Chase Paymentech Solutions, LLC Privacy Statement

Chase Paymentech Solutions, LLC is committed to safeguarding the privacy and security of the information we collect. This statement explains the policies we follow with respect to the handling of customer information collected by Chase Paymentech.


Commitment to Privacy and Security
Chase Paymentech Solutions, LLC and its operating entity Paymentech, LLC, and its affiliates, (collectively, "Chase Paymentech") are committed to safeguarding the privacy and security of the information we collect. This Privacy Statement explains the policies we follow with respect to the handling of customer information collected by Chase Paymentech.

Information We Collect
Chase Paymentech's customers, the customers of its affiliates, and the customers of other third-parties for which Chase Paymentech may provide outsourced or subcontracted processing services, ("Merchants") are businesses and other legal entities desiring to accept credit or debit cards or other payment methods, as payment for goods or services. Chase Paymentech does not have direct relationships with, or collect information directly from, individual consumers other than in their capacity as owners or operators of a commercial enterprise. Chase Paymentech does not provide services for consumer, personal, family or household purposes. The information we receive and collect is strictly related to our business customers and the payment transactions that we assist them in executing, as well as from prospective or potential business customers or website visitors who may be interested in learning more about our services ("Customer Data"). The transaction information we receive from our Merchants may include personal financial information about their customers or applicants (e.g., name, address, credit or debit card account numbers and expiration dates, etc.) who may be individual consumers and other cardholders ("Cardholder Data"). Chase Paymentech understands that such information is sensitive and takes appropriate steps to protect the confidentiality and security of all information collected by Chase Paymentech in accordance with this Privacy Statement.

Customer Data and Cardholder Data
Use and disclosure of Customer Data collected by Chase Paymentech varies based on the information source and type, as set forth below:

  1. Browsing the Website. When you browse Chase Paymentech's website, we may collect information regarding the domain and host from which you access the Internet, the Internet Protocol address of the computer or Internet Service Provider you are using, and anonymous site statistical data. In addition, we may collect information that you voluntarily provide us via online forms and questionnaires, including information you may provide about your business in order to apply to become a Merchant, or thereafter if you use any of our online Merchant services. Chase Paymentech's website is intended for commercial use only, and we collect, retain and use information about visitors to our websites only for specific business purposes, including: (i) to respond to requests for information about our products and services (see "Your Inquiries" below), (ii) to administer the website or improve site performance, (iii) to provide customer support (e.g., to allow a prospective Merchant to complete an online account application, to allow a Merchant to view and manage records, accounts and funds, or to help enhance our products and services); (iv) for security purposes and to combat fraud (e.g., to protect against unauthorized access to Chase Paymentech systems, or Merchant accounts and information), (v) to generate broad statistical and demographic information, and (vi) to comply with certain laws, regulations, and card association rules and regulations. In addition, when you link to Chase Paymentech's website from the website of any third-party advertiser, we may receive information about you from such third-party, including your contact information and information stored in "cookies" on such third-party's website. Please check the privacy policy of these websites concerning what information may be collected by the third-party and shared with Chase Paymentech. Such information is used by us only for the purposes set forth above with respect to information collected directly from you at our own website.
  2. Your Inquiries. When you complete and submit a form on our website, send us an e-mail, send us a fax, or contact us by telephone to solicit information about our services or the company in general, Chase Paymentech may store the inquiries and their contents. Information you submit via an inquiry is collected only with your knowledge and active participation, and may be used by Chase Paymentech to respond to your inquiries, to contact you, to inform you of services of Chase Paymentech or its partners that may be of use to you, and for similar business purposes. Information collected during the course of an inquiry will not be sold or otherwise disclosed to any third party; provided that such information may be shared internally with our affiliated entities for the business purposes set forth above.
  3. Opening an Account or Using Chase Paymentech Services. When you submit an application to obtain a Merchant account and become a Merchant, you will be required to provide us with certain information about your business, and its owners and officers, which may also act as guarantors of the Merchant's obligations. Chase Paymentech may also obtain and store information about the Merchant, and its officers, owners and guarantors, from consumer reporting agencies, credit bureaus, relevant financial institutions, and other entities. Chase Paymentech may use, retain and disclose this information to (i) comply with any applicable federal legislation requiring Chase Paymentech to obtain, verify, and record information that identifies each entity with which it establishes a Merchant relationship, and (ii) evaluate your eligibility for a Merchant account, which may involve disclosure to consumer reporting agencies, commercial credit bureaus, and relevant financial institutions. Chase Paymentech may also use your information to contact you about other Chase Paymentech offerings and services. If you are, or become a Merchant, Chase Paymentech may disclose your information during the course of providing such services to card associations, banks and other financial institutions that are involved in the course of processing or screening the transaction, and to third parties that have contracted with Chase Paymentech to perform certain functions of our services on our behalf. In addition, Chase Paymentech may use, or disclose your information to third parties for the additional purposes of facilitating and completing merchant-initiated or authorized transactions, complying with federal, state and local laws, including credit reporting laws and card association rules, assisting in preventing fraud, or informing you about general company news, product updates and developments, card association rules, and industry trends, offering you products and services that may be of interest to you, or as otherwise may be permitted or required by applicable law.
  4. Customers of Our Merchants. A customer who purchases a product or service from a Merchant using a credit or debit card, or any other method of payment for which we provide the Merchant with transaction processing services, is required to provide that Merchant with certain Cardholder Data in order to make the purchase, including the customer's name and credit card number. Our Merchants may transmit certain parts of this information to Chase Paymentech for the purpose of processing the transaction. During the course of providing processing services to our Merchants, we may disclose such Cardholder Data to banks, processors, credit and debit card organizations and associations, and other financial institutions that are involved in the course of effecting the transaction represented by the Cardholder Data. In addition, we may disclose some or all of the information we collect, to our affiliated companies or to non-affiliated third parties (subject to contractual confidentiality provisions to protect such information) such as a vendor or service company that we hire to prepare our Merchants' account statements or to provide support or services for one or more of our products. We will not disclose Cardholder Data to any third party, except to facilitate and complete transactions submitted to us by Merchants, or otherwise in the course of providing services to our Merchants, or to comply with federal, state and local laws or the rules and regulations of the respective card organizations or other payment entities (e.g. Visa, MasterCard, American Express, NACHA, etc.).

