PRIVACY STATEMENT
Effective from: October 15, 2022
INTRODUCTION
Welcome to YayPay, Inc. (“YayPay”). Yaypay provides accounts receivable management solutions for businesses (“Clients”) including enabling revenue collection communications between Clients and their customers (“Services”).
This Privacy Statement explains what data we collect when you use the YayPay website www.yaypay.com (including all subdomains, the “Site”) and/or the Services and in connection with our sales and marketing activities, why we collect the data, how it is used and your rights and choices.
While providing our Services, we may collect information related to our Client’s customers on behalf of our Clients. Our use of information collected through the Services under the direction of our Clients (acting as a data controller according to GDPR) is limited to the purpose of providing the Services and is governed by our contract with the applicable Client and the Client’s own privacy policies. We are not responsible for the privacy policies or privacy practices of Clients or other third parties.
Each time you access, use, place an order on, or browse this Website, you signify that you understand the then-current Privacy Statement.
YayPay is committed to meeting applicable data privacy regulations and more specifically; European Union (EU) General Data Protection Regulation (GDPR) requirements, and the California Consumer Protection Act (CCPA or CaCPA).
1. INFORMATION WE COLLECT
When you interact with the Site or the Services, we may collect information that alone or in combination with other information could be used to identify you (“Personal Data”), as described below:
Personal Data That You Provide To Us. We collect information that you enter on our Site or send to us electronically, for example when you complete a web form to give your Personal Data to us directly (such as on our “Contact Us” page), when you request information, including a product demo, register for a webinar or other event, or subscribe to our blog. While the type of data we collect depends on the nature of the inquiry, this typically includes your name, email address, phone number and company information.
We may also collect data from you when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
When you apply for employment through the Site, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history, resumes, carrier path, job applications, contact data and education certificates, letters of recommendation, Criminal record extracts.
Service Data. In providing the Services, we process on behalf of our Clients information that our Clients’ customers give when they call, text or webchat with our Clients. That data may be transferred to us for processing by our Clients (“Service Data”). Our Clients control the information that they require to enable them to use the Services to manage and collect amounts owed to our Clients by their customers. When a customer’s Service Data is transferred to us for processing, we will only collect the information our clients have instructed us to collect to enable them to use the Services.
Automatically Collected Data. When you visit the Site, we and our service providers acting on our behalf will automatically collect information about you through cookies (small text files placed on your device). Please see the section “12. Use of Cookies” below to learn more about how we use cookies. When you visit our Site, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Site. This log data includes your Internet Protocol (“IP”) address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.
Children: Neither the Site nor the Services are directed to or intended to be used by children who are under the age of 16 and YayPay do not knowingly collect Personal Data from children under 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to YayPay through the Site, please contact us at privacyteam@quadient.com and we will endeavor to delete that information from our databases.
2. HOW WE USE PERSONAL DATA AND OTHER INFORMATION
To provide the Services to you and respond to your requests. When you ask for information about the Services (for example, when you request a demo or ask us to send you offers or price information), or register to a webinar or an event, we will use your contact information to respond to your request. For EU data subjects, such use is necessary to respond to or implement your request.
We use account-related data provided by Clients in connection with the purchase, sign-up, use or support of the Client account (such as usernames, email address and billing information) to provide you with access to the Services and/or the Site, contact you regarding your use of the Services and/or the Site or to notify you of important changes to the Services and/or the Site. For EU data subjects, such use is necessary for the performance of the contract between you and us.
We process Service Data on behalf of our Clients for the purpose of providing the Services to Clients in accordance with the applicable Client’s contract. YayPay’s purpose in collecting this information is simply to enable our Clients to manage and collect amounts owed to them by their customers.
For marketing purposes. We will use your email or mail address to send you information (as applicable) by email and post about new products and services, upcoming events or other promotions. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you. Our sales representatives may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.
Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email or mail or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at privacyteam@quadient.com Please note that if you opt-out from marketing communications, we may still contact you regarding issues related to our Services and to respond to your requests.
To analyze, administer, support, and improve the use of the Site and the Services. We use data relating to your use of and interaction with the Site and the Services, including information that we obtain through cookies and similar technologies, to analyze, administer, support and improve your access to and use of the Site and the Services. We may also compile, anonymize and/or aggregate your Personal Data and other data and use such anonymized and/or aggregated data for our business purposes, including sharing it with affiliates and business partners. This aggregate information does not identify you. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Site and our Services are being used by you and to improve your experience on it. Please see the “Use of Cookies” section below for information on how we use cookies on the Site.
