Payment Service Network, Inc. Additional U.S. Privacy Disclosures
Last Updated: February 23, 2023
These Additional U.S. Privacy Disclosures (the “U.S. Privacy Disclosures”) supplement the information contained in our Privacy Policy regarding the PSN Services that post or link to these U.S. Privacy Disclosures (collectively, “PSN”, “we”, “us”, or “our”) and apply solely to individual residents of the States of California, Nevada, and Virginia (“data subjects” or “you”).
These U.S. Privacy Disclosures provide additional information about how we collect, use, disclose and otherwise process personal data of individual residents of the States of California, Nevada, and Virginia, either online or offline.
Unless otherwise expressly stated, all terms in these U.S. Privacy Disclosures have the same meaning as defined in our Privacy Policy.
Table of Contents
How We Collect and Use Your Personal Information
How We Disclose Your Personal Data
How to Exercise Your Privacy Rights
Updates to these U.S. Privacy Disclosures
Notices to Payers: Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to contractual restrictions.
PSN provides online payment services as a “processor” or “service provider”, which help our business customers collect payments from individuals who pay their bills online (“Payers”). For example, we may help your utility company or property management collect and process your payments for your bill. If you are a Payer and make payments through our services, we may collect personal data about you, such as your name, address, email, payment information, and payment history. Our business customers (such as your utility company) are primarily responsible for how we use and disclose the personal data we collect in our role as a service provider. For example, we only collect and process your payment information so that we can facilitate the payment of your bill on behalf of the business entity (our customer) who is billing you. If we process your personal data on behalf of one of our business customers, and you have questions about how we process your personal data, we may direct any inquiries about our use of your personal data to that customer.
How We Collect and Use Your Personal Data
Our Privacy Policy contains a general description of the types of personal data we collect. Please review the Personal Data We Collect, How We Use Personal Data, and How We Disclose Personal Data sections of our Privacy Policy to learn more. While we do not “sell” personal data in the traditional sense, we do, however, sell or share personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).
Within the past 12 months, we may have collected the following categories of personal data:
-
Identifiers, such as your name, postal address, IP address, email address, phone number, and online account information;
-
Commercial information, such as records of the Services purchased from us;
-
Professional information, such as the name of your employer and your job title;
-
Internet and other electronic network activity information, such as your IP address, your device information, the length of time you spend with our Services, how often you use our Services, and other usage data;
-
Geolocation data, such as your physical location made available through your IP address;
-
Sensory information, such as audio, electronic, visual, olfactory, or similar information;
-
Biometric information, such as imagery of your face, a voiceprint, or similar information.
-
Inferences drawn from personal data to create a profile, such as reflecting your preferences, characteristics, attitudes, behavior, etc.
We use your personal data primarily to provide services to you, which is described in more detail in our Privacy Policy. Within the past 12 months, our use of your personal data will have depended on how you have interacted with us. For example:
-
If you have an account, we may have used your identifiers, commercial information, and internet and other electronic network activity information to create, register, manage, and service your account.
-
If you have used our services, we may have used your identifiers, commercial information, and internet and other electronic network activity information to provide customer support services.
-
From time to time, we may have used your identifiers, commercial information, and professional information to send you information and updates regarding our services.
-
If you have submitted an inquiry, provided feedback through a survey, or otherwise contacted us, we may have used your identifiers and the other information you provided to respond to your communication and implement your requests.
We may also have used your personal data to verify your identity, maintain the security of our platforms, enhance your user experience, deliver personalized content, and otherwise improve our websites, portals and other services.
Sensitive Personal data
The following personal data elements we collect may be classified as “sensitive” under certain privacy laws (“sensitive information”):
-
Account name and password;
-
Driver’s license number;
-
Credit/debit card number plus expiration data and security code (CVV); and
-
Biometric information.
As described in our Privacy Policy, we use account name and password, as well as payment card information and driver’s license number, and biometric information, to provide certain of our products and services.
We do not sell or share sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising.
Deidentified Information
We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
How We Disclose Your Personal Data
In order to provide our services, we may disclose your personal data to third parties for certain business purposes. In the past 12 months, we have disclosed personal data to the following categories of third parties for the business purposes described above in the “How We Collect and Use Your Personal data” section:
-
To our service providers: We may have shared your personal data with third-party service providers, such as payment processors, clearinghouses, payment settlement organizations, platform hosting providers, and website analytics providers, who help us provide Services to you. We require that our service providers not use or disclose your personal data for any purpose other than for providing services to us.
-
To your respective Payers: We may have shared personal data with your respective payers only to the extent necessary to process transactions.
-
To our affiliates for operational or other business purposes: We may have shared personal data with our affiliates for operational or business purposes such as those outlined above.
-
As part of a reorganization event: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may have disclosed your Personal data to the party or parties of such transaction.
-
To law enforcement or other governmental authorities: From time to time, we may have disclosed your personal data to law enforcement or government agencies (i) when we, in good faith, believed you and others are acting unlawfully; (ii) when we believed it was necessary or appropriate to satisfy any law, regulation or other governmental request; (iii) to respond to government-issued subpoenas, warrants or court orders; (iv) to otherwise comply with our legal obligations; and (v) when we believed disclosure was necessary to protect the health and safety of our personnel, our users and the general public.
