Menu

Worldpay eCommerce, LLC (“Worldpay eCommerce”), formerly Vantiv eCommerce, LLC, complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data received from the European Union and Switzerland. As Worldpay eCommerce is a U.S. company, it has voluntarily decided to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and is subject to the investigatory and enforcement powers of the Federal Trade Commission.

By using our client’s ecommerce sites, EU and Swiss individuals are permitting the transfer of personal data to Worldpay eCommerce, LLC in the United States, which has different data protection laws than those in European Union member countries and Switzerland. The transfer of information will be in furtherance of a contract to which you are a party.  In other cases, the transfer of information will be consistent with the legitimate interests of Worldpay eCommerce. In other cases, we rely on your consent to the transfer of this information for the uses described in the Privacy Shield Policy and in our general Privacy Policy to the extent permitted by EU and Swiss laws.

Worldpay eCommerce adheres to the Privacy Shield Principles. As such, Worldpay eCommerce commits to subject all personal data received from the EU and Switzerland to the Principles, and therefore this policy shall govern Worldpay eCommerce’s use of your personal data if there is any conflict between this policy and those contained in our general Privacy Policy.

Worldpay eCommerce annually certifies its adherence to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification please visit https://www.privacyshield.gov/.

Personal Data Collected and Processed by Worldpay eCommerce

Personal data means information that identifies or can identify an individual whether directly or indirectly and whether processed electronically by automatic means or manually. Worldpay eCommerce receives personal data for individuals related to processing payment transactions initiated through our merchant clients. This data is collected for the purposes of completing a payment for goods and services purchased on our client’s website(s). The personal data collected can consist of payment information such as names, addresses, email addresses, card or account numbers, and CVV codes.

We may also collect your personal data from other sources, such as credit bureaus, affiliates, or other companies.

Disclosures to Third Parties

When Worldpay eCommerce receives personal data from a client for processing, we are acting as an agent for the client, and we do not control or share such data in a manner that would violate any agreement with the client. In relation to such processing, Worldpay eCommerce enters into appropriate agreements with the clients providing that the client is the data controller and is in compliance with the applicable EU and Swiss data protection laws.

Worldpay eCommerce does not transfer personal data to unrelated third parties unless lawfully permitted by our client, to a Worldpay-approved service provider or business partner, or in certain circumstances in accordance with the Privacy Shield Framework. In the event that Worldpay eCommerce is directed by our client to transfer data to additional data processors, Worldpay eCommerce will enter into appropriate agreements providing that the processor is in compliance with the Privacy Shield. Worldpay eCommerce may be liable if it fails to meet those obligations and Worldpay eCommerce is responsible for the event giving rise to the damage.

Worldpay eCommerce may also share your personal data with other third parties as required or permitted by a duly authorized court order, subpoena, or request for cooperation from a regulatory, law enforcement or other government agency to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend legal claims; when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; or as otherwise required or permitted by applicable laws and/or regulations. In such events we will only disclose data relevant and necessary to the investigation or inquiry.

Worldpay eCommerce may also share information with a third party that acquires all or part of Worldpay or succeeds Worldpay in carrying on all or part of Worldpay’s business by sale, merger, acquisition, or other corporate restructuring.

Choice

You can request that Worldpay eCommerce no longer use or share your personal data with third parties or use your data for a purpose different from the purpose for which it was initially collected or subsequently authorized by you. If you wish to submit such a request, please submit your request via email to privacyoffice@worldpay.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required. Please note that not all requests can be honored due to existing legal and regulatory obligations. For example, in some cases such a request may not be immediately or fully executed because it is possible that we have a legal obligation to keep using your personal data. Also, you must consider that for certain purposes, the revocation of consent to use your data may impact the services we provide to you.

Access and Updates to Personal Data

An individual in the EU or Switzerland may contact Worldpay eCommerce to learn whether or not personal data relating to him/her is found in Worldpay eCommerce’s databases, learn how any personal data about the individual has been used or disclosed, verify the accuracy of any personal data about the individual, and request correction, amendment and deletion of personal data about the individual. Should you wish to make such an inquiry, please submit your request via email to privacyoffice@worldpay.com. To begin processing your request we require your name, address, and email address. We will follow up with you to verify the request, and obtain any additional information required.

Please note that this right only applies to personal data about the individual making the request and is subject to other limitations as defined by law and the Privacy Shield Frameworks, including where the burden or expense of providing access would be disproportionate to the risks related to the privacy of the individual, where the rights of other individuals would be violated, where responding to or complying with an individual’s request would interfere with execution of the law or private causes of action, or where responding to or complying with an individual’s request would interfere with countervailing public interests like national security, defense, or public security. This right is also subject to reasonable limits on the number of times within a given period that access requests from a particular individual will be met.

Security

Worldpay eCommerce has adopted technical, physical, and administrative security measures adopted under U.S. law and regulations to help protect the security of your personal data. For additional information regarding our security measures, please see the section entitled “Security,” in our general Privacy Policy.

Data Integrity

Worldpay eCommerce makes reasonable efforts to only process personal data for the purpose for which it was collected as instructed by our client. Worldpay eCommerce takes reasonable steps to help ensure that personal data is accurate, complete, current, reliable for its intended use, kept only for the period necessary and not excessive for the purposes for which the personal data is processed.

Accountability, Enforcement and Inquiries

Any EU or Swiss person who is not satisfied with Worldpay eCommerce’s compliance with the Privacy Shield program may contact Worldpay eCommerce to resolve such complaints at privacyoffice@worldpay.com. We will respond within 45 days. If any EU or Swiss person believes that such a complaint has not been resolved, he or she agrees first to try and settle the dispute by mediation, administered by the International Centre for Dispute Resolution under its Mediation Rules, before resorting to arbitration, litigation, or some other dispute resolution procedure. The rules governing these procedures and information regarding how to file a claim free of charge can be found here: http://info.adr.org/safeharbor/.

Any EU or Swiss person who remains dissatisfied may contact his or her national Data Protection Authority in the country where the person resides. Worldpay eCommerce has agreed to cooperate and comply with appropriate EU and Swiss Data Protection Authorities and the Department of Commerce in resolving such disputes.

If an EU person remains dissatisfied and meets the pre-arbitration requirements of Annex I Part C of the EU – U.S. Privacy Shield Framework, the person may invoke binding arbitration pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework.

Verification

Worldpay eCommerce uses a self-assessment approach, as well as being subject to routine Internal Audits, to ensure compliance with this Privacy Shield Policy, and verifies at least annually that the policy is accurate, comprehensive for the data intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Privacy Shield Principles.

Questions & Contact Information

Any further questions and comments regarding Worldpay eCommerce, LLC’s Privacy Shield Policy or practices can be directed in writing to:

Worldpay eCommerce, LLC
Attn: Privacy Office
8500 Governors Hill Drive,
Cincinnati, OH 45249

Or via email at privacyoffice@worldpay.com

Policy Updated: 09/18/2018