To process job applications. When you apply for employment through our Site we will use your contact details and data about your employment history and education to (i) conduct job interviews, evaluate your application, and as is otherwise needed for recruitment (for EU data subjects, this use is necessary to respond to your request to process your application for employment); (ii) communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for that purpose) and manage and improve our recruiting and hiring processes pursuant to our legitimate interest in doing so; (iii) conduct reference and background checks were required or permitted by applicable local law, pursuant to our legitimate interest in doing so or as required by the law; and (iv) for compliance with corporate governance, legal and regulatory requirements. If you are hired, your personal data will be used as part of your employee record under our employee privacy policies.
If you are an EU data subject, please see the “EU DATA SUBJECT RIGHTS” section below for information on your rights in relation to the Personal Data we hold about you.
3. SHARING INFORMATION
Sharing of your Personal Information within YayPay
YayPay employees from different entities in YayPay and Quadient are authorized to access your Personal Information only to the extent necessary to perform their job functions. This includes activities like servicing a customer agreement or activities related to your employment documentation.
Yaypay, Inc. acts as a data processor on behalf of Clients for Personal Data that is Service Data we process through the Services. Please see the “Contact Us” section below to find out how to contact us.
Sharing of your Personal Information outside YayPay
We share information with certain third parties, as follows:
-
- Third Parties Service Providers. Third parties who provide services to us have access to your Personal Data: website analytics companies, hosting and cloud computing service providers, providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
- Third-Party Subprocessors List:
|
NAME OF ENTITY |
PURPOSE |
WEBSITE |
|---|---|---|
|
Amazon Web Services |
Infrastructure services |
https://aws.amazon.com/artifact/ |
|
REPAY (American Payment Solutions) |
Purchase history |
https://www.apspayments.com/ |
|
Merchant e-Solutions |
Payment processing |
https://www.merchante.com/ |
|
CardConnect |
Payment processing |
https://cardconnect.com/ |
|
GoCardless |
Payment processing |
https://gocardless.com/ |
|
NMI |
Payment processing |
https://www.nmi.com/ |
|
SalesForce |
CRM |
https://www.salesforce.com/ |
|
SendGrid |
Email Delivery Service |
https://sendgrid.com/ |
|
Gainsight PX |
Web Analytics Service |
https://www.gainsight.com/ |
|
Gmail by Google |
Gmail access is used only if you decide to connect gmail mailbox to send out and receive emails through YayPay using your gmail account. In case if connected this access will be used to send out manual and automatic reminders from the system based on your configured workflows and to receive your clients answers to those emails to show them on Communication and Statement pages of YayPay. |
https://www.google.com/gmail/ |
- Administrative and Legal Reasons. We may disclose Personal Data when required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Yaypay, third parties, or the public at large.
- Business Transfers. We may disclose and transfer your information and data: (a) if we assign our rights regarding any of the information to a third party or (b) in connection with a corporate merger, consolidation, restructuring, sale of certain of our ownership interests, assets, or both, or other corporate change, including without limitation, during the course of any due diligence process.
- "Third parties that we cooperate with: YayPay may share personal data with Amazon Web Services. AWS is a data processor which is defined as Infrastructure as a Service. (visit https://aws.amazon.com/). Another service, which is cooperating with Yaypay is Aptrinsic, a web analysis service. Aptrinsic uses cookies that are saved to your computer and which enable the analysis of your use of Yaypay's website. "
4. WHAT IS OUR BASIS FOR PROCESSING YOUR PERSONAL DATA?
For personal information collected about you in the EU, our basis for processing is most commonly as follows:
YayPay collects, uses, stores and otherwise processes personal data where necessary to provide a service which you request, where necessary to comply with a legal obligation, and where necessary pursuant to YayPay’s legitimate interests and where these interests are not overridden by your data protection rights.
For example, we have a legitimate interest in processing your Personal Data to analyze how the Site and our products and services are being used by you, and to ensure network and information security, as described in this Privacy Statement. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests.
