References to “You” in this notice are to the individual who is accessing (Payee or User) or applying to use the MassPay Services either on your own account or on behalf of a business (Payer). This includes, in relation to a customer or prospective customer of MassPay, any principals, including the managing or financial directors, any officers, shareholders, partners and beneficial owners of a customer, as well as any member of staff accessing or using the Services on behalf of a customer.
INFORMATION WE MAY COLLECT FROM YOU
We collect Personal Data about our business customers (each a “Payer”) and their designated payees (each a “Payee”) when they use the Sites or the Services. We also collect information about the third-party service providers who we engage to help us provide the Services, as well as information about our employees. We may collect Personal Data, for example through the use of our products, accessing our websites or when you contact customer service. Here are some of examples of the information we collect:
- Full name, personal or business contact information including physical mailing address, email address, telephone number, date of birth, a copy of your identification such as your driver’s license or passport, your national identification number (e.g., SSN) and/or other government identification or registration data.
- Billing and account information (such as credit or debit card number, or bank account number), account balances and the length of time you have maintained those accounts, bank and/or issuer details.
- Information about your use of the Services, such as login information, transaction history, IP address, service preferences and the people or merchants to whole you send money and from whom you receive money.
- Other data with your consent or as allowed or required by applicable law.
By submitting your personal information, you consent to the use of that information as set out in this policy.
WHAT WE USE YOUR PERSONAL INFORMATION FOR
We may use and share the personal information we collect for the following purposes:
- To provide and assist us in managing and delivering products and services to you and to help us to improve and develop these services.
- To improve the running of this website, to improve the customer experience and the operation of our business.
- To identify you; maintain service, monitor your account; to detect and prevent fraud and unauthorised or illegal activities and to maintain the accuracy of our records.
- To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
We may also use your Personal Data in other instances with your consent or as allowed or required by law.
HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. The principles we use to determine the holding periods include the following:
- Personal Data needed for auditing purposes;
- Personal Data needed to troubleshoot problems or to assist with investigations;
- Personal Data needed to enforce our policies;
- Personal Data needed to comply with legal requirements.
Regulations require financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records, MassPay generally holds those records for a minimum of seven years.
DISCLOSING AND SHARING PERSONAL INFORMATION
We do not disclose information which could identify you personally, to anyone except as described in this notice, as permitted or required by law, and/or for the purposes described in this notice, including:
- Within the MassPay Group to help us provide our services and for our own internal customer relationship management, analytical and reporting purposes.
- Where we provide services through third parties such as Banks, payment processors, identity verification companies and other organisations, we may be required to disclose your information (including any ‘know your customer’ information) with such organisations in order to assist their own regulatory obligations or risk assessments.
- In order to prevent and/or detect fraud, financial crime, manage risk and to better protect ourselves and our customers, it may be necessary to process and disclose sensitive personal information including biometric data to third parties who help us in managing such risks, including identity verification.
- If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
- We reserve the right to disclose personal information to a third party if a law, regulation, search warrant, subpoena or court order legally requires or authorizes us to do so.
YOUR DATA PROTECTION RIGHTS
We will take reasonable technical and organisational precautions and measures to prevent the loss, misuse or alteration of your personal information. The security measures include
firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
- Allow You access to our Sites, Services, applications, and tools;
- Monitor and identify irregular site behavior and prevent fraudulent activity;
- Facilitate transactions and improve security;
- We may use some authorized service providers to help us to serve You relevant ads on our Services and other places on the internet. These service providers may also place Cookies on Your device via our Services (third-party Cookies). They may also collect information that helps them identify Your device, such as IP address or other unique device identifiers. A unique identifier ensures that only we and/or our authorized service providers have access to Cookie data.
OUR SERVICES ARE NOT INTENDED FOR CHILDREN
The Sites and Services are not directed to children under the age of 18. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if You believe that we have mistakenly or unintentionally collected information from a child under the age of 18.
