Who we are
- Our Privacy Notice applies to our website (http://Paya.com) and all products, applications and services offered by Paya (together, the “Services”), but excludes any products applications or services that have separate privacy notices which do not incorporate this Privacy Notice.
Information we collect
- Information you provide
- When you interact with our Services you may voluntarily provide us with certain personal information, such as your name (including business name), payment information, address, email address and phone number. You may provide this information to us when you contact us, create an account with us, inquire about careers at Paya, or request information about our Services. We may also collect additional personal information from you as part of signing up for our Services.
- We also collect information you may provide when providing content or commentary to our Services in the form of forum posts, comments, and the like (“User Content”). Please note that User Content is published on our Services and may be viewable by the public.
- We may offer services that allow you to share information with third party social media sites such as Facebook, Google, or others. When you link your account or engage with our Services through third-party social media sites, you understand that you may be allowing us to have ongoing access to certain information stored on those social media sites. We may also collect demographic information, such as your age, gender, or zip code, as well as certain information from third parties that we combine with information you provide to us.
- Information Automatically Collected
- Paya receives personal information for individuals related to processing payment transactions initiated through our merchant clients, and when individuals maintain a card with one of our financial institution clients. This information may include names, card or account numbers, CVV codes, purchase amounts, purchase dates, and methods of payment.
- We also automatically collect other technical information about your use and interaction with our Services, which may be collected through third-party cookies, web beacons and other similar non-cookie technology as described in Section 12 (Tracking Technologies).
- Do Not Track
- Our Services do not respond to Do Not Track signals communicated by your browser.
How we collect information
- To the extent permissible under applicable law, we collect information about you and any other party whose details you provide to us when you:
- register to use our Services;
- place an order using our Services;
- complete online forms (including call back requests), take part in surveys, post on any forums, download information such as white papers or other publications or participate in any other interactive areas that appear within our Services;
- interact with us using social media;
- provide your contact details to us when registering to use or accessing any Services we make available or when you update those details; and
- contact us or otherwise connect with us offline.
- We will also collect your information where you only partially complete and/or abandon any information inputted into our website and/or other online forms and may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.
- We, and our third party partners, automatically collect certain types of usage information when you use our Services or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, file information and similar technology (“tracking technologies”). For example, we may collect the device identification number and type, location information and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history and your web log information). We also collect information about the way you use our Services, for example, the site from which you came and the site to which you are going when you leave our website, the pages you visit, the links you click, how frequently you access the Services, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, and other actions you take on the Services. We may also work with third party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices. For more information about our use of such tracking technologies and choices you may have in relation to such tracking, please refer to Section 12 below (Tracking Technologies).
- We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws.
- If you intend giving us personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protections laws. In so far as required by applicable data protection laws, you must ensure that beforehand you have their explicit consent to do so and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our Privacy Notice.
How we use your information
- To the extent permissible under applicable law, we use your information to:
- provide any information, or services that you have requested or ordered;
- compare information for accuracy and to verify it with third parties;
- provide, maintain, protect and improve our Services;
- manage, monitor, and administer your use of the Services and provide an enhanced, personal, user experience for you;
- manage our relationship with you (for example, customer services and support activities);
- undertake internal testing of our Services or systems to test and improve their security and performance. In these circumstances, we would de-identify any information used for such testing purposes;
- provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
- detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
- contact you to see if you would like to take part in our customer research (for example, feedback on your use of our applications, products and services);
- monitor, carry out statistical analysis and benchmarking, provided that in such circumstances it is on an aggregated basis which will not be linked back to you or any living individual;
- deliver advertising, marketing (including in-product messaging) or information to you which may be useful to you; and
- deliver joint content and services with third parties with whom you have a separate relationship (for example, social media providers).
- To the extent permitted by applicable law, we retain information about you after the closure of your Paya account, if your application for a Paya account is declined or if you decide not to proceed. This information will be held and used for as long as permitted for legal, regulatory, fraud prevention and legitimate business purposes.
- You can manage your privacy settings within your browser or our applications and services (where applicable).
- In addition to the purposes described in this section 4, we may also use information we gather to identify you across multiple devices, for measurement and analytics purposes and to deliver targeted and interest-based advertising, marketing (including in-product messaging) or information to you which may be useful, based on your use of the Services or any other information we have about you (depending on the Services, you may able to configure these features to suit your preferences). To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, please see Section 12 below (Tracking Technologies).
- We may monitor and record our communications with you, including e-mails and phone conversations. Information which we collect may then be used for training purposes, quality assurance, to record details about our website, applications and services you order from us or ask us about, and in order to meet our legal and regulatory obligations generally.
- Mobile data
- We may obtain information through mobile applications that you or your users install on their mobile devices to access and use our website, applications or services or which you or your users use to provide other services related to that mobile application (for example, to sync information from our application or service with such mobile application). These mobile applications may be our own mobile applications or those belonging to third parties. Where the mobile application belongs to a third party, you must read that third party’s own privacy notice as it will apply to your use of that third party mobile application. We are not responsible for such third party mobile applications and their use of your personal information.
- Mobile applications may provide us with information related to a user’s use of that mobile application and use of our applications and services accessed using that mobile application. We may use such information to provide and improve the mobile application or our own application or services. For example, activity undertaken within a mobile application may be logged.
- You can configure our mobile application’s privacy settings on your device but this may affect the performance of that mobile application and the way it interacts with our applications and services.
