Privacy Policy
Privacy Statement for PayTrace
Because PayTrace takes privacy and data protection issues seriously, we have designed this Privacy Policy to explain how we handle personally identifiable information collected from merchants who use PayTrace's services. As the PayTrace services evolve, we may revise this policy, so please check back frequently. If you have questions about PayTrace's privacy policy please contact us at support@PayTrace.com.
Scope of this Privacy Policy
This Privacy Policy describes PayTrace's treatment of personally identifiable information collected from merchants (hereafter "merchant" or "you") who use PayTrace's services, as well as consumer information that we acquire in the course of our business. This Policy does not apply to the practices of companies that PayTrace does not own or control, or to people that PayTrace does not employ or manage.
Information Collection and Use
PayTrace collects personally identifiable information when you register for a PayTrace account, and when you use certain PayTrace products and services. When you register with PayTrace, we ask for your contact information (such as your name, street address and email address), as well as certain information pertaining to your business, along with billing information such as your bank account number. In the course of processing a payment transaction, we typically receive from the merchant or a financial institution information related to the transaction. This normally includes information about the payment that a consumer has furnished the merchant or financial institution in placing the order. We do not acquire any information directly from consumers through the PayTrace Web site. The personally identifiable information we acquire in processing payment transactions varies according to the nature of the transaction and the way in which merchants or financial institutions are using our payment services. It may include, for example, the amount of the transaction, the consumer's name, credit card number and expiration date, billing address, and shipping address. PayTrace uses the information collected to fulfill your requests for certain products and services, to process payment transactions, to facilitate billing, and otherwise deliver the payment processing services. We may also send merchants service announcements, newsletters, and periodic notices about specials and new products. Personally identifiable consumer information is used to process payment transactions and for no other purpose. PayTrace does not offer services or sell products to children. PayTrace does not request or knowingly collect personally identifiable contact information from anyone under the age of 13.
Like many websites, we use Google Analytics, a service that provides information about how many users visit our website, when they visit, and how they navigate the Site once they are here .
We also may use other Google Analytics tools, such as Demographics and Interest Reporting, which enables us to learn more about the characteristics and interests of the users who visit our website, and Remarketing with Google Analytics, which enables us to provide relevant advertising on different websites and online services.
To learn more about Google's privacy practices, please review the Google Privacy Policy at
https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics here.
Information Sharing and Disclosure
Protecting personally identifiable information about merchants and consumers is an important part of our business. We share and disclose such information only as described below. PayTrace will only send personally identifiable information about you to other companies or people when: 1) we have your consent to share the information; 2) we need to share your information to provide the product or service you have requested. Personally identifiable consumer information is shared with third parties (such as banks and credit card processors) to the extent necessary for PayTrace to deliver payment processing services. We also may release personally identifiable information when we believe release is appropriate to: comply with law; enforce or apply our Merchant Agreement and other agreements; or protect the rights, property, or safety of PayTrace, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction. In the unlikely event that PayTrace is acquired, merchant account information may be one of the transferred assets.
Cookies
PayTrace uses session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. This information allows PayTrace to process your online transactions and requests. Session cookies help us make sure you are who you say you are and are required in order to use the PayTrace shopping cart. Standing alone, cookies do not identify you personally. They merely recognize your browser. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer.
Information Security
Information security is critical to our business. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. We store information gathered on secure computers located in a locked data center. The number of employees involved in the management of the data center that have physical access to these computers is limited. We use firewalls and other security technology to prevent our computers from being accessed by unauthorized persons. We also require that any personally identifiable consumer information sent to us by you be encrypted using SSL encryption. To learn more about SSL, go to:
https://webopedia.internet.com/TERM/S/SSL.html. It is important for you to protect against unauthorized access to your Login ID/password and to your computer. Be sure to sign off when finished using a shared computer and otherwise protect the password used to access the PayTrace services.
Account Information
PayTrace gives merchants the ability to edit PayTrace Account Information and preferences. Once merchants log into their account, they may make such changes through the Account Management menu.
