MerchantE Privacy Policy

Effective Date: June 1, 2020

Introduction

Merchant eSolutions, Inc. (“MerchantE”) is committed to providing privacy and security to our merchants and partners as they display interest in and use our merchant services.

In this Privacy Policy, references to “you” means the person about whom we collect, use, disclose or otherwise process personal information (also known as personal data).

This Privacy Policy statement describes the ways in which MerchantE, as a business or controller, collects, stores, uses and protects personal information in hardcopy or electronic form, including through the use of this website, as we provide our merchant services. 

Our use of information we collect as a service provider or processor is limited by the restrictions placed on that information by our customer and their privacy policies. For example, when you go to one of our customers to purchase a product, we may collect your name, home address, telephone number, email address, and payment information at our customer’s instruction and on their behalf.  You can learn more about how your information is collected and used by our customers by reviewing the privacy policies of the businesses you engage with.  

As a business or controller, we will use personal information about you only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of personal data is in compliance with applicable data protection law, including California’s Consumer Privacy Act and the European Union’s General Data Protection Regulation (“GDPR”).

Identity of the Controller of Personal Data 

The Data Controller, as that term is defined within the GDPR, is typically the merchant, which is our customer. MerchantE typically collects and processes payment information on their behalf.  As mentioned above, when we collect and process personal information on behalf of our customer, their privacy policy applies to the collection, use, disclosure and processing of your personal information.

When we collect personal data on our own behalf, including through our website and during the customer application, underwriting and onboarding process, we are the Controller. MerchantE is a U.S. company with its principal place of business at 1150 Sanctuary Parkway, Suite 300, Alpharetta, Georgia 30009.

Information We Collect:

The personal information we collect about you helps us manage our relationship with you, primarily by allowing us to respond to your queries, improving website performance and user experience, and letting you know of our services and of materials for download.  The personal information we collect, the basis of processing and the purposes of processing are detailed below.  Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).

To the extent the GDPR applies, for EU data subjects, we have a lawful basis under the GDPR for each of our processing activities, as further indicated below.

From Whom do we collect this data

Personal data

Lawful Basis and purpose of processing

Representatives of Prospective Customers 

We may collect your name, physical address, email address and phone number, as well as Social Security number, driver’s license, and other information needed to process and underwrite your application if you submit an application to us for review.

It is necessary to take steps at your request prior to entering into a contract (e.g. to respond to your queries, to verify creditworthiness, and to provide you with further information).

Representatives of Current Customers

We may use your name, physical address, email address, phone number and web activity logs while using our electronic systems, as well as Social Security number and other information needed to provide support, risk monitoring and to provide you with updates and billing statements.

It is in our legitimate interest to contact you for business purposes and also to perform periodic reviews and audits of the account.  Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

General Inquirers

We will collect your name, email address, phone number, and message details.

It is in our legitimate interests to respond to queries and to provide you with information relating to our services. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Partners

We will collect your name, physical address, email address, and phone number.

It is in our legitimate interests to provide you with information relating to our services and it is necessary for the performance of a contract to which you are a party to. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Developers

We will collect your name, email address, and phone number, as well as web activity logs while you use our electronic systems.

It is in our legitimate interests to respond to queries and to provide you with information relating to our services. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Those interested in joining a mailing list

We will collect your name and email address.

It is based on our legitimate interest in maintaining a mailing list and honoring your request to be on it.  Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject, particularly since you requested to be included.  You may unsubscribe at any time.

Prospective Employees

We will collect your name, email address, physical address, phone number, employment and educational history.  If you receive a conditional offer from us, and depending on local laws, we may also collect a background check, including any criminal history.

Necessary in order to take steps prior to entering into an employment contract; Consent.

Location Data 

We may collect your location based on where you access our website.

It is in our legitimate interests to enhance account security, and to ensure appropriate privacy regulations are followed. Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

 

For California Residents

The personal information about you that we collect includes information within the below categories of data. These categories also represent the categories of personal information that we have collected over the past 12 months. Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers. 

 

Category

Source

Purpose of Collecting Information

Disclosed for a business purpose in last 12 months?

Types of Third Parties Shared With

Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

This information is collected directly from you, our customers, our service providers or through the use of cookies and similar technologies.

A subset of this data is processed in connection with a number of our operational functions, including to provide updates, provide billing statements to our customers, process payments, provide you with other services, to audit our interactions with our customers and consumers, and to respond to your queries, or to take steps necessary to enter into a contract with you. 


