GDPR PRIVACY NOTICE

This Privacy Notice describes how EasyPay Solutions collects and uses the information you provide to us when using the Aspen Card Processing system or any other product or service we provide and the steps you can take to access this information and to request that we correct or delete it.

If you have questions or concerns regarding this Privacy Notice or EasyPay Solutions handling of your information collected, contact the EasyPay support department at:

Privacy Policy Questions: [email protected]
EasyPay Solutions – Customer Service, P.O. Box 2380, South Portland, ME 04116, (877) 724-8472

How We Collect and Use Your Information

Information You Provide Us Directly

• Our customers are business or other non-person legal entities. Therefore, most of the information we receive and collect is not of a personal nature. However, portions of the information we receive from our business customers may include public and non-public information about our customers, persons, and businesses.
• When you utilize or are employed by an organization that uses the EasyPay Aspen processing system or any of our products or services: we may collect your name, phone number, and/or email address. We will collect and process your payment card and cardholder data.

Personal information collected

• EasyPay Solutions collects only the data necessary to process a credit card transaction: Name, Address, credit card number.
• Some merchants may use the standard fields to collect other information defined on the input screens. – This data is included in any requests to remove your personal data from our systems.

The information you provide us is used to:

• Process your credit card data to assist in the purchase of goods and services
• Providing technical support assistance on our products & services
• Access to our online portal system for update files and other user-based documentation

How We Share Your Information – The type or identity of third parties to which it discloses personal information, and the purposes for which it does so:

• EasyPay only shares personal data with other entities involved with the transaction at the time of the transaction in accordance with our banking and network contracts and only under the PCI guidelines and restrictions.
• EasyPay Solutions does NOT share, sell, or use any data acquired from a credit card transaction for purposes of marketing, surveys, product offers, etc..
• Will disclose limited personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements 

How we store your data

• All data is encrypted, stored and maintained within PCI requirement – guidelines
• A daily review of security events and logs to ensure cardholder data is appropriately controlled. 

Use of cookies

• Cookies and security tokens may be used to manage user sessions and security.
• These cookies are not used to store any personal information nor are they used for marketing
• Cookies are not sold or exchanged with any other parties

Your Data, Your Choice – Rights to Access and Control Your Personal Data

You have many choices about how your data is collected, used and shared. We provide many choices about the collection, use and sharing of your data, from deleting or correcting data you include on your organizations profile and controlling the visibility of advertising opportunities.

• Access, deleting or correcting your data is provided through our merchant administrative portal.
• Sensitive data defined per PCI requirements may NOT be viewed. ie PAN data
• Via the portal personal data that we have on file about you may be fully administered by an appropriate merchant or integrator.
• Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
• “Choice. Under the new DPF Policies, individuals have the right to opt out of (i) disclosures of their personal information to third parties; or (ii) uses of their personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.”
• “Data subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.”

Removing / Deleting Data:

• In accordance with PCI regulations for data retention personal data is purged from our systems set in the data retention policy unless otherwise requested from our integrators for normal business purposes.
• For any of your personal data stored on our system: You can ask EasyPay,  your merchant or integrator to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you).
• Some merchants may use the standard fields to collect other information customized and defined on the input screens by them. – This data is included in any requests to remove your personal data from our systems
• You may also contact EasyPay directly through our customer service office listed below to have your personal data removed from our system
• Change or Correct Data: You can also ask us to change, or update your data in certain cases, particularly if it’s inaccurate.

Right to Access and/or Take Your Data:

• Due to the sensitive nature and PCI security requirements around the data housed at EasyPay, this data can only be deleted at the users request and may not be transmitted outside of the secure EasyPay server environment.

Other information

Easy Pay Solutions and the EU-U.S. DPF,  UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF

Easy Pay Solutions complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Easy Pay Solutions has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Easy Pay Solutions has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

EasyPay Solutions commits to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU and UK individuals and Swiss individuals.  To  resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding DPF  policies, should first contact EasyPay Solutions. at:

Questions
[email protected]

Easy Pay Solutions
Customer Service
PO Box 2380
South Portland ME 04116(877) 724-8472

Please contact us to file an internal complaint.  Simply detail your concerns in the Notes section of the request or call us directly via the Sales & Support phone number provided.

EasyPay Solutions has further committed to refer unresolved complaints to the American Arbitration Association, Inc an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit American Arbitration Association, Inc https://www.adr.org/ for more information or to file a complaint. The services of the American Arbitration Association, Inc are provided at no cost to you.

Under the new set of DPF policies, EasyPay Solutions is responsible for the processing of personal information it receives and subsequently transfers to a third party acting for or on its behalf. EasyPay Solutions is liable for ensuring that the third parties we engage support our Data Privacy Framework (DPF) program commitments.

The U.S. Federal Trade Commission has regulatory enforcement authority over EasyPay Solutions processing of personal information received or transferred pursuant to the new Data Privacy Framework (DPF) program.

Under certain conditions, more fully described on the Data Privacy Framework (DPF) program website,  (https://www.dataprivacyframework.gov/)   you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Changes to this Privacy Notice

Please note that this Privacy Notice may change from time to time. If we change this Privacy Notice in ways that affect how we use your personal information, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Privacy Notice has changed.

Defined Terms

The following terms used in this Privacy Statement have defined meanings.

Personal information: Any data about an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal information includes both directly identifiable information such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, telephone number as well as key-coded data.

Third party: Any legal entity, association or person that is not owned by EasyPay Solutions, or in which EasyPay Solutions does not have a controlling interest.