Effective date: 10/19/2020
4. INFORMATION WE MAY COLLECT
(a) Information You Provide. When you use the PayWithMyBank Services, we may ask you for, or give you the opportunity to provide, certain information about you, including, but not limited to, a bank name; a face, fingerprint or other biometric information; a bank login ID, a password, a PIN number, answers to security questions, the location where you opened your bank account or other authentication information (i.e. online banking access credentials); a bank account number and bank routing transit number, a bank account type, other bank account information; and other personal information, such as your name, driver’s license number and the state where issued, and taxpayer identification number.
- Information We Collect. When you use or interact with the PayWithMyBank Services made available to you by a Merchant, we may gather or collect from you, the Merchant, your bank, and/or third parties additional information about you to facilitate your use of, and/or enhance, the PayWithMyBank Services, including, but not limited to, your purchase/order or bill amount and reference, your name, physical address, email address, phone number, bank account number, bank routing transit number, bank account balance, bank transactions, and other personal, risk or device information. While you access or use the PayWithMyBank Services, we may use a variety of technologies that collect information about you or how you access or use the PayWithMyBank Services, including data that may indirectly identify you (such as your browser or application’s cookies, fingerprints, geo-location data, and your internet protocol (“IP”) or media access control (“MAC”) address), and data that may not identify you (such as user agent (client software) data, network connection type and provider, language, time zone, and connection speed). Please see the section below on Browsing and Cookies for additional information we may collect through the use of technologies. We may also collect behavioral information regarding your use of the PayWithMyBank Services, including the Merchants with which you use the PayWithMyBank Services and when, where, how often, etc. you use the PayWithMyBank Services, as well as your clicks, keyboard, voice, image, video and other device interactions while using the PayWithMyBank Services.
5. HOW WE USE YOUR INFORMATION
(b) To Enhance Your Experience. We may use your information to provide a more tailored or seamless experience while using the PayWithMyBank Services. For example, if you use the PayWithMyBank Services for ongoing and repeated transactions, we may use your information to make such transactions more seamless by automating such transactions or completing some of the required information for you. We may also use the information we collect to verify accounts and activity, combat harmful conduct and fraud, maintain the integrity of the PayWithMyBank Services, and promote safety and security. We may use your information to communicate with you regarding your use of the PayWithMyBank Services and to provide disclosures and other information which we deem advisable or which we, or our third party service providers, are required to provide to you pursuant to applicable law.
- Non-Personal or De-Identified Information. We may create non-personal, de-identified records or data from the information we collect by excluding the information that makes the data identifiable to you, such as your name or address (“Anonymized Data”). Any Anonymized Data we create is our property. This Anonymized Data may be used in many ways. For example, we may build non-personally-identifiable statistical profiles, databases, and analyses regarding the PayWithMyBank Services as well as transaction trends, habits, and usage patterns. We may create reports and analytics to assist our, and our Merchants’, understanding of the PayWithMyBank Services, enhance the PayWithMyBank Services and our Merchants’ services, or improve our security. We may use the Anonymized Data for business purposes and for various reporting obligations. Trustly reserves the right to use the Anonymized Data, and to disclose the Anonymized Data to third parties, in Trustly’s sole and absolute discretion, as permitted by applicable law. We will not “re-identify” any Anonymized Data.