Minors Under 16 Years Old
We do not sell the personal data of consumers we know to be less than 16 years of age. We have no actual knowledge of collecting or otherwise processing the personal data of minors under 16 years of age. Please contact us using the email psnprivacy@paymentservicenetwork.com to inform us if you, or your minor child, are under the age of 16.
Your Privacy Rights
Depending on your state of residence, you may be able to exercise some or all of the following rights in relation to the personal data we have collected about you:
The Right to Know
The right to confirm whether we are processing personal data about you and, under California law only, to obtain certain personalized details about the personal data we have collected about you, including:
-
The categories of personal data collected;
-
The categories of sources of the personal data;
-
The purposes for which the personal data were collected;
-
The categories of personal data disclosed to third parties (if any), and the categories of recipients to whom this personal data were disclosed;
-
The categories of personal data sold (if any), and the categories of third parties to whom the personal data were sold; and
-
The categories of personal data shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal data were disclosed for these purposes.
The Right to Access & Portability
The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
The Right to Correction
The Right to Request Deletion
The Right to Control Over Sensitive Information
The Right to Opt Out of Sales or Sharing for Targeted Advertising Purposes
“Shine the Light”
The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
The right to request the deletion of personal data that we maintain about you, subject to certain exceptions.
The right to direct us to limit the use of your sensitive personal data to certain purposes, including to perform the services or provide the goods reasonably by an average consumer who requests those goods or services.
The right to direct us not to sell or share personal data for certain targeted or cross-context behavioral advertising purposes.
California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).
If you choose to exercise your rights, you have the right to not receive retaliatory or discriminatory treatment. That means, that if you exercise some of these rights, it may limit our ability to process your personal data and provide certain features of our Services to you. In addition, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
How to Exercise Your Privacy Rights
Please note we use the same request submission methods as our affiliate, Invoice Cloud. To exercise any of these rights you may:,
-
Complete the online request form found at www.invoicecloud.com/data-privacy-request-form;
-
Call toll-free 1-888-603-0094; or
-
Send an email to PSNPrivacy@paymentservicenetwork.com. Please include,
-
Requestor’s first and last name;
-
Mailing address;
-
Primary e-mail address;
-
Primary phone number;
-
Customer ID (if applicable);
-
The last day/time you logged into your account (if applicable);
-
State of residency; and
-
Type of request.
We will take steps to verify your identify before processing your request to know or request to delete.
We will not fulfill your request unless you have provided sufficient information for us to reasonably verify your identity. For example:
-
If you have an account with us, we may use our existing account authentication practices to verify your identity.
-
If you do not have an account with us, we may request additional information about you to verify your identity. As a result, we require requests to include name, email address, primary phone number, customer ID (if applicable), the last day/time you logged into your account (if applicable), and state of residency. Although we try to limit the personal data collected in connection with a request to exercise any of the above rights, certain requests may require us to obtain additional personal data from you. In certain circumstances, we may decline a request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states. We will only use the personal data provided in the verification process to verify your identity and to track and document request responses, unless you have initially provided the information for another purposes.
To Exercise the Right to Opt Out of the Selling or Sharing of Personal data for Targeted Advertising Purposes
Unless you have exercised your Right to Opt Out, we may “sell” or “share” your personal data to third parties for targeted or cross-context behavioral advertising purposes. The third parties to whom we sell or share personal data may use such information for their own purposes in accordance with their own privacy statements, which may include reselling or sharing this information to additional third parties.
You do not need to create an account with us to exercise your Right to Opt Out. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal data provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics and targeted ads, please email psnprivacy@paymentservicenetwork.com.
Authorized Agent
In certain circumstances, you may use an authorized agent to submit to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request. To protect your personal data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
Appealing Privacy Rights Decisions
Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us using the email inbox of our affiliate, Invoice Cloud, at psnprivacy@paymentservicenetwork.com with the subject line, “Privacy Request Appeal.”
Data Retention
We retain personal data only for as long as is reasonably necessary to fulfill the purpose for which it was collected. However, if necessary, we may retain personal data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority.
To determine the appropriate duration of the retention of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
Therefore, we retain personal data for as long as the individual continues to use our services for the purposes explained in the How We Use Your Personal Data section in our Privacy Policy. When an individual discontinues the use of our services, we will retain their personal data for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices they have made, such as to receive marketing communications. In particular, we will retain call recordings, the personal data supplied when joining our services, including complaints, claims (for insurance products) and any other personal data supplied during the duration of an individual’s contract with us for the services until the statutory limitation periods have expired, when this is necessary for the establishment, exercise or defense of legal claims.
Once retention of the personal data is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if this is not possible (for example, because personal data has been stored in backup archives), then we will securely store the personal data and isolate it from further processing until deletion or deidentification is possible.
Updates to these U.S. Privacy Disclosures
We will update these U.S. Privacy Disclosures from time to time. When we make changes to these U.S. Privacy Disclosures, we will change the “Last Updated” date at the beginning of this notice. If we make material changes to these U.S. Privacy Disclosures, we will notify you through appropriate communication channels. All changes shall become effective from the “Last Updated” date, unless otherwise provided in these U.S. Privacy Disclosures.