INTRODUCTION
Stax Payments, Inc., along with its affiliates and subsidiaries (collectively, “Stax,” “we,” “us,” and “our”) is committed to maintaining the privacy and security of personal information.
This Privacy Policy (“Policy”) explains how Stax collects, uses, discloses, and otherwise processes the personal information we collect through our website, www.staxpayments.com, and any other website that posts this Policy (the “Websites”), our mobile app (the “App”), or otherwise in the course of providing our products and services (the “Services”). Note that this Policy does not address our data collection practices with respect to job applicants or employees.
OUR ROLE
Our processing of the personal information we collect as a “service provider” or “processor” under applicable data privacy laws is limited by the restrictions placed on us by our customers. For example, when cardholders make a purchase, or pay an invoice, from one of our customers using our Services, we collect transaction data at our customer’s instruction and on their behalf, pursuant to a contract with our customer. Transaction data may include payment information such as payment card PAN, CVV, expiration date, and zip code. We handle and protect such data in accordance with the Payment Card Industry Data Security Standard (“PCI DSS”). You can learn more about how your information is collected and used by our customers by reviewing the privacy policies of the businesses with which you engage. Our use of information we collect as a “business” or “controller” under applicable data privacy laws, however, is set forth in this Privacy Policy.
INFORMATION COLLECTION
The term “personal information,” refers to information that identifies, relates to, describes or can be reasonably associated with an individual. The personal information we collect about you depends on your relationship with us. For example, we collect the following personal information in the following contexts:
- Customers. We collect personal information from our customers (e., merchants and platforms) and prospective customers in order to respond to their inquiries, facilitate the underwriting process, and provide and bill for our Services. This personal information includes, but is not limited to, business contact information such as name, email, phone number, and address; and information about beneficial owners such as Social Security number, driver’s license number, passport information, citizenship, and date of birth. When we refer to customers, this includes our customer’s employees, agents, and authorized users.
- Business partners. We collect personal information about our business partners. This personal information is typically limited to business contact information such as name, email, phone number, and address. When we refer to business partners, this includes our partner’s employees, agents, and authorized users.
- Website & App users. We collect personal information and other tracking data regarding visitors to our Websites and users of our App.
We receive personal information:
- Directly from the individual or their company;
- Indirectly by monitoring activity on our Websites and App; and
- From publicly available sources such as third party data providers or third party advertising partners.
COOKIES AND TRACKING TECHNOLOGIES
A cookie is a small text file that is stored on your browser or the hard drive of your computer. We—and our third party partners and service providers (such as advertising networks, analytics providers and social media platforms and networks)—use cookies and similar technologies such as tracking pixels and web beacons to collect user activity information including IP address (which is often considered personal information), geolocation data, browser and device characteristics, operating system, language preferences, referring URLs, information about how and when you use the Websites or App, and other technical details. We use the following types of cookies:
- Necessary cookies. These are cookies that are required for the operation of the Websites or App.
- Functionality cookies. These cookies remember choices you make and are used to recognize you when you return to the Websites or App.
- Analytics cookies. These cookies collect information about how you use the Websites or App. They allow us to recognize and count the number of visitors and to see how visitors move around within the Websites or App.
- Advertising cookies. These cookies are used to track your online activity and deliver personalized advertisements.
Our Websites and App use third parties to assist us in analyzing data regarding visitors and delivering personalized advertising. For example, we use Google Analytics to collect information such as the number of visitors to a site, the webpage that referred visitors to a site, and the pages visitors view within a site. You can opt-out of Google Analytics by downloading Google’s Opt-Out Browser Add-on. These third party advertisers may use cookies to track you across websites and serve you advertisements for Stax within other websites you may visit (i.e., targeted advertising).
Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. If you use your browser settings to block all cookies, you may not be able to access all or parts of our Websites.
Some internet browsers have “Do Not Track” or “DNT” features which, when turned on, send a signal to the website that the individual visiting the website does not wish to be tracked. Our Websites do not honor DNT signals, but you can adjust your cookies settings as described above.
Depending on your state of residence, you may have the right to opt-out of targeted advertising activities. See further discussion below under the section titled “California Residents: Your Rights.”
Please be advised, we also utilize the following technologies on our digital properties:
- a tool that allows us to ascertain the business affiliation of visitors to our Website;
- analytics tools to tell us whether you open emails we send to you or click on any links contained therein;
- automated chatbot technologies; and
- session replay technology to monitor your experience on our Websites and App.
