Effective Date: May 20, 2019
Policy Scope and Links to Other Services
The Information We Collect and How We Use It
PayActiv collects personal information about you in order to:
- identify you each time you wish to have a Service provided;
- customize your experience;
- operate, maintain, enhance and provide all the features of the Service, to provide services and information that you request, to respond to comments and questions and otherwise to provide support to users;
- understand and analyze the usage trends and preferences of our users, to improve the Service, to develop new products, services, features, and functionality, and to perform and participate in studies and develop marketing materials; and
- contact you for administrative purposes such as customer service, or to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties.
When you use the Service or a Third-Party Service, we may collect information about you, either directly from you or from the entity that operates the Third-Party Service. Personal information we collect may include:
- first name;
- last name;
- email address;
- physical address(es);
- phone number;
- employee identification number;
- driver’s license number;
- date of birth; and/or
- geographic location.
We collect and use the personal information described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business interests. To the extent we process your personal data for other purposes, we ask for your consent in advance.
Through the Service
As is true of most other services, the Service collects certain information automatically and stores it in log files. The information may include (i) internet protocol (“IP”) addresses, (ii) the region or general location where your computer or device is accessing the internet, (iii) browser type, (iv) operating system, and (v) other usage information about the use of the Service, including a history of the pages you view.
When you use the Service, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Please review your web browser “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete, or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential. We may use third party cookies on our Service as well. PayActiv does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Site or who use our Service.
We may also automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users, and may be connected with other information about you.
Aggregated Service Data
In an ongoing effort to better understand and service PayActiv’s customers, at times PayActiv conducts research on its customer demographics, interests and behavior based on the personal information and other information provided to us. This research may be compiled and analyzed on an aggregate basis and PayActiv may share this aggregate data with its affiliates, agents, and business partners. This aggregate information does not identify you personally and is not considered to be personal information.
When and How We Share Information with Others
We share personal information with third parties who are facilitating the delivery of Services. These third parties, which may include financial institutions that process disbursements of funds or third-party web hosts, may have access to or process information about you as part of providing those services for us. Generally, we limit the information provided to these service providers to information that is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. Such third parties must agree to use such personal data only for the purposes for which they have been engaged by PayActiv and they must either:
- comply with the privacy principles or another mechanism permitted by applicable European Union data protection law(s) for transfers and processing of Personal Data; or
We may disclose information about you to your employer in order to enable us to verify your identify and otherwise provide the Service to you.
We may disclose information about you if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose information about you that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available; or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
Information about our users may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
We may make certain aggregated, automatically-collected, or otherwise de-identified information available to third parties for various purposes, including: (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
Your Choices About Your Information
We offer you choices regarding the collection, use, and sharing of your personal information and we’ll respect the choices you make. Please note that if you decide not to provide us with the personal information that we request, you may not be able to access all of the features of the Services.
If you wish to access or amend any personal information you have provided to us, you may do so through the Service or through a Third-Party Service, or you may contact us at firstname.lastname@example.org. In your request, please note you are writing about “personal information” in the subject or body of the email. Please note that while any changes you make will be reflected in active databases within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits our customers who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If you are a California resident and would like to make such a request, please submit your request to email@example.com. In your request, please attest to the fact that you are a California resident and provide a current California address for our response.
If you receive marketing email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving marketing email from us by sending your request to us by email at firstname.lastname@example.org or by writing to us at the address given at the end of this Policy. In your request, please note you are writing to “unsubscribe” in the subject or body of the email or correspondence.
Please be aware that if you opt out of receiving marketing email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may continue receiving promotional communications from us during that period. After you opt out from receiving marketing messages from us, you will continue to receive administrative messages from us regarding the Service.
Security of Your Information
We maintain physical, technical and administrative safeguards to protect your personal information. Our servers are located in the United States and to provide you with the Services, we may store, process and transmit information in the United States. Personal information may also be stored locally on the device you use to access the Services.
When you submit information to us, your information is protected both online and offline. Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. The computers/servers in which we store personal information are kept in a secure environment. Only employees who need access to the information to perform a specific job (for example, in order to provide customer service) are granted access to personal information. In addition, we commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
Compromise of Personal Information
We only retain collected personal information for a limited period of time for as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
All data in the PayActiv platform is retained for 7 years as required by law. A customer may request deletion of their data, but certain transaction information must be retained for legal purposes. After 7 years, personal information is deleted but certain non-specific transactional information is retained.
If you would like to inquire as to what, if any, of your personal information we have or request deletion of any personal information you have submitted to us, please contact us at email@example.com. In your request, please note you are writing about “personal information” in the subject or body of the email.
PayActiv is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, PayActiv is potentially liable.
In compliance with the Privacy Shield Principles, PayActiv commits to resolve complaints about our collection or use of your personal information. EU residents with inquiries or complaints regarding our Privacy Shield policy should first contact PayActiv by email at firstname.lastname@example.org and note you are writing about “Privacy Shield Inquiry” in the subject or body of the email or by postal mail sent to:
Attn: Privacy Shield Inquiry
4300 Stevens Creek Blvd. Suite 185
San Jose, CA 95129
PayActiv has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
PayActiv does not knowingly collect personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through the Services. If you have reason to believe that a child under the age of 13 has provided personal information to PayActiv through the Services, please contact us, and we will endeavor to delete that information from our databases.
4300 Stevens Creek Blvd. Suite 185
San Jose, CA 95129