Effective Date: May 25, 2018
Hyperwallet provides its services through its group of affiliated operating companies (collectively, “Hyperwallet”), which includes Hyperwallet Systems Inc. (“HWCA”), HSI USA Inc. (“HWUS”), Hyperwallet Systems Europe Limited (“HWEU”) and Hyperwallet Australia Pty Ltd (“HWAU”).
- Collection of Personal Data.
- Use of Personal Data Collected.
Personal data means any information that could be reasonably used to identify You as an individual. This data is collected directly from You and may also be provided directly by Payors. Information collected directly from You may be collected through You calling our Customer Service, recorded communications, the Web Site, and the Pay Portal. This information may include Your name, home address, telephone number, personal e-mail address, Your forwarding address (e.g. during a vacation), previous address(es), billing and account information (such as credit or debit card number, or bank account number), Your mailing preferences, delivery instructions, transaction history, IP address, and service preferences, as well as other information defined as non-public or private information about You pursuant to applicable law.
We use personal data to process payment transactions on a Payor’s behalf, to respond to Your inquiries or requests, and to provide customer support.
We may also use personal data for the following purposes:
- to evaluate a Payor’s application to use our Services;
- to establish Your identity for compliance purposes;
- to conduct manual or systemic monitoring for fraud and other harmful activity;
- to communicate legally required and/or service-related information to You;
- to send B2B marketing communications to Payors, where it is lawful for us to do so;
- to manage complaints;
- to prevent potentially prohibited or illegal activity, and to enforce the applicable Terms;
- as permitted by, and to comply with, any legal (including contractual) or regulatory requirements or provisions;
- and for any other purposes to which you agree in a manner that is legally acceptable under the data privacy laws in your jurisdiction.
We may also use information that we collect in aggregate form to further develop and improve the Web Site and the Pay Portal, and for our own business analyses that will allow us to make informed decisions. By removing the elements of your information that could identify You, we reserve the right to disclose the resulting “anonymized” information without restrictions. For example, we may create anonymized, statistical, and aggregate data to prepare reports about the Web Site and Pay Portal that do not identify any individuals.
We may share personal data about You with the following parties for the purposes described below:
- with our subsidiaries or affiliates to provide joint content, products, and services to You.
- with Payors. You should consult with Your Payor to learn how Your Payor uses any personal data, as we have no control over personal data once it is disclosed to Your Payor.
- with law enforcement, government officials, or other third parties to:
- respond to law enforcement requests or where required by applicable laws, court orders, or government regulations; or
- with a third party where instructed to do so by You.
Hyperwallet does not sell or rent personal data to marketers or unaffiliated third parties. Where lawful to do so, and subject to Payors’ consent where required, we may communicate with Payors (and related business contacts) about our Services. If You wish to unsubscribe from receiving e-mail marketing communications, please opt-out via the unsubscribe link included in such emails, and we will stop sending You communications.
Additionally, for fraud monitoring purposes, we may place “cookies” on Your device to identify it in the future when You use the Pay Portal to connect with our applications. We will transmit a device identification code, as well as IP address and other technical device attributes, to a third-party service that determines whether the devices have been identified with fraudulent or abusive transactions in the past, such as reported instances of identity theft, account takeovers or malware attacks. This information helps us decide whether to accept, deny or review transactions from such personal computers, mobile phones, or other devices. We may report to the third party if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us. If You set your browser or device to reject these cookies or tokens, You may not be able to authenticate Your device or conclude some transactions through the Pay Portal.
We share with the third-party service only information about the device You are using, which may also have been used or appropriated by others, and do not identify You or reveal the details of Your transaction to the third party. To authenticate Your device, You may be required to input a one-time code into Your device. By using our Service, You agree that we, or anyone else on our behalf, may send You such confirmation codes by e-mail or to your mobile phone.
Your personal data is stored in Canada and the United States and may be stored and processed in any other country where we have service providers or in the country where Your Payor is located or be stored “in the cloud.” By using the Web Site or Pay Portal or by providing consent to us (where required by law), You agree to the transfer of information to countries outside of Your country of residence – including to the United States, Canada, European Union and Australia – which may provide for different data protection rules than in Your country.
We will keep personal data about You only for as long as required to fulfill the purposes for which it was collected, and thereafter as permitted or required by applicable law.
You have the right to access the personal data we maintain about You and to impose certain limits on the use and disclosure of such personal data. Individuals who seek access to their personal data may do so by logging into the Pay Portal to view their data or they may send a detailed request to email@example.com; however, for security reasons, the best way to make a request is to do so while logged into the Pay Portal (Go to “Support,” select “Email” and complete the form for “Privacy Concerns”). We reserve the right to charge a reasonable administrative fee where permitted by law, especially if your request is manifestly unfounded or excessive.
