Effective Date: March 2, 2020
Welcome to the Payfone, Inc. website at (www.payfone.com). Payfone, Inc. (hereinafter “Payfone”, “we”, “our” or “us”) provides products and services for mobile and digital identity and authentication (our “Solutions”) to businesses and organizations and their affiliates (our “Clients”). Our Solutions help Clients prevent fraud, including helping Client’s verify consumer identities when Clients engage with consumers when online, using mobile devices, or calling Client call centers. In short, we provide business-to-business Solutions. If you are searching for information about what we do and how we process Personal Information, please read through all of the information provided in this Policy.
For the purposes of the European Union or Switzerland (“EU”) General Data Protection Regulations (“GDPR”) or EU individual member country laws (“EU Data Protection Laws”), Payfone may be considered either a data controller (i.e., Payfone is responsible for, and controls the processing of, your Personal Information) or a data processor (i.e., Payfone processes your Personal Information on behalf of a data controller). Payfone may also be considered both a data controller and a data processor depending on the nature of the transaction. If EU Data Protection Laws or other country laws outside of the United States apply to you, please see the “Your Rights as an EU Resident” or “Local Country Laws Outside of the EU” sections below for further information about your rights.
- WHAT PERSONAL INFORMATION DO WE PROCESS?
- HOW DO WE USE PERSONAL INFORMATION?
- WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
- HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?
- ONLINE ADVERTISING
- HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
- LINKS TO OTHER WEBSITES
- YOUR CALIFORNIA, NEVADA AND OTHER STATE OPT-OUT PRIVACY RIGHTS
- YOUR RIGHTS IF YOU ARE LOCATED IN THE EU OR SWITZERLAND
- LOCAL COUNTRY LAWS OUTSIDE OF THE EU
- CONTACTING US
This Policy does not apply where we access or use (“Process”) information that can reasonably identify you (“Personal Information”) when acting as a processor or service provider on behalf of our Clients, including when we use Trusted Sources (as defined below), although we briefly explain below, for your information generally, ways in which Personal Information may be Processed when providing Solutions we offer to our Clients. If you interact with our Solutions through one or more of our Clients and want more detailed privacy information, please contact that Client directly, as our Clients’ privacy policies may differ from those outlined in this Policy. We are not responsible for the privacy or data security practices of our Clients or any other non-affiliate third parties.
This Policy also does not apply to any Personal Information you post to the public areas of our Sites. This includes, but is not limited to, comments to social media platforms and other public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to the privacy practices and policies of the platform and/or forum.
2. WHAT PERSONAL INFORMATION DO WE PROCESS?
The types of Personal Information we process depends on (a) how you access or use our Sites and/or (b) how our Clients use our Solutions.
Personal Information We Process Through Our Sites
Payfone may process Personal Information such as your name, personal email address, business email address, and/or your personal or business phone number when you communicate with us. For example, by contacting us with inquiries, responding to our polls, RSVP’ing to events, interacting with our landing pages (e.g., leaving a comment) or in response to our marketing materials, or when you set up an account with us. Where we process other Personal Information through your use of our Sites, such as obtaining telephony signals or responding to consumer privacy inquiries through our online portal (powered by OneTrust), we will inform you of this before you provide information and we process Personal Information.
Personal Information Processed in Providing Solutions to our Clients
Payfone may process Personal Information when providing Solutions to our Clients. For example, in order to provide our authentication and fraud prevention services to a Client, we may receive Personal Information from our Client, and we may request that a mobile network operator (“MNO”) provide certain telephony signals, name, address, and mobile phone number. We may also obtain similar information from trusted proprietary third parties, or third party platforms or applications, including online databases or directories (“Trusted Sources”). We may also use Personal Information when combining information from MNOs and Trusted Sources when providing Solutions to our Clients. Regardless of where the Personal Information originates from, Payfone complies with all applicable laws governing processing of Personal Information when providing Solutions to our Clients, and processes Personal Information in accordance with our Client agreements.
