Vantiv eCommerce annually certifies its adherence to the Privacy Shield Principles. To learn more about the EU – U.S. Privacy Shield Framework, please visit https://www.privacyshield.gov/EU-US-Framework. To view Vantiv eCommerce’s certification, please visit https://www.privacyshield.gov/list.
Personal Data Collected and Processed by Vantiv eCommerce
Personal data means information that identifies or can identify an individual whether directly or indirectly and whether processed electronically by automatic means or manually. Vantiv eCommerce receives personal data for individuals related to processing payment transactions initiated through our merchant clients. This data is collected for the purposes of completing a payment for goods and services purchased on our client’s website(s). The personal data collected can consist of payment information such as names, addresses, email addresses, card or account numbers, and CVV codes.
We may also collect your personal data from other sources, such as credit bureaus, affiliates, or other companies.
Disclosures to Third Parties
When Vantiv eCommerce receives personal data from a client for processing, we are acting as an agent for the client, and we do not control or share such data without direction from the client. In relation to such processing, Vantiv eCommerce enters into appropriate agreements with the clients providing that the client is the data controller and is in compliance with the applicable EU data protection laws.
Vantiv eCommerce does not transfer personal data to unrelated third parties unless lawfully directed by our client or in certain limited circumstances in accordance with the Privacy Shield Framework. In the event that Vantiv eCommerce is directed by our client to transfer data to additional data processors, Vantiv eCommerce will enter into appropriate agreements providing that the processor is in compliance with the Privacy Shield. Vantiv eCommerce may be liable if it fails to meet those obligations and Vantiv eCommerce is responsible for the event giving rise to the damage.
Vantiv eCommerce may also share your personal data with other third parties as required or permitted by a duly authorized court order, subpoena, or request for cooperation from a regulatory, law enforcement or other government agency to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend legal claims; when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; or as otherwise required or permitted by applicable laws and/or regulations. In such events we will only disclose data relevant and necessary to the investigation or inquiry.
Vantiv eCommerce may also share information with a third party that acquires all or part of Vantiv or succeeds Vantiv in carrying on all or part of Vantiv’s business by sale, merger, acquisition, or other corporate restructuring.
You can request that Vantiv eCommerce no longer use or share your personal data with third parties or use your data for a purpose different from the purpose for which it was initially collected or subsequently authorized by you. If you wish to submit such a request, please submit your request via email to EUprivacy@vantiv.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required. Please note that not all requests can be honored and that we may only honor reasonable requests. For example, in some cases such a request may not be immediately or fully executed because it is possible that we have a legal obligation to keep using your personal data. Also, you must consider that for certain purposes, the revocation of consent to use your data means that we cannot continue providing the services you requested.
Access and Updates to Personal Data
An individual in the European Union may contact Vantiv eCommerce to learn whether or not personal data relating to him or her is found in Vantiv eCommerce’s databases, learn how any personal data about the individual has been used or disclosed, verify the accuracy of any personal data about the individual, and request correction, amendment and deletion of personal data about the individual. Should you wish to make such an inquiry, please submit your request via email to EUprivacy@vantiv.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required.
Please note that this right only applies to personal data about the individual making the request and is subject to other limitations as defined by law and the Privacy Shield Framework, including where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual, where the rights of other individuals would be violated, where responding to or complying with an individual’s request would interfere with execution of the law or private causes of action, or where responding to or complying with and individual’s request would interfere with countervailing public interests like national security, defense, or public security. This right is also subject to reasonable limits on the number of times within a given period that access requests from a particular individual will be met.
Vantiv eCommerce makes reasonable efforts to only process personal data for the purpose for which it was collected as instructed by our client. Vantiv eCommerce takes reasonable steps to help ensure that personal data is accurate, complete, current, reliable for its intended use, kept only for the period necessary and not excessive for the purposes for which the personal data is processed.
Accountability, Enforcement and Inquiries
Any EU person who is not satisfied with Vantiv eCommerce’s compliance with the EU – U.S. Privacy Shield may contact Vantiv eCommerce to resolve such complaints at EUprivacy@vantiv.com. We will respond within 45 days. If any EU person believes that such a complaint has not been resolved, he or she agrees first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://info.adr.org/safeharbor/.
Any EU person who remains dissatisfied may contact his or her national Data Protection Authority in the country where the person resides. Vantiv eCommerce has agreed to cooperate and comply with appropriate EU Data Protection Authorities and the Department of Commerce in resolving such disputes. If an EU person remains dissatisfied and meets the pre-arbitration requirements of Annex I Part C of the EU – U.S. Privacy Shield Framework, the person may invoke binding arbitration pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework.
Vantiv eCommerce uses a self-assessment approach to ensure compliance with this Privacy Shield Policy, and verifies at least annually that the policy is accurate, comprehensive for the data intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Privacy Shield Principles.
Questions & Contact Information
Any further questions and comments regarding Vantiv eCommerce’s Privacy Shield Policy or practices can be directed in writing to:
Attn: Privacy Operations
8500 Governors Hill Drive,
Cincinnati, OH 45249
Or via email at EUprivacy@vantiv.com
Policy Updated: May 24, 2018