Privacy Notice
This “Privacy Notice” describes the practices of the DPS Corporate group of companies, including DPS Corporate and its subsidiaries and affiliates (collectively, “DPS Corporate”, “we”, “us”, or “our”) and the rights and choices available to individuals, regarding personal data. Personal data means any information that relates to an identifiable individual.
DPS Corporate may provide separate privacy notices that apply to specific products or services that we offer, in which case this Privacy Notice does not apply. Where this Privacy Notice applies, DPS Corporate may provide additional or supplemental privacy notices to individuals at the time we collect their data, which will govern how we may process the information provided at that time. We may alter this Privacy Statement as needed for certain products and services and to abide by local laws or regulations around the world, such as by providing supplemental information in certain countries. This Privacy Notice does not apply to DPS Corporate’s processing of the personal data of its personnel, such as employees and contractors.
We provide important information here for individuals located within Member States of the European Union, countries in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe” or “European”).
Table of Contents
- The personal data we collect
- How we use your personal data
- How we share your personal data
- Your rights and choices
- International transfers
- How we keep your data safe
- This Website May Link to Other Websites
- Additional Information for European Users
- Changes to this Privacy Notice
- Contact Us
- The personal data we collect
We collect personal data about individuals from various sources described below. Where applicable, we indicate whether and why individuals must provide us with personal data, as well as the consequences of failing to do so.Information that we collect directly from individuals and the parties with which we do business
We may collect personal data directly from individuals and the parties with which we do business, including prospects. These may include parties that interact with us directly (such as individuals who download our mobile applications or job applicants), parties to which we provide goods or services (such as clients, banks or financial institutions, merchants, and individuals) (collectively, “clients”), parties that provide services to us (such as vendors) (collectively, “service providers”), and other parties with whom we offer or provide products and services (such as independent sales organizations) (collectively, “partners”). We may collect information from these parties in a variety of contexts, such as when completing one of our online forms, making an application for one of our products or services, interacting with us on social media, or corresponding with us. The types of information we obtain in these contexts include:
- Contact information of the business entity and its personnel who interact with us, such as name, job title, address, telephone number, and email address
- Profile information, such as username and password that an individual may establish on one of our websites or mobile applications, along with any other information that an individual enters into their account profile
- Demographic details, such as date of birth, country of citizenship and/or country of residence
- Information about individuals’ affiliation with a legal entity, such as an individual’s role, and whether he or she is a beneficial owner or authorized signatory
- Government-issued identification numbers (to the extent permitted under applicable law), such as a national identification number (e.g., a Social Security Number, tax identification number, or passport number), state or local identification number (e.g., a Driver’s License or other government-issued identification number), and a copy of your government-issued identification card
- Feedback and correspondence, such as information you provide when you request information from us, receive customer support, or otherwise correspond with us, including by interacting with our pages on social networking online sites or services
- Financial account information, such as payment card or bank account details
- Information about merchants, such as merchant name, merchant ID and category code, merchant location where a transaction occurred, and information about transactions processed by the merchant, including transaction volume, velocity, amounts, types of goods or services sold, and chargeback ratios
- Information related to the use of DPS Corporate products or services, such as account information, spending thresholds, spending activity and patterns, and information about the transactions we process
- Precise geolocation information, if you authorize our mobile application to access your location
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with our marketing communications
- Other information supplied by job applicants, such as professional credentials and skills, educational and work history, and other information of the type included on a resume or curriculum vitae
Information that we collect about individuals who do not interact with us directly
We may receive personal data about individuals who do not interact with us directly. For example, our clients, service providers, and partners may provide us with information about individuals other than themselves when using our products or services. In addition, due to the unique nature of DPS Corporate’s business, in many cases, DPS Corporate obtains personal data from other participants in a transaction processing chain, such as card associations and debit network operators and their members. The types of information we receive about third parties includes:
- Information about the personnel of our clients, service providers, or partners, such as the business contact information that our clients, service providers, or partners provide to us in the context of our contractual relationships with them
- Information about potential job candidates, such as when a recruiter contacts us about an individual who may become a candidate for a job at DPS Corporate
- Information about customers of our clients that our clients send to us or allow us to collect in the context of the services that DPS Corporate performs, such as information related to financial transactions initiated by the customer, account registrations, and in some cases information needed to verify a customer’s identity and details of products or services purchased, and as otherwise stated in an applicable specific privacy notice for a DPS Corporate product or service. Where our technology is incorporated into a merchant’s mobile application or website, we also may automatically collect certain information of the type described in the section below titled “Information collected via automated means.”