Personal Information We Collect Automatically via Tracking Technologies (e.g., Cookies)
3. HOW DO WE USE PERSONAL INFORMATION?
Payfone may use Personal Information to:
- operate, maintain, improve, and provide to you the features and functionality of our Sites and/or Solutions;
- enhance our Sites, as your information helps us to more effectively respond to your customer service requests and support needs;
- contact you, including about the information you have provided through our Sites;
- set up and administer accounts for Sites and/or Solutions;
- process transactions for Sites and/or Solutions;
- deliver marketing and events communication for our Sites;
- prevent fraud and abuse using our Solutions;
- enable identity authentication and otherwise operate, maintain and provide our Sites and Solutions; and
- perform any other action we may describe when you provide the information.
4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
Payfone may share Personal Information as set forth below:
- Vendors and Trusted Sources: We may share your Personal Information with our vendors and Trusted Sources in order to provide Solutions to our Clients, provided such companies protect your Personal Information and only use it for the purposes we specify. If you interact with our Solutions through one of our Clients, please review that Client’s privacy practices and its use of third party service providers.
- Clients: We may share Personal Information we receive from our vendors and Trusted Sources with a Client to whom you interact in order to provide Solutions to that Client. We do not share this Personal Information between Clients. Our Clients may have their own privacy policies which govern their use of Personal Information.
- Business Transfers: We may share Personal Information with other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company of a third party, or in the event of a bankruptcy or related or similar proceedings.
- Legal Requirements: We may share Personal Information with law enforcement, regulatory authorities, courts, and governmental agencies to comply with subpoenas or other legal orders, legal or regulatory requirements, and government requests. We may also disclose Personal Information in order to verify or enforce compliance with other agreements or policies governing the Sites or Solutions, and applicable laws, rules, and regulations, or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of the Sites, Solutions, consumers, or other third parties. We reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
We may also share Personal Information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
5. HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?
6. ONLINE ADVERTISING
Payfone may permit third party online advertising networks, social media companies and other third party services to collect Personal Information through cookies and similar Tracking Technologies related to your visit to our Sites so that they may play or display ads that may be relevant to your interests on our Sites as well as on other websites or apps, or on other devices you may use. This information may also be used to make the advertisements you see online more relevant to your interests. For example, Payfone or a third party may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (e.g., Google Analytics cookie) and third party cookies (e.g., DoubleClick advertising cookie) or other third party cookies together to inform, optimize, and display ads based on your past visits to the Sites. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance’s resources at www.aboutads.info/choices. You may also control your advertising preferences or opt-out of certain Google advertising Solutions by visiting the Google Ads Preferences Manager, available at https://google.com/ads/preferences as of the effective date of this Policy.
7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
Keeping information safe. Payfone maintains reasonable administrative, technical and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our Clients (and where appropriate, consumers directly) in accordance with our contractual obligations and applicable law.
Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification. Personal Information that we have processed on behalf of our Clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.
8. LINKS TO OTHER WEBSITES
Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not Payfone-branded and services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing Third Party Site links on our Sites, Payfone does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.
Payfone does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Payfone through the Sites or Solutions, please contact us at firstname.lastname@example.org and we will endeavor to delete that information from our databases.
10. YOUR CALIFORNIA, NEVADA AND OTHER STATE OPT-OUT PRIVACY RIGHTS
If you are a California resident, you may be entitled to opt out from having your Personal Information shared or used under California Civil Code Section 1798.83. If you are a California or Nevada resident, you may be entitled to opt out of the sale of your Personal Information the California Civil Code Section 1798.83, or under Nevada Senate Bill 220 respectively. If you are a resident of any other State, you may be entitled to similar rights. You may make an opt-out or related request by contacting using the contact information in Section 13 below or clicking the “Exercise Your Rights” or “Do Not Sell My Personal Information” links at the bottom of Payfone’s website.
11. YOUR RIGHTS IF YOU ARE LOCATED IN THE EU OR SWITZERLAND
Under the GDPR or EU Data Protection Laws, Payfone may be considered a data controller and/or a data processor depending on the nature of the transaction.