YayPay may also process your personal data where you have given consent or provided your “opt-in”. For example, when you fill in an online form or request more information about YayPay products or services, you consent to YayPay using your personal data as requested. Where YayPay asks for consent, you are free to withhold or revoke it.
YayPay’s products and services mainly address companies and businesses. Non-commercial prospects may also have an interest in YayPay’s products and services. In many instances where personal information is collected, YayPay can rely on a legitimate interest to send marketing communications. However, YayPay will ensure that your contact data will be used for marketing purposes if you have provided your consent. Therefore, YayPay will always ask for approval and consent, when collecting personal information. Your personal information is utilized in the Quadient group of entities.
5. Your Rights: EU and UK DATA SUBJECTS
Scope: This section applies solely to EU and UK data subjects (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).
Subject to applicable law, you have the following rights in relation to your Personal Data:
Right of access
If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification
If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly
Right to erasure
You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to restrict processing
You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to data portability
Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object
You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your Personal Data for direct marketing.
Rights in relation to automated decision-making and profiling
You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
Right to withdraw consent
If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to unsubscribe.
Right to Lodge a Complaint
In the event you consider Our processing of your personal information not to be compliant with the applicable data protection laws, you can lodge a complaint:
- Directly with YayPay by using this form
- With the competent data protection authority. The name and contact details of the Data Protection Authorities in the European Union can be found here.
6. CALIFORNIA DATA SUBJECTS’ RIGHTS
Right to Access
If you are a California resident, You have the right to request the disclosure of certain information about Our collection and/or use of Your personal information over the past 12 months. You may submit a CCPA access request using one of the methods provided in the “Contact Us” section below.
Right to Opt-Out
You have the right to opt-out of the sale of Your personal information by companies you do business with. We do not sell your personal information, and as such, We have not included a “Do Not Sell My Personal Information” link on Our website.
Right to Request Deletion
You have the right to request that We delete any of Your personal information that We collected from You and retained, subject to certain exceptions. You may submit a CCPA deletion request using one of the methods provided in the “Contact Us” section below. Once We receive and confirm Your verifiable consumer request, We will delete (and direct Our service providers to delete) Your personal information from Our records, unless an exception applies.
Click here for more information about the CCPA.
7. TRANSFER OF DATA ABROAD
We are using two separate web applications to operate our business: one is located in the US, another - in Europe. Data from European representatives are processed and stored only in the environment which is located in the European region. Non-EU countries user’s data is processed and stored in the environment which is located in the US.
YayPay is a company part of Quadient with operations in 29 countries and personal information is processed globally. If personal information is transferred to a Quadient recipient or a third party in a country that does not provide an adequate level of protection for personal information, YayPay will take measures designed to adequately protect information about you, such as ensuring that such transfers are subject to the terms of the EU/UK Model Clauses. Quadient commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of employment relationship.
8. EU-US AND SWISS PRIVACY SHIELD PARTICIPATION
Since security and data integrity and openness of data usage are important to YayPay, the company complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. YayPay will do its best to ensure accuracy and to protect personal information from loss, misuse, or unauthorized access or disclosure.
Privacy Shield Framework consists of such Privacy Shield Principles.
NOTICE: Everything that an individual should be informed about his personal data and the purpose of using this data was already above-mentioned in YayPay privacy Statement.
CHOICE: You, as an individual, is the owner of your Personal Information. YayPay offers individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
There is a special rule for sensitive personal information applicable in YayPay.
YayPay obtains affirmative express consent (opt-in) from individuals if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.
Moreover, If personal information received from a third party and is claimed as the sensitive one, YayPay will treat this personal information with honours of sensitive information.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
ACCOUNTABILITY FOR ONWARD TRANSFER: YayPay remains accountable for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party agent or controller.
In particular, YayPay remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles unless YayPay proves that it is not responsible for the event giving rise to the damage.
SECURITY: We take reasonable administrative and technical steps to protect the Personal Data provided via the YayPay from loss, misuse and unauthorized access, disclosure, alteration, or destruction. These include contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data.
ACCESS: YayPay, as a member of Privacy Shield, complies with the Access Principle as well. To make sure of our company’s compliance with the principle, please refer to the EU Data Subjects section of YayPay Privacy Statement.
DATA INTEGRITY: YayPay will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.