- Information obtained when processing transactions, such as information about payment transactions
Information we collect from private and publicly accessible sources
We and our service providers may collect information about individuals that is publicly available, including by searching publicly accessible government lists of restricted or sanctioned persons (such as the Specially Designated Nationals And Blocked Persons List), public records databases (such as company registries and regulatory filings), and by searching media and the internet. We and or our third party verification providers may also collect information from private or commercially available sources, such as by requesting reports or information from credit reference and fraud prevention agencies, to the extent permitted under applicable law.
We may also maintain pages for our company and our products and services on a variety of third-party platforms, such as LinkedIn, Facebook, Twitter, Google+, YouTube, Instagram, and other social networking services. When you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the third-party platform provides us with information about our pages on those platforms or your interactions with them, we will treat that information in accordance with this Privacy Notice.
Information collected via automated means
When you access our websites or use our mobile applications, we, our service providers, and our partners may automatically collect information about you, your computer or mobile device, and activity on our websites or mobile applications. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on or in our websites or mobile applications, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Certain products or services that we provide or which merchants may incorporate into their websites or mobile applications may automatically collect additional information, as may be further described in a separate privacy notice.
Our service providers and business partners may collect this type of information over time and across third-party websites. This information is collected via various mechanisms, such as via cookies, web beacons, embedded scripts, through our mobile applications, and similar technologies. This type of information may also be collected when you read our HTML-enabled emails.
Sensitive personal data
In limited circumstances and when permitted by law, we may request biometric data to confirm your identity, such as when we authenticate a payment using your fingerprint. In some circumstances, we may collect information that may reveal health or medical information, such as when we process transactions at health or medical facilities or pharmacies. In the context of processing employment applications, we may also request sensitive information, such as racial or ethnic origin or information about disability, where required or permitted by law of the country in which you are applying for employment.
Outside of these contexts or otherwise as we specifically request, we ask that you not provide us with any sensitive personal data (meaning information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic, health, or biometric information, information about sex life or sexual orientation, or criminal convictions or offenses) through our websites or mobile applications, or otherwise to us.
- How we use your personal data
We use your personal data for the purposes of:Providing our products and services, which includes:
- Operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services
- Fulfilling a payment transaction initiated by you (either with us or our client)
- Managing our relationship with you or your company
- Carrying out our obligations, and exercising our rights, under our agreement with you or your company
- Communicating with you regarding your account with us, if you have one, including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages)
- Personalizing the manner in which we provide our products and services
- Checking for fraud or money laundering and/or managing either our or our clients’ risk
- Administering and protecting our business
- Providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback
For research and development
We use the information we collect for our own research and development purposes, which include:
- Developing or improving our products and services
- Developing and creating analytics and related reporting, such as regarding industry and fraud trends
Marketing
We may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you.
We may contact you with marketing communications using the personal data you have provided to us if you have actively expressed your interest in making a purchase or have made a purchase from us and, in any case, you have not opted out of receiving that marketing, to the extent permitted by applicable law.
Where required by law, we will get your express opt-in consent before we share your personal data with any company outside the DPS Corporate group for marketing purposes.
You can ask us to stop sending you marketing messages at any time by contacting us using the details at the Contact us section or clicking on the opt-out link included in each marketing message.
Should you choose to opt out of receiving our marketing messages, we will continue to carry out our other relevant activities using your personal data, including sending non-marketing messages.
Managing our recruiting and processing employment applications
We process personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
Complying with law
We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
Compliance, fraud prevention and safety
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent
In some jurisdictions, applicable law may require us to request your consent to use your personal data in certain contexts, such as when we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third party partners, you may withdraw your consent by contacting those partners directly.