EU-U.S. Privacy Shield Framework
The following provisions govern information collected in reliance on the EU-U.S. Privacy Shield Framework Principles for transfers of personal data from the EU to the United States. PayTrace adheres to the Privacy Shield Principles ("Principles") and is committed to subject to the Principles all personal data received from the EU in reliance on the Privacy Shield. Individuals from whom PayTrace collects personal information under the Privacy Shield have the right to access their personal data by contacting PayTrace at subscriptions@paytrace.com. As a result of certification to the Privacy Shield, PayTrace is subject to the investigatory and enforcement powers of the FTC.
You may access the Privacy Shield List here
https://www.privacyshield.gov/list.
Lawful Requests
PayTrace may be required to disclose personal information pursuant to lawful requests made by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
We take safeguarding your privacy very seriously. If you wish to verify, correct or delete any personal information we have collected, or if you have any questions or concerns, or if you have any complaints, please contact
privacy@paytrace.com
Dispute Resolution
In compliance with the Privacy Shield Principles, PayTrace commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PayTrace at:
privacy@paytrace.com
PayTrace has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit
https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Binding Arbitration
If your claims as to data covered by the EU-U.S. Privacy Shield have not been remedied through dispute resolution directly with PayTrace or through independent dispute resolution as described above, such "residual claims" may be heard by a "Privacy Shield Pane" composed of one or three arbitrators as agreed upon by the parties. The Privacy Shield Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual's data in question) necessary to remedy the violation of the Principles only with respect to the individual. Damages, costs, fees, and other remedies may not be awarded, and each party bears its own attorney's fees. This arbitration option is only available for an individual to determine for such "residual claims" whether PayTrace has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.
Notice
When PayTrace collects personal information from individuals, it will inform the individual of the purpose for which it collects and uses the personal information and the types of non-agent third parties to which PayTrace discloses or may disclose that information. PayTrace shall provide the individual with the choice and means for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to PayTrace, or as soon as practicable thereafter, and in any event before PayTrace uses or discloses personal information for a purpose other than for which it was originally collected.
In instances in which PayTrace is not the controller or collector of the personal information, but only a processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their personal information or providing notices when individuals are first asked to provide personal information to PayTrace. In such instances, PayTrace will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.
Choice
In those instances in which PayTrace collects personal information from individuals, it will offer individuals the opportunity to choose (opt out) whether their personal information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Disclosures to Third Parties
In those instances in which PayTrace collects personal information from individuals, prior to disclosing personal information to a third party, PayTrace shall notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure. PayTrace shall ensure that any agent third party for which personal information may be disclosed subscribes to these principles or are subject to law providing the same level of privacy protection as is required by these principles and agree in writing to provide an adequate level of privacy protection.
Accountability for Onward Transfers
To effectively process data on behalf of our clients, PayTrace may need to share data with certain third parties or sub-processors. PayTrace will remain liable for subsequent transfers to third parties acting as an agent on its behalf if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless PayTrace proves that it is not responsible for the event giving rise to the damage.
Data Security
PayTrace shall take reasonable steps to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. PayTrace has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. PayTrace cannot guarantee the security of information on or transmitted via the Internet.
Data Integrity
PayTrace shall only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, PayTrace shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.
Access
In those instances in which PayTrace collects personal information directly from individuals, PayTrace shall allow those individuals access to their personal information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
Changes to this Privacy Policy
PayTrace reserves the right to modify or amend this Privacy Policy at any time and for any reason. If there are material changes to this statement or in how PayTrace will use personally identifiable information, PayTrace will post notice on the PayTrace homepage at
https://PayTrace.com prior to implementing the change. If you have additional questions about this Policy, please contact us at support@PayTrace.com.
Data Privacy for California Residents
This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the "CCPA") and the California Online Privacy Protection Act ("CalOPPA"), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.
For the purposes of this section "California Data Subject" shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
Information We Collect. PayTrace collects information that identifies, relates to, describes, references is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device ("personal information").