INFORMATION USE
We use the information we collect, including personal information, for the following purposes:
- To provide you with our Website, App, and Services
- To create and manage your account
- To provide customer support
- To provide service announcements
- To communicate with you and respond to your inquiries
- To provide information you have requested
- To provide information, newsletters, or advertisements that may be of interest to you
- To solicit feedback and survey responses
- To administer, personalize, and improve our Website, App, and Services
- To develop new features and services
- To generate statistics and de-identified data
- To prevent, detect or fight fraud or illegal activities
- To comply with legal requirements
- For any other purpose with your consent
INFORMATION DISCLOSURE
In the following circumstances, we may share personal information with third parties:
- Disclosures to Service Providers: To assist us in providing our Services, we may share personal information with vendors or service providers, such as providers of hosting services, cloud services, email solutions, data analytics services, advertising services, or support and maintenance services. We do not sell personal information as that term is traditionally defined, but our use of third party analytics and advertising service providers may constitute a sale or sharing for cross-context behavioral advertising under state laws—further information is provided below for California residents.
- Disclosures to Business Partners: We may also share personal information with our business partners in order to facilitate our cooperation with them. Our business partners include ISVs, referral partners, and financial institutions.
- Disclosures to Affiliates: Stax entities may share personal information within the corporate family, meaning between our subsidiaries and affiliates.
- Business Transfers: If we are involved in a merger, acquisition, or other corporate transaction, we may share your personal information during the diligence process with counterparties and others assisting with the transaction, as well as to a successor as part of such a transaction.
- Legal Requirements: We may also share personal information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to cooperate with law enforcement, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users, or the public, or (v) protect against legal liability.
- Consent: We may also share your personal information to other third parties not described above if we receive your consent to do so.
DATA SECURITY
We use reasonable administrative, technical, and physical safeguards designed to ensure that the personal information we collect is protected from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. The transmission of information via the Internet, however, is not guaranteed to be completely secure.
DATA RETENTION
Stax may store personal information for as long as we have a legitimate business need for it. We determine the retention period for each category of personal information based on (i) the length of time we need to retain the information to achieve the business or commercial purpose for which it was obtained, (ii) any legal or regulatory requirements applicable to such information, (iii) internal operational needs, and (iv) any need for the information based on any actual or anticipated investigation or litigation.
INTERNATIONAL TRANSFERS
Stax is located in the United States and Canada. Please note that your personal information may be processed in either of those countries or in third countries where our service providers are located. By submitting your personal information to us, you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not limited to, the U.S. and Canada. The personal information protection laws of other countries might be different from the laws of the jurisdiction in which you reside, and might permit courts, government, law enforcement agencies, regulatory agencies and security authorities to access your personal information without notice.
LINKS TO OTHER WEBSITES
For practical reasons or for your information, our Websites contain links to other websites, such as links to our profile pages on social media websites. We exercise no control over such other websites and are not responsible for the content thereon. This Privacy Policy does not apply to third party websites, and we recommend that you review the online privacy policy of any website you visit to determine how the operator handles personal information collected through its website.
CHILDREN’S PRIVACY
Our Websites, App, and Services are not intended for use by children under the age of 18 and we do not knowingly collect personal information from children under 18. If we learn we have inadvertently collected personal information from children under 18 years old, we will take steps to delete that information. We do not have actual knowledge that we collect, sell or share the personal information of California residents under 18 years of age.
YOUR PRIVACY CHOICES
Marketing Emails. You may opt-out of receiving promotional or marketing emails from Stax at any time by using the “unsubscribe” link in the email you receive. Please note that we reserve the right to continue to send you other non-marketing communications, including service announcements, administrative messages, and surveys related to your account.
Marketing Text Messages. If you opt-in to receiving marketing text messages from us, you can opt-out at any time by replying “STOP.” Please note that you may continue to receive non-marketing related text messages or calls related to our ongoing business relationship with you.
Mobile App Device Permissions. You may adjust your App access and permissions through your mobile device’s settings menu.
CALIFORNIA RESIDENTS: YOUR RIGHTS
This section supplements the remainder of this Policy with additional disclosures and information about the privacy rights of residents of California pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”). The chart below describes the categories of personal information Stax has collected, disclosed, shared, or sold within the last twelve (12) months, in its capacity as a “business” under the CCPA.
