Privacy Policy

 

Our Policy

In the course of serving our customers, Electronic Merchant Systems (“EMS”) may collect certain nonpublic personal information relating to your business. We recognize that this information is sensitive and that its privacy should be protected and maintained. In this Privacy Policy, we explain what information we collect about you and why, the limited way we may share that information with affiliates and non- affiliated companies, and how we protect and maintain the privacy of that information.

 

Types of Information We Collect and Why

EMS collects nonpublic personal information from you only to the extent that you agree to provide it. That information includes information we get from you; information about transactions we process for you; and information from other sources like consumer reporting agencies, data resellers, and governmental authorities.

You provide some information directly to us through this website, like who you are, how we can contact you, what you sell, and how much you sell. You also provide information to us indirectly: by accessing this website, for example, you provide us with the IP address of the computer or device you use to connect with us. This information helps us to determine which of our services can be helpful to your business. We also ask for information that allows the money you earn from sales through EMS to end up in the right bank account. We know this information is sensitive and private. But without this information, we will not be able to serve you.

We use this information only for limited purposes such as:

  • Giving you information about our services, and other information you request;
  • Processing transactions between you and your customers;
  • Providing customer service and support;
  • Assessing activity in your account for fraudulent activity; and
  • Complying with federal, state and local laws (including credit reporting laws) and rules of VISA / MasterCard and other card brands.

We will communicate with you regarding these purposes and for others, including marketing. Users may “opt-out” of receiving some future communications from EMS by following the instructions below.

 

Who We Share With and Why

In general, and except for the situations specifically described below, we do not share any information about you or your business with anyone without your express consent.

All financial companies need to share personal information to run their everyday business. We share some of your nonpublic personal information with non-affiliated companies for our everyday business purposes such as processing transactions and maintaining account(s), fraud monitoring, and in responding to court orders and legal investigations, or reporting to credit bureaus. We share such information as needed to process transactions between you and your customers as you and your customer request or authorize, including the authorization, settlement, billing, processing, clearing, transferring, reconciling or collection of amounts charged, debited, or otherwise paid using a debit, credit, or other payment card, check, or account number, or by other payment means. The affiliates and non-affiliated third parties with whom we share nonpublic personal information include non-affiliated financial institutions and service providers directly involved in the transactions we process for you, including banks, the card brands, the automated clearing house, and payment gateways, as well as non-affiliated non-financial companies such as security companies and direct marketers.

Information about you or your business may also be shared in connection with any sale or transfer of all or substantially all of EMS’ assets or business. In all such situations, we stress the confidential nature of the information being shared.

 

What we do with former customer information

We are required by federal, state and local laws (including credit reporting laws) and rules of VISA / MasterCard and other card brands to retain information in our files for former customers. We treat the personal information of former customers the same way we treat such information for active customers.

 

How We Protect the Privacy of Current, Potential and Former Customer Information

Our website has industry standard security measures in place to protect against the unauthorized access to, and loss, misuse, and alteration of the nonpublic personal information and merchant account data we collect and acquire once you become a customer of EMS (including sales and transaction information). This current, potential and former customer information is maintained on EMS’ internal secure network that can be accessed and reviewed only by utilizing a unique user-ID and password. While there is no such thing as “perfect security” on the Internet, we will take all reasonable steps to insure the security of that information. However, we cannot guarantee the security of information provided over the Internet, and we will not be responsible for breaches of security beyond our reasonable control.

 

This Website Is Not For Children

Our services and website are not directed at nor are intended for anyone under the age of 18. We do not knowingly collect or maintain information at our website from children.

 

Changes to this Privacy Policy

This Privacy Policy was implemented in its present form in October 2019.  The CCPA aspects of this Privacy Policy were adopted effective January 1, 2020. We reserve the right to update or modify this Privacy Policy, at any time and without prior notice, by posting the revised version of the Privacy Policy on our website. If we modify this Privacy Policy, the modifications will only apply to the information we collect after we have posted the revised Privacy Policy.

 

How to Contact Us or Opt-Out of Receiving Certain Communications

You may change or modify information about you or your business that you previously provided by clicking this {LINK}, emailing your request to support@emscorporate.com or calling us at 1-800-726-2117. You may also “opt-out” of receiving communications from us for marketing purposes by clicking this link, emailing your request to privacy@emscorporate.com or calling us at 1-800-726-2117.