In particular, PayTrace has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:
Category | Examples | Do we collect this data? |
| Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, or other similar identifiers | Yes |
| Characteristics of protected classifications under California or federal law | Race, gender, ethnicity, disability status | No |
| Commercial information | Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | Yes |
| Biometric information | Fingerprint, facial pattern, voice, typing cadence | No |
| Internet or other electronic network activity information | Information regarding usage of a site, software, or app | Yes |
| Geolocation data | Physical location | No |
| Audio, electronic, visual, thermal, olfactory, or similar information | Recordings of a California Data Subject | Yes |
| Professional or employment-related information | Place of work, current occupation, duration of occupation, position/title | Yes |
| Education Information | Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA) | No |
| Inferences drawn from any of the information identified above | Information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | No |
PayTrace has collected the following information from our merchant partners in the past twelve (12) months:
Category | Examples | Do we collect this data? |
| Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, or other similar identifiers | Yes |
| Characteristics of protected classifications under California or federal law | Race, gender, ethnicity, disability status | No |
| Commercial information | Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | Yes |
| Biometric information | Fingerprint, facial pattern, voice, typing cadence | No |
| Internet or other electronic network activity information | Information regarding usage of a site, software, or app | Yes |
| Geolocation data | Physical location | No |
| Audio, electronic, visual, thermal, olfactory, or similar information | Recordings of a California Data Subject | Yes |
| Professional or employment-related information | Place of work, current occupation, duration of occupation, position/title | Yes |
| Education Information. | Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA) | No |
| Inferences drawn from any of the information identified above | Information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | No |
Sources of Personal Information. PayTrace obtains the personal information listed above from the following sources:
Source | Examples | Do we receive from this source? |
| Directly from you | From forms you complete or orders for products and services you purchase. | Yes |
| Indirectly from you | From observing your actions on the Service. | No |
| Third Parties | We are provided information by our third party vendors such as: our Payment Partners, our Technology Hosting Partners, and our Marketing Partners | No |
When processing a payment transaction, we receive information related to the transaction from a merchant, software partner, or a financial institution. This includes information about the payment that a consumer has provided to facilitate the purchase.
Any personally identifiable information we receive in processing payment transactions depends on type of the transaction and the way in which our partners are using our payment services. For example, it may include the amount of the transaction, the consumer's name, credit card number, and expiration date or checking account number, billing address, and shipping address.
Use of Personal Information. We may use or disclose the personal information we collect for one or more of the following business purposes:
A. To fulfill the purpose for which you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may use personal information you provide us to provide technical support. In addition, we may use the above information.
a. To provide, support, personalize, and develop our websites, products, and/or services;
b. To create, maintain, customize, and secure your account with us;
c. To process your requests, purchases, transactions, and payments and prevent transactional fraud;
d. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
e. To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;
f. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
g. As described to you when collecting your personal information or as otherwise set forth in the CCPA.
PayTrace uses the information we collect to fulfill requests to purchase products and/or services, to process payment transactions, to facilitate billing, and otherwise deliver payment gateway services. Personally identifiable information is only used to process payment transactions.
PayTrace will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
PayTrace does not sell your personal information to third parties. PayTrace does share personal information with our third party service providers and vendors in order to provide you the Service.
Your Rights and Choices. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:
A. The categories of personal information we collected about you;
B. The categories of sources for the personal information we collected about you;
C. Our business or commercial purpose for collecting or selling that personal information;
D. The categories of third parties with whom we share that personal information;
E. The specific pieces of personal information we collected about you (also called a data portability request);
F. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
a. sales, identifying the personal information categories that each category of recipient purchased; and
b. disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your disclosure and/or deletion request if retaining the information is necessary for us or our service providers to:
A. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
B. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
C. Debug products to identify and repair errors that impair existing intended functionality;
D. Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;
E. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code - 1546 seq.)
F. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
G. Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;
H. Comply with a legal obligation, such as other privacy or data protection statutes and regulations that place restrictions on our ability to disclose information including, but not limited to, the Gramm-Leach-Bliley Act, PCI Data Security Standards, and state privacy acts; and
I. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by sending us an email at privacy@paytrace.com or calling us at (888) 806-6545.
Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.
You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:
A. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
B. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor's identity or authority to make the request.
We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.
Right of Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:
A. Deny you goods or services.
B. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
C. Provide you a different level or quality of goods or services.
D. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
California Do-Not-Track Disclosures
PayTrace does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. Third parties that have content embedded on PayTrace's websites, software, or mobile applications (e.g. social features) may set cookies on a user's browser and/or obtain information about the fact that a web browser visited a specific PayTrace website from a certain IP address. Third parties cannot collect any other personal identifiable information from PayTrace's websites unless you provide it to them directly.