Updates or corrections to personal data may be made by You in the Pay Portal in certain instances or by contacting firstname.lastname@example.org. Some of the personal data in your profile may only be updated in your Payor’s system. In such case, your Payor may provide the information to us so that we may update your profile in our systems.
Please note that if we do not collect or receive certain personal data from You, You may not be able to utilize the Services offered on the Web Site or in the Pay Portal, including receipt of funds from the Payor.
We take reasonable steps to protect information about You in our possession and control, such as personal data associated with the Web Site or Pay Portal, and to protect such information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mail sent between You and us may not be secure.
For complaints by individuals residing in the EU or Switzerland that cannot be resolved with Hyperwallet directly, Hyperwallet has chosen to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner’s authority (collectively “DPAs”) and to comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please click here to be directed to the relevant EU DPA contacts and here for the Swiss DPA.
If neither Hyperwallet nor the DPA resolves Your complaint, You may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
Hyperwallet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Complaints from individuals residing in Australia that cannot be resolved with Hyperwallet directly can be sent to the Office of the Australian Information Commissioner (OAIC).
For the purpose of the GDPR and other data protection regulations applicable in the UK, the data controller is Hyperwallet Systems Europe Limited registered in England and Wales, no. 10215249, with a registered office at Suite 211, 63 St Mary Axe London United Kingdom EC3A 8AA.
Specific provisions relating to EU personal data are as follows:
- Legal Bases for Data Processing.
We have two bases for data processing of EU personal data:
- Contract where necessary to carry out payment services (Article 6(1)(b) of the GDPR); and
- Legal obligation to fulfil our compliance obligations and responsibilities (Article 6(1)(c) of the GDPR).
- Your Rights.
You may have some or all of the following rights available to you in respect of your personal data:
- Right of access: to obtain a copy of the personal data we hold about You;
- Right to rectification: to rectify or correct inaccurate personal data about You, including the right to have incomplete personal data completed;
- Right to erasure: to erase Your personal data, in limited circumstances, such as where it is no longer necessary relative to the purposes for which it was collected or processed;
- Right to restrict processing: to limit the processing of your personal data under certain circumstances;
- Right to data portability: to obtain a copy of Your data to securely transfer and reuse elsewhere, in certain circumstances where we justify our processing on the basis of the performance of a contract with You;
- Right to object: to object to processing based on processing for purposes of scientific/historical research and statistics; and
- Rights related to automated decision-making, including profiling: to not be subject to a decision made in this way where it has legal or similarly significant effects on You, unless necessary for entry into or performance of a contract.
You also have the right to lodge a complaint with a supervisory authority for data protection to enforce your rights as specified above. You can find details on how to do this on the UK Information Commissioner’s Office (“ICO”) website at https://ico.org.uk/concerns/.
In relation to all of these rights, the best way to make a request is to do so while logged into the Pay Portal (Go to “Support,” select “Email” and complete the form for “Privacy Concerns”). You may also contact us with a detailed request at email@example.com. Please note that we may request proof of identity. You are entitled to one copy of information free of charge; however, we may charge a reasonable fee if your request is manifestly unfounded or excessive, particularly if it is repetitive. We will endeavor to respond to your request within all applicable timeframes.
- Transfers Outside the EU.
Personal data from the EEA and UK will only be transferred to countries considered as providing an adequate level of legal protection or to entities with suitable alternative safeguards in place, such as model clauses in the form approved by the European Commission, Binding Corporate Rules or participation in an applicable Privacy Shield Framework. Please see below for information about Hyperwallet’s participation in the in the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.
- EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
To learn more about the Privacy Shield program (“Privacy Shield”), and to view our certification (listed under HSI USA Inc.), please visit https://www.privacyshield.gov/.
We limit the collection and use of personal data to that which is necessary to administer our business, including to process payment transactions, protect against fraud, and provide customer service. We may disclose personal data to our third-party service providers, business partners, Payors, and others who assist us in providing our Services. Hyperwallet’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Hyperwallet may be liable with respect to the onward transfer to third parties of EU and Swiss data subjects’ personal data received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, unless Hyperwallet proves that it is not responsible for the event giving rise to the damage.
Additionally, Hyperwallet collects, uses and processes human resources data in the context of an employment relationship with its current employees, applicants and former employees in accordance with the Privacy Shield Principles. In connection with its human resources operations, Hyperwallet may now and/or in the future transfer or provide personal data regarding employees in the EU and Switzerland to other countries where it operates, including the United States. Hyperwallet has further committed to cooperate with EU and Swiss DPAs with regard to unresolved complaints concerning human resources data.
Please note that in certain situations Hyperwallet may be required to disclose personal data if it is the subject of a lawful request by public authorities, including to meet national security or law enforcement requirements.
Last Updated: May 25, 2018