Worldpay eCommerce, LLC (“Worldpay eCommerce”), formerly Vantiv eCommerce, LLC, complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data received from the European Union and Switzerland. As Worldpay eCommerce is a U.S. company, it has voluntarily decided to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Worldpay eCommerce annually certifies its adherence to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification please visit https://www.privacyshield.gov/.
Personal Data Collected and Processed by Worldpay eCommerce
Personal data means information that identifies or can identify an individual whether directly or indirectly and whether processed electronically by automatic means or manually. Worldpay eCommerce receives personal data for individuals related to processing payment transactions initiated through our merchant clients. This data is collected for the purposes of completing a payment for goods and services purchased on our client’s website(s). The personal data collected can consist of payment information such as names, addresses, email addresses, card or account numbers, and CVV codes.
We may also collect your personal data from other sources, such as credit bureaus, affiliates, or other companies.
Disclosures to Third Parties
When Worldpay eCommerce receives personal data from a client for processing, we are acting as an agent for the client, and we do not control or share such data in a manner that would violate any agreement with the client. In relation to such processing, Worldpay eCommerce enters into appropriate agreements with the clients providing that the client is the data controller and is in compliance with the applicable EU and Swiss data protection laws.
Worldpay eCommerce does not transfer personal data to unrelated third parties unless lawfully permitted by our client, to a Worldpay-approved service provider or business partner, or in certain circumstances in accordance with the Privacy Shield Framework. In the event that Worldpay eCommerce is directed by our client to transfer data to additional data processors, Worldpay eCommerce will enter into appropriate agreements providing that the processor is in compliance with the Privacy Shield. Worldpay eCommerce may be liable if it fails to meet those obligations and Worldpay eCommerce is responsible for the event giving rise to the damage.
Worldpay eCommerce may also share your personal data with other third parties as required or permitted by a duly authorized court order, subpoena, or request for cooperation from a regulatory, law enforcement or other government agency to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend legal claims; when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; or as otherwise required or permitted by applicable laws and/or regulations. In such events we will only disclose data relevant and necessary to the investigation or inquiry.
Worldpay eCommerce may also share information with a third party that acquires all or part of Worldpay or succeeds Worldpay in carrying on all or part of Worldpay’s business by sale, merger, acquisition, or other corporate restructuring.
You can request that Worldpay eCommerce no longer use or share your personal data with third parties or use your data for a purpose different from the purpose for which it was initially collected or subsequently authorized by you. If you wish to submit such a request, please submit your request via email to firstname.lastname@example.org. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required. Please note that not all requests can be honored due to existing legal and regulatory obligations. For example, in some cases such a request may not be immediately or fully executed because it is possible that we have a legal obligation to keep using your personal data. Also, you must consider that for certain purposes, the revocation of consent to use your data may impact the services we provide to you.
Access and Updates to Personal Data
An individual in the EU or Switzerland may contact Worldpay eCommerce to learn whether or not personal data relating to him/her is found in Worldpay eCommerce’s databases, learn how any personal data about the individual has been used or disclosed, verify the accuracy of any personal data about the individual, and request correction, amendment and deletion of personal data about the individual. Should you wish to make such an inquiry, please submit your request via email to email@example.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required.
Please note that this right only applies to personal data about the individual making the request and is subject to other limitations as defined by law and the Privacy Shield Frameworks, including where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual, where the rights of other individuals would be violated, where responding to or complying with an individual’s request would interfere with execution of the law or private causes of action, or where responding to or complying with an individual’s request would interfere with countervailing public interests like national security, defense, or public security. This right is also subject to reasonable limits on the number of times within a given period that access requests from a particular individual will be met.
Worldpay eCommerce makes reasonable efforts to only process personal data for the purpose for which it was collected as instructed by our client. Worldpay eCommerce takes reasonable steps to help ensure that personal data is accurate, complete, current, reliable for its intended use, kept only for the period necessary and not excessive for the purposes for which the personal data is processed.
Accountability, Enforcement and Inquiries
Any EU or Swiss person who is not satisfied with Worldpay eCommerce’s compliance with the Privacy Shield program may contact Worldpay eCommerce to resolve such complaints at firstname.lastname@example.org. We will respond within 45 days. If any EU or Swiss person believes that such a complaint has not been resolved, he or she agrees first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://info.adr.org/safeharbor/.
Any EU or Swiss person who remains dissatisfied may contact his or her national Data Protection Authority in the country where the person resides. Worldpay eCommerce has agreed to cooperate and comply with appropriate EU and Swiss Data Protection Authorities and the Department of Commerce in resolving such disputes.
If an EU person remains dissatisfied and meets the pre-arbitration requirements of Annex I Part C of the EU – U.S. Privacy Shield Framework, the person may invoke binding arbitration pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework.
Worldpay eCommerce uses a self-assessment approach, as well as being subject to routine Internal Audits, to ensure compliance with this Privacy Shield Policy, and verifies at least annually that the policy is accurate, comprehensive for the data intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Privacy Shield Principles.
Questions & Contact Information
Any further questions and comments regarding Worldpay eCommerce, LLC’s Privacy Shield Policy or practices can be directed in writing to:
Worldpay eCommerce, LLC
Attn: Privacy Office
8500 Governors Hill Drive,
Cincinnati, OH 45249
Or via email at email@example.com
Policy Updated: 09/18/2018