6. HOW WE MAY SHARE INFORMATION
Except for your Online Banking Access Credentials, which we never store in central databases or share with any third party other than your bank, we may share, as permitted by law, some or all of your personal information as set forth below:
(a) Merchants, Banks, and Service Providers. We may share your personal information with Merchants, banks, service providers, agents, and/or affiliates for the purposes of effecting, processing, administering, or delivering the PayWithMyBank Services or transactions initated by you. For example, you may access or use the PayWithMyBank Services via or through the web site, network, embeddable or mobile applications, SMS, instant message or other notifications or other services of a Merchant or other third party service provider with whom you have an existing relationship to obtain or receive goods and services these parties provide to, or perform for, you in connection with that relationship. We may share your personal information with such Merchants and other third party service providers in connection with the goods or services to be provided to, or performed for you, by these Merchants or other third party service providers. The personal information which we may access and/or share includes, but is not limited to, your bank name, bank account name, numbers and associated information (such as whether your bank account is in good standing, your bank balance, and your bank transactions), information required to verify your identity and that you are the holder of the applicable bank account (such as your name, address, driver’s license number, or taxpayer identification number), and information required to authenticate that you have all necessary rights and authority to use such bank account. The Merchants, banks, service providers, agents, and affiliates with whom we may share such information include, but are not limited to, those with whom you have an existing relationship and who utilize the PayWithMyBank Services and those with whom we have a relationship to enable us to deliver the PayWithMyBank Services to you.
(b) Consumer Reporting and Collection Agencies. We may share your personal information with those Merchants and other third party service providers who are consumer reporting agencies so that they may manage their risks, prevent fraud, perform the activities of a consumer reporting agency under the Fair Credit Reporting Act and otherwise as may be allowed by applicable law. If you authorize a payment to a Merchant via the PayWithMyBank Services which is returned by your bank, we, or our Merchants and other third party service providers, may use such information, or share your information with collection agencies and others, as necessary to collect the funds from you.
(d) Legal Requirements; Other. We may preserve or disclose your information as necessary or advisable to comply with applicable laws and regulations, legal processes and investigations, or governmental requests; to protect the safety of any person; to address fraud, security, or technical issues; or to protect your or others’ rights or property. Disclosures of your information may be made to law enforcement or governmental regulators as part of a criminal or government investigation. We may also disclose your information in response to a court order or subpoena. If Trustly is involved in any merger, acquisition or sale of all or substantially all of its assets or business, or bankruptcy, your information may be transferred, sold, or disclosed as part of that transaction. We may disclose your information to our corporate affiliates, including corporate affiliates located outside the United States, in order to help provide, understand, or improve our and our affiliates’ products and services. In addition, we may share your personal information as directed by you with your express consent.
7. OPT-OUT; ACCESSING OR AMENDING YOUR INFORMATION
(b) Decline to Share. You may, of course, decline to share certain personal information with us. However, please be aware that if you decline to share your personal information with us, it may be impossible for us to provide some of the features and functionality of the PayWithMyBank Services to you. For example, if you decline to share your Online Banking Access Credentials with us, we may not be able to facilitate a Bank account verification or a Bank payment from you to a Merchant via the PayWithMyBank Services.
(c) Accessing; Amending Your Information. If you wish to access or amend any personal information we have about you, or to request that we delete any information about you that we have, you may contact us at email@example.com or via our user data permission management portal at https://paywithmybank.com/user-portal/. Please note that while any changes you make will be reflected in Trustly’s active user databases within a reasonable period of time, we may be obligated to retain some or all information we have collected from or about you to satisfy our legal obligations, comply with applicable laws, regulations and regulatory requirements, prevent fraud and abuse, perform analytics or standard archiving, or where we otherwise reasonably believe that we have a legitimate reason to do so.
8. DATA SECURITY
(a) Data Protection and Security. Trustly utilizes technical and organizational security measures, including physical, electronic, and procedural security measures, to protect against loss, destruction, unauthorized access or processing, misuse and alteration of information under our control. Trustly employs reasonable practices and security measures to safeguard and secure the personal information we collect, and our data center is compliant with certain standards such as SSAE-18, SOC1/SOC2 promulgated by the American Institute of Certified Public Accountants.
(c) Notifications; Communications Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and/or technical safeguards. If Trustly learns of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the PayWithMyBank Services, you agree that we may communicate with you electronically or via Merchant communication (such as email notifications) for this purpose. Trustly may post a notice on our web site or within the PayWithMyBank Services if a security breach may occur or has occurred. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice of a security breach) you should notify us at firstname.lastname@example.org.
