Effective Date: January 7, 2019
Welcome to the Payfone website (www.payfone.com), owned and operated by Payfone, Inc. (“Payfone,” “we”, “our”, “or” “us”). We provide mobile and digital identity authentication and other digital products that help business and organizations that enter into agreements with us (our “Customers”) detect identity fraud, so that digital transactions are safer for everyone.
For the purposes of European Union (“EU“) data protection laws (“Data Protection Law”), Payfone is both a data controller (i.e., Payfone is responsible for, and controls the processing of, your personal data) and a data processor (i.e., Payfone processes your personal data on behalf of a data controller).
End User Data collected through the Products. While providing our Products to our Customers we may receive information related to our Customers’ end users (such as you) from our Customers, and from other third parties (“End User Data”). We collect and process End User Data solely on behalf of our Customers for fraud detection purposes under the terms of our agreements with our Customers, and according to what applicable privacy and data protection laws requires us to do.
WHAT INFORMATION DO WE COLLECT AND HOW DO WE COLLECT IT?
The types of information we collect depends on how you access or use (i) our Site and/or (ii) the Products.
Personal Information We Collect Through our Sites. We may collect information such as your name, email address, company name, business email, and phone number when you communicate with us, for example, by contacting us with inquiries, responding to our polls, leaving a comment, or when you set up an account with us.
HOW DO WE USE THE INFORMATION?
We may use information, including your personal information, to:
• operate, maintain, improve, and provide to you the features and functionality of our Site and/or Products;
• enhance customer service, as your information helps us to more effectively respond to your customer service requests and support needs;
• contact you, including about the services or your account;
• set up and administer accounts;
• process transactions;
• deliver marketing and events communication;
• prevent fraud and abuse;
• enable identity authentication and otherwise operate, maintain and provide our Products and services; and
• perform any other action we may describe when you provide the information.
WHEN DO WE SHARE YOUR INFORMATION?
We may share your personal information as set forth below:
Vendors and Service Providers: We may share your personal information with our third party vendors and our other service providers that perform services or provide products on our behalf and/or help us process transactions for our Customers (provided such companies protect your personal information and only use it for the purposes we specify). If you interact with our Products through one of our Customers please review that Customer’s privacy practices and its use of third party service providers. The Customer: End User Data processed on behalf of a Customer may be shared with that Customer. We do not share one Customer’s End User Data with any other Customer. Our Customers may have their own privacy policies which governs their use of End User Data and other personal information they collect.
• Business Transfers: We may share your personal information with other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company of a third party, or in the event of a bankruptcy or related or similar proceedings.
• Legal Requirements: We may share your personal information with law enforcement, regulatory authorities, courts, and governmental agencies to comply with subpoenas or other legal orders, legal or regulatory requirements, and government requests. We may also disclose your personal information in order to verify or enforce compliance with other agreements or policies governing the Site or Products and applicable laws, rules, and regulations, or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of the Site, Products, its users or other third parties. We reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?
We may share, or we may permit third party online advertising networks, social media companies and other third party services, to collect information through cookies and similar tracking technologies about your visit to our Site over time so that they may play or display ads that may be relevant to your interests on our Site as well as on other websites or apps, or on other devices you may use. We, or our third party advertising partners, use this information to make the advertisements you see online more relevant to your interests. For example, we may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting These features enable us to use first-party cookies (such as the Google Analytics cookie) and third party cookies (such as the DoubleClick advertising cookie) or other third party cookies together to inform, optimize, and display ads based on your past visits to the Site. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may wish to visit the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org/choices, and/or the DAA’s resources at www.aboutads.info/choices. You may also control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences.
HOW DO WE PROTECT YOUR INFORMATION?
Keeping information safe. We maintain reasonable administrative, technical and physical security measures to protect your information from unauthorized access and use. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event End User Data in our possession is affected by a security event, we will notify our Customers in accordance with our contractual obligations and applicable law.
Data retention. We may retain your information as long as appropriate for business purposes, unless we are required by law or regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any personal information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or deidentification. Any End User Data that we have collected on behalf of our Customers shall be retained, stored, and deleted according to our contract with our Customers.
For individuals based in the EU or Switzerland, we store personal data for as long as necessary to fulfill the purposes for which we collect the data, except if required otherwise by law.
PUBLICLY POSTED INFORMATION
LINKS TO OTHER WEBSITES
In general, you may browse the Site without providing personal information. However, if you choose not to provide certain personal information through the Site or Products, you may not be able to use all of the features and products that Payfone offers through its Site and Products.
YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may make one request each year by emailing us at email@example.com or by writing to us at Payfone, Inc., 245 5th Avenue, 11th Floor, New York, NY 10016.
Legal basis for processing in the EU
In the EU, the purposes for which we process your personal data are:
1. the provision of personal data by you may be necessary for the performance of any contractual relationship we have with you;
2. where it is necessary for compliance with our legal obligations laid down by EU law; and
3. where processing of personal data is necessary for the purposes of Payfone’s legitimate interests, including:
a) user registration/authentication and providing client services;
b) to contact you and respond to your requests and enquiries;
c) for business administration, including statistical analysis;
d) to provide the Site as well as our Products and services to you; and
e) for fraud prevention and detection; and
f) to comply with applicable laws, regulations or codes of practices.
We may also process your personal data on the basis of your freely given, specific, informed, and unambiguous consent. You should be aware that you are entitled under Data Protection Law to withdraw your consent where that has been given, at any time. If you do this and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Site as well as our Products and services.
Your rights if you are located in the EU or Switzerland
If you are a European citizen, you may have the right to access and manage your personal information in those instances where we control such information and to the extent that the request does not expose any personal information about another person or otherwise conflict with applicable laws. For example, you may have the right to request that your data be corrected, deleted, or request a copy of your data in a common machine-readable format.
If you are a European citizen, you have the following rights in respect of your personal data that we hold:
a. Right to object. YOU HAVE A RIGHT TO OBJECT TO ANY PROCESSING BASED ON OUR LEGITIMATE INTERESTS WHERE THERE ARE GROUNDS RELATING TO YOUR PARTICULAR SITUATION. YOU CAN OBJECT TO MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.
b. Right of access. The right to obtain access to your personal data in a common machine-readable format.
c. Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
d. Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
e. Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
f. Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
In the instances where we control your data and you wish to exercise any of these rights, you may contact us in writing at the address below or via email at firstname.lastname@example.org at any time. We will comply with applicable laws, but may not be able to honor your request in all circumstances.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Personal information received on behalf of Customers or third parties for the United States market are processed on servers located in the United States. Personal information received on behalf of Customers or third parties based in the European Economic Area countries will be processed on servers based in Europe. We do not store personal information received in connection with use of our Site or our Products. Your personal information may be transferred to locations outside Europe as well from third party services providers we use.
Where we transfer your personal information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
• the country to which we send the personal information may be approved by the European Commission
• the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information, or
• where the recipient is located in the United States, it may be a certified member of the EU-US Privacy Shield scheme.
In other circumstances, the law may permit us to otherwise transfer your personal information outside Europe. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.
You can obtain more details of the protection given to your personal information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by contacting us using the details set out below.
Payfone does not knowingly collect personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to Payfone through the Site or Products, please contact us at email@example.com and we will endeavor to delete that information from our databases.
245 5th Avenue, 11th Floor
New York, NY 10016
Alternatively, you can contact us through the Contact Us section of our website.