Legal Basis for Processing in the EU: In the EU, the purposes for which Payfone processes your personal data (as defined under applicable laws) are:
- the provision of personal data by you may be necessary for the performance of any contractual relationship we have with you;
- where it is necessary for compliance with our legal obligations laid down by EU Data Protection Laws; and
- where processing of personal data is necessary for the purposes of Payfone’s, our Client’s or Trusted Sources’ legitimate interests in connection with providing our Solutions or with respect to our Sites, including:
- user registration/authentication and providing client services;
- to contact you and respond to your requests and enquiries;
- for business administration, including statistical analysis;
- to provide the Sites as well as our Solutions;
- for fraud prevention and detection; and
- to comply with applicable laws, regulations or codes of practices.
Payfone may also process personal data on the basis of your freely given, specific, informed, and unambiguous consent. You should be aware that you are entitled under EU Data Protection Laws to withdraw your consent where that has been given, at any time. If you do this and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Sites as well as our Solutions.
We may store personal data for as long as necessary to fulfill the purposes for which we process the data, except if required otherwise by law.
Special Categories of Data: Payfone Solutions will not directly and will not intentionally collect, store, process, and transmit the following special categories of Personal Data as defined by the GDPR:
- Racial or ethnic origin
- Political opinions
- Religious, philosophical beliefs, or other beliefs of a similar nature
- Trade union membership
- Physical or mental health or condition
- Sex life and sexual orientation
- Genetic data and biometric data
- Data on criminal convictions
Specific Rights under the GDPR: If you are a European citizen, you may have the right to access and manage your personal data in those instances where we control such information and to the extent that the request does not expose any personal data about another person, does not adversely affect the rights and freedoms of others, or otherwise conflicts with applicable laws. More specifically, you may have the following rights in respect of your personal data that we hold:
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. YOU CAN OBJECT TO MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.
- Right of access. The right to obtain access to your personal data in a common machine-readable format. Please note that the request for additional copies of personal data may result in reasonable fees based on administrative costs.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
Additionally, you have the right not to be subject to a decision based solely on automated processing, including profiling. Our Solutions are not used by our Clients to determine credit worthiness. Our Solutions are used to assess the probability of you being the person you’re claiming to be and help avoid fraudulent activities. If you interact with our Solutions through one or more of our Clients, please contact that Client directly in order to understand how they use our Solutions within their current processes, contest any decisions they have made based on our processing, and/or verify your identity.
In the instances where we control your data and you wish to exercise any of these rights, you may contact us in writing at the address below or via email at email@example.com at any time, or by using the “Exercise Your Rights” link at the bottom of our website. We will comply with applicable laws, but may not be able to honor your request in all circumstances.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
International Transfers: Personal Information received on behalf of Clients for the United States market are processed on servers located in the United States. Personal information received on behalf of Clients based or servicing primarily the European Economic Area countries are processed on servers based in Europe. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or Trusted Sources we use.
Where we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
- the country to which we send the Personal Information may be approved by the European Commission;
- the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information; or
- where the recipient is located in the United States, it may be a certified member of the EU-US Privacy Shield scheme.
In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.
You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out below in the “Contacting Us” section.
Consequences of Non-Compliance: The GDPR states that penalties for non-compliance with the GDPR must be effective, proportionate and dissuasive for each individual case. Payfone understands that GDPR-related fines can be up to 10 million euros or up to 2% of our entire global turnover of the preceding fiscal year, whichever is higher.
12. LOCAL COUNTRY LAWS OUTSIDE OF THE EU
Where local countries laws outside the EU or United States apply to Solutions offered to our Clients or our Sites, we comply where applicable. If such laws apply to you and you have additional questions, please reach out us at emailing us at firstname.lastname@example.org, by writing to us at Payfone, Inc., 245 5th Avenue, 20th Floor, New York, NY 10016, or by using the “Exercise Your Rights” link at the bottom of our website.
14. CONTACTING US
You can also contact Payfone’s Data Protection Officer by writing to:
ATTN: Legal & Compliance Department
245 5th Avenue, 20th Floor
New York, NY 10016