Paymentech, LLC is committed to safeguarding the privacy and security of the information we collect. This statement explains the policies we follow with respect to the handling of customer information collected by Chase.
Commitment to Privacy and Security
Paymentech, LLC ("Chase") is committed to safeguarding the privacy and security of the information we collect. This Privacy Statement explains the policies we follow with respect to the handling of customer information collected by Chase. This Privacy Statement covers the services provided by Chase to our merchant customers, including merchant customers using the Chase Mobile Checkout application.
Information We Collect
Chase's customers, the customers of its affiliates, and the customers of other third-parties for which Chase may provide outsourced or subcontracted processing services, ("Merchants") are businesses and other legal entities desiring to accept credit or debit cards or other payment methods, as payment for goods or services. Chase does not have direct relationships with, or collect information directly from, individual consumers other than in their capacity as owners or operators of a commercial enterprise. Chase does not provide services for consumer, personal, family or household purposes. The information we receive and collect is strictly related to our business customers and the payment transactions that we assist them in executing, as well as from prospective or potential business customers or website visitors who may be interested in learning more about our services ("Customer Data"). The transaction information we receive from our Merchants may include personal financial information about their customers or applicants (e.g., name, address, credit or debit card account numbers and expiration dates, etc.) who may be individual consumers and other cardholders ("Cardholder Data"). Chase understands that such information is sensitive and takes appropriate steps to protect the confidentiality and security of all information collected by Chase in accordance with this Privacy Statement.
Customer Data and Cardholder Data
Use and disclosure of Customer Data collected by Chase varies based on the information source and type, as set forth below:
In addition, Chase may share certain Customer Data (but not Cardholder Data) with its affiliated entities for marketing purposes and other business purposes.
Protection of Cardholder Data and Customer Data
Chase has implemented various measures, including appropriate administrative, technical and physical safeguards, designed to ensure the security and confidentiality of Cardholder Data and Customer Data, protect against anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information. Such measures may include, among others, encryption, physical access security and other appropriate technologies. Chase continually reviews and enhances its security systems, as necessary. Chase is subject to the detailed rules and regulations of the various credit and debit card organizations and networks (i.e. VISA, MasterCard, American Express, NYCE, Star, etc.), relating to the security and safeguarding of Cardholder Data, including, but not limited to, the Payment Card Industry Data Security Standards ("PCI"), VISA Inc.'s Cardholder Information Security Program ("CISP") and MasterCard International's Site Data Protection Program ("SDP"). Chase endeavors to comply with all such rules at all times. Pursuant to such rules and regulations, Chase is required to undergo periodic third-party assessments and periodic network scans to ensure that, among other things, Chase has installed and maintains a firewall configuration to protect data; does not use vendor-supplied defaults for system passwords and other security parameters; protects stored data; encrypts transmission of Cardholder Data and sensitive information across public networks; uses and regularly updates anti-virus software; develops and maintains secure systems and applications; restricts access to data to those with a business need-to-know; tracks and monitors all access to network resources and Cardholder Data; regularly tests security systems and processes; assigns a unique ID to each person with computer access; restricts physical access to Cardholder Data; and maintains a policy that addresses information security. Additional information regarding the requirements of VISA's CISP and Mastercard's Site Data Protection program (SDP) can be found on the VISA, Inc. and MasterCard International Web sites.
Responsibility of Merchants
Merchants are also required to comply with various rules and regulations of the various credit and debit card organizations and networks relating to the security and safeguarding Cardholder Data, including, but not limited to, PCI, CISP and SDP. Merchants may be required to undergo periodic third-party data security assessments and periodic network scans to ensure that appropriate security measures are in place.
Additional Internet Privacy Policies
Cookies: By using this site you agree to the placement of cookies on your computer in accordance with the terms of this policy. If you do not wish to accept cookies from this site please either disable cookies or refrain from using this site.
In addition to session cookies and persistent cookies, there may be other cookies which are set by the website which you have chosen to visit, such as this website, in order to provide us or third parties with information.
We use session cookies to:
We use persistent cookies to:
Third-Party Web Sites. Chase may create links to third-party Web sites. In addition, Chase may authorize third-parties to create links to Chase websites. Chase is not responsible for the content or privacy practices employed by third-party Web sites. Nor does Chase control or warrant the utility, merchantability or workmanship of the products or services offered at third-party Web sites.
Children. Chase does not solicit or knowingly accept information from persons under the age of eighteen (18). Our web sites are not designed with the intent to attract or encourage viewing by children.
EU Cardholder Data. In addition to processing transactions for its own Merchants based in the United States, Chase provides processing services in the U.S. for its European affiliate, Chase Europe Limited (“CPEL”), and its European customers and, as a result, processes cardholder data belonging to the European customers of CPEL’s customers (“EU Cardholder Data Processing”) in accordance with applicable data protection requirements. If any consumers in the EU have any questions about the EU Cardholder Data Processing , such consumers should reach out to the Chief Compliance Officer at Paymentech, LLC, 14221 Dallas Parkway, Dallas, Texas, 75254. Questions that are not otherwise resolved with the Merchant and/or Chase may also be directed to local EU data protection authorities.
Modifications to Privacy Statement
We continue to review our policies and procedures to assure that they are effective in meeting our commitments to our Merchants. Chase reserves the right to change this Privacy Statement without notice at any time and from time to time, including as needed to comply with the rules and regulations of the various debit and credit card organizations, or to comply with applicable local, state and federal laws and regulations.
If you have a question or comment regarding this Privacy Statement, please contact:
Chief Compliance Officer
14221 Dallas Parkway
Dallas, Texas 75254
(Last modified February, 2017)