 

Privacy Policy for California Residents Who Are Natural Persons

Under the California Consumer Protection Act (“CCPA”), California residents who are natural persons have the following rights:

  1. The right to request that we identify the categories of the requesting consumer’s personal information we have collected, the source of that information, our use of that information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
  2. The right to request a copy of the specific personal information collected about the requesting consumer during the 12 months before their request;
  3. The right to request that such information be deleted (subject to certain exceptions);
  4. The right to request that the requesting consumer’s personal information not be sold to third parties; and
  5. The right of a requesting consumer not to be discriminated against for exercising any of the rights listed above.

 

Submitting Requests for Personal Identification and/or Production

The CCPA allows a California consumer to request the identity and/or production of their personal information collected by us. There are three ways to make such a request: clicking this link; going to privacy@emscorporate.com and sending us a message on the designated webform; or by calling us at 1-800-726-2117 and speaking with one of our representatives.

The CCPA limits a requesting consumer to two (2) personal information requests (items 1 and 2 above) in a 12-month period.

We will respond within 45 days of receiving a personal information request. In order to respond, we will need to collect information from the requesting consumer so that we can verify their identity in connection with such requests.

To verify a consumer request to identify categories of personal information, sources, uses, and/or third parties to whom information was disclosed or sold, we may require the consumer to provide at least two data points which we will compare with data points that we maintain.

To verify a consumer request to identify and/or produce specific personal information, we may require the consumer to provide at least three data points which we will compare with data points that we maintain, as well as a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. (We will maintain a copy of the signed declaration as part of our business records.)

 

Categories of Personal Information We Collect

The CCPA identifies numerous categories of “personal information” including: Identifiers (including without limitation names, addresses, telephone and fax numbers, email addresses, other contact information, and government-issued identification numbers), Customer Records protected against security breaches (including without limitation the identifiers mentioned above and bank, credit and other financial account numbers, social security number, user names and passwords, and health/medical information), Protected Classification information (like race, gender, ethnicity, etc.), Commercial information, Internet/electronic activity, Geolocation, Audio/video data, Professional / Employment related information, Education information, Biometrics, and Inferences from the foregoing.

 

Business Purposes for Which We Collect Personal Information

The CCPA defines a “business purpose” as the use of personal information for the business’s or a service provider’s operational purposes, or other notified purposes, provided that the use of personal information shall be reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected. The following activities are considered “business purposes” under the CCPA: Auditing related to a current interaction with the consumer and concurrent transactions, and auditing compliance with laws and other standards (“Auditing”) (this will also include the underwriting and due diligence we perform before we enter into any agreement with a customer); Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity (“Detection”); Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business (“Performance”); Debugging to identify and repair errors that impair existing intended functionality (“Repairs”); Internal research for technological development and demonstration (“Research”); and Verifying or maintaining the quality or safety of, and improving, upgrading, or enhancing, a service or device that is owned, manufactured by, manufactured for, or controlled by the company (“Maintenance”).

 

Categories of Third Parties to Which Personal Information May be Disclosed

The types of entities to which information can be disclosed under the CCPA do not collect personal information directly from consumers, and include without limitation advertising networks (“Ad Networks”), internet service providers (“ISP”), data analytics providers (“Analytics Providers”), government entities (“Government”), operating systems and platforms (“Platforms”), social networks (“Social Networks”), and consumer data resellers (“Resellers”).

 

Personal Information Collected over the Last Twelve (12) Months

The following Table identifies the categories of personal information we have collected over the last twelve (12) months, the sources of that information, our business purposes for collecting the information, and the types of third parties to which we disclosed such information:

Category

Source

Business Purpose

Third Parties

Identifiers such as:

names, addresses, telephone and fax numbers, email addresses, other contact information, government-issued identification numbers

Consumer

Government entities

Consumer data resellers

* Auditing

* Detection

* Performance

* Research

* Maintenance

* ISP

* Analytics Providers

* Government

* Platforms

Customer Records such as:

Identifiers, bank, credit and other financial account numbers, social security numbers, and user names and passwords

Consumer

Government entities

Consumer data resellers

* Auditing

* Detection

* Performance

* Research

* Maintenance

* ISP

* Analytics Providers

* Government

* Platforms

Commercial Information such as:

Past and current businesses, banks, financial institutions, processors, and payment gateways

Consumer

Government entities

Consumer data resellers

* Auditing

* Detection

* Performance

* Research

* Maintenance

* ISP

* Analytics Providers

* Government

* Platforms

Internet/electronic activity such as:

Reports and data from service providers on sales and sales-related activities

Consumer

Government entities

Consumer data resellers

* Auditing

* Detection

* Performance

* Research

* Maintenance

* ISP

* Analytics Providers

* Government

* Platforms

Professional/Employment

Consumer

Government entities

Consumer data resellers

* Auditing

* Detection

* Performance

* Research

* Maintenance

* ISP

* Analytics Providers

* Government

* Platforms

 

Right under CCPA to Request Deletion of Personal Information

The CCPA grants consumers the right to request that we delete any personal information about them which we have collected from them. Except as described below, upon our receipt of such a request, we will delete the personal information from our records and direct any of our service providers to whom we have disclosed that personal information to delete it from their records.

Please note that we are not required to comply with a request to delete if we require the personal information in order to do any of the following:

  1. Complete the transaction for which the personal information was collected from the consumer, provide a good or service requested by the consumer, or reasonably anticipated within the context of our ongoing business relationship with the consumer, or otherwise perform pursuant to a contract we have with the consumer.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  3. Debug to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  7. To enable solely internal uses that are reasonably aligned with the consumer’s expectations based on his or her relationship with us.
  8. Comply with a legal obligation.
  9. Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which he or she provided the information.

We shall use a two-step process for online requests to delete. First, the consumer must clearly submit the request to delete. Second, the consumer must separately confirm that he or she wants the personal information deleted.

In addition, we will verify a consumer request to delete their personal information.

To verify a consumer request to delete, we may require the consumer to provide at least three data points which we will compare with data points that we maintain, as well as a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. (We will maintain a copy of the signed declaration as part of our business records.)

 

Opting out of the Sale of Personal Information

The CCPA grants consumers a right to opt-out of the sale of their personal information by the business. For purposes of the CCPA, “sale of a consumer’s personal information” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

The following are not considered sales of personal information under the CCPA:

  1. A consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party, provided the third party does not also sell the personal information, unless that disclosure would be consistent with the CCPA. An intentional interaction occurs when the consumer intends to interact with the third party, via one or more deliberate interactions. Hovering over, muting, pausing, or closing a given piece of content does not constitute a consumer’s intent to interact with a third party.
  2. The business uses or shares an identifier for a consumer who has opted out of the sale of the consumer’s personal information for the purposes of alerting third parties that the consumer has opted out of the sale of the consumer’s personal information.
  3. The business uses or shares with a service provider personal information of a consumer that is necessary to perform a business purpose if both of the following conditions are met:
    1. The business has provided notice of that information being used or shared in its terms and conditions consistent with the CCPA.
    2. The service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.
  4. The business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently with the CCPA. If a third party materially alters how it uses or shares the personal information of a consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the consumer. This subparagraph does not authorize a business to make material, retroactive privacy policy changes or make other changes in their privacy policy in a manner that would violate California’s Unfair and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of Part 2 of Division 7 of California’s Business and Professions Code).

We must disclose some personal information in order to provide services for which we have been contacted by the consumer, to comply with bank and card brand rules, and to comply with state and federal laws. From time to time, we also share personal information for commercial purposes.

By clicking this link, emailing “privacy@emscorporate.com” a requesting consumer will be able to make a request to opt out of having his or her information shared by clicking on the “Do Not Sell My Info” button. A consumer can also make a request to opt out by calling us at 1-800-726-2117 and speaking with one of our representatives.

The consumer may also exercise his or her opt out right through an authorized agent. In such case, we will require proof of the agent’s authority in the form of an affidavit or declaration under penalty of perjury signed by the consumer designating the agent and stating specifically that the agent is specifically authorized to exercise the consumer’s opt out right, and a written acceptance of that designation and authority signed by the agent. We will verify any request to opt out received from an authorized agent as if the request were made by the requesting consumer.

 

No Financial Incentive

The CCPA requires businesses to notify consumers of any financial incentives for allowing the sale of their personal information. We offer no such incentives. If we change our practice, though, we will amend this Privacy Policy to ensure compliance with the CCPA.

 

Non-discrimination for Exercising New Rights

Consumers have a right not to be subjected to discriminatory treatment for exercising the privacy rights conferred by the CCPA.

 

Questions or Concerns?

Consumers who have questions or concerns about the business’s privacy policies and practices can contact us by clicking this link, emailing privacy@emscorporate.com or by calling us at 1-800-726-2117.

 

October, 2019.  The CCPA aspects of this Privacy Policy were adopted effective January 1, 2020.