It may also be used for marketing purposes, including offering you products that may interest you.

Yes

Affiliates and service providers

Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

This information is collected directly from you, our customers, our service providers or through the use of cookies and similar technologies.

A subset of this data is processed in connection with a number of our operational functions, including to provide updates, provide billing statements to our customers, process payments, provide you with other services, to audit our interactions with our customers and consumers and to respond to your queries, or to take steps necessary to enter into a contract with you. It may also be used for marketing purposes, including offering you products that may interest you.

Yes

Affiliates and service providers

Characteristics of classes protected under federal or California law, including: familial status, disability, sex, national origin, religion, color, race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information.

This information is collected directly from you or our service providers (including recruiting agencies).

A subset of this information is collected and processed in connection with recruiting, especially  where required by law or ,to make you aware of employee benefits you may elect to receive, and to make any necessary accommodations for interviews.

Yes

Affiliates and service providers

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

 

This information is collected and processed in connection with a number of our operational functions, including to process payments. 

Yes

Affiliates and service providers

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

This information is collected directly from you, our customers, our service providers or through the use of cookies and similar technologies.

This information is collected and processed in connection with a number of our operational functions, including to optimize performance of our websites, provide products and services to our customers, and to audit our interactions with our customers and consumers.

It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

Yes

Affiliates and service providers

Geolocation data.

This information is collected directly from you, our customers, our service providers or through the use of cookies and similar technologies.

This data is processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

It is also processed for marketing purposes, including offering you products that may interest you through both direct and partner advertising.

Yes

Affiliates and service providers

Audio, electronic, visual, thermal, olfactory, or similar information.

This information is collected directly from you or our customers. 

This data is processed in connection with a number of our operational functions, including recording support calls and other calls. 

Yes

Affiliates and service providers

Professional or employment-related information.

This information is collected directly from you or our service providers (including recruiting agencies).

This data is processed in connection with a number of our operational functions, including for hiring, and to provide services to our customer. It may also be used for marketing purposes, including offering you products that may interest you.

Yes

Affiliates and service providers

 

Other Automatically Collected Information, Cookies and Related Technologies

When a user visits the MerchantE’ website or accesses MerchantE electronic systems via the internet, IP address and standard web log information is collected. For each visitor to our website, our web server automatically recognizes only the user’s domain name, but not the e-mail address. The information we collect is used to improve the content of our website, and is not shared with other organizations for their direct marketing purposes.

When you access our website, MerchantE may place small data files called “cookies” on your computer. We send a “session cookie” to your computer when you sign up for and log in to your account. This type of cookie helps us to recognize you if you visit multiple pages on our site during the same session, so that we don’t need to ask you for your password on each page. Once you log out or close your browser, this cookie expires and no longer has any effect.

Additionally, we leverage sub-processors in order to better understand our users’ needs and to optimize this service and experience. These services use cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. This information is stored on our behalf in a pseudonymized user profile. These sub-processors are contractually forbidden to sell any of the data collected on our behalf.  

How we Share Personal Information

MerchantE shares Personal Information in the following ways:

  • We may use service providers, who help with parts of our website and operation of our business; (e.g. bill collection, fraud prevention, technology services, marketing) and with whom we may share your Personal Information. We endeavor via contract to limit our service providers’ use of such information to the purposes of providing services to or assisting us with the operation of our business and not for their own benefit;
  • We may share with sales channel partners to jointly create and offer our merchant services;
  • We may share with law enforcement, government officials, or other third parties to the extent we believe applicable law requires our sharing or such sharing is appropriate to protect our rights, your rights or the rights of others; 
  • We may share payment information with third parties such as financial institutions as part of providing our services to you; 
  • As part of our legitimate interest, we may share in order to manage any proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organization; and
  • We may share with other third parties only with your consent or direction to do so.

Under California law, we do not sell Personal Information nor do we intend to do so. We also have not done so in the past 12 months.  

We do not share Personal Information with third parties for the purposes of affiliate marketing. 

Protection and Storage of Personal Information

In connection with your use of our merchant services, Personal Information may be stored in our facilities and computer systems in the U.S. This information is protected by maintaining physical, electronic and procedural safeguards. We have security measures in place to protect against the loss, misuse, and alteration of Personal Information we receive.  Payment information collected and used in connection with the provision of our services to our customers is stored and transmitted as required by the PCI Security Industry Standard. In the event of a security breach involving Personal Information submitted to us, we may notify you electronically to the extent permitted by applicable law and you agree that we may communicate with you electronically for such purposes.

