and Control Your Personal Data

We provide many choices about the collection, use and sharing of your data, from deleting or correcting data you include on your organizations profile and controlling the visibility of advertising opportunities.

• Access, deleting or correcting your data is provided through our merchant administrative portal.
• Sensitive data defined per PCI requirements may NOT be viewed. ie PAN data
• Via the portal personal data that we have on file about you may be fully administered by an appropriate merchant or integrator.
• Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
• “Choice. Under the Privacy Shield Principles, individuals have the right to opt out of (i) disclosures of their personal information to third parties; or (ii) uses of their personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.”
• “Data subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.”

Removing / Deleting Data

• In accordance with PCI regulations for data retention personal data is purged from our systems set in the data retention policy unless otherwise requested from our integrators for normal business purposes.
• For any of your personal data stored on our system: You can ask Easy Pay,  your merchant or integrator to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you).
• Some merchants may use the standard fields to collect other information customized and defined on the input screens by them. – This data is included in any requests to remove your personal data from our systems
• You may also contact Easy Pay directly through our customer service office listed below to have your personal data removed from our system
• Change or Correct Data: You can also ask us to change, or update your data in certain cases, particularly if it’s inaccurate.

Right to Access and/or Take Your Data:

• Due to the sensitive nature and PCI security requirements around the data housed at Easy Pay, this data can only be deleted at the users request and may not be transmitted outside of the secure Easy Pay server environment.

Other information

EU-U.S. Privacy Shield

Easy Pay Solutions participates in the EU-U.S. Privacy Shield Framework (“Privacy Shield”) and has self-certified with the Department of Commerce that we adhere to the Privacy Shield Principles.

Easy Pay Solutions is committed to applying the Privacy Shield Principles to all personal information received from countries in the European Economic Area (EEA) in reliance on the Privacy Shield. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield website.

Easy Pay Solutions complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Easy Pay Solutions has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Easy Pay Solutions commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Easy Pay Solutions. at:

Questions: support@easypaysolutions.com
Easy Pay Solutions – Customer Service, P.O. Box 2380, South Portland, ME 04116, (877) 724-8472

Please contact us to file an internal complaint. Simply detail your concerns in the Notes section of the request or call us directly via the Sales & Support phone number provided.

Easy Pay Solutions has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, Inc an alternative dispute resolution provider located in the United States. Also known as a Independent recourse mechanism ( IRM )  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit American Arbitration Association, Inc  –  http://go.adr.org/privacyshield.html  for more information or to file a complaint. The services of the American Arbitration Association, Inc are provided at no cost to you.

Under the Privacy Shield, Easy Pay Solutions is responsible for the processing of personal information it receives and subsequently transfers to a third party acting for or on its behalf. Easy Pay Solutions is liable for ensuring that the third parties we engage support our Privacy Shield commitments.

The U.S. Federal Trade Commission has regulatory enforcement authority over Easy Pay Solutions processing of personal information received or transferred pursuant to the Privacy Shield Framework.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Changes to this Privacy Notice

Please note that this Privacy Notice may change from time to time. If we change this Privacy Notice in ways that affect how we use your personal information, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Privacy Notice has changed.

Defined Terms

The following terms used in this Privacy Statement have defined meanings.

Personal information: Any data about an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal information includes both directly identifiable information such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, telephone number as well as key-coded data.

Third party: Any legal entity, association or person that is not owned by Easy Pay Solutions, or in which Easy Pay Solutions does not have a controlling interest.