In addition, Chase Paymentech may share certain Customer Data (but not Cardholder Data) with its affiliated entities for marketing purposes and other business purposes.

Protection of Cardholder Data and Customer Data
Chase Paymentech has implemented various measures, including appropriate administrative, technical and physical safeguards, designed to ensure the security and confidentiality of Cardholder Data and Customer Data, protect against anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information. Such measures may include, among others, encryption, physical access security and other appropriate technologies. Chase Paymentech continually reviews and enhances its security systems, as necessary. Chase Paymentech is subject to the detailed rules and regulations of the various credit and debit card organizations and networks (i.e. VISA, MasterCard, American Express, NYCE, Star, etc.), relating to the security and safeguarding of Cardholder Data, including, but not limited to, the Payment Card Industry Data Security Standards ("PCI"), VISA Inc.'s Cardholder Information Security Program ("CISP") and MasterCard International's Site Data Protection Program ("SDP"). Chase Paymentech endeavors to comply with all such rules at all times. Pursuant to such rules and regulations, Chase Paymentech is required to undergo periodic third-party assessments and periodic network scans to ensure that, among other things, Chase Paymentech has installed and maintains a firewall configuration to protect data; does not use vendor-supplied defaults for system passwords and other security parameters; protects stored data; encrypts transmission of Cardholder Data and sensitive information across public networks; uses and regularly updates anti-virus software; develops and maintains secure systems and applications; restricts access to data to those with a business need-to-know; tracks and monitors all access to network resources and Cardholder Data; regularly tests security systems and processes; assigns a unique ID to each person with computer access; restricts physical access to Cardholder Data; and maintains a policy that addresses information security. Additional information regarding the requirements of VISA's CISP and Mastercard's Site Data Protection program (SDP) can be found on the VISA, Inc. and MasterCard International Web sites.

Responsibility of Merchants
Merchants are also required to comply with various rules and regulations of the various credit and debit card organizations and networks relating to the security and safeguarding Cardholder Data, including, but not limited to, PCI, CISP and SDP. Merchants may be required to undergo periodic third-party data security assessments and periodic network scans to ensure that appropriate security measures are in place.