Privacy Rights

Depending on where you live, or your residency, you may be entitled to the following rights, subject to certain conditions and limitations.

Right to Know about Personal Information Collected, Disclosed, or SoldYou may be entitled, subject to some exceptions, to request that we disclose the personal information we have collected, disclosed or sold about you, including requesting the specific pieces of information collected. Under California law, we do not and will not sell personal information about you.

Right to Opt-Out of the Sale of Personal InformationYou may be entitled to have the right, subject to some exceptions, to direct us to stop selling information about you (i.e. to opt-out) to third parties. That said, under California law, we do not and will not sell personal information about you.  However, we may share personal information about you with our service providers and partners as permitted by law. Please see the “How we Share Personal Information” portion of this statement for more information.

Right to Request Deletion of Personal InformationYou may have the right, subject to some exceptions, to request that we delete personal information about you that we have collected or maintain. We will not delete personal information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law. For example, we cannot delete information about you while continuing to provide you with certain products and services or where we are legally required to retain certain information.  This right is generally excluded from data kept for archival or back-up purposes.

Right to Request CorrectionYou may have the right to correct the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.

Right to Restrict or Object to the ProcessingYou may have the right to object to the processing of your personal information when we are relying on a legitimate interest, and there is something about your particular situation which makes you want to object to the processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Data portabilityIn some instances, you may have the right to receive the information about you in a portable and readily usable format. Before providing this information, we must be able to verify your identity. 

Non-Discrimination Statement

MerchantE will not discriminate against consumers for exercising rights under applicable laws, including the CCPA.  Specifically, we will not:

  • Deny services
  • Charge different prices or rates for services
  • Provide a different level or quality of services
  • Suggest that an individual will receive a different price or quality of service if the individual exercises rights under the law.

Without prejudice to any other administrative or judicial remedy you might have, you may have the right to lodge a complaint with local state regulators if you believe that we have infringed applicable privacy or data protection requirements when processing personal information about you.

Submitting a Request and Verifying Your Identity

Before providing information you request in accordance with these rights, we must be able to verify your identity. In order to verify your identity, you will need submit information about yourself, including, to the extent applicable, providing your account login credentials or other account information, answers to security questions, your name, government identification number, date of birth, contact information, or other personal identifying information. We will match this information against information we have previously collected about you to verify your identity and your request. To the extent you maintain an account with us, we may require you to login to that account as part of submitting your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests, you will be required to submit a verifiable request for deletion and then to confirm separately that you want personal information about you deleted.

You may submit requests to exercise your rights by contacting us at privacy@merchante-solutions.com or our toll-free Customer Care line at (888)288-2692.  Under California law, we are only obligated to respond to personal information requests from the same consumer up to two times in a 12-month period.  Under EU law, to the extent applicable, if an individual makes unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access Personal Information, a controller may charge a fee subject to a maximum set by law.

If you would like to appoint an authorized agent to make a request on your behalf, you must provide the agent with written, signed, and notarized permission to submit privacy right requests on your behalf. The agent must provide this authorization at the time of request. For requests to disclose or delete your personal information, we will also require you to verify your identity directly with MerchantE, unless the agent has been provided with valid power of attorney.

Information collected for purposes of verifying your request will only be used for verification. You can find statistics on the requests we receive by contacting us at privacy@merchante.com.

For the personal information of consumers we collect in conjunction with a payment transaction on behalf of our customers, please contact the merchant who collected your information.  They will submit to us any requests they honor in accordance with their privacy policy.  

Children and minors.

We do not knowingly collect personal information directly from individuals under 17 years of age.  Our products and services are not intended for individuals under 17 years of age. No one under 17 years of age should submit or post personal information through our online services.  We may collect personal information regarding individuals under 17 years of age from their parents or legal guardians, but only as necessary to provide our products and services.

Changes or Modifications to this Privacy Policy

This Privacy Policy may be revised at any time. The revised version will be posted to this website, and it will be effective at the time posted. In addition, we will provide notice to you when this Privacy Policy is revised. Should there be a material change to our information collection and use practices, it will be applied only to information collected on a going forward basis.

Questions about the Privacy Policy

Questions regarding this Privacy Policy should be directed to privacy@merchante.com. Or, you may write or call us at:

MerchantE
c/o Privacy Officer
1150 Sanctuary Parkway, Suite 300
Alpharetta, Georgia 30009

Telephone: (888) 288-2692