To create anonymous data
We may create anonymous data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
- How we share your personal data
Companies within the DPS Corporate group We may disclose your personal data to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Notice.
Service providers
We may employ third party companies and individuals to administer and provide services on our behalf (such as companies that provide customer support, companies that we engage to host, manage, maintain, and develop our website, mobile applications, and IT systems, and companies that help us process payments). These third parties may use your information only as directed by DPS Corporate and in a manner consistent with this Privacy Notice, and are prohibited from using or disclosing your information for any other purpose.
Our clients
When DPS Corporate performs services for its clients, it may share personal data with those entities. For example, DPS Corporate may collect information about a client’s customers from or on behalf of the client, such as when DPS Corporate processes payment transactions, and DPS Corporate may provide personal data about those customers back to the client. We are not responsible for the privacy practices of our clients.
Participants in the transaction processing chain
DPS Corporate shares personal data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members.
Credit reference, fraud protection, risk management, and identity and verification agencies
DPS Corporate shares personal data with credit reference, fraud protection, risk management, and identity verification agencies to help guard against, detect, and respond to fraud or money laundering, and/or manage our or our clients’ risk, and ensure we comply with contractual, legal, or regulatory requirements.
Professional advisors
We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Compliance with Laws and Law Enforcement; Protection and Safety
DPS Corporate may disclose information about you to government or law enforcement officials (including tax authorities) or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our products and services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Business Transfers
DPS Corporate may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Notice.
To Other Parties with Your Permission or to Fulfill a Contract They Have With You
DPS Corporate may transfer your personal data to any third party who is not otherwise covered by the other listed categories above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfil that contract.
- Your rights and choices
In this section, we describe the rights and choices available to all users. Users who are located in Europe may read additional information about their rights below.Marketing communications
You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages.
Targeted online advertising
Some of the business partners that collect information about users’ activities on our websites or in our mobile applications may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising on websites through participating members of the following organizations or programs:
- Network Advertising Initiative (USA)
- Digital Advertising Alliance (USA)
- European Interactive Digital Advertising Alliance (Europe)
- Digital Advertising Alliance of Canada (Canada)
- Australian Digital Advertising Alliance (Australia)
- Data Driven Advertising Initiative (Japan)
Users of mobile applications may opt out of receiving targeted advertising in mobile applications through participating members of the Digital Advertising Alliance by installing the AppChoices mobile application, available here, and selecting the user’s choices. In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Apple ID for Advertising associated with your mobile device.
Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioural advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.
Choosing not to provide your personal data
Where we request personal data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we, or our clients, may be unable to provide products or services to you. For example, we may be unable to process your transaction.
Accessing, modifying or deleting your information
In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their personal data in some. You may contact us directly to request access to, or modify or delete your information. We may not be able to provide access to, modify, or delete your information in all circumstances.
Complaints
If you have a complaint about our handling of your personal data, you may contact our data protection officer using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.
- International transfers Your personal data may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where we or our service providers maintain offices and where privacy laws may not be as protective as those in your jurisdiction. If we make such a transfer, we will require that the recipients of your personal data provide data security and protection in accordance with applicable law.European users should read the important information provided here about transfer of personal data outside of Europe.
- How we keep your data safe We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.We maintain annual compliance with global Payment Card Industry Data Security Standard (PCI DSS) adopted by the payment card brands for all companies that process, store or transmit cardholder data.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- This Website May Link to Other Websites We may also link to third-party websites, mobile applications, and other content. DPS Corporate is not responsible for the privacy practices of any third party, and this privacy notice does not apply to such third party’s websites, mobile applications, or other content. DPS Corporate does not guarantee, approve, or endorse any information, material, services, or products contained on or available through any linked third-party website, mobile application, or other content. DPS Corporate is not responsible for any content on third-party properties to which we link. DPS Corporate provides links to third-party properties or content as a convenience, and visiting or using linked third-party properties or content is at your own risk.