CHOICES RELATING TO COMMUNICATION
If You wish to unsubscribe from receiving email marketing communications from us, please opt-out via the unsubscribe link included in such emails, and we will stop sending You communications. We will continue to send communications to You that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that You request from us. You may not opt out of receiving these communications. However, You may be able to adjust the media and format through which You receive these notices.
LINKS TO THIRD-PARTY WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow such a link, please note that these websites have their own privacy and cookies policies and MassPay does not accept any responsibility or liability for these third-party websites.
RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
If you are a California resident and use our consumer Services, you have the right to request disclosure of the specific pieces of personal information that MassPay may have collected about you. California residents also have the right to request deletion of personal information that MassPay may have collected regarding you. California residents may also opt out of the sale of such information, if applicable. These provisions of the CCPA do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law.
WHAT INFORMATION WE COLLECT
In the past 12 months, we collected the following personal information:
- Identifiers, such as your name, age, date of birth, address and other contact details, a copy of your identification (such as your driver’s license or passport), as well as your social security number and/or other government identification or registration data;
- Internet activity, including history of visiting and interacting with our Services, IP address, browser type, cookies, browser language and other information collected automatically;
- Geolocation data to the extent we need to verify your location for regulatory or anti-fraud purposes depending on the Services provided and your use of them (for example, some laws may require us to identify your location if the use of any Services involves gambling);
- Commercial information, such as information about your banking relationships, including account numbers, debit and credit card numbers, account balances, and the length of time you have maintained those accounts.
In order to request a copy of personal information or to request deletion of personal information, California residents can forward verifiable consumer requests to MassPay through one of the following methods:
- Emailing us at firstname.lastname@example.org;
- Calling us at 605-269-0436.
Only you, or someone registered with the California Secretary of State in order to act upon your behalf, may make a verifiable consumer request. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for data access, transport, or deletion twice within a twelve-month period.
In order to submit a verifiable consumer request to MassPay, the request must:
- Provide sufficient detail for MassPay to be able to appropriately ascertain your identity and give sufficient clarity for us to understand the nature of the request.
- MassPay will determine the criteria for a verifiable consumer request based upon the nature of the request and account.
If you have submitted a verifiable consumer request to MassPay, we will respond in a timely manner consistent with applicable law. If we are unable to verify your request, or if we are unable to ascertain that you are a California resident subject to the rights in this Section, we will submit an appropriate response.
Please note, consumers will not receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
EU & UK RESIDENTS
We adhere to applicable data protection laws in the European Union (“EU”) and the United Kingdom (“UK”), when relevant and appropriate, including the General Data Protection Regulation (“GDPR”).
To the extent that GDPR applies, you have the right to:
- Request access, rectify or delete your Personal Data;
- Object, or restrict the processing of your Personal Data;
- Withdraw any consent you have provided to our processing of your Personal Data;
Please consider that, depending on the country from where you use our Services, not all the above rights may be available to you. Also, there might be cases where these rights cannot be enforced: for example, you cannot object to us using your information when it is required by law, or to manage a complaint; similarly you cannot ask us to delete your information if you want to continue using our Services or where such information is necessary to record our contractual dealings, required by law (for example, the retention of anti-fraud or “know your customer” identify and verification requirements), or for the purpose of defending or asserting legal rights and legal actions.
Where we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
Complaints (UK and EU) Under the GDPR and United Kingdom’s Data Protection Act 2018, individuals have the right to complain to a data protection authority in the United Kingdom or the European Union Member State where they reside, where they work or where the alleged infringement of data protection law occurred.
ACCESSING, CORRECTING OR UPDATING YOUR INFORMATION
You can help us maintain the accuracy of your personal information by notifying us of any changes to your information. Your right to access, correct or delete your Personal Data indicated in our records is subject to applicable law including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to confirm your identity before giving access or making modifications to your Personal Data.