9. PREVENTING IDENTITY THEFT
We will never initiate a request for personal information from you by phone, email, or website, except (i) in response to communications initiated by you, or (ii) to attend to a quality of service issue, acting as an authorized agent of the Merchant with which you used the PayWithMyBank Services. Please do not send confidential, personal information such as Social Security number, government identification numbers, online banking access credentials, or bank account numbers to Trustly without first specifically confirming that you are sending such information to Trustly (and not to an unauthorized third party) and unless agreed between you and Trustly. The agreement should include method of transmission, such as registered mail, secure or encrypted email, or some similar secure method of communication. Do not be misled by emails or other communication that appear to be from us and request personal information. If you receive any suspicious email requesting your personal information, please immediately forward the email to: email@example.com.
10. BROWSING AND COOKIES
When you browse our web sites, applications, or access or use the PayWithMyBank Services, we automatically collect certain technical information about your visit. Examples of this information include: which type of Internet browser you use, your IP address, browser headers, operating system, screen resolution, the clicks you make, the pages you browse, and the domain name and country from which you request information. We use this type of technical information to improve the Trustly web sites or applications and the PayWithMyBank Services. As part of our efforts to protect end users from fraud, this information is also used to assist in authenticating who you are when you access our web sites, applications or use the PayWithMyBank Services. Some of our web or mobile pages and applications may use “cookies,” fingerprints, or data that is sent to your web or mobile browser or application and stored on your device. The purpose of these “cookies” is to allow our, or a third party, server to recognize you as an end user returning to our web sites, applications or the PayWithMyBank Services using the same device and browser. In the event you do not wish to receive such cookies, you may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. If you choose to decline cookies you may not be able to use all the features and functionalities of our web sites, applications and the PayWithMyBank Services.
11. DO NOT TRACK
Do Not Track (“DNT”) is a privacy preference that you can set in your web browser. When you use the DNT signal, the browser sends a message to web site operators requesting them not to track your web site navigation activities. Trustly does not track you over time or across third party web sites to provide targeted advertising and does not respond to Do Not Track (DNT) signals. For more information about DNT, visit https://allaboutdnt.com.
12. PRIVACY PRACTICES OF THIRD PARTIES
13. USE BY CHILDREN
The PayWithMyBank Services are not directed to children under the age of 18 and we do not knowingly collect personal information from children under the age of 18 without parental consent. If you are under 18 years of age, then please do not access or use the PayWithMyBank Services at any time or in any manner. If we learn that personal information has been collected on the PayWithMyBank Services from persons under the age of 18 and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has accessed or used the PayWithMyBank Services, then please alert us at firstname.lastname@example.org so that we may delete that child’s personal information from our systems.
14. RIGHTS OF CALIFORNIA CONSUMERS
Beginning January 1, 2020, California consumers have certain rights under the California Consumer Privacy Act of 2018 (“CCPA”). Please see the Privacy Notice for California Residents.
15. MERCHANT REPRESENTATIVES
If you are a representative of one of our Merchants or another company entering an agreement with us, you may provide us with information about you. Please see the Privacy Notice for Company Representatives.
16. TRUSTLY GROUP; SHARING INFORMATION OUTSIDE THE UNITED STATES.
(b) Sharing Information Outside the United States. Trustly may share your personal information with other companies in the Trustly Group located outside the United States to provide the PayWithMyBank Services or to fulfill the purpose for which such personal information was collected. We may share this information based on our legitimate interest in sharing data within the Trustly Group for commercial, compliance, and organizational reasons. Your personal information may also be shared with Merchants and/or other third parties located outside the United States. If your personal information is shared with, transferred to, or processed by a Merchant, another company in the Trustly Group, or a third party, outside the United States, we will take all reasonable measures to ensure that your personal information is shared, transferred, and/or processed with a high level of security and in accordance with the requirements of applicable law. However, please note that applicable law in other countries may not offer the same level of protection for personal information as the United States.
17. HOW TO CONTACT US
555 El Camino Real, Suite 200
San Carlos, California 94070.