YayPay will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. RECOURSE, ENFORCEMENT AND LIABILITY: To comply with the Privacy Shield Principles, YayPay commits to resolve complaints about the collection or usage of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact YayPay at: privacyteam@quadient.com. Please allow up to 72 hours for us to respond to your request.
YayPay has committed to cooperating with the panel established by the EU data protection authorities (DPAs) for referring unresolved privacy complaints under the Privacy Shield Principles. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information and to file a complaint. Also, YayPay cooperates with the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from Switzerland, please visit https://www.edoeb.admin.ch/edoeb/en/home/the- fdpic/task.html for details. More importantly, DPAs and FDPICs services are provided at no cost to you.
Under certain circumstances, EU individuals may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of their complaint. This procedure will be held through The Privacy Shield Framework and Annex I.
For further information, please see the Privacy Shield website https://www.privacyshield.gov/welcome. To learn more about the Privacy Shield Framework, please visit https://www.privacyshield.gov/EU-US-Framework. In addition, to find out more about the arbitration procedure, you can read Annex I https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
YayPay will conduct compliance audits of its relevant privacy practices to verify adherence to the Privacy Statement. Any employee that YayPay determines is in violation of this Statement will be subject to disciplinary action up to and including termination of employment.
YayPay being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
YayPay complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
YayPay has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
9. DATA SECURITY
We take reasonable administrative and technical steps to protect the Personal Data provided via the Site from loss, misuse and unauthorized access, disclosure, alteration, or destruction. These include contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data.
10. RETENTION OF YOUR DATA
We will keep your Personal Data only for as long as is reasonably necessary for the purposes outlined in this Privacy Statement, or for the duration required by law, whichever is the longer.
If you wish to request that We no longer use your registration information to provide you services, contact Us using the access request form.
11. DO NOT TRACK DISCLOSURES
YayPay does currently respond to “Do Not Track” signals sent by your browser or mobile application and operate as described in this Privacy Statement whether or not a “Do Not Track” signal is received. If we change our practices in the future and begin to respond to “Do Not Track” signals, we will update this Privacy Statement accordingly.
12. USE OF COOKIES
Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information.
We use analytics cookies to recognize and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way our Site works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like the number of page views, number of visitors, and time spent on each page.
The Site uses Gainsight PX, a web analysis service. Gainsight PX uses cookies that are saved to your computer and which enable the analysis of your use of the Site. The information compiled via cookies pertaining to your use of this website (including your IP address) is transferred to a Gainsight PX server in the USA, where it is also saved. Gainsight PX uses this information to analyze your use of the Site, to create reports pertaining to the web activity and to provide additional services in conjunction with the use of the website and the internet in general. Gainsight PX will also provide this information to third parties, if required, provided that this is permitted under law or provided that these third parties have been commissioned by Gainsight PX to process the data.
When you first visit the Site, you will be asked to consent to the use of cookies on the Site in accordance with this Privacy Statement, and if you accept we will store cookies on your computer.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
13. PUBLICLY POSTED INFORMATION
This Privacy Statement shall not apply to any information you post to the public areas of the Site. This includes, but is not limited to comments to the Yaypay blog or public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.
14. LINKS TO OTHER WEBSITES
The Site may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Statement. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.
15. COMMUNICATIONS PREFERENCES AND OPT-OUT
As a result of providing your contact information, YayPay may market to you, including sending promotional communications and relevant offers. To opt-out of receiving marketing-related communications from YayPay, please click on the “unsubscribe” link in the communication. Please note that if you do unsubscribe from receiving marketing-related emails from us, we may still use your email address to send you important administrative messages. If you wish for us to completely delete your personal record from our database, email privacyteam@quadient.com and we will delete your contact information.
16. CHANGES TO THIS PRIVACY STATEMENT
We may change this Privacy Statement from time to time, and we will post the revised Statement and provide notice on the Site.
17. CONTACT US
If you have a question related to this Privacy Statement, please contact Us by using this access request form. Your message will be forwarded to the appropriate member of Quadient's Data Privacy Team, such as Data Protection Officers or members of their teams.
If you would like to access Personal Data we hold about you or exercise your other rights under the applicable law, please submit a verifiable access request to Us by either:
- using the access request form
- emailing us at privacyteam@quadient.com or:
- calling us at +1-800-636-7678
In Your request, You need to provide enough information that allows Us to reasonably verify that You are the consumer that We collected information about.