Additional Internet Privacy Policies

Cookies. The Chase Paymentech website may create a small data file, or "cookie", on the hard drive of your computer in order to retain information that is used by our website. Chase Paymentech uses cookies for a number of purposes, including to:

  • Access your information when you "sign in", so that we can provide you with customized content in online areas such as Chase Paymentech Online.
  • Display the most appropriate banners to Chase Paymentech and third party offerings based on your activity while on Chase Paymentech's site.
  • Conduct research to improve Chase Paymentech content and services.
  • Require you to re-enter your Chase Paymentech password after a certain period of time has elapsed to protect you against others accidentally accessing your account contents or otherwise accessing your account contents without authorization.

Third-Party Web Sites. Chase Paymentech may create links to third-party Web sites. In addition, Chase Paymentech may authorize third-parties to create links to Chase Paymentech websites. Chase Paymentech is not responsible for the content or privacy practices employed by third-party Web sites. Nor does Chase Paymentech control or warrant the utility, merchantability or workmanship of the products or services offered at third-party Web sites.

Web Optimization. Chase Paymentech also may use cookies to track advertising leads and campaigns from banner advertisements, third party advertisement services and third party web optimization services. Chase Paymentech may hire third party companies to track and report performance of advertising and marketing campaigns to and from Chase Paymentech and third party web sites. These companies may also set cookies and use related technology, such as tracking pixels.

Tracking pixels (also known as action tags, web beacons, or transparent GIF files) and other similar tracking technologies may be used to collect and store information about user visits, such as the user's anonymous cookie ID, page visits and duration, and the specific ad or link(s) that the user clicked on to visit the site. No personally identifiable information is stored on these cookies or web pixels. This user activity information is reported to us in the aggregate and is anonymous. We use this information in the aggregate to understand, for example, the effectiveness of our advertising and marketing.

Children. Chase Paymentech does not solicit or knowingly accept information from persons under the age of eighteen (18). Our web sites are not designed with the intent to attract or encourage viewing by children.

Safe Harbor Participation for EU Cardholder Data. Chase Paymentech recognizes that the European Union ("EU") has an "omnibus" data protection regime established pursuant to the European Commission Data Protection Directive (95/46/EC) (the "Directive"). The Directive generally restricts the transfer of personally identifiable information about individuals in the EU to the United States, unless there is "adequate protection" for such information when it is received in the United States. In addition to processing transactions for its own Merchants based in the United States, Chase Paymentech provides processing services in the U.S. for its European affiliate, Chase Paymentech Europe Limited, and its European customers. To address the restrictions in the Directive, Paymentech, LLC in the United States ("CPL") adheres to the EU Safe Harbor Privacy Principles published by the US Department of Commerce ("Safe Harbor") with respect to Cardholder Data about Merchants' customers in the European Union that we receive in the United States ("EU Cardholder Data"). We act as a data processor on behalf of Merchants with respect to EU Cardholder Data, and accordingly follow each Merchants' instructions with regard to the collection, processing and protection of EU Cardholder Data. Our Merchants act as the data controller for any EU Cardholder Data. If any consumers in the EU have any questions about our handling of their EU Cardholder Data, such consumers should first contact the Merchant as this may be the most efficient means of addressing such issues. Consumers in the EU may also reach out to the CPL Safe Harbor Privacy Contact in the Legal Department at Chase Paymentech Solutions, 14221 Dallas Parkway, Dallas, Texas, 75254. Questions that are not otherwise resolved with the Merchant and/or CPL may also be directed to local EU data protection authorities.

Paymentech, LLC, complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Paymentech, LLC, has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Paymentech, LLC's certification, please visit http://www.export.gov/safeharbor/.

Modifications to Privacy Statement
We continue to review our policies and procedures to assure that they are effective in meeting our commitments to our Merchants. Chase Paymentech reserves the right to change this Privacy Statement without notice at any time and from time to time, including as needed to comply with the rules and regulations of the various debit and credit card organizations, or to comply with applicable local, state and federal laws and regulations.

Inquiries
If you have a question or comment regarding this Privacy Statement, please contact:

Chase Paymentech Solutions
Chief Compliance Officer
14221 Dallas Parkway
Dallas, Texas 75254

Chase Paymentech Solutions
Safe Harbor Privacy Contact
Legal Department
14221 Dallas Parkway
Dallas, Texas 75254

(Last modified December 5, 2011)