- Additional Information for European Users
Controller and Data Protection Officer
DPS Corporate is made up of different legal entities. References to “DPS Corporate”, “we”, “us” or “our” in this Privacy Notice should be read to refer to the relevant company in the DPS Corporate group responsible for handling your data. We will let you know which member of the DPS Corporate group will be the controller for your data. That information will be provided either in the contract we sign with you or in a privacy notice we provide to you that specifically relates to the relationship we have with you.Legal bases for processingWe are required to inform you of the legal bases of our processing of your personal data, which are described in the table below. If you have questions about the legal basis of how we process your personal data, contact us.
Processing purpose (click link for details) Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal data”. Legal basis Providing our products and services Processing is necessary to perform the contract governing our provision of the products or services or to take steps that you request prior to signing up for the Services. - Marketing
- For research and development
- To manage our recruiting and process employment applications
- For compliance, fraud prevention and safety
- To create anonymous data
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). To comply with law Processing is necessary to comply with our legal obligations Use for new purposes
We may use your personal data for reasons not described in this Privacy Notice where permitted by law and the reason is compatible with the purpose for which we collected it.
Automated Decisions, Credit Reference Agencies and Fraud Prevention Agencies
We sometimes make automated decisions based on your personal data (whether provided by you or collected by us from third parties such as credit reference and fraud prevention agencies). We will only do this where it is required in connection with a contract, authorized by law, or based on your explicit consent. You can contact us for more information on automated decision making. Please also see the “Your individual legal rights” section below.
How long will you use my personal data?
We will use your personal data for as long as necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general terms, we will retain your personal data for the duration of your involvement/engagement with us and for as long as reasonably necessary afterwards; however, we may maintain different retention periods for different products and services. There are also certain types of information which are required to be retained for a certain period by law.
Your individual legal rights
Under certain circumstances, individuals in Europe have rights under data protection laws in relation to their personal data. If you are located in Europe, you may ask us to take the following actions regarding personal data that we hold:
- Access. You are entitled to ask us if we are processing your personal data and, if so, for a copy of the personal data we hold about you, as well as obtain certain other information about our processing activities.
- Correction. If any personal data we hold about you is incomplete or inaccurate, you can require us to correct it, though we may need to verify the accuracy of the new data you provide to us.
- Erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Object. Where our reason for processing your personal data is legitimate interest you may object to processing as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Restriction. You may ask us to suspend our use of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of your personal data is unlawful but you do not want us to erase it;
- where you need us to hold your data for a longer period than we usually would, because you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Transfer. Where it is possible, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data provided by you which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Automated decision making. You have the right not to be subject to automated decision making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases:
- The automated decision is required to enter into, or perform, a contract with you.
- We have your explicit consent to make such a decision.
- The automated decision is authorised by local law of an EU member state.However, in the first two cases set out above, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.
You have the right to make a complaint at any time to a supervisory authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en).
Cross-border data transfer
We transfer your personal data within the DPS Corporate group, including outside of Europe. Whenever we transfer your personal data out of Europe within the DPS Corporate group to countries not deemed by the European Commission to provide an adequate level of protection for personal data, the transfer will be based on our Binding Corporate Rules.
When we transfer personal data outside of Europe to third parties in countries not deemed by the European Commission to provide an adequate level of protection for personal data, the transfer will be made pursuant to:
- A contract approved by the European Commission (sometimes called “Model Clauses” or “Standard Contractual Clauses”);
- The EU-US Privacy Shield;
- The recipient’s Binding Corporate Rules;
- The consent of the individual to whom the personal data relates; or
- Other mechanisms or legal grounds as may be permitted under applicable European law
Please contact us if you would like to receive further information on the specific mechanism used by us when transferring your personal data out of Europe.
- Changes to this Privacy Notice We reserve the right to modify this Privacy Notice at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on our website and in app stores where our mobile applications covered by this Privacy Notice are available for download. We may (and, where required by law, will) also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our website or mobile applications.Any modifications to this Privacy Notice will be effective upon our posting of the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of our products or services after the posting of any modified Privacy Notice indicates your acceptance of the terms of the modified Privacy Notice.