Sharing your information
- We may share your information with:
- our corporate family, affiliates and subsidiaries;
- our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, payment processing providers, online advertising service providers and other organizations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you;
- partners, including system implementers, resellers, value-added resellers, independent software vendors and developers that may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you;
- third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions and transaction beneficiaries;
- third parties where you have a relationship with that third party and you have consented to us sending information (for example social media sites or other third party application providers);
- third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities;
- credit reference and fraud prevention agencies;
- any third parties to enforce our legal rights and satisfy our legal obligations, including without limitation any reporting or disclosure obligations under applicable law or regulations or subpoena, court order or other judicial or administrative process, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others;
- third parties to comply with the rules, regulations and guidelines of the payment networks in which transactions are processed;
- our professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
- third parties to transfer information and/or assets in the event of a merger, acquisition, sale, bankruptcy filing, or other corporate restructuring; another organization to whom we may transfer our agreement with you; and
- third parties for any other purpose permitted under applicable law and regulation or agreed to in this Privacy Notice or disclosed at the time the information is collected.
- We may share non-personally identifiable information about the use of our Services publicly or with third parties but this will not include information that can be used to identify you.
Third party platform advertising
- We may share your information with third party platform providers (such as Facebook, Google and Twitter) to serve targeted advertising/content to you via the relevant third party platform based on your profile/interests. Your information is used by the third-party platform provider to identify your account and serve advertisements to you. You can control what advertisements you receive via the privacy settings on the relevant provider’s platform and you should consult the third party’s help/support center for more information.
Your information and your rights
- Email Communications.
- From time to time, we may send you emails regarding updates to our Services, notices about our organization, or information about promotional offers from third parties that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain Services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
Changes to our privacy notice
- We may change our Privacy Notice from time to time. We will update this Privacy Notice on our website, so please try to read it when you visit the website (the ‘last updated’ reference tells you when we last updated our Privacy Notice).
Security and storage of information
- We will endeavor to keep your information secure by taking appropriate technical and organizational measures against its unauthorized or unlawful processing and against its accidental loss, destruction or damage. We will take commercially reasonable steps to protect your personal information but we cannot guarantee the security of your information which is transmitted to our Services or to other website, applications and services via an internet or similar connection.
- If you believe your account has been compromised, please contact us at [email protected] or call 800-263-0240 then Press 3
Data Storage and Transfer
- Your information may be stored and processed in the United States or any other country in which Paya or its subsidiaries, affiliates or service providers maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. or any other country in which we or our parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Notice.
Other sites and social media
- If you follow a link from our Services to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
- Our Services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third party social media account(s) to manage what personal information you enable us to access from that account.
- We may share, or we may permit third party online advertising networks, social media companies and other third party services, to collect, information about your use of our website over time so that they may play or display ads that may be relevant to your interests on our Services as well as on other websites or apps, or on other devices you may use. We, or our third party partners, may link your various devices so that content you see on one device can result in relevant advertising on another device. We do this by collecting information about each device you use when you are logged in to our Services. We may also work with third party partners who employ tracking technologies, or the application of statistical modeling tools, to determine if two or more devices are linked to a single user or household. We may share a common account identifier (such as an email address or user ID) with third party advertising partners to help recognize you across devices. Typically, though not always, the information we share is provided through cookies or similar tracking technologies, which recognize the device you are using and collect information, including hashed data, click stream information, browser type, time and date you visited the site, and other information. We and our third party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.
- Our cookies may be session cookies (temporary cookies that identify and track users within our Services which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our Services to “remember” who you are and to remember your preferences within our Services and which will stay on your computer or device after you close your browser or leave your session in the applicable Service).
- We use the following different types of cookies:
- Strictly necessary cookies
- These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our Services or to remember what you have put into your shopping basket.
- Performance cookies and analytics technologies
- These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don’t collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore de-identified. We only use these cookies to improve how our website, applications and services work.
- Functionality cookies
- These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
- Targeting or advertising cookies
- These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization.
- Web beacons and parameter tracking
- IP Address and traffic data
- We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our Services. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
- Find out more about the tracking technologies that we use.
- Google Analytics
- Cross-Device Tracking
- Some of our advertising partners, including, NextRoll, Inc. (“NextRoll”), may collect information from you in order to perform targeted advertising on more than one device that is connected to you (“cross-device tracking). For example, our partners may perform a hash of your email address in order to serve targeted advertising to other devices connected to you. For more information on NextRoll’s privacy practices, please refer to NextRoll’s Privacy Notice.
How to disable tracking technologies
- You may be able to configure your browser or our website, application or service to control the collection of data by web browsers and mobile devices. For example, you can decline to have personal information collected via third party tracking technologies by navigating to the settings feature in your browser and declining all third party cookies or declining third party cookies from specific sites, or, for mobile, limiting ad tracking or resetting the advertiser identifier via the privacy settings on your mobile device. However, if you disable tracking technologies you may find this affects your ability to use certain parts of our website, applications or services.
- For more information about tracking technologies and instructions on how to adjust your browser and device settings to accept, delete or reject some of these technologies, visit www.youronlinechoices.com or allaboutcookies.org.
- To learn more about interest-based advertising and how you may be able to opt-out of personalized advertising, visit the Network Advertising Initiative’s online resources, at www.networkadvertising.org/choices, and/or the DAA’s resources at www.aboutads.info/choices. You may also adjust your ad preferences through your settings on third party platforms you use (such as Facebook, Google and Twitter). In addition, you can opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.
Your California privacy rights
- California Civil Code Section § 1798.83 permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected]
- Our advertising partner NextRoll asks us to make additional disclosures available to California residents relating to NextRoll’s California privacy practices. You can learn more about NextRoll’s California privacy practices by visiting NextRoll’s privacy notice here.
- If you have any queries about how we treat your information, the contents of this notice, your rights under local law, how to update your records or how to obtain a copy of the information that we hold about you, please email us at [email protected].
This Privacy Notice was last modified on 08/21/2020.