Category of Personal Information Collected | Examples of Personal Information Collected | Sources of Personal Information | Business Purpose for Collection of Personal Information | Categories of Parties to Whom Disclosed | Categories of Third Parties to Whom Sold/Shared |
---|---|---|---|---|---|
A. Identifiers and Personal information as defined in the California Customer Records statute | Name, email address, address, phone number, unique online identifiers, IP address, account name, payment card and bank account information, Social Security number, driver’s license number, passport number, date of birth, signature | Directly from the individual or their company. Indirectly from the individual’s use of our Websites, App, or Services. From our business partners, advertising partners, or publicly available sources. |
To provide our Services (including verifying, underwriting, and onboarding customers). To respond to requests for information. To provide you with information and advertisements we believe may be of interest. To administer and improve our Website, App, and Services. To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. To our business partners. |
To our analytics and advertising partners. |
B. Protected classification characteristics | Gender, age | Directly from the individual or their company. | To provide our Services (including verifying, underwriting, and onboarding customers). | To our service providers so they may help us provide our Website, App, and Services. | None. |
C. Commercial Information | Records of products purchased, obtained, or considered | Directly from the individual or their company. Indirectly from the individual’s use of our Websites, App, or Services. From our business partners, advertising partners, or publicly available sources. |
To provide our Services (including verifying, underwriting, and onboarding customers). To respond to requests for information. To provide you with information and advertisements we believe may be of interest. To administer and improve our Website, App, and Services. To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. | To our analytics and advertising partners. |
D. Internet or similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Indirectly from the individual’s use of our Websites, App, or Services. | To provide our Services. To provide you with information and advertisements we believe may be of interest. To administer and improve our Website, App, and Services. To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. | To our analytics and advertising partners. |
E. Geolocation data | City and state collected from IP address | Indirectly from the individual’s use of our Websites, App, or Services. | To provide our Services. To provide you with information and advertisements we believe may be of interest. To administer and improve our Website, App, and Services. To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. | To our analytics and advertising partners. |
F. Audio, electronic, visual, thermal, olfactory, or similar information | Recordings of voice and/or video calls or navigation of the Websites or App | Indirectly from the individual | To administer and improve our Website, App, and Services. To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. | None. |
G. Professional or employment-related information | Business contact information | Directly from the individual or their company. From our business partners, advertising partners, or publicly available sources. |
To provide our Services. To provide you with information and advertisements we believe may be of interest. To respond to requests for information. |
To our service providers so they may help us provide our Website, App, and Services. | To our analytics and advertising partners. |
H. Inferences drawn from collected personal information | Inferences drawn to create a profile about an individual reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | We may create a profile regarding your interests. | To provide you with information and advertisements we believe may be of interest. | To our service providers so they may help us provide our Website, App, and Services. | To our analytics and advertising partners. |
I. Sensitive personal information NOTE: We do not use sensitive personal information for purposes of inferring characteristics about individuals. |
Username and password, Social Security number, driver’s license number, passport number, citizenship or immigration status | Directly from the individual or their company. | To provide our Services (including verifying, underwriting, and onboarding customers). To maintain security, detect fraud, and comply with law. |
To our service providers so they may help us provide our Website, App, and Services. | None. |
California residents have the following rights with respect to the personal information we collect as a “business” under CCPA:
- The right to confirm whether we process your personal information, and to access and receive a copy of your personal information.
- The right to know the categories of personal information collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing the personal information, and the categories of third parties to whom the personal information was disclosed. Additionally, under California’s Shine the Light Law, residents may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
- The right to correct your personal information.
- The right to delete your personal information.
- The right to opt-out of sale or sharing of your personal information for cross-context behavioral advertising purposes. Certain of our digital marketing activities may constitute a “sale” or “sharing” of your personal information under the CCPA, meaning that you have the right to opt-out of such advertising activities.
Please note that certain exceptions may apply to the aforementioned rights, including the right to delete. Requests to exercise these rights may be made using the contact information listed below.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access, correction, and deletion, your request must be verifiable before we can fulfill the request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. Stax will not discriminate against you for exercising your privacy rights.
CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Policy on the Websites, update the “Last updated” date and take any other steps required by applicable law.
CONTACT INFORMATION
If you have questions regarding this Privacy Policy or wish to exercise your privacy choices or rights, please contact us at:
Stax Payments, Inc.
Attn: Legal Department
618 E South Street
Suite 510
Orlando, FL 32801
(855) 550-3288
ACCESSIBILITY OF POLICY
Stax is committed to making this Policy accessible to everyone. If you encounter any difficulty accessing the information in this Policy or require access